npm - palaryn - Versions diffs - 0.1.0 - Mend

palaryn 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (607) hide show

package/LICENSE +21 -0
package/README.md +716 -0
package/dist/sdk/typescript/src/client.d.ts +71 -0
package/dist/sdk/typescript/src/client.d.ts.map +1 -0
package/dist/sdk/typescript/src/client.js +176 -0
package/dist/sdk/typescript/src/client.js.map +1 -0
package/dist/sdk/typescript/src/errors.d.ts +50 -0
package/dist/sdk/typescript/src/errors.d.ts.map +1 -0
package/dist/sdk/typescript/src/errors.js +103 -0
package/dist/sdk/typescript/src/errors.js.map +1 -0
package/dist/sdk/typescript/src/index.d.ts +4 -0
package/dist/sdk/typescript/src/index.d.ts.map +1 -0
package/dist/sdk/typescript/src/index.js +15 -0
package/dist/sdk/typescript/src/index.js.map +1 -0
package/dist/sdk/typescript/src/types.d.ts +101 -0
package/dist/sdk/typescript/src/types.d.ts.map +1 -0
package/dist/sdk/typescript/src/types.js +6 -0
package/dist/sdk/typescript/src/types.js.map +1 -0
package/dist/src/admin/index.d.ts +2 -0
package/dist/src/admin/index.d.ts.map +1 -0
package/dist/src/admin/index.js +6 -0
package/dist/src/admin/index.js.map +1 -0
package/dist/src/admin/routes.d.ts +5 -0
package/dist/src/admin/routes.d.ts.map +1 -0
package/dist/src/admin/routes.js +471 -0
package/dist/src/admin/routes.js.map +1 -0
package/dist/src/admin/templates.d.ts +51 -0
package/dist/src/admin/templates.d.ts.map +1 -0
package/dist/src/admin/templates.js +500 -0
package/dist/src/admin/templates.js.map +1 -0
package/dist/src/anomaly/detector.d.ts +141 -0
package/dist/src/anomaly/detector.d.ts.map +1 -0
package/dist/src/anomaly/detector.js +554 -0
package/dist/src/anomaly/detector.js.map +1 -0
package/dist/src/anomaly/index.d.ts +2 -0
package/dist/src/anomaly/index.d.ts.map +1 -0
package/dist/src/anomaly/index.js +7 -0
package/dist/src/anomaly/index.js.map +1 -0
package/dist/src/approval/manager.d.ts +147 -0
package/dist/src/approval/manager.d.ts.map +1 -0
package/dist/src/approval/manager.js +511 -0
package/dist/src/approval/manager.js.map +1 -0
package/dist/src/approval/webhook.d.ts +36 -0
package/dist/src/approval/webhook.d.ts.map +1 -0
package/dist/src/approval/webhook.js +135 -0
package/dist/src/approval/webhook.js.map +1 -0
package/dist/src/audit/logger.d.ts +70 -0
package/dist/src/audit/logger.d.ts.map +1 -0
package/dist/src/audit/logger.js +440 -0
package/dist/src/audit/logger.js.map +1 -0
package/dist/src/auth/index.d.ts +6 -0
package/dist/src/auth/index.d.ts.map +1 -0
package/dist/src/auth/index.js +22 -0
package/dist/src/auth/index.js.map +1 -0
package/dist/src/auth/password.d.ts +3 -0
package/dist/src/auth/password.d.ts.map +1 -0
package/dist/src/auth/password.js +25 -0
package/dist/src/auth/password.js.map +1 -0
package/dist/src/auth/pkce.d.ts +13 -0
package/dist/src/auth/pkce.d.ts.map +1 -0
package/dist/src/auth/pkce.js +58 -0
package/dist/src/auth/pkce.js.map +1 -0
package/dist/src/auth/providers.d.ts +28 -0
package/dist/src/auth/providers.d.ts.map +1 -0
package/dist/src/auth/providers.js +198 -0
package/dist/src/auth/providers.js.map +1 -0
package/dist/src/auth/routes.d.ts +14 -0
package/dist/src/auth/routes.d.ts.map +1 -0
package/dist/src/auth/routes.js +431 -0
package/dist/src/auth/routes.js.map +1 -0
package/dist/src/auth/session.d.ts +24 -0
package/dist/src/auth/session.d.ts.map +1 -0
package/dist/src/auth/session.js +105 -0
package/dist/src/auth/session.js.map +1 -0
package/dist/src/billing/index.d.ts +7 -0
package/dist/src/billing/index.d.ts.map +1 -0
package/dist/src/billing/index.js +14 -0
package/dist/src/billing/index.js.map +1 -0
package/dist/src/billing/plan-enforcer.d.ts +44 -0
package/dist/src/billing/plan-enforcer.d.ts.map +1 -0
package/dist/src/billing/plan-enforcer.js +110 -0
package/dist/src/billing/plan-enforcer.js.map +1 -0
package/dist/src/billing/routes.d.ts +15 -0
package/dist/src/billing/routes.d.ts.map +1 -0
package/dist/src/billing/routes.js +193 -0
package/dist/src/billing/routes.js.map +1 -0
package/dist/src/billing/stripe-client.d.ts +14 -0
package/dist/src/billing/stripe-client.d.ts.map +1 -0
package/dist/src/billing/stripe-client.js +51 -0
package/dist/src/billing/stripe-client.js.map +1 -0
package/dist/src/billing/webhook-handler.d.ts +19 -0
package/dist/src/billing/webhook-handler.d.ts.map +1 -0
package/dist/src/billing/webhook-handler.js +169 -0
package/dist/src/billing/webhook-handler.js.map +1 -0
package/dist/src/billing/webhook-routes.d.ts +5 -0
package/dist/src/billing/webhook-routes.d.ts.map +1 -0
package/dist/src/billing/webhook-routes.js +30 -0
package/dist/src/billing/webhook-routes.js.map +1 -0
package/dist/src/budget/manager.d.ts +95 -0
package/dist/src/budget/manager.d.ts.map +1 -0
package/dist/src/budget/manager.js +547 -0
package/dist/src/budget/manager.js.map +1 -0
package/dist/src/budget/usage-extractor.d.ts +38 -0
package/dist/src/budget/usage-extractor.d.ts.map +1 -0
package/dist/src/budget/usage-extractor.js +165 -0
package/dist/src/budget/usage-extractor.js.map +1 -0
package/dist/src/cli.d.ts +3 -0
package/dist/src/cli.d.ts.map +1 -0
package/dist/src/cli.js +115 -0
package/dist/src/cli.js.map +1 -0
package/dist/src/config/defaults.d.ts +3 -0
package/dist/src/config/defaults.d.ts.map +1 -0
package/dist/src/config/defaults.js +243 -0
package/dist/src/config/defaults.js.map +1 -0
package/dist/src/config/validate.d.ts +15 -0
package/dist/src/config/validate.d.ts.map +1 -0
package/dist/src/config/validate.js +105 -0
package/dist/src/config/validate.js.map +1 -0
package/dist/src/dlp/composite-scanner.d.ts +47 -0
package/dist/src/dlp/composite-scanner.d.ts.map +1 -0
package/dist/src/dlp/composite-scanner.js +186 -0
package/dist/src/dlp/composite-scanner.js.map +1 -0
package/dist/src/dlp/index.d.ts +10 -0
package/dist/src/dlp/index.d.ts.map +1 -0
package/dist/src/dlp/index.js +26 -0
package/dist/src/dlp/index.js.map +1 -0
package/dist/src/dlp/interfaces.d.ts +33 -0
package/dist/src/dlp/interfaces.d.ts.map +1 -0
package/dist/src/dlp/interfaces.js +3 -0
package/dist/src/dlp/interfaces.js.map +1 -0
package/dist/src/dlp/patterns.d.ts +9 -0
package/dist/src/dlp/patterns.d.ts.map +1 -0
package/dist/src/dlp/patterns.js +25 -0
package/dist/src/dlp/patterns.js.map +1 -0
package/dist/src/dlp/prompt-injection-backend.d.ts +68 -0
package/dist/src/dlp/prompt-injection-backend.d.ts.map +1 -0
package/dist/src/dlp/prompt-injection-backend.js +148 -0
package/dist/src/dlp/prompt-injection-backend.js.map +1 -0
package/dist/src/dlp/prompt-injection-patterns.d.ts +32 -0
package/dist/src/dlp/prompt-injection-patterns.d.ts.map +1 -0
package/dist/src/dlp/prompt-injection-patterns.js +290 -0
package/dist/src/dlp/prompt-injection-patterns.js.map +1 -0
package/dist/src/dlp/regex-backend.d.ts +32 -0
package/dist/src/dlp/regex-backend.d.ts.map +1 -0
package/dist/src/dlp/regex-backend.js +153 -0
package/dist/src/dlp/regex-backend.js.map +1 -0
package/dist/src/dlp/scanner.d.ts +122 -0
package/dist/src/dlp/scanner.d.ts.map +1 -0
package/dist/src/dlp/scanner.js +444 -0
package/dist/src/dlp/scanner.js.map +1 -0
package/dist/src/dlp/text-normalizer.d.ts +41 -0
package/dist/src/dlp/text-normalizer.d.ts.map +1 -0
package/dist/src/dlp/text-normalizer.js +203 -0
package/dist/src/dlp/text-normalizer.js.map +1 -0
package/dist/src/dlp/trufflehog-backend.d.ts +64 -0
package/dist/src/dlp/trufflehog-backend.d.ts.map +1 -0
package/dist/src/dlp/trufflehog-backend.js +151 -0
package/dist/src/dlp/trufflehog-backend.js.map +1 -0
package/dist/src/executor/http-executor.d.ts +25 -0
package/dist/src/executor/http-executor.d.ts.map +1 -0
package/dist/src/executor/http-executor.js +333 -0
package/dist/src/executor/http-executor.js.map +1 -0
package/dist/src/executor/index.d.ts +6 -0
package/dist/src/executor/index.d.ts.map +1 -0
package/dist/src/executor/index.js +12 -0
package/dist/src/executor/index.js.map +1 -0
package/dist/src/executor/interfaces.d.ts +11 -0
package/dist/src/executor/interfaces.d.ts.map +1 -0
package/dist/src/executor/interfaces.js +3 -0
package/dist/src/executor/interfaces.js.map +1 -0
package/dist/src/executor/noop-executor.d.ts +13 -0
package/dist/src/executor/noop-executor.d.ts.map +1 -0
package/dist/src/executor/noop-executor.js +21 -0
package/dist/src/executor/noop-executor.js.map +1 -0
package/dist/src/executor/registry.d.ts +30 -0
package/dist/src/executor/registry.d.ts.map +1 -0
package/dist/src/executor/registry.js +62 -0
package/dist/src/executor/registry.js.map +1 -0
package/dist/src/executor/slack-executor.d.ts +24 -0
package/dist/src/executor/slack-executor.d.ts.map +1 -0
package/dist/src/executor/slack-executor.js +147 -0
package/dist/src/executor/slack-executor.js.map +1 -0
package/dist/src/index.d.ts +25 -0
package/dist/src/index.d.ts.map +1 -0
package/dist/src/index.js +74 -0
package/dist/src/index.js.map +1 -0
package/dist/src/mcp/auth-verifier.d.ts +23 -0
package/dist/src/mcp/auth-verifier.d.ts.map +1 -0
package/dist/src/mcp/auth-verifier.js +162 -0
package/dist/src/mcp/auth-verifier.js.map +1 -0
package/dist/src/mcp/bridge.d.ts +132 -0
package/dist/src/mcp/bridge.d.ts.map +1 -0
package/dist/src/mcp/bridge.js +734 -0
package/dist/src/mcp/bridge.js.map +1 -0
package/dist/src/mcp/http-transport.d.ts +32 -0
package/dist/src/mcp/http-transport.d.ts.map +1 -0
package/dist/src/mcp/http-transport.js +538 -0
package/dist/src/mcp/http-transport.js.map +1 -0
package/dist/src/mcp/index.d.ts +10 -0
package/dist/src/mcp/index.d.ts.map +1 -0
package/dist/src/mcp/index.js +17 -0
package/dist/src/mcp/index.js.map +1 -0
package/dist/src/mcp/oauth-pages.d.ts +23 -0
package/dist/src/mcp/oauth-pages.d.ts.map +1 -0
package/dist/src/mcp/oauth-pages.js +121 -0
package/dist/src/mcp/oauth-pages.js.map +1 -0
package/dist/src/mcp/oauth-postgres-stores.d.ts +55 -0
package/dist/src/mcp/oauth-postgres-stores.d.ts.map +1 -0
package/dist/src/mcp/oauth-postgres-stores.js +226 -0
package/dist/src/mcp/oauth-postgres-stores.js.map +1 -0
package/dist/src/mcp/oauth-provider.d.ts +95 -0
package/dist/src/mcp/oauth-provider.d.ts.map +1 -0
package/dist/src/mcp/oauth-provider.js +360 -0
package/dist/src/mcp/oauth-provider.js.map +1 -0
package/dist/src/mcp/oauth-stores.d.ts +62 -0
package/dist/src/mcp/oauth-stores.d.ts.map +1 -0
package/dist/src/mcp/oauth-stores.js +154 -0
package/dist/src/mcp/oauth-stores.js.map +1 -0
package/dist/src/mcp/server.d.ts +18 -0
package/dist/src/mcp/server.d.ts.map +1 -0
package/dist/src/mcp/server.js +51 -0
package/dist/src/mcp/server.js.map +1 -0
package/dist/src/metrics/collector.d.ts +106 -0
package/dist/src/metrics/collector.d.ts.map +1 -0
package/dist/src/metrics/collector.js +311 -0
package/dist/src/metrics/collector.js.map +1 -0
package/dist/src/metrics/index.d.ts +2 -0
package/dist/src/metrics/index.d.ts.map +1 -0
package/dist/src/metrics/index.js +6 -0
package/dist/src/metrics/index.js.map +1 -0
package/dist/src/middleware/auth.d.ts +77 -0
package/dist/src/middleware/auth.d.ts.map +1 -0
package/dist/src/middleware/auth.js +720 -0
package/dist/src/middleware/auth.js.map +1 -0
package/dist/src/middleware/session.d.ts +18 -0
package/dist/src/middleware/session.d.ts.map +1 -0
package/dist/src/middleware/session.js +67 -0
package/dist/src/middleware/session.js.map +1 -0
package/dist/src/middleware/validate.d.ts +3 -0
package/dist/src/middleware/validate.d.ts.map +1 -0
package/dist/src/middleware/validate.js +85 -0
package/dist/src/middleware/validate.js.map +1 -0
package/dist/src/policy/engine.d.ts +107 -0
package/dist/src/policy/engine.d.ts.map +1 -0
package/dist/src/policy/engine.js +646 -0
package/dist/src/policy/engine.js.map +1 -0
package/dist/src/policy/index.d.ts +3 -0
package/dist/src/policy/index.d.ts.map +1 -0
package/dist/src/policy/index.js +8 -0
package/dist/src/policy/index.js.map +1 -0
package/dist/src/policy/opa-engine.d.ts +176 -0
package/dist/src/policy/opa-engine.d.ts.map +1 -0
package/dist/src/policy/opa-engine.js +790 -0
package/dist/src/policy/opa-engine.js.map +1 -0
package/dist/src/proxy/forward-proxy.d.ts +30 -0
package/dist/src/proxy/forward-proxy.d.ts.map +1 -0
package/dist/src/proxy/forward-proxy.js +580 -0
package/dist/src/proxy/forward-proxy.js.map +1 -0
package/dist/src/proxy/index.d.ts +2 -0
package/dist/src/proxy/index.d.ts.map +1 -0
package/dist/src/proxy/index.js +8 -0
package/dist/src/proxy/index.js.map +1 -0
package/dist/src/ratelimit/limiter.d.ts +45 -0
package/dist/src/ratelimit/limiter.d.ts.map +1 -0
package/dist/src/ratelimit/limiter.js +158 -0
package/dist/src/ratelimit/limiter.js.map +1 -0
package/dist/src/replay/engine.d.ts +40 -0
package/dist/src/replay/engine.d.ts.map +1 -0
package/dist/src/replay/engine.js +106 -0
package/dist/src/replay/engine.js.map +1 -0
package/dist/src/replay/index.d.ts +2 -0
package/dist/src/replay/index.d.ts.map +1 -0
package/dist/src/replay/index.js +6 -0
package/dist/src/replay/index.js.map +1 -0
package/dist/src/saas/index.d.ts +2 -0
package/dist/src/saas/index.d.ts.map +1 -0
package/dist/src/saas/index.js +18 -0
package/dist/src/saas/index.js.map +1 -0
package/dist/src/saas/routes.d.ts +18 -0
package/dist/src/saas/routes.d.ts.map +1 -0
package/dist/src/saas/routes.js +1566 -0
package/dist/src/saas/routes.js.map +1 -0
package/dist/src/server/app.d.ts +44 -0
package/dist/src/server/app.d.ts.map +1 -0
package/dist/src/server/app.js +854 -0
package/dist/src/server/app.js.map +1 -0
package/dist/src/server/errors.d.ts +32 -0
package/dist/src/server/errors.d.ts.map +1 -0
package/dist/src/server/errors.js +39 -0
package/dist/src/server/errors.js.map +1 -0
package/dist/src/server/gateway.d.ts +165 -0
package/dist/src/server/gateway.d.ts.map +1 -0
package/dist/src/server/gateway.js +964 -0
package/dist/src/server/gateway.js.map +1 -0
package/dist/src/server/index.d.ts +2 -0
package/dist/src/server/index.d.ts.map +1 -0
package/dist/src/server/index.js +295 -0
package/dist/src/server/index.js.map +1 -0
package/dist/src/server/logger.d.ts +33 -0
package/dist/src/server/logger.d.ts.map +1 -0
package/dist/src/server/logger.js +230 -0
package/dist/src/server/logger.js.map +1 -0
package/dist/src/server/stream-proxy.d.ts +32 -0
package/dist/src/server/stream-proxy.d.ts.map +1 -0
package/dist/src/server/stream-proxy.js +184 -0
package/dist/src/server/stream-proxy.js.map +1 -0
package/dist/src/storage/file-persistence.d.ts +48 -0
package/dist/src/storage/file-persistence.d.ts.map +1 -0
package/dist/src/storage/file-persistence.js +280 -0
package/dist/src/storage/file-persistence.js.map +1 -0
package/dist/src/storage/index.d.ts +5 -0
package/dist/src/storage/index.d.ts.map +1 -0
package/dist/src/storage/index.js +21 -0
package/dist/src/storage/index.js.map +1 -0
package/dist/src/storage/interfaces.d.ts +237 -0
package/dist/src/storage/interfaces.d.ts.map +1 -0
package/dist/src/storage/interfaces.js +3 -0
package/dist/src/storage/interfaces.js.map +1 -0
package/dist/src/storage/memory.d.ts +162 -0
package/dist/src/storage/memory.d.ts.map +1 -0
package/dist/src/storage/memory.js +603 -0
package/dist/src/storage/memory.js.map +1 -0
package/dist/src/storage/postgres.d.ts +267 -0
package/dist/src/storage/postgres.d.ts.map +1 -0
package/dist/src/storage/postgres.js +1555 -0
package/dist/src/storage/postgres.js.map +1 -0
package/dist/src/storage/redis.d.ts +202 -0
package/dist/src/storage/redis.d.ts.map +1 -0
package/dist/src/storage/redis.js +629 -0
package/dist/src/storage/redis.js.map +1 -0
package/dist/src/tracing/index.d.ts +2 -0
package/dist/src/tracing/index.d.ts.map +1 -0
package/dist/src/tracing/index.js +6 -0
package/dist/src/tracing/index.js.map +1 -0
package/dist/src/tracing/provider.d.ts +43 -0
package/dist/src/tracing/provider.d.ts.map +1 -0
package/dist/src/tracing/provider.js +74 -0
package/dist/src/tracing/provider.js.map +1 -0
package/dist/src/trust/calculator.d.ts +54 -0
package/dist/src/trust/calculator.d.ts.map +1 -0
package/dist/src/trust/calculator.js +102 -0
package/dist/src/trust/calculator.js.map +1 -0
package/dist/src/trust/index.d.ts +2 -0
package/dist/src/trust/index.d.ts.map +1 -0
package/dist/src/trust/index.js +7 -0
package/dist/src/trust/index.js.map +1 -0
package/dist/src/types/budget.d.ts +30 -0
package/dist/src/types/budget.d.ts.map +1 -0
package/dist/src/types/budget.js +3 -0
package/dist/src/types/budget.js.map +1 -0
package/dist/src/types/config.d.ts +176 -0
package/dist/src/types/config.d.ts.map +1 -0
package/dist/src/types/config.js +3 -0
package/dist/src/types/config.js.map +1 -0
package/dist/src/types/events.d.ts +24 -0
package/dist/src/types/events.d.ts.map +1 -0
package/dist/src/types/events.js +3 -0
package/dist/src/types/events.js.map +1 -0
package/dist/src/types/index.d.ts +8 -0
package/dist/src/types/index.d.ts.map +1 -0
package/dist/src/types/index.js +24 -0
package/dist/src/types/index.js.map +1 -0
package/dist/src/types/policy.d.ts +60 -0
package/dist/src/types/policy.d.ts.map +1 -0
package/dist/src/types/policy.js +3 -0
package/dist/src/types/policy.js.map +1 -0
package/dist/src/types/stripe-config.d.ts +12 -0
package/dist/src/types/stripe-config.d.ts.map +1 -0
package/dist/src/types/stripe-config.js +3 -0
package/dist/src/types/stripe-config.js.map +1 -0
package/dist/src/types/subscription.d.ts +24 -0
package/dist/src/types/subscription.d.ts.map +1 -0
package/dist/src/types/subscription.js +38 -0
package/dist/src/types/subscription.js.map +1 -0
package/dist/src/types/tool-call.d.ts +42 -0
package/dist/src/types/tool-call.d.ts.map +1 -0
package/dist/src/types/tool-call.js +3 -0
package/dist/src/types/tool-call.js.map +1 -0
package/dist/src/types/tool-result.d.ts +58 -0
package/dist/src/types/tool-result.d.ts.map +1 -0
package/dist/src/types/tool-result.js +3 -0
package/dist/src/types/tool-result.js.map +1 -0
package/dist/src/types/user.d.ts +101 -0
package/dist/src/types/user.d.ts.map +1 -0
package/dist/src/types/user.js +6 -0
package/dist/src/types/user.js.map +1 -0
package/dist/tests/integration/api.test.d.ts +2 -0
package/dist/tests/integration/api.test.d.ts.map +1 -0
package/dist/tests/integration/api.test.js +1199 -0
package/dist/tests/integration/api.test.js.map +1 -0
package/dist/tests/integration/proxy.test.d.ts +2 -0
package/dist/tests/integration/proxy.test.d.ts.map +1 -0
package/dist/tests/integration/proxy.test.js +251 -0
package/dist/tests/integration/proxy.test.js.map +1 -0
package/dist/tests/integration/storage.test.d.ts +16 -0
package/dist/tests/integration/storage.test.d.ts.map +1 -0
package/dist/tests/integration/storage.test.js +826 -0
package/dist/tests/integration/storage.test.js.map +1 -0
package/dist/tests/unit/admin.test.d.ts +2 -0
package/dist/tests/unit/admin.test.d.ts.map +1 -0
package/dist/tests/unit/admin.test.js +698 -0
package/dist/tests/unit/admin.test.js.map +1 -0
package/dist/tests/unit/anomaly-detector.test.d.ts +2 -0
package/dist/tests/unit/anomaly-detector.test.d.ts.map +1 -0
package/dist/tests/unit/anomaly-detector.test.js +903 -0
package/dist/tests/unit/anomaly-detector.test.js.map +1 -0
package/dist/tests/unit/approval-manager.test.d.ts +2 -0
package/dist/tests/unit/approval-manager.test.d.ts.map +1 -0
package/dist/tests/unit/approval-manager.test.js +528 -0
package/dist/tests/unit/approval-manager.test.js.map +1 -0
package/dist/tests/unit/approval-webhook.test.d.ts +2 -0
package/dist/tests/unit/approval-webhook.test.d.ts.map +1 -0
package/dist/tests/unit/approval-webhook.test.js +355 -0
package/dist/tests/unit/approval-webhook.test.js.map +1 -0
package/dist/tests/unit/audit-logger.test.d.ts +2 -0
package/dist/tests/unit/audit-logger.test.d.ts.map +1 -0
package/dist/tests/unit/audit-logger.test.js +635 -0
package/dist/tests/unit/audit-logger.test.js.map +1 -0
package/dist/tests/unit/auth-routes.test.d.ts +2 -0
package/dist/tests/unit/auth-routes.test.d.ts.map +1 -0
package/dist/tests/unit/auth-routes.test.js +281 -0
package/dist/tests/unit/auth-routes.test.js.map +1 -0
package/dist/tests/unit/auth.test.d.ts +2 -0
package/dist/tests/unit/auth.test.d.ts.map +1 -0
package/dist/tests/unit/auth.test.js +1382 -0
package/dist/tests/unit/auth.test.js.map +1 -0
package/dist/tests/unit/billing.test.d.ts +2 -0
package/dist/tests/unit/billing.test.d.ts.map +1 -0
package/dist/tests/unit/billing.test.js +579 -0
package/dist/tests/unit/billing.test.js.map +1 -0
package/dist/tests/unit/budget-manager.test.d.ts +2 -0
package/dist/tests/unit/budget-manager.test.d.ts.map +1 -0
package/dist/tests/unit/budget-manager.test.js +778 -0
package/dist/tests/unit/budget-manager.test.js.map +1 -0
package/dist/tests/unit/budget-race.test.d.ts +2 -0
package/dist/tests/unit/budget-race.test.d.ts.map +1 -0
package/dist/tests/unit/budget-race.test.js +58 -0
package/dist/tests/unit/budget-race.test.js.map +1 -0
package/dist/tests/unit/cli.test.d.ts +2 -0
package/dist/tests/unit/cli.test.d.ts.map +1 -0
package/dist/tests/unit/cli.test.js +93 -0
package/dist/tests/unit/cli.test.js.map +1 -0
package/dist/tests/unit/concurrency.test.d.ts +2 -0
package/dist/tests/unit/concurrency.test.d.ts.map +1 -0
package/dist/tests/unit/concurrency.test.js +1270 -0
package/dist/tests/unit/concurrency.test.js.map +1 -0
package/dist/tests/unit/config-validate.test.d.ts +2 -0
package/dist/tests/unit/config-validate.test.d.ts.map +1 -0
package/dist/tests/unit/config-validate.test.js +230 -0
package/dist/tests/unit/config-validate.test.js.map +1 -0
package/dist/tests/unit/defaults.test.d.ts +2 -0
package/dist/tests/unit/defaults.test.d.ts.map +1 -0
package/dist/tests/unit/defaults.test.js +364 -0
package/dist/tests/unit/defaults.test.js.map +1 -0
package/dist/tests/unit/dlp-backends.test.d.ts +2 -0
package/dist/tests/unit/dlp-backends.test.d.ts.map +1 -0
package/dist/tests/unit/dlp-backends.test.js +563 -0
package/dist/tests/unit/dlp-backends.test.js.map +1 -0
package/dist/tests/unit/dlp-scanner.test.d.ts +2 -0
package/dist/tests/unit/dlp-scanner.test.d.ts.map +1 -0
package/dist/tests/unit/dlp-scanner.test.js +739 -0
package/dist/tests/unit/dlp-scanner.test.js.map +1 -0
package/dist/tests/unit/error-responses.test.d.ts +2 -0
package/dist/tests/unit/error-responses.test.d.ts.map +1 -0
package/dist/tests/unit/error-responses.test.js +101 -0
package/dist/tests/unit/error-responses.test.js.map +1 -0
package/dist/tests/unit/executor-registry.test.d.ts +2 -0
package/dist/tests/unit/executor-registry.test.d.ts.map +1 -0
package/dist/tests/unit/executor-registry.test.js +390 -0
package/dist/tests/unit/executor-registry.test.js.map +1 -0
package/dist/tests/unit/forward-proxy.test.d.ts +2 -0
package/dist/tests/unit/forward-proxy.test.d.ts.map +1 -0
package/dist/tests/unit/forward-proxy.test.js +621 -0
package/dist/tests/unit/forward-proxy.test.js.map +1 -0
package/dist/tests/unit/gateway-features.test.d.ts +2 -0
package/dist/tests/unit/gateway-features.test.d.ts.map +1 -0
package/dist/tests/unit/gateway-features.test.js +753 -0
package/dist/tests/unit/gateway-features.test.js.map +1 -0
package/dist/tests/unit/http-executor.test.d.ts +2 -0
package/dist/tests/unit/http-executor.test.d.ts.map +1 -0
package/dist/tests/unit/http-executor.test.js +310 -0
package/dist/tests/unit/http-executor.test.js.map +1 -0
package/dist/tests/unit/mcp-bridge.test.d.ts +2 -0
package/dist/tests/unit/mcp-bridge.test.d.ts.map +1 -0
package/dist/tests/unit/mcp-bridge.test.js +1136 -0
package/dist/tests/unit/mcp-bridge.test.js.map +1 -0
package/dist/tests/unit/mcp-http-transport.test.d.ts +2 -0
package/dist/tests/unit/mcp-http-transport.test.d.ts.map +1 -0
package/dist/tests/unit/mcp-http-transport.test.js +899 -0
package/dist/tests/unit/mcp-http-transport.test.js.map +1 -0
package/dist/tests/unit/mcp-oauth.test.d.ts +2 -0
package/dist/tests/unit/mcp-oauth.test.d.ts.map +1 -0
package/dist/tests/unit/mcp-oauth.test.js +759 -0
package/dist/tests/unit/mcp-oauth.test.js.map +1 -0
package/dist/tests/unit/mcp-server.test.d.ts +15 -0
package/dist/tests/unit/mcp-server.test.d.ts.map +1 -0
package/dist/tests/unit/mcp-server.test.js +158 -0
package/dist/tests/unit/mcp-server.test.js.map +1 -0
package/dist/tests/unit/metrics.test.d.ts +2 -0
package/dist/tests/unit/metrics.test.d.ts.map +1 -0
package/dist/tests/unit/metrics.test.js +208 -0
package/dist/tests/unit/metrics.test.js.map +1 -0
package/dist/tests/unit/oauth.test.d.ts +2 -0
package/dist/tests/unit/oauth.test.d.ts.map +1 -0
package/dist/tests/unit/oauth.test.js +281 -0
package/dist/tests/unit/oauth.test.js.map +1 -0
package/dist/tests/unit/opa-circuit-breaker.test.d.ts +2 -0
package/dist/tests/unit/opa-circuit-breaker.test.d.ts.map +1 -0
package/dist/tests/unit/opa-circuit-breaker.test.js +297 -0
package/dist/tests/unit/opa-circuit-breaker.test.js.map +1 -0
package/dist/tests/unit/opa-engine.test.d.ts +2 -0
package/dist/tests/unit/opa-engine.test.d.ts.map +1 -0
package/dist/tests/unit/opa-engine.test.js +1813 -0
package/dist/tests/unit/opa-engine.test.js.map +1 -0
package/dist/tests/unit/pipeline-timing.test.d.ts +2 -0
package/dist/tests/unit/pipeline-timing.test.d.ts.map +1 -0
package/dist/tests/unit/pipeline-timing.test.js +528 -0
package/dist/tests/unit/pipeline-timing.test.js.map +1 -0
package/dist/tests/unit/policy-engine.test.d.ts +2 -0
package/dist/tests/unit/policy-engine.test.d.ts.map +1 -0
package/dist/tests/unit/policy-engine.test.js +1345 -0
package/dist/tests/unit/policy-engine.test.js.map +1 -0
package/dist/tests/unit/policy-store.test.d.ts +2 -0
package/dist/tests/unit/policy-store.test.d.ts.map +1 -0
package/dist/tests/unit/policy-store.test.js +60 -0
package/dist/tests/unit/policy-store.test.js.map +1 -0
package/dist/tests/unit/postgres-storage.test.d.ts +2 -0
package/dist/tests/unit/postgres-storage.test.d.ts.map +1 -0
package/dist/tests/unit/postgres-storage.test.js +614 -0
package/dist/tests/unit/postgres-storage.test.js.map +1 -0
package/dist/tests/unit/prompt-injection-backend.test.d.ts +2 -0
package/dist/tests/unit/prompt-injection-backend.test.d.ts.map +1 -0
package/dist/tests/unit/prompt-injection-backend.test.js +621 -0
package/dist/tests/unit/prompt-injection-backend.test.js.map +1 -0
package/dist/tests/unit/proxy-hardening.test.d.ts +2 -0
package/dist/tests/unit/proxy-hardening.test.d.ts.map +1 -0
package/dist/tests/unit/proxy-hardening.test.js +166 -0
package/dist/tests/unit/proxy-hardening.test.js.map +1 -0
package/dist/tests/unit/rate-limiter.test.d.ts +2 -0
package/dist/tests/unit/rate-limiter.test.d.ts.map +1 -0
package/dist/tests/unit/rate-limiter.test.js +443 -0
package/dist/tests/unit/rate-limiter.test.js.map +1 -0
package/dist/tests/unit/redis-storage.test.d.ts +2 -0
package/dist/tests/unit/redis-storage.test.d.ts.map +1 -0
package/dist/tests/unit/redis-storage.test.js +766 -0
package/dist/tests/unit/redis-storage.test.js.map +1 -0
package/dist/tests/unit/replay-engine.test.d.ts +2 -0
package/dist/tests/unit/replay-engine.test.d.ts.map +1 -0
package/dist/tests/unit/replay-engine.test.js +371 -0
package/dist/tests/unit/replay-engine.test.js.map +1 -0
package/dist/tests/unit/saas-routes.test.d.ts +2 -0
package/dist/tests/unit/saas-routes.test.d.ts.map +1 -0
package/dist/tests/unit/saas-routes.test.js +1399 -0
package/dist/tests/unit/saas-routes.test.js.map +1 -0
package/dist/tests/unit/session.test.d.ts +2 -0
package/dist/tests/unit/session.test.d.ts.map +1 -0
package/dist/tests/unit/session.test.js +532 -0
package/dist/tests/unit/session.test.js.map +1 -0
package/dist/tests/unit/slack-executor.test.d.ts +2 -0
package/dist/tests/unit/slack-executor.test.d.ts.map +1 -0
package/dist/tests/unit/slack-executor.test.js +209 -0
package/dist/tests/unit/slack-executor.test.js.map +1 -0
package/dist/tests/unit/storage-hardening.test.d.ts +2 -0
package/dist/tests/unit/storage-hardening.test.d.ts.map +1 -0
package/dist/tests/unit/storage-hardening.test.js +165 -0
package/dist/tests/unit/storage-hardening.test.js.map +1 -0
package/dist/tests/unit/storage.test.d.ts +2 -0
package/dist/tests/unit/storage.test.d.ts.map +1 -0
package/dist/tests/unit/storage.test.js +698 -0
package/dist/tests/unit/storage.test.js.map +1 -0
package/dist/tests/unit/text-normalizer.test.d.ts +2 -0
package/dist/tests/unit/text-normalizer.test.d.ts.map +1 -0
package/dist/tests/unit/text-normalizer.test.js +229 -0
package/dist/tests/unit/text-normalizer.test.js.map +1 -0
package/dist/tests/unit/tracing.test.d.ts +2 -0
package/dist/tests/unit/tracing.test.d.ts.map +1 -0
package/dist/tests/unit/tracing.test.js +611 -0
package/dist/tests/unit/tracing.test.js.map +1 -0
package/dist/tests/unit/trust-calculator.test.d.ts +2 -0
package/dist/tests/unit/trust-calculator.test.d.ts.map +1 -0
package/dist/tests/unit/trust-calculator.test.js +497 -0
package/dist/tests/unit/trust-calculator.test.js.map +1 -0
package/dist/tests/unit/ts-sdk.test.d.ts +2 -0
package/dist/tests/unit/ts-sdk.test.d.ts.map +1 -0
package/dist/tests/unit/ts-sdk.test.js +421 -0
package/dist/tests/unit/ts-sdk.test.js.map +1 -0
package/dist/tests/unit/usage-extractor-llm.test.d.ts +2 -0
package/dist/tests/unit/usage-extractor-llm.test.d.ts.map +1 -0
package/dist/tests/unit/usage-extractor-llm.test.js +139 -0
package/dist/tests/unit/usage-extractor-llm.test.js.map +1 -0
package/dist/tests/unit/usage-extractor.test.d.ts +2 -0
package/dist/tests/unit/usage-extractor.test.d.ts.map +1 -0
package/dist/tests/unit/usage-extractor.test.js +271 -0
package/dist/tests/unit/usage-extractor.test.js.map +1 -0
package/dist/tests/unit/user-stores.test.d.ts +2 -0
package/dist/tests/unit/user-stores.test.d.ts.map +1 -0
package/dist/tests/unit/user-stores.test.js +687 -0
package/dist/tests/unit/user-stores.test.js.map +1 -0
package/dist/tests/unit/validate.test.d.ts +2 -0
package/dist/tests/unit/validate.test.d.ts.map +1 -0
package/dist/tests/unit/validate.test.js +545 -0
package/dist/tests/unit/validate.test.js.map +1 -0
package/package.json +86 -0
package/policy-packs/README.md +42 -0
package/policy-packs/default.yaml +46 -0
package/policy-packs/dev_fast.yaml +54 -0
package/policy-packs/prod_strict.yaml +83 -0

package/dist/tests/unit/user-stores.test.js ADDED Viewed

@@ -0,0 +1,687 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const memory_1 = require("../../src/storage/memory");
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+function makeUser(overrides = {}) {
+    const now = new Date().toISOString();
+    return {
+        id: 'user-001',
+        email: 'alice@example.com',
+        display_name: 'Alice',
+        status: 'active',
+        onboarding_completed: false,
+        created_at: now,
+        updated_at: now,
+        ...overrides,
+    };
+}
+function makeOAuthAccount(overrides = {}) {
+    const now = new Date().toISOString();
+    return {
+        id: 'oauth-001',
+        user_id: 'user-001',
+        provider: 'google',
+        provider_user_id: 'goog-12345',
+        provider_email: 'alice@gmail.com',
+        created_at: now,
+        updated_at: now,
+        ...overrides,
+    };
+}
+function makeWorkspace(overrides = {}) {
+    const now = new Date().toISOString();
+    return {
+        id: 'ws-001',
+        name: 'Acme Corp',
+        slug: 'acme-corp',
+        owner_user_id: 'user-001',
+        plan: 'free',
+        settings: {},
+        created_at: now,
+        updated_at: now,
+        ...overrides,
+    };
+}
+function makeMember(overrides = {}) {
+    return {
+        id: 'mem-001',
+        workspace_id: 'ws-001',
+        user_id: 'user-001',
+        role: 'owner',
+        joined_at: new Date().toISOString(),
+        ...overrides,
+    };
+}
+function makeSession(overrides = {}) {
+    const now = new Date().toISOString();
+    return {
+        id: 'sess-001',
+        user_id: 'user-001',
+        expires_at: new Date(Date.now() + 3600000).toISOString(),
+        last_active_at: now,
+        created_at: now,
+        ...overrides,
+    };
+}
+function makeApiKey(overrides = {}) {
+    return {
+        id: 'key-001',
+        key_hash: 'hash-abc123',
+        key_prefix: 'tg_abc12345',
+        user_id: 'user-001',
+        workspace_id: 'ws-001',
+        name: 'My Key',
+        roles: ['agent'],
+        tags: [],
+        revoked: false,
+        created_at: new Date().toISOString(),
+        ...overrides,
+    };
+}
+// ===========================================================================
+// InMemoryUserStore
+// ===========================================================================
+describe('InMemoryUserStore', () => {
+    let store;
+    beforeEach(() => {
+        store = new memory_1.InMemoryUserStore();
+    });
+    describe('create', () => {
+        it('stores a user', () => {
+            const user = makeUser();
+            store.create(user);
+            expect(store.getById(user.id)).toEqual(user);
+        });
+        it('stores a defensive copy (mutation safety)', () => {
+            const user = makeUser();
+            store.create(user);
+            user.display_name = 'MUTATED';
+            expect(store.getById(user.id)?.display_name).toBe('Alice');
+        });
+    });
+    describe('getById', () => {
+        it('returns undefined for non-existent id', () => {
+            expect(store.getById('missing')).toBeUndefined();
+        });
+        it('returns a copy of the user', () => {
+            const user = makeUser();
+            store.create(user);
+            const a = store.getById(user.id);
+            const b = store.getById(user.id);
+            expect(a).toEqual(b);
+            expect(a).not.toBe(b); // Different object references
+        });
+    });
+    describe('getByEmail', () => {
+        it('returns undefined when no user has that email', () => {
+            expect(store.getByEmail('nobody@example.com')).toBeUndefined();
+        });
+        it('finds a user by email', () => {
+            store.create(makeUser({ id: 'u1', email: 'bob@example.com' }));
+            store.create(makeUser({ id: 'u2', email: 'carol@example.com' }));
+            const found = store.getByEmail('carol@example.com');
+            expect(found?.id).toBe('u2');
+        });
+    });
+    describe('update', () => {
+        it('returns undefined for non-existent id', () => {
+            expect(store.update('missing', { display_name: 'x' })).toBeUndefined();
+        });
+        it('updates specified fields and returns the updated user', () => {
+            store.create(makeUser());
+            const updated = store.update('user-001', {
+                display_name: 'Alice Updated',
+                onboarding_completed: true,
+            });
+            expect(updated?.display_name).toBe('Alice Updated');
+            expect(updated?.onboarding_completed).toBe(true);
+            // Verify persisted
+            expect(store.getById('user-001')?.display_name).toBe('Alice Updated');
+        });
+        it('does not modify fields not included in the update', () => {
+            store.create(makeUser({ avatar_url: 'https://img.example.com/alice.png' }));
+            store.update('user-001', { display_name: 'Bob' });
+            expect(store.getById('user-001')?.avatar_url).toBe('https://img.example.com/alice.png');
+        });
+    });
+    describe('delete', () => {
+        it('returns false for non-existent id', () => {
+            expect(store.delete('missing')).toBe(false);
+        });
+        it('removes the user and returns true', () => {
+            store.create(makeUser());
+            expect(store.delete('user-001')).toBe(true);
+            expect(store.getById('user-001')).toBeUndefined();
+        });
+    });
+    describe('list', () => {
+        it('returns an empty array when no users exist', () => {
+            expect(store.list()).toEqual([]);
+        });
+        it('returns all users', () => {
+            store.create(makeUser({ id: 'u1' }));
+            store.create(makeUser({ id: 'u2' }));
+            store.create(makeUser({ id: 'u3' }));
+            const list = store.list();
+            expect(list).toHaveLength(3);
+            expect(list.map(u => u.id).sort()).toEqual(['u1', 'u2', 'u3']);
+        });
+        it('returns copies (mutation safety)', () => {
+            store.create(makeUser({ id: 'u1' }));
+            const list = store.list();
+            list[0].display_name = 'MUTATED';
+            expect(store.getById('u1')?.display_name).toBe('Alice');
+        });
+    });
+});
+// ===========================================================================
+// InMemoryOAuthAccountStore
+// ===========================================================================
+describe('InMemoryOAuthAccountStore', () => {
+    let store;
+    beforeEach(() => {
+        store = new memory_1.InMemoryOAuthAccountStore();
+    });
+    describe('create', () => {
+        it('stores an OAuth account', () => {
+            const account = makeOAuthAccount();
+            store.create(account);
+            expect(store.getById(account.id)).toEqual(account);
+        });
+        it('stores a defensive copy', () => {
+            const account = makeOAuthAccount();
+            store.create(account);
+            account.provider_email = 'MUTATED';
+            expect(store.getById(account.id)?.provider_email).toBe('alice@gmail.com');
+        });
+    });
+    describe('getById', () => {
+        it('returns undefined for non-existent id', () => {
+            expect(store.getById('missing')).toBeUndefined();
+        });
+        it('returns a copy of the account', () => {
+            store.create(makeOAuthAccount());
+            const a = store.getById('oauth-001');
+            const b = store.getById('oauth-001');
+            expect(a).toEqual(b);
+            expect(a).not.toBe(b);
+        });
+    });
+    describe('getByProvider', () => {
+        it('returns undefined when no match exists', () => {
+            expect(store.getByProvider('google', 'no-match')).toBeUndefined();
+        });
+        it('finds account by provider and provider_user_id', () => {
+            store.create(makeOAuthAccount({ id: 'oa1', provider: 'google', provider_user_id: 'g100' }));
+            store.create(makeOAuthAccount({ id: 'oa2', provider: 'github', provider_user_id: 'gh200' }));
+            const found = store.getByProvider('github', 'gh200');
+            expect(found?.id).toBe('oa2');
+        });
+        it('does not match different provider with same provider_user_id', () => {
+            store.create(makeOAuthAccount({ id: 'oa1', provider: 'google', provider_user_id: 'same-id' }));
+            expect(store.getByProvider('github', 'same-id')).toBeUndefined();
+        });
+    });
+    describe('getByUserId', () => {
+        it('returns empty array when no accounts exist for user', () => {
+            expect(store.getByUserId('missing')).toEqual([]);
+        });
+        it('returns all accounts for a user', () => {
+            store.create(makeOAuthAccount({ id: 'oa1', user_id: 'user-001', provider: 'google' }));
+            store.create(makeOAuthAccount({ id: 'oa2', user_id: 'user-001', provider: 'github' }));
+            store.create(makeOAuthAccount({ id: 'oa3', user_id: 'user-002', provider: 'google' }));
+            const accounts = store.getByUserId('user-001');
+            expect(accounts).toHaveLength(2);
+            expect(accounts.map(a => a.id).sort()).toEqual(['oa1', 'oa2']);
+        });
+    });
+    describe('update', () => {
+        it('returns undefined for non-existent id', () => {
+            expect(store.update('missing', { access_token_encrypted: 'x' })).toBeUndefined();
+        });
+        it('updates the specified fields', () => {
+            store.create(makeOAuthAccount());
+            const newExpiry = new Date(Date.now() + 7200000).toISOString();
+            const updated = store.update('oauth-001', {
+                access_token_encrypted: 'new-enc-token',
+                token_expires_at: newExpiry,
+            });
+            expect(updated?.access_token_encrypted).toBe('new-enc-token');
+            expect(updated?.token_expires_at).toBe(newExpiry);
+        });
+    });
+    describe('delete', () => {
+        it('returns false for non-existent id', () => {
+            expect(store.delete('missing')).toBe(false);
+        });
+        it('removes account and returns true', () => {
+            store.create(makeOAuthAccount());
+            expect(store.delete('oauth-001')).toBe(true);
+            expect(store.getById('oauth-001')).toBeUndefined();
+        });
+    });
+});
+// ===========================================================================
+// InMemoryWorkspaceStore
+// ===========================================================================
+describe('InMemoryWorkspaceStore', () => {
+    let store;
+    beforeEach(() => {
+        store = new memory_1.InMemoryWorkspaceStore();
+    });
+    describe('create', () => {
+        it('stores a workspace', () => {
+            const ws = makeWorkspace();
+            store.create(ws);
+            expect(store.getById(ws.id)).toEqual(ws);
+        });
+        it('stores a defensive copy', () => {
+            const ws = makeWorkspace();
+            store.create(ws);
+            ws.name = 'MUTATED';
+            expect(store.getById(ws.id)?.name).toBe('Acme Corp');
+        });
+    });
+    describe('getById', () => {
+        it('returns undefined for non-existent id', () => {
+            expect(store.getById('missing')).toBeUndefined();
+        });
+        it('returns a copy', () => {
+            store.create(makeWorkspace());
+            const a = store.getById('ws-001');
+            const b = store.getById('ws-001');
+            expect(a).not.toBe(b);
+            expect(a).toEqual(b);
+        });
+    });
+    describe('getBySlug', () => {
+        it('returns undefined when no workspace has that slug', () => {
+            expect(store.getBySlug('no-slug')).toBeUndefined();
+        });
+        it('finds workspace by slug', () => {
+            store.create(makeWorkspace({ id: 'ws-1', slug: 'alpha' }));
+            store.create(makeWorkspace({ id: 'ws-2', slug: 'beta' }));
+            expect(store.getBySlug('beta')?.id).toBe('ws-2');
+        });
+    });
+    describe('getByOwner', () => {
+        it('returns empty array when owner has no workspaces', () => {
+            expect(store.getByOwner('nobody')).toEqual([]);
+        });
+        it('returns all workspaces owned by the user', () => {
+            store.create(makeWorkspace({ id: 'ws-1', owner_user_id: 'user-001' }));
+            store.create(makeWorkspace({ id: 'ws-2', owner_user_id: 'user-001', slug: 'ws2' }));
+            store.create(makeWorkspace({ id: 'ws-3', owner_user_id: 'user-002', slug: 'ws3' }));
+            const owned = store.getByOwner('user-001');
+            expect(owned).toHaveLength(2);
+            expect(owned.map(w => w.id).sort()).toEqual(['ws-1', 'ws-2']);
+        });
+    });
+    describe('update', () => {
+        it('returns undefined for non-existent id', () => {
+            expect(store.update('missing', { name: 'x' })).toBeUndefined();
+        });
+        it('updates specified fields', () => {
+            store.create(makeWorkspace());
+            const updated = store.update('ws-001', { name: 'Acme Inc', plan: 'pro' });
+            expect(updated?.name).toBe('Acme Inc');
+            expect(updated?.plan).toBe('pro');
+            expect(store.getById('ws-001')?.name).toBe('Acme Inc');
+        });
+    });
+    describe('delete', () => {
+        it('returns false for non-existent id', () => {
+            expect(store.delete('missing')).toBe(false);
+        });
+        it('removes workspace and returns true', () => {
+            store.create(makeWorkspace());
+            expect(store.delete('ws-001')).toBe(true);
+            expect(store.getById('ws-001')).toBeUndefined();
+        });
+    });
+    describe('list', () => {
+        it('returns empty array when no workspaces exist', () => {
+            expect(store.list()).toEqual([]);
+        });
+        it('returns all workspaces', () => {
+            store.create(makeWorkspace({ id: 'ws-1', slug: 'a' }));
+            store.create(makeWorkspace({ id: 'ws-2', slug: 'b' }));
+            expect(store.list()).toHaveLength(2);
+        });
+        it('returns copies (mutation safety)', () => {
+            store.create(makeWorkspace({ id: 'ws-1' }));
+            const list = store.list();
+            list[0].name = 'MUTATED';
+            expect(store.getById('ws-1')?.name).toBe('Acme Corp');
+        });
+    });
+});
+// ===========================================================================
+// InMemoryWorkspaceMemberStore
+// ===========================================================================
+describe('InMemoryWorkspaceMemberStore', () => {
+    let store;
+    beforeEach(() => {
+        store = new memory_1.InMemoryWorkspaceMemberStore();
+    });
+    describe('create', () => {
+        it('stores a member', () => {
+            const member = makeMember();
+            store.create(member);
+            expect(store.getById(member.id)).toEqual(member);
+        });
+        it('stores a defensive copy', () => {
+            const member = makeMember();
+            store.create(member);
+            member.role = 'viewer';
+            expect(store.getById(member.id)?.role).toBe('owner');
+        });
+    });
+    describe('getById', () => {
+        it('returns undefined for non-existent id', () => {
+            expect(store.getById('missing')).toBeUndefined();
+        });
+        it('returns a copy', () => {
+            store.create(makeMember());
+            const a = store.getById('mem-001');
+            const b = store.getById('mem-001');
+            expect(a).toEqual(b);
+            expect(a).not.toBe(b);
+        });
+    });
+    describe('getByWorkspace', () => {
+        it('returns empty array for workspace with no members', () => {
+            expect(store.getByWorkspace('ws-empty')).toEqual([]);
+        });
+        it('returns all members of a workspace', () => {
+            store.create(makeMember({ id: 'm1', workspace_id: 'ws-1', user_id: 'u1' }));
+            store.create(makeMember({ id: 'm2', workspace_id: 'ws-1', user_id: 'u2' }));
+            store.create(makeMember({ id: 'm3', workspace_id: 'ws-2', user_id: 'u3' }));
+            const members = store.getByWorkspace('ws-1');
+            expect(members).toHaveLength(2);
+            expect(members.map(m => m.id).sort()).toEqual(['m1', 'm2']);
+        });
+    });
+    describe('getByUser', () => {
+        it('returns empty array when user has no memberships', () => {
+            expect(store.getByUser('no-user')).toEqual([]);
+        });
+        it('returns all memberships for a user', () => {
+            store.create(makeMember({ id: 'm1', workspace_id: 'ws-1', user_id: 'u1' }));
+            store.create(makeMember({ id: 'm2', workspace_id: 'ws-2', user_id: 'u1' }));
+            store.create(makeMember({ id: 'm3', workspace_id: 'ws-3', user_id: 'u2' }));
+            const memberships = store.getByUser('u1');
+            expect(memberships).toHaveLength(2);
+        });
+    });
+    describe('getByWorkspaceAndUser', () => {
+        it('returns undefined when no membership exists for that combination', () => {
+            store.create(makeMember({ id: 'm1', workspace_id: 'ws-1', user_id: 'u1' }));
+            expect(store.getByWorkspaceAndUser('ws-1', 'u2')).toBeUndefined();
+            expect(store.getByWorkspaceAndUser('ws-2', 'u1')).toBeUndefined();
+        });
+        it('finds the specific membership', () => {
+            store.create(makeMember({ id: 'm1', workspace_id: 'ws-1', user_id: 'u1', role: 'owner' }));
+            store.create(makeMember({ id: 'm2', workspace_id: 'ws-1', user_id: 'u2', role: 'member' }));
+            const found = store.getByWorkspaceAndUser('ws-1', 'u2');
+            expect(found?.id).toBe('m2');
+            expect(found?.role).toBe('member');
+        });
+    });
+    describe('update', () => {
+        it('returns undefined for non-existent id', () => {
+            expect(store.update('missing', { role: 'admin' })).toBeUndefined();
+        });
+        it('updates the role and returns updated member', () => {
+            store.create(makeMember({ id: 'm1', role: 'member' }));
+            const updated = store.update('m1', { role: 'admin' });
+            expect(updated?.role).toBe('admin');
+            expect(store.getById('m1')?.role).toBe('admin');
+        });
+    });
+    describe('delete', () => {
+        it('returns false for non-existent id', () => {
+            expect(store.delete('missing')).toBe(false);
+        });
+        it('removes member and returns true', () => {
+            store.create(makeMember());
+            expect(store.delete('mem-001')).toBe(true);
+            expect(store.getById('mem-001')).toBeUndefined();
+        });
+    });
+});
+// ===========================================================================
+// InMemorySessionStore
+// ===========================================================================
+describe('InMemorySessionStore', () => {
+    let store;
+    beforeEach(() => {
+        store = new memory_1.InMemorySessionStore();
+    });
+    describe('create', () => {
+        it('stores a session', () => {
+            const session = makeSession();
+            store.create(session);
+            expect(store.getById(session.id)).toEqual(session);
+        });
+        it('stores a defensive copy', () => {
+            const session = makeSession();
+            store.create(session);
+            session.user_id = 'MUTATED';
+            expect(store.getById(session.id)?.user_id).toBe('user-001');
+        });
+    });
+    describe('getById', () => {
+        it('returns undefined for non-existent id', () => {
+            expect(store.getById('missing')).toBeUndefined();
+        });
+        it('returns a valid (non-expired) session', () => {
+            store.create(makeSession());
+            const found = store.getById('sess-001');
+            expect(found?.user_id).toBe('user-001');
+        });
+        it('returns undefined and removes an expired session', () => {
+            store.create(makeSession({
+                id: 'expired-sess',
+                expires_at: new Date(Date.now() - 1000).toISOString(),
+            }));
+            expect(store.getById('expired-sess')).toBeUndefined();
+            // Verify it was actually deleted from the store
+            // Create a new session with same id to check
+            store.create(makeSession({ id: 'expired-sess' }));
+            expect(store.getById('expired-sess')).toBeDefined();
+        });
+        it('returns a copy (mutation safety)', () => {
+            store.create(makeSession());
+            const a = store.getById('sess-001');
+            const b = store.getById('sess-001');
+            expect(a).toEqual(b);
+            expect(a).not.toBe(b);
+        });
+    });
+    describe('getByUserId', () => {
+        it('returns empty array when user has no sessions', () => {
+            expect(store.getByUserId('no-user')).toEqual([]);
+        });
+        it('returns only non-expired sessions for the user', () => {
+            store.create(makeSession({ id: 's1', user_id: 'u1' }));
+            store.create(makeSession({ id: 's2', user_id: 'u1' }));
+            store.create(makeSession({
+                id: 's3',
+                user_id: 'u1',
+                expires_at: new Date(Date.now() - 1000).toISOString(),
+            }));
+            store.create(makeSession({ id: 's4', user_id: 'u2' }));
+            const sessions = store.getByUserId('u1');
+            expect(sessions).toHaveLength(2);
+            expect(sessions.map(s => s.id).sort()).toEqual(['s1', 's2']);
+        });
+    });
+    describe('update', () => {
+        it('returns undefined for non-existent session', () => {
+            expect(store.update('missing', { workspace_id: 'ws-1' })).toBeUndefined();
+        });
+        it('updates workspace_id', () => {
+            store.create(makeSession());
+            const updated = store.update('sess-001', { workspace_id: 'ws-999' });
+            expect(updated?.workspace_id).toBe('ws-999');
+        });
+        it('updates last_active_at', () => {
+            store.create(makeSession());
+            const newTime = new Date().toISOString();
+            const updated = store.update('sess-001', { last_active_at: newTime });
+            expect(updated?.last_active_at).toBe(newTime);
+        });
+    });
+    describe('delete', () => {
+        it('returns false for non-existent session', () => {
+            expect(store.delete('missing')).toBe(false);
+        });
+        it('removes the session and returns true', () => {
+            store.create(makeSession());
+            expect(store.delete('sess-001')).toBe(true);
+            expect(store.getById('sess-001')).toBeUndefined();
+        });
+    });
+    describe('deleteExpired', () => {
+        it('returns 0 when no sessions are expired', () => {
+            store.create(makeSession({ id: 's1' }));
+            store.create(makeSession({ id: 's2' }));
+            expect(store.deleteExpired()).toBe(0);
+        });
+        it('deletes all expired sessions and returns the count', () => {
+            store.create(makeSession({ id: 's1' })); // valid
+            store.create(makeSession({
+                id: 's2',
+                expires_at: new Date(Date.now() - 1000).toISOString(),
+            }));
+            store.create(makeSession({
+                id: 's3',
+                expires_at: new Date(Date.now() - 5000).toISOString(),
+            }));
+            const deleted = store.deleteExpired();
+            expect(deleted).toBe(2);
+            // Verify valid session still exists
+            expect(store.getById('s1')).toBeDefined();
+        });
+    });
+    describe('deleteByUserId', () => {
+        it('returns 0 when user has no sessions', () => {
+            expect(store.deleteByUserId('no-user')).toBe(0);
+        });
+        it('deletes all sessions for the user and returns count', () => {
+            store.create(makeSession({ id: 's1', user_id: 'u1' }));
+            store.create(makeSession({ id: 's2', user_id: 'u1' }));
+            store.create(makeSession({ id: 's3', user_id: 'u2' }));
+            const deleted = store.deleteByUserId('u1');
+            expect(deleted).toBe(2);
+            // Verify other user's session still exists
+            expect(store.getById('s3')).toBeDefined();
+        });
+    });
+});
+// ===========================================================================
+// InMemoryUserApiKeyStore
+// ===========================================================================
+describe('InMemoryUserApiKeyStore', () => {
+    let store;
+    beforeEach(() => {
+        store = new memory_1.InMemoryUserApiKeyStore();
+    });
+    describe('create', () => {
+        it('stores an API key', () => {
+            const key = makeApiKey();
+            store.create(key);
+            expect(store.getById(key.id)).toEqual(key);
+        });
+        it('stores a defensive copy', () => {
+            const key = makeApiKey();
+            store.create(key);
+            key.name = 'MUTATED';
+            expect(store.getById(key.id)?.name).toBe('My Key');
+        });
+    });
+    describe('getById', () => {
+        it('returns undefined for non-existent id', () => {
+            expect(store.getById('missing')).toBeUndefined();
+        });
+        it('returns a copy', () => {
+            store.create(makeApiKey());
+            const a = store.getById('key-001');
+            const b = store.getById('key-001');
+            expect(a).toEqual(b);
+            expect(a).not.toBe(b);
+        });
+    });
+    describe('getByKeyHash', () => {
+        it('returns undefined when no key has that hash', () => {
+            expect(store.getByKeyHash('no-hash')).toBeUndefined();
+        });
+        it('finds a key by its hash', () => {
+            store.create(makeApiKey({ id: 'k1', key_hash: 'hash-aaa' }));
+            store.create(makeApiKey({ id: 'k2', key_hash: 'hash-bbb' }));
+            const found = store.getByKeyHash('hash-bbb');
+            expect(found?.id).toBe('k2');
+        });
+    });
+    describe('getByWorkspace', () => {
+        it('returns empty array for workspace with no keys', () => {
+            expect(store.getByWorkspace('ws-empty')).toEqual([]);
+        });
+        it('returns all keys for a workspace', () => {
+            store.create(makeApiKey({ id: 'k1', workspace_id: 'ws-1', key_hash: 'h1' }));
+            store.create(makeApiKey({ id: 'k2', workspace_id: 'ws-1', key_hash: 'h2' }));
+            store.create(makeApiKey({ id: 'k3', workspace_id: 'ws-2', key_hash: 'h3' }));
+            const keys = store.getByWorkspace('ws-1');
+            expect(keys).toHaveLength(2);
+            expect(keys.map(k => k.id).sort()).toEqual(['k1', 'k2']);
+        });
+    });
+    describe('getByUser', () => {
+        it('returns empty array for user with no keys', () => {
+            expect(store.getByUser('no-user')).toEqual([]);
+        });
+        it('returns all keys for a user', () => {
+            store.create(makeApiKey({ id: 'k1', user_id: 'u1', key_hash: 'h1' }));
+            store.create(makeApiKey({ id: 'k2', user_id: 'u1', key_hash: 'h2' }));
+            store.create(makeApiKey({ id: 'k3', user_id: 'u2', key_hash: 'h3' }));
+            const keys = store.getByUser('u1');
+            expect(keys).toHaveLength(2);
+            expect(keys.map(k => k.id).sort()).toEqual(['k1', 'k2']);
+        });
+    });
+    describe('update', () => {
+        it('returns undefined for non-existent id', () => {
+            expect(store.update('missing', { revoked: true })).toBeUndefined();
+        });
+        it('updates specified fields', () => {
+            store.create(makeApiKey());
+            const updated = store.update('key-001', {
+                name: 'Renamed Key',
+                revoked: true,
+                last_used_at: new Date().toISOString(),
+            });
+            expect(updated?.name).toBe('Renamed Key');
+            expect(updated?.revoked).toBe(true);
+            expect(updated?.last_used_at).toBeDefined();
+        });
+        it('updates roles array', () => {
+            store.create(makeApiKey());
+            const updated = store.update('key-001', { roles: ['admin', 'agent'] });
+            expect(updated?.roles).toEqual(['admin', 'agent']);
+        });
+    });
+    describe('delete', () => {
+        it('returns false for non-existent id', () => {
+            expect(store.delete('missing')).toBe(false);
+        });
+        it('removes the key and returns true', () => {
+            store.create(makeApiKey());
+            expect(store.delete('key-001')).toBe(true);
+            expect(store.getById('key-001')).toBeUndefined();
+        });
+    });
+});
+//# sourceMappingURL=user-stores.test.js.map