npm - palaryn - Versions diffs - 0.1.0 - Mend

palaryn 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (607) hide show

package/LICENSE +21 -0
package/README.md +716 -0
package/dist/sdk/typescript/src/client.d.ts +71 -0
package/dist/sdk/typescript/src/client.d.ts.map +1 -0
package/dist/sdk/typescript/src/client.js +176 -0
package/dist/sdk/typescript/src/client.js.map +1 -0
package/dist/sdk/typescript/src/errors.d.ts +50 -0
package/dist/sdk/typescript/src/errors.d.ts.map +1 -0
package/dist/sdk/typescript/src/errors.js +103 -0
package/dist/sdk/typescript/src/errors.js.map +1 -0
package/dist/sdk/typescript/src/index.d.ts +4 -0
package/dist/sdk/typescript/src/index.d.ts.map +1 -0
package/dist/sdk/typescript/src/index.js +15 -0
package/dist/sdk/typescript/src/index.js.map +1 -0
package/dist/sdk/typescript/src/types.d.ts +101 -0
package/dist/sdk/typescript/src/types.d.ts.map +1 -0
package/dist/sdk/typescript/src/types.js +6 -0
package/dist/sdk/typescript/src/types.js.map +1 -0
package/dist/src/admin/index.d.ts +2 -0
package/dist/src/admin/index.d.ts.map +1 -0
package/dist/src/admin/index.js +6 -0
package/dist/src/admin/index.js.map +1 -0
package/dist/src/admin/routes.d.ts +5 -0
package/dist/src/admin/routes.d.ts.map +1 -0
package/dist/src/admin/routes.js +471 -0
package/dist/src/admin/routes.js.map +1 -0
package/dist/src/admin/templates.d.ts +51 -0
package/dist/src/admin/templates.d.ts.map +1 -0
package/dist/src/admin/templates.js +500 -0
package/dist/src/admin/templates.js.map +1 -0
package/dist/src/anomaly/detector.d.ts +141 -0
package/dist/src/anomaly/detector.d.ts.map +1 -0
package/dist/src/anomaly/detector.js +554 -0
package/dist/src/anomaly/detector.js.map +1 -0
package/dist/src/anomaly/index.d.ts +2 -0
package/dist/src/anomaly/index.d.ts.map +1 -0
package/dist/src/anomaly/index.js +7 -0
package/dist/src/anomaly/index.js.map +1 -0
package/dist/src/approval/manager.d.ts +147 -0
package/dist/src/approval/manager.d.ts.map +1 -0
package/dist/src/approval/manager.js +511 -0
package/dist/src/approval/manager.js.map +1 -0
package/dist/src/approval/webhook.d.ts +36 -0
package/dist/src/approval/webhook.d.ts.map +1 -0
package/dist/src/approval/webhook.js +135 -0
package/dist/src/approval/webhook.js.map +1 -0
package/dist/src/audit/logger.d.ts +70 -0
package/dist/src/audit/logger.d.ts.map +1 -0
package/dist/src/audit/logger.js +440 -0
package/dist/src/audit/logger.js.map +1 -0
package/dist/src/auth/index.d.ts +6 -0
package/dist/src/auth/index.d.ts.map +1 -0
package/dist/src/auth/index.js +22 -0
package/dist/src/auth/index.js.map +1 -0
package/dist/src/auth/password.d.ts +3 -0
package/dist/src/auth/password.d.ts.map +1 -0
package/dist/src/auth/password.js +25 -0
package/dist/src/auth/password.js.map +1 -0
package/dist/src/auth/pkce.d.ts +13 -0
package/dist/src/auth/pkce.d.ts.map +1 -0
package/dist/src/auth/pkce.js +58 -0
package/dist/src/auth/pkce.js.map +1 -0
package/dist/src/auth/providers.d.ts +28 -0
package/dist/src/auth/providers.d.ts.map +1 -0
package/dist/src/auth/providers.js +198 -0
package/dist/src/auth/providers.js.map +1 -0
package/dist/src/auth/routes.d.ts +14 -0
package/dist/src/auth/routes.d.ts.map +1 -0
package/dist/src/auth/routes.js +431 -0
package/dist/src/auth/routes.js.map +1 -0
package/dist/src/auth/session.d.ts +24 -0
package/dist/src/auth/session.d.ts.map +1 -0
package/dist/src/auth/session.js +105 -0
package/dist/src/auth/session.js.map +1 -0
package/dist/src/billing/index.d.ts +7 -0
package/dist/src/billing/index.d.ts.map +1 -0
package/dist/src/billing/index.js +14 -0
package/dist/src/billing/index.js.map +1 -0
package/dist/src/billing/plan-enforcer.d.ts +44 -0
package/dist/src/billing/plan-enforcer.d.ts.map +1 -0
package/dist/src/billing/plan-enforcer.js +110 -0
package/dist/src/billing/plan-enforcer.js.map +1 -0
package/dist/src/billing/routes.d.ts +15 -0
package/dist/src/billing/routes.d.ts.map +1 -0
package/dist/src/billing/routes.js +193 -0
package/dist/src/billing/routes.js.map +1 -0
package/dist/src/billing/stripe-client.d.ts +14 -0
package/dist/src/billing/stripe-client.d.ts.map +1 -0
package/dist/src/billing/stripe-client.js +51 -0
package/dist/src/billing/stripe-client.js.map +1 -0
package/dist/src/billing/webhook-handler.d.ts +19 -0
package/dist/src/billing/webhook-handler.d.ts.map +1 -0
package/dist/src/billing/webhook-handler.js +169 -0
package/dist/src/billing/webhook-handler.js.map +1 -0
package/dist/src/billing/webhook-routes.d.ts +5 -0
package/dist/src/billing/webhook-routes.d.ts.map +1 -0
package/dist/src/billing/webhook-routes.js +30 -0
package/dist/src/billing/webhook-routes.js.map +1 -0
package/dist/src/budget/manager.d.ts +95 -0
package/dist/src/budget/manager.d.ts.map +1 -0
package/dist/src/budget/manager.js +547 -0
package/dist/src/budget/manager.js.map +1 -0
package/dist/src/budget/usage-extractor.d.ts +38 -0
package/dist/src/budget/usage-extractor.d.ts.map +1 -0
package/dist/src/budget/usage-extractor.js +165 -0
package/dist/src/budget/usage-extractor.js.map +1 -0
package/dist/src/cli.d.ts +3 -0
package/dist/src/cli.d.ts.map +1 -0
package/dist/src/cli.js +115 -0
package/dist/src/cli.js.map +1 -0
package/dist/src/config/defaults.d.ts +3 -0
package/dist/src/config/defaults.d.ts.map +1 -0
package/dist/src/config/defaults.js +243 -0
package/dist/src/config/defaults.js.map +1 -0
package/dist/src/config/validate.d.ts +15 -0
package/dist/src/config/validate.d.ts.map +1 -0
package/dist/src/config/validate.js +105 -0
package/dist/src/config/validate.js.map +1 -0
package/dist/src/dlp/composite-scanner.d.ts +47 -0
package/dist/src/dlp/composite-scanner.d.ts.map +1 -0
package/dist/src/dlp/composite-scanner.js +186 -0
package/dist/src/dlp/composite-scanner.js.map +1 -0
package/dist/src/dlp/index.d.ts +10 -0
package/dist/src/dlp/index.d.ts.map +1 -0
package/dist/src/dlp/index.js +26 -0
package/dist/src/dlp/index.js.map +1 -0
package/dist/src/dlp/interfaces.d.ts +33 -0
package/dist/src/dlp/interfaces.d.ts.map +1 -0
package/dist/src/dlp/interfaces.js +3 -0
package/dist/src/dlp/interfaces.js.map +1 -0
package/dist/src/dlp/patterns.d.ts +9 -0
package/dist/src/dlp/patterns.d.ts.map +1 -0
package/dist/src/dlp/patterns.js +25 -0
package/dist/src/dlp/patterns.js.map +1 -0
package/dist/src/dlp/prompt-injection-backend.d.ts +68 -0
package/dist/src/dlp/prompt-injection-backend.d.ts.map +1 -0
package/dist/src/dlp/prompt-injection-backend.js +148 -0
package/dist/src/dlp/prompt-injection-backend.js.map +1 -0
package/dist/src/dlp/prompt-injection-patterns.d.ts +32 -0
package/dist/src/dlp/prompt-injection-patterns.d.ts.map +1 -0
package/dist/src/dlp/prompt-injection-patterns.js +290 -0
package/dist/src/dlp/prompt-injection-patterns.js.map +1 -0
package/dist/src/dlp/regex-backend.d.ts +32 -0
package/dist/src/dlp/regex-backend.d.ts.map +1 -0
package/dist/src/dlp/regex-backend.js +153 -0
package/dist/src/dlp/regex-backend.js.map +1 -0
package/dist/src/dlp/scanner.d.ts +122 -0
package/dist/src/dlp/scanner.d.ts.map +1 -0
package/dist/src/dlp/scanner.js +444 -0
package/dist/src/dlp/scanner.js.map +1 -0
package/dist/src/dlp/text-normalizer.d.ts +41 -0
package/dist/src/dlp/text-normalizer.d.ts.map +1 -0
package/dist/src/dlp/text-normalizer.js +203 -0
package/dist/src/dlp/text-normalizer.js.map +1 -0
package/dist/src/dlp/trufflehog-backend.d.ts +64 -0
package/dist/src/dlp/trufflehog-backend.d.ts.map +1 -0
package/dist/src/dlp/trufflehog-backend.js +151 -0
package/dist/src/dlp/trufflehog-backend.js.map +1 -0
package/dist/src/executor/http-executor.d.ts +25 -0
package/dist/src/executor/http-executor.d.ts.map +1 -0
package/dist/src/executor/http-executor.js +333 -0
package/dist/src/executor/http-executor.js.map +1 -0
package/dist/src/executor/index.d.ts +6 -0
package/dist/src/executor/index.d.ts.map +1 -0
package/dist/src/executor/index.js +12 -0
package/dist/src/executor/index.js.map +1 -0
package/dist/src/executor/interfaces.d.ts +11 -0
package/dist/src/executor/interfaces.d.ts.map +1 -0
package/dist/src/executor/interfaces.js +3 -0
package/dist/src/executor/interfaces.js.map +1 -0
package/dist/src/executor/noop-executor.d.ts +13 -0
package/dist/src/executor/noop-executor.d.ts.map +1 -0
package/dist/src/executor/noop-executor.js +21 -0
package/dist/src/executor/noop-executor.js.map +1 -0
package/dist/src/executor/registry.d.ts +30 -0
package/dist/src/executor/registry.d.ts.map +1 -0
package/dist/src/executor/registry.js +62 -0
package/dist/src/executor/registry.js.map +1 -0
package/dist/src/executor/slack-executor.d.ts +24 -0
package/dist/src/executor/slack-executor.d.ts.map +1 -0
package/dist/src/executor/slack-executor.js +147 -0
package/dist/src/executor/slack-executor.js.map +1 -0
package/dist/src/index.d.ts +25 -0
package/dist/src/index.d.ts.map +1 -0
package/dist/src/index.js +74 -0
package/dist/src/index.js.map +1 -0
package/dist/src/mcp/auth-verifier.d.ts +23 -0
package/dist/src/mcp/auth-verifier.d.ts.map +1 -0
package/dist/src/mcp/auth-verifier.js +162 -0
package/dist/src/mcp/auth-verifier.js.map +1 -0
package/dist/src/mcp/bridge.d.ts +132 -0
package/dist/src/mcp/bridge.d.ts.map +1 -0
package/dist/src/mcp/bridge.js +734 -0
package/dist/src/mcp/bridge.js.map +1 -0
package/dist/src/mcp/http-transport.d.ts +32 -0
package/dist/src/mcp/http-transport.d.ts.map +1 -0
package/dist/src/mcp/http-transport.js +538 -0
package/dist/src/mcp/http-transport.js.map +1 -0
package/dist/src/mcp/index.d.ts +10 -0
package/dist/src/mcp/index.d.ts.map +1 -0
package/dist/src/mcp/index.js +17 -0
package/dist/src/mcp/index.js.map +1 -0
package/dist/src/mcp/oauth-pages.d.ts +23 -0
package/dist/src/mcp/oauth-pages.d.ts.map +1 -0
package/dist/src/mcp/oauth-pages.js +121 -0
package/dist/src/mcp/oauth-pages.js.map +1 -0
package/dist/src/mcp/oauth-postgres-stores.d.ts +55 -0
package/dist/src/mcp/oauth-postgres-stores.d.ts.map +1 -0
package/dist/src/mcp/oauth-postgres-stores.js +226 -0
package/dist/src/mcp/oauth-postgres-stores.js.map +1 -0
package/dist/src/mcp/oauth-provider.d.ts +95 -0
package/dist/src/mcp/oauth-provider.d.ts.map +1 -0
package/dist/src/mcp/oauth-provider.js +360 -0
package/dist/src/mcp/oauth-provider.js.map +1 -0
package/dist/src/mcp/oauth-stores.d.ts +62 -0
package/dist/src/mcp/oauth-stores.d.ts.map +1 -0
package/dist/src/mcp/oauth-stores.js +154 -0
package/dist/src/mcp/oauth-stores.js.map +1 -0
package/dist/src/mcp/server.d.ts +18 -0
package/dist/src/mcp/server.d.ts.map +1 -0
package/dist/src/mcp/server.js +51 -0
package/dist/src/mcp/server.js.map +1 -0
package/dist/src/metrics/collector.d.ts +106 -0
package/dist/src/metrics/collector.d.ts.map +1 -0
package/dist/src/metrics/collector.js +311 -0
package/dist/src/metrics/collector.js.map +1 -0
package/dist/src/metrics/index.d.ts +2 -0
package/dist/src/metrics/index.d.ts.map +1 -0
package/dist/src/metrics/index.js +6 -0
package/dist/src/metrics/index.js.map +1 -0
package/dist/src/middleware/auth.d.ts +77 -0
package/dist/src/middleware/auth.d.ts.map +1 -0
package/dist/src/middleware/auth.js +720 -0
package/dist/src/middleware/auth.js.map +1 -0
package/dist/src/middleware/session.d.ts +18 -0
package/dist/src/middleware/session.d.ts.map +1 -0
package/dist/src/middleware/session.js +67 -0
package/dist/src/middleware/session.js.map +1 -0
package/dist/src/middleware/validate.d.ts +3 -0
package/dist/src/middleware/validate.d.ts.map +1 -0
package/dist/src/middleware/validate.js +85 -0
package/dist/src/middleware/validate.js.map +1 -0
package/dist/src/policy/engine.d.ts +107 -0
package/dist/src/policy/engine.d.ts.map +1 -0
package/dist/src/policy/engine.js +646 -0
package/dist/src/policy/engine.js.map +1 -0
package/dist/src/policy/index.d.ts +3 -0
package/dist/src/policy/index.d.ts.map +1 -0
package/dist/src/policy/index.js +8 -0
package/dist/src/policy/index.js.map +1 -0
package/dist/src/policy/opa-engine.d.ts +176 -0
package/dist/src/policy/opa-engine.d.ts.map +1 -0
package/dist/src/policy/opa-engine.js +790 -0
package/dist/src/policy/opa-engine.js.map +1 -0
package/dist/src/proxy/forward-proxy.d.ts +30 -0
package/dist/src/proxy/forward-proxy.d.ts.map +1 -0
package/dist/src/proxy/forward-proxy.js +580 -0
package/dist/src/proxy/forward-proxy.js.map +1 -0
package/dist/src/proxy/index.d.ts +2 -0
package/dist/src/proxy/index.d.ts.map +1 -0
package/dist/src/proxy/index.js +8 -0
package/dist/src/proxy/index.js.map +1 -0
package/dist/src/ratelimit/limiter.d.ts +45 -0
package/dist/src/ratelimit/limiter.d.ts.map +1 -0
package/dist/src/ratelimit/limiter.js +158 -0
package/dist/src/ratelimit/limiter.js.map +1 -0
package/dist/src/replay/engine.d.ts +40 -0
package/dist/src/replay/engine.d.ts.map +1 -0
package/dist/src/replay/engine.js +106 -0
package/dist/src/replay/engine.js.map +1 -0
package/dist/src/replay/index.d.ts +2 -0
package/dist/src/replay/index.d.ts.map +1 -0
package/dist/src/replay/index.js +6 -0
package/dist/src/replay/index.js.map +1 -0
package/dist/src/saas/index.d.ts +2 -0
package/dist/src/saas/index.d.ts.map +1 -0
package/dist/src/saas/index.js +18 -0
package/dist/src/saas/index.js.map +1 -0
package/dist/src/saas/routes.d.ts +18 -0
package/dist/src/saas/routes.d.ts.map +1 -0
package/dist/src/saas/routes.js +1566 -0
package/dist/src/saas/routes.js.map +1 -0
package/dist/src/server/app.d.ts +44 -0
package/dist/src/server/app.d.ts.map +1 -0
package/dist/src/server/app.js +854 -0
package/dist/src/server/app.js.map +1 -0
package/dist/src/server/errors.d.ts +32 -0
package/dist/src/server/errors.d.ts.map +1 -0
package/dist/src/server/errors.js +39 -0
package/dist/src/server/errors.js.map +1 -0
package/dist/src/server/gateway.d.ts +165 -0
package/dist/src/server/gateway.d.ts.map +1 -0
package/dist/src/server/gateway.js +964 -0
package/dist/src/server/gateway.js.map +1 -0
package/dist/src/server/index.d.ts +2 -0
package/dist/src/server/index.d.ts.map +1 -0
package/dist/src/server/index.js +295 -0
package/dist/src/server/index.js.map +1 -0
package/dist/src/server/logger.d.ts +33 -0
package/dist/src/server/logger.d.ts.map +1 -0
package/dist/src/server/logger.js +230 -0
package/dist/src/server/logger.js.map +1 -0
package/dist/src/server/stream-proxy.d.ts +32 -0
package/dist/src/server/stream-proxy.d.ts.map +1 -0
package/dist/src/server/stream-proxy.js +184 -0
package/dist/src/server/stream-proxy.js.map +1 -0
package/dist/src/storage/file-persistence.d.ts +48 -0
package/dist/src/storage/file-persistence.d.ts.map +1 -0
package/dist/src/storage/file-persistence.js +280 -0
package/dist/src/storage/file-persistence.js.map +1 -0
package/dist/src/storage/index.d.ts +5 -0
package/dist/src/storage/index.d.ts.map +1 -0
package/dist/src/storage/index.js +21 -0
package/dist/src/storage/index.js.map +1 -0
package/dist/src/storage/interfaces.d.ts +237 -0
package/dist/src/storage/interfaces.d.ts.map +1 -0
package/dist/src/storage/interfaces.js +3 -0
package/dist/src/storage/interfaces.js.map +1 -0
package/dist/src/storage/memory.d.ts +162 -0
package/dist/src/storage/memory.d.ts.map +1 -0
package/dist/src/storage/memory.js +603 -0
package/dist/src/storage/memory.js.map +1 -0
package/dist/src/storage/postgres.d.ts +267 -0
package/dist/src/storage/postgres.d.ts.map +1 -0
package/dist/src/storage/postgres.js +1555 -0
package/dist/src/storage/postgres.js.map +1 -0
package/dist/src/storage/redis.d.ts +202 -0
package/dist/src/storage/redis.d.ts.map +1 -0
package/dist/src/storage/redis.js +629 -0
package/dist/src/storage/redis.js.map +1 -0
package/dist/src/tracing/index.d.ts +2 -0
package/dist/src/tracing/index.d.ts.map +1 -0
package/dist/src/tracing/index.js +6 -0
package/dist/src/tracing/index.js.map +1 -0
package/dist/src/tracing/provider.d.ts +43 -0
package/dist/src/tracing/provider.d.ts.map +1 -0
package/dist/src/tracing/provider.js +74 -0
package/dist/src/tracing/provider.js.map +1 -0
package/dist/src/trust/calculator.d.ts +54 -0
package/dist/src/trust/calculator.d.ts.map +1 -0
package/dist/src/trust/calculator.js +102 -0
package/dist/src/trust/calculator.js.map +1 -0
package/dist/src/trust/index.d.ts +2 -0
package/dist/src/trust/index.d.ts.map +1 -0
package/dist/src/trust/index.js +7 -0
package/dist/src/trust/index.js.map +1 -0
package/dist/src/types/budget.d.ts +30 -0
package/dist/src/types/budget.d.ts.map +1 -0
package/dist/src/types/budget.js +3 -0
package/dist/src/types/budget.js.map +1 -0
package/dist/src/types/config.d.ts +176 -0
package/dist/src/types/config.d.ts.map +1 -0
package/dist/src/types/config.js +3 -0
package/dist/src/types/config.js.map +1 -0
package/dist/src/types/events.d.ts +24 -0
package/dist/src/types/events.d.ts.map +1 -0
package/dist/src/types/events.js +3 -0
package/dist/src/types/events.js.map +1 -0
package/dist/src/types/index.d.ts +8 -0
package/dist/src/types/index.d.ts.map +1 -0
package/dist/src/types/index.js +24 -0
package/dist/src/types/index.js.map +1 -0
package/dist/src/types/policy.d.ts +60 -0
package/dist/src/types/policy.d.ts.map +1 -0
package/dist/src/types/policy.js +3 -0
package/dist/src/types/policy.js.map +1 -0
package/dist/src/types/stripe-config.d.ts +12 -0
package/dist/src/types/stripe-config.d.ts.map +1 -0
package/dist/src/types/stripe-config.js +3 -0
package/dist/src/types/stripe-config.js.map +1 -0
package/dist/src/types/subscription.d.ts +24 -0
package/dist/src/types/subscription.d.ts.map +1 -0
package/dist/src/types/subscription.js +38 -0
package/dist/src/types/subscription.js.map +1 -0
package/dist/src/types/tool-call.d.ts +42 -0
package/dist/src/types/tool-call.d.ts.map +1 -0
package/dist/src/types/tool-call.js +3 -0
package/dist/src/types/tool-call.js.map +1 -0
package/dist/src/types/tool-result.d.ts +58 -0
package/dist/src/types/tool-result.d.ts.map +1 -0
package/dist/src/types/tool-result.js +3 -0
package/dist/src/types/tool-result.js.map +1 -0
package/dist/src/types/user.d.ts +101 -0
package/dist/src/types/user.d.ts.map +1 -0
package/dist/src/types/user.js +6 -0
package/dist/src/types/user.js.map +1 -0
package/dist/tests/integration/api.test.d.ts +2 -0
package/dist/tests/integration/api.test.d.ts.map +1 -0
package/dist/tests/integration/api.test.js +1199 -0
package/dist/tests/integration/api.test.js.map +1 -0
package/dist/tests/integration/proxy.test.d.ts +2 -0
package/dist/tests/integration/proxy.test.d.ts.map +1 -0
package/dist/tests/integration/proxy.test.js +251 -0
package/dist/tests/integration/proxy.test.js.map +1 -0
package/dist/tests/integration/storage.test.d.ts +16 -0
package/dist/tests/integration/storage.test.d.ts.map +1 -0
package/dist/tests/integration/storage.test.js +826 -0
package/dist/tests/integration/storage.test.js.map +1 -0
package/dist/tests/unit/admin.test.d.ts +2 -0
package/dist/tests/unit/admin.test.d.ts.map +1 -0
package/dist/tests/unit/admin.test.js +698 -0
package/dist/tests/unit/admin.test.js.map +1 -0
package/dist/tests/unit/anomaly-detector.test.d.ts +2 -0
package/dist/tests/unit/anomaly-detector.test.d.ts.map +1 -0
package/dist/tests/unit/anomaly-detector.test.js +903 -0
package/dist/tests/unit/anomaly-detector.test.js.map +1 -0
package/dist/tests/unit/approval-manager.test.d.ts +2 -0
package/dist/tests/unit/approval-manager.test.d.ts.map +1 -0
package/dist/tests/unit/approval-manager.test.js +528 -0
package/dist/tests/unit/approval-manager.test.js.map +1 -0
package/dist/tests/unit/approval-webhook.test.d.ts +2 -0
package/dist/tests/unit/approval-webhook.test.d.ts.map +1 -0
package/dist/tests/unit/approval-webhook.test.js +355 -0
package/dist/tests/unit/approval-webhook.test.js.map +1 -0
package/dist/tests/unit/audit-logger.test.d.ts +2 -0
package/dist/tests/unit/audit-logger.test.d.ts.map +1 -0
package/dist/tests/unit/audit-logger.test.js +635 -0
package/dist/tests/unit/audit-logger.test.js.map +1 -0
package/dist/tests/unit/auth-routes.test.d.ts +2 -0
package/dist/tests/unit/auth-routes.test.d.ts.map +1 -0
package/dist/tests/unit/auth-routes.test.js +281 -0
package/dist/tests/unit/auth-routes.test.js.map +1 -0
package/dist/tests/unit/auth.test.d.ts +2 -0
package/dist/tests/unit/auth.test.d.ts.map +1 -0
package/dist/tests/unit/auth.test.js +1382 -0
package/dist/tests/unit/auth.test.js.map +1 -0
package/dist/tests/unit/billing.test.d.ts +2 -0
package/dist/tests/unit/billing.test.d.ts.map +1 -0
package/dist/tests/unit/billing.test.js +579 -0
package/dist/tests/unit/billing.test.js.map +1 -0
package/dist/tests/unit/budget-manager.test.d.ts +2 -0
package/dist/tests/unit/budget-manager.test.d.ts.map +1 -0
package/dist/tests/unit/budget-manager.test.js +778 -0
package/dist/tests/unit/budget-manager.test.js.map +1 -0
package/dist/tests/unit/budget-race.test.d.ts +2 -0
package/dist/tests/unit/budget-race.test.d.ts.map +1 -0
package/dist/tests/unit/budget-race.test.js +58 -0
package/dist/tests/unit/budget-race.test.js.map +1 -0
package/dist/tests/unit/cli.test.d.ts +2 -0
package/dist/tests/unit/cli.test.d.ts.map +1 -0
package/dist/tests/unit/cli.test.js +93 -0
package/dist/tests/unit/cli.test.js.map +1 -0
package/dist/tests/unit/concurrency.test.d.ts +2 -0
package/dist/tests/unit/concurrency.test.d.ts.map +1 -0
package/dist/tests/unit/concurrency.test.js +1270 -0
package/dist/tests/unit/concurrency.test.js.map +1 -0
package/dist/tests/unit/config-validate.test.d.ts +2 -0
package/dist/tests/unit/config-validate.test.d.ts.map +1 -0
package/dist/tests/unit/config-validate.test.js +230 -0
package/dist/tests/unit/config-validate.test.js.map +1 -0
package/dist/tests/unit/defaults.test.d.ts +2 -0
package/dist/tests/unit/defaults.test.d.ts.map +1 -0
package/dist/tests/unit/defaults.test.js +364 -0
package/dist/tests/unit/defaults.test.js.map +1 -0
package/dist/tests/unit/dlp-backends.test.d.ts +2 -0
package/dist/tests/unit/dlp-backends.test.d.ts.map +1 -0
package/dist/tests/unit/dlp-backends.test.js +563 -0
package/dist/tests/unit/dlp-backends.test.js.map +1 -0
package/dist/tests/unit/dlp-scanner.test.d.ts +2 -0
package/dist/tests/unit/dlp-scanner.test.d.ts.map +1 -0
package/dist/tests/unit/dlp-scanner.test.js +739 -0
package/dist/tests/unit/dlp-scanner.test.js.map +1 -0
package/dist/tests/unit/error-responses.test.d.ts +2 -0
package/dist/tests/unit/error-responses.test.d.ts.map +1 -0
package/dist/tests/unit/error-responses.test.js +101 -0
package/dist/tests/unit/error-responses.test.js.map +1 -0
package/dist/tests/unit/executor-registry.test.d.ts +2 -0
package/dist/tests/unit/executor-registry.test.d.ts.map +1 -0
package/dist/tests/unit/executor-registry.test.js +390 -0
package/dist/tests/unit/executor-registry.test.js.map +1 -0
package/dist/tests/unit/forward-proxy.test.d.ts +2 -0
package/dist/tests/unit/forward-proxy.test.d.ts.map +1 -0
package/dist/tests/unit/forward-proxy.test.js +621 -0
package/dist/tests/unit/forward-proxy.test.js.map +1 -0
package/dist/tests/unit/gateway-features.test.d.ts +2 -0
package/dist/tests/unit/gateway-features.test.d.ts.map +1 -0
package/dist/tests/unit/gateway-features.test.js +753 -0
package/dist/tests/unit/gateway-features.test.js.map +1 -0
package/dist/tests/unit/http-executor.test.d.ts +2 -0
package/dist/tests/unit/http-executor.test.d.ts.map +1 -0
package/dist/tests/unit/http-executor.test.js +310 -0
package/dist/tests/unit/http-executor.test.js.map +1 -0
package/dist/tests/unit/mcp-bridge.test.d.ts +2 -0
package/dist/tests/unit/mcp-bridge.test.d.ts.map +1 -0
package/dist/tests/unit/mcp-bridge.test.js +1136 -0
package/dist/tests/unit/mcp-bridge.test.js.map +1 -0
package/dist/tests/unit/mcp-http-transport.test.d.ts +2 -0
package/dist/tests/unit/mcp-http-transport.test.d.ts.map +1 -0
package/dist/tests/unit/mcp-http-transport.test.js +899 -0
package/dist/tests/unit/mcp-http-transport.test.js.map +1 -0
package/dist/tests/unit/mcp-oauth.test.d.ts +2 -0
package/dist/tests/unit/mcp-oauth.test.d.ts.map +1 -0
package/dist/tests/unit/mcp-oauth.test.js +759 -0
package/dist/tests/unit/mcp-oauth.test.js.map +1 -0
package/dist/tests/unit/mcp-server.test.d.ts +15 -0
package/dist/tests/unit/mcp-server.test.d.ts.map +1 -0
package/dist/tests/unit/mcp-server.test.js +158 -0
package/dist/tests/unit/mcp-server.test.js.map +1 -0
package/dist/tests/unit/metrics.test.d.ts +2 -0
package/dist/tests/unit/metrics.test.d.ts.map +1 -0
package/dist/tests/unit/metrics.test.js +208 -0
package/dist/tests/unit/metrics.test.js.map +1 -0
package/dist/tests/unit/oauth.test.d.ts +2 -0
package/dist/tests/unit/oauth.test.d.ts.map +1 -0
package/dist/tests/unit/oauth.test.js +281 -0
package/dist/tests/unit/oauth.test.js.map +1 -0
package/dist/tests/unit/opa-circuit-breaker.test.d.ts +2 -0
package/dist/tests/unit/opa-circuit-breaker.test.d.ts.map +1 -0
package/dist/tests/unit/opa-circuit-breaker.test.js +297 -0
package/dist/tests/unit/opa-circuit-breaker.test.js.map +1 -0
package/dist/tests/unit/opa-engine.test.d.ts +2 -0
package/dist/tests/unit/opa-engine.test.d.ts.map +1 -0
package/dist/tests/unit/opa-engine.test.js +1813 -0
package/dist/tests/unit/opa-engine.test.js.map +1 -0
package/dist/tests/unit/pipeline-timing.test.d.ts +2 -0
package/dist/tests/unit/pipeline-timing.test.d.ts.map +1 -0
package/dist/tests/unit/pipeline-timing.test.js +528 -0
package/dist/tests/unit/pipeline-timing.test.js.map +1 -0
package/dist/tests/unit/policy-engine.test.d.ts +2 -0
package/dist/tests/unit/policy-engine.test.d.ts.map +1 -0
package/dist/tests/unit/policy-engine.test.js +1345 -0
package/dist/tests/unit/policy-engine.test.js.map +1 -0
package/dist/tests/unit/policy-store.test.d.ts +2 -0
package/dist/tests/unit/policy-store.test.d.ts.map +1 -0
package/dist/tests/unit/policy-store.test.js +60 -0
package/dist/tests/unit/policy-store.test.js.map +1 -0
package/dist/tests/unit/postgres-storage.test.d.ts +2 -0
package/dist/tests/unit/postgres-storage.test.d.ts.map +1 -0
package/dist/tests/unit/postgres-storage.test.js +614 -0
package/dist/tests/unit/postgres-storage.test.js.map +1 -0
package/dist/tests/unit/prompt-injection-backend.test.d.ts +2 -0
package/dist/tests/unit/prompt-injection-backend.test.d.ts.map +1 -0
package/dist/tests/unit/prompt-injection-backend.test.js +621 -0
package/dist/tests/unit/prompt-injection-backend.test.js.map +1 -0
package/dist/tests/unit/proxy-hardening.test.d.ts +2 -0
package/dist/tests/unit/proxy-hardening.test.d.ts.map +1 -0
package/dist/tests/unit/proxy-hardening.test.js +166 -0
package/dist/tests/unit/proxy-hardening.test.js.map +1 -0
package/dist/tests/unit/rate-limiter.test.d.ts +2 -0
package/dist/tests/unit/rate-limiter.test.d.ts.map +1 -0
package/dist/tests/unit/rate-limiter.test.js +443 -0
package/dist/tests/unit/rate-limiter.test.js.map +1 -0
package/dist/tests/unit/redis-storage.test.d.ts +2 -0
package/dist/tests/unit/redis-storage.test.d.ts.map +1 -0
package/dist/tests/unit/redis-storage.test.js +766 -0
package/dist/tests/unit/redis-storage.test.js.map +1 -0
package/dist/tests/unit/replay-engine.test.d.ts +2 -0
package/dist/tests/unit/replay-engine.test.d.ts.map +1 -0
package/dist/tests/unit/replay-engine.test.js +371 -0
package/dist/tests/unit/replay-engine.test.js.map +1 -0
package/dist/tests/unit/saas-routes.test.d.ts +2 -0
package/dist/tests/unit/saas-routes.test.d.ts.map +1 -0
package/dist/tests/unit/saas-routes.test.js +1399 -0
package/dist/tests/unit/saas-routes.test.js.map +1 -0
package/dist/tests/unit/session.test.d.ts +2 -0
package/dist/tests/unit/session.test.d.ts.map +1 -0
package/dist/tests/unit/session.test.js +532 -0
package/dist/tests/unit/session.test.js.map +1 -0
package/dist/tests/unit/slack-executor.test.d.ts +2 -0
package/dist/tests/unit/slack-executor.test.d.ts.map +1 -0
package/dist/tests/unit/slack-executor.test.js +209 -0
package/dist/tests/unit/slack-executor.test.js.map +1 -0
package/dist/tests/unit/storage-hardening.test.d.ts +2 -0
package/dist/tests/unit/storage-hardening.test.d.ts.map +1 -0
package/dist/tests/unit/storage-hardening.test.js +165 -0
package/dist/tests/unit/storage-hardening.test.js.map +1 -0
package/dist/tests/unit/storage.test.d.ts +2 -0
package/dist/tests/unit/storage.test.d.ts.map +1 -0
package/dist/tests/unit/storage.test.js +698 -0
package/dist/tests/unit/storage.test.js.map +1 -0
package/dist/tests/unit/text-normalizer.test.d.ts +2 -0
package/dist/tests/unit/text-normalizer.test.d.ts.map +1 -0
package/dist/tests/unit/text-normalizer.test.js +229 -0
package/dist/tests/unit/text-normalizer.test.js.map +1 -0
package/dist/tests/unit/tracing.test.d.ts +2 -0
package/dist/tests/unit/tracing.test.d.ts.map +1 -0
package/dist/tests/unit/tracing.test.js +611 -0
package/dist/tests/unit/tracing.test.js.map +1 -0
package/dist/tests/unit/trust-calculator.test.d.ts +2 -0
package/dist/tests/unit/trust-calculator.test.d.ts.map +1 -0
package/dist/tests/unit/trust-calculator.test.js +497 -0
package/dist/tests/unit/trust-calculator.test.js.map +1 -0
package/dist/tests/unit/ts-sdk.test.d.ts +2 -0
package/dist/tests/unit/ts-sdk.test.d.ts.map +1 -0
package/dist/tests/unit/ts-sdk.test.js +421 -0
package/dist/tests/unit/ts-sdk.test.js.map +1 -0
package/dist/tests/unit/usage-extractor-llm.test.d.ts +2 -0
package/dist/tests/unit/usage-extractor-llm.test.d.ts.map +1 -0
package/dist/tests/unit/usage-extractor-llm.test.js +139 -0
package/dist/tests/unit/usage-extractor-llm.test.js.map +1 -0
package/dist/tests/unit/usage-extractor.test.d.ts +2 -0
package/dist/tests/unit/usage-extractor.test.d.ts.map +1 -0
package/dist/tests/unit/usage-extractor.test.js +271 -0
package/dist/tests/unit/usage-extractor.test.js.map +1 -0
package/dist/tests/unit/user-stores.test.d.ts +2 -0
package/dist/tests/unit/user-stores.test.d.ts.map +1 -0
package/dist/tests/unit/user-stores.test.js +687 -0
package/dist/tests/unit/user-stores.test.js.map +1 -0
package/dist/tests/unit/validate.test.d.ts +2 -0
package/dist/tests/unit/validate.test.d.ts.map +1 -0
package/dist/tests/unit/validate.test.js +545 -0
package/dist/tests/unit/validate.test.js.map +1 -0
package/package.json +86 -0
package/policy-packs/README.md +42 -0
package/policy-packs/default.yaml +46 -0
package/policy-packs/dev_fast.yaml +54 -0
package/policy-packs/prod_strict.yaml +83 -0

package/dist/src/dlp/regex-backend.js ADDED Viewed

@@ -0,0 +1,153 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RegexDLPBackend = void 0;
+const patterns_1 = require("./patterns");
+/**
+ * Zero-width and invisible Unicode characters that can be used to evade
+ * regex-based secret detection (e.g. embedding \u200b inside "AKIA...").
+ */
+const ZERO_WIDTH_RE = /[\u200B\u200C\u200D\u200E\u200F\uFEFF\u00AD\u034F\u061C\u180E\u2060\u2061\u2062\u2063\u2064\u2066\u2067\u2068\u2069\u206A\u206B\u206C\u206D\u206E\u206F]/g;
+/**
+ * Common Unicode homoglyphs that look like ASCII characters but would bypass
+ * regex patterns designed for ASCII. Maps Cyrillic/Greek/other lookalikes to
+ * their ASCII equivalents.
+ */
+const HOMOGLYPH_MAP = {
+    '\u0410': 'A', '\u0412': 'B', '\u0421': 'C', '\u0415': 'E', '\u041D': 'H',
+    '\u041A': 'K', '\u041C': 'M', '\u041E': 'O', '\u0420': 'P', '\u0422': 'T',
+    '\u0425': 'X', '\u0430': 'a', '\u0435': 'e', '\u043E': 'o', '\u0440': 'p',
+    '\u0441': 'c', '\u0443': 'y', '\u0445': 'x', '\u04BB': 'h',
+    '\u0391': 'A', '\u0392': 'B', '\u0395': 'E', '\u0397': 'H', '\u0399': 'I',
+    '\u039A': 'K', '\u039C': 'M', '\u039D': 'N', '\u039F': 'O', '\u03A1': 'P',
+    '\u03A4': 'T', '\u03A7': 'X', '\u03B1': 'a', '\u03BF': 'o',
+    '\u2010': '-', '\u2011': '-', '\u2012': '-', '\u2013': '-', '\u2014': '-',
+    '\uFF21': 'A', '\uFF22': 'B', '\uFF23': 'C', '\uFF24': 'D', '\uFF25': 'E',
+};
+const HOMOGLYPH_RE = new RegExp('[' + Object.keys(HOMOGLYPH_MAP).join('') + ']', 'g');
+/**
+ * Regex to detect potential Base64-encoded strings.
+ * Matches strings of at least 20 characters using the Base64 alphabet,
+ * optionally followed by 1-2 padding '=' characters.
+ */
+const BASE64_RE = /[A-Za-z0-9+/]{20,}={0,2}/g;
+/**
+ * Extract and decode potential Base64-encoded strings from the input.
+ * Returns the decoded strings concatenated with newlines, or empty string
+ * if no valid Base64 content was found.
+ */
+function decodeBase64Content(value) {
+    BASE64_RE.lastIndex = 0;
+    const decoded = [];
+    let m;
+    while ((m = BASE64_RE.exec(value)) !== null) {
+        try {
+            const candidate = m[0];
+            const buf = Buffer.from(candidate, 'base64');
+            const text = buf.toString('utf-8');
+            // Only include decoded content that looks like printable text
+            // (at least 80% printable ASCII characters) to avoid noise
+            const printable = text.replace(/[^\x20-\x7E]/g, '');
+            if (printable.length >= text.length * 0.8 && text.length >= 8) {
+                decoded.push(text);
+            }
+        }
+        catch {
+            // Not valid Base64, skip
+        }
+    }
+    BASE64_RE.lastIndex = 0;
+    return decoded.join('\n');
+}
+/**
+ * Normalize input to defeat common DLP evasion techniques:
+ * 1. NFC Unicode normalization (canonical decomposition + composition)
+ * 2. Strip zero-width / invisible characters
+ * 3. Replace common Unicode homoglyphs with ASCII equivalents
+ */
+function normalizeForDLP(value) {
+    // Step 1: NFC normalization
+    let normalized = value.normalize('NFC');
+    // Step 2: Strip zero-width characters
+    normalized = normalized.replace(ZERO_WIDTH_RE, '');
+    // Step 3: Replace homoglyphs with ASCII equivalents
+    normalized = normalized.replace(HOMOGLYPH_RE, (ch) => HOMOGLYPH_MAP[ch] || ch);
+    return normalized;
+}
+/**
+ * Regex-based DLP backend that uses the same patterns as the built-in DLPScanner.
+ *
+ * This backend is extracted as a standalone DLPBackend implementation so it can
+ * be composed with other backends (e.g. TruffleHog) via the CompositeDLPScanner.
+ * The original DLPScanner remains unchanged and fully functional on its own.
+ */
+class RegexDLPBackend {
+    constructor(config) {
+        this.name = 'regex';
+        this.secretsEnabled = config?.secrets_detection ?? true;
+        this.piiEnabled = config?.pii_detection ?? true;
+    }
+    /**
+     * Scan a string for secrets and PII using regex patterns.
+     *
+     * Input is normalized before scanning to defeat evasion techniques
+     * (zero-width chars, Unicode homoglyphs, NFC normalization).
+     *
+     * Every regex with the /g flag has its lastIndex reset before and after
+     * testing to avoid state leaking between calls.
+     */
+    scanString(value) {
+        const normalized = normalizeForDLP(value);
+        const detections = [];
+        if (this.secretsEnabled) {
+            this.scanPatterns(normalized, patterns_1.SECRET_PATTERNS, detections);
+        }
+        if (this.piiEnabled) {
+            this.scanPatterns(normalized, patterns_1.PII_PATTERNS, detections);
+        }
+        // Decode and scan Base64-encoded content to catch encoded secrets
+        const decodedBase64 = decodeBase64Content(normalized);
+        if (decodedBase64) {
+            const base64Detections = [];
+            if (this.secretsEnabled) {
+                this.scanPatterns(decodedBase64, patterns_1.SECRET_PATTERNS, base64Detections);
+            }
+            if (this.piiEnabled) {
+                this.scanPatterns(decodedBase64, patterns_1.PII_PATTERNS, base64Detections);
+            }
+            // Add Base64 detections with a prefix to indicate they were found in encoded content
+            for (const det of base64Detections) {
+                // Avoid duplicate detections already found in the raw content
+                const isDuplicate = detections.some((d) => d.pattern_name === det.pattern_name && d.match === det.match);
+                if (!isDuplicate) {
+                    detections.push({
+                        ...det,
+                        pattern_name: `base64:${det.pattern_name}`,
+                    });
+                }
+            }
+        }
+        return detections;
+    }
+    scanPatterns(value, patterns, detections) {
+        for (const pat of patterns) {
+            pat.pattern.lastIndex = 0;
+            let m;
+            while ((m = pat.pattern.exec(value)) !== null) {
+                detections.push({
+                    pattern_name: pat.name,
+                    severity: pat.severity,
+                    match: m[0],
+                    start: m.index,
+                    end: m.index + m[0].length,
+                });
+                // Prevent infinite loops on zero-length matches
+                if (m[0].length === 0) {
+                    pat.pattern.lastIndex++;
+                }
+            }
+            pat.pattern.lastIndex = 0;
+        }
+    }
+}
+exports.RegexDLPBackend = RegexDLPBackend;
+//# sourceMappingURL=regex-backend.js.map

package/dist/src/dlp/regex-backend.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"regex-backend.js","sourceRoot":"","sources":["../../../src/dlp/regex-backend.ts"],"names":[],"mappings":";;;AACA,yCAAuE;AASvE;;;GAGG;AACH,MAAM,aAAa,GAAG,2JAA2J,CAAC;AAElL;;;;GAIG;AACH,MAAM,aAAa,GAA2B;IAC5C,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG;IACzE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG;IACzE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG;IACzE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG;IAC1D,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG;IACzE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG;IACzE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG;IAC1D,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG;IACzE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG;CAC1E,CAAC;AAEF,MAAM,YAAY,GAAG,IAAI,MAAM,CAAC,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,GAAG,CAAC,CAAC;AAEtF;;;;GAIG;AACH,MAAM,SAAS,GAAG,2BAA2B,CAAC;AAE9C;;;;GAIG;AACH,SAAS,mBAAmB,CAAC,KAAa;IACxC,SAAS,CAAC,SAAS,GAAG,CAAC,CAAC;IACxB,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,IAAI,CAAyB,CAAC;IAC9B,OAAO,CAAC,CAAC,GAAG,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC5C,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACvB,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAC7C,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACnC,8DAA8D;YAC9D,2DAA2D;YAC3D,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC;YACpD,IAAI,SAAS,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,GAAG,GAAG,IAAI,IAAI,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;gBAC9D,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACrB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,yBAAyB;QAC3B,CAAC;IACH,CAAC;IACD,SAAS,CAAC,SAAS,GAAG,CAAC,CAAC;IACxB,OAAO,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC5B,CAAC;AAED;;;;;GAKG;AACH,SAAS,eAAe,CAAC,KAAa;IACpC,4BAA4B;IAC5B,IAAI,UAAU,GAAG,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IAExC,sCAAsC;IACtC,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;IAEnD,oDAAoD;IACpD,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,aAAa,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;IAE/E,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;;;;GAMG;AACH,MAAa,eAAe;IAM1B,YAAY,MAA2B;QAL9B,SAAI,GAAG,OAAO,CAAC;QAMtB,IAAI,CAAC,cAAc,GAAG,MAAM,EAAE,iBAAiB,IAAI,IAAI,CAAC;QACxD,IAAI,CAAC,UAAU,GAAG,MAAM,EAAE,aAAa,IAAI,IAAI,CAAC;IAClD,CAAC;IAED;;;;;;;;OAQG;IACH,UAAU,CAAC,KAAa;QACtB,MAAM,UAAU,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;QAC1C,MAAM,UAAU,GAAmB,EAAE,CAAC;QAEtC,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACxB,IAAI,CAAC,YAAY,CAAC,UAAU,EAAE,0BAAe,EAAE,UAAU,CAAC,CAAC;QAC7D,CAAC;QAED,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,IAAI,CAAC,YAAY,CAAC,UAAU,EAAE,uBAAY,EAAE,UAAU,CAAC,CAAC;QAC1D,CAAC;QAED,kEAAkE;QAClE,MAAM,aAAa,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAC;QACtD,IAAI,aAAa,EAAE,CAAC;YAClB,MAAM,gBAAgB,GAAmB,EAAE,CAAC;YAC5C,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACxB,IAAI,CAAC,YAAY,CAAC,aAAa,EAAE,0BAAe,EAAE,gBAAgB,CAAC,CAAC;YACtE,CAAC;YACD,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBACpB,IAAI,CAAC,YAAY,CAAC,aAAa,EAAE,uBAAY,EAAE,gBAAgB,CAAC,CAAC;YACnE,CAAC;YACD,qFAAqF;YACrF,KAAK,MAAM,GAAG,IAAI,gBAAgB,EAAE,CAAC;gBACnC,8DAA8D;gBAC9D,MAAM,WAAW,GAAG,UAAU,CAAC,IAAI,CACjC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,KAAK,GAAG,CAAC,YAAY,IAAI,CAAC,CAAC,KAAK,KAAK,GAAG,CAAC,KAAK,CACpE,CAAC;gBACF,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,UAAU,CAAC,IAAI,CAAC;wBACd,GAAG,GAAG;wBACN,YAAY,EAAE,UAAU,GAAG,CAAC,YAAY,EAAE;qBAC3C,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;IAEO,YAAY,CAClB,KAAa,EACb,QAAsB,EACtB,UAA0B;QAE1B,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;YAC3B,GAAG,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YAC1B,IAAI,CAAyB,CAAC;YAC9B,OAAO,CAAC,CAAC,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC9C,UAAU,CAAC,IAAI,CAAC;oBACd,YAAY,EAAE,GAAG,CAAC,IAAI;oBACtB,QAAQ,EAAE,GAAG,CAAC,QAAQ;oBACtB,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;oBACX,KAAK,EAAE,CAAC,CAAC,KAAK;oBACd,GAAG,EAAE,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM;iBAC3B,CAAC,CAAC;gBACH,gDAAgD;gBAChD,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACtB,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;gBAC1B,CAAC;YACH,CAAC;YACD,GAAG,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;CACF;AApFD,0CAoFC"}

package/dist/src/dlp/scanner.d.ts ADDED Viewed

@@ -0,0 +1,122 @@
+import { DLPReport, DLPRedaction, RedactionMethod } from '../types/tool-result';
+import { DLPConfig } from '../types/config';
+/**
+ * DLPScanner detects secrets and PII in tool call arguments and outputs,
+ * and applies configurable redaction strategies (mask, hash, drop, tokenize).
+ */
+export declare class DLPScanner {
+    private config;
+    constructor(config: DLPConfig);
+    /**
+     * Main scan function -- recursively scans an object for secrets and PII.
+     *
+     * @param data - The data to scan (object, array, string, or primitive).
+     * @param basePath - Dot-notation prefix for paths within the data structure.
+     * @returns A DLPReport describing all detections, suggested redactions, and overall severity.
+     */
+    scan(data: unknown, basePath?: string): DLPReport;
+    /**
+     * Scan a single string value for secrets and PII patterns.
+     *
+     * Every regex with the /g flag has its lastIndex reset before and after
+     * testing to avoid state leaking between calls.
+     */
+    private scanString;
+    /** Mask a matched value, keeping first 3 and last 3 chars visible. */
+    static maskValue(value: string): string;
+    /**
+     * Recursively walk an unknown value, scanning every string leaf.
+     *
+     * A depth limit prevents stack overflow on circular or extremely deep structures.
+     */
+    private scanObject;
+    /**
+     * Apply a single redaction method to a string value.
+     *
+     * - `mask`     -- Keep the first 4 characters, replace the rest with 'x' (capped at 20 x's).
+     * - `hash`     -- SHA-256 hash prefix (16 hex chars) with a HASH: prefix.
+     * - `drop`     -- Replace entirely with `[REDACTED]`.
+     * - `tokenize` -- Replace with a deterministic placeholder token derived from MD5.
+     */
+    static redact(value: string, method: RedactionMethod): string;
+    /**
+     * Apply a list of redactions to a data structure.
+     *
+     * Returns a deep clone of `data` with every path referenced in `redactions`
+     * replaced by the redacted version of the string found at that path.
+     *
+     * Paths use lodash-style dot/bracket notation:
+     *   - `"args.headers.Authorization"` -> obj.args.headers.Authorization
+     *   - `"items[0].value"`             -> obj.items[0].value
+     *
+     * If a path cannot be resolved (e.g. the structure was mutated), the
+     * redaction is silently skipped.
+     */
+    applyRedactions(data: unknown, redactions: DLPRedaction[]): unknown;
+    /**
+     * Navigate to `path` inside `root` and replace the leaf string value
+     * with its redacted form.
+     */
+    private applyRedactionAtPath;
+    /**
+     * Redact all pattern matches within a string, replacing each match occurrence
+     * with the appropriate redacted form. Non-matching portions of the string are
+     * preserved. If no matches are found, the entire string is redacted as a
+     * fallback (e.g. when the string itself is the sensitive value).
+     */
+    private redactMatchesInString;
+    /**
+     * Parse a lodash-style path string into an array of segments.
+     *
+     * Examples:
+     *   `"args.headers.Authorization"` -> `["args", "headers", "Authorization"]`
+     *   `"items[0].value"`             -> `["items", "0", "value"]`
+     *   `"[0]"`                        -> `["0"]`
+     */
+    static parsePath(path: string): string[];
+    /**
+     * Get a child value from an object or array given a single path segment.
+     */
+    private static getChild;
+    /**
+     * Set a child value on an object or array given a single path segment.
+     */
+    private static setChild;
+    /**
+     * Deep clone a value using structured clone semantics.
+     *
+     * Falls back to JSON round-trip for environments where structuredClone is
+     * unavailable. Handles primitives, plain objects, arrays, and null/undefined.
+     */
+    static deepClone<T>(data: T): T;
+    /**
+     * Determine the highest severity among all detected pattern names.
+     *
+     * Checks both SECRET_PATTERNS and PII_PATTERNS for each detection name
+     * and returns the highest severity found. Defaults to 'low' when no
+     * detections are present or none match a known pattern.
+     */
+    private calculateSeverity;
+    /**
+     * Calculate the Shannon entropy of a string.
+     *
+     * High-entropy strings (random-looking) are more likely to be secrets,
+     * API keys, or tokens even if they don't match a known pattern.
+     *
+     * @returns Entropy in bits per character (0 to ~log2(charset_size)).
+     */
+    static calculateEntropy(str: string): number;
+    /**
+     * Check if a string looks like a high-entropy secret.
+     *
+     * Requires both a minimum length (to ignore short random-ish strings like
+     * UUIDs in non-secret contexts) and an entropy above the threshold.
+     *
+     * @param str - The string to check.
+     * @param threshold - Minimum entropy in bits per character. Default 4.5
+     *   (base64-encoded random bytes typically have entropy ~5.2).
+     * @returns True if the string exceeds both the length and entropy thresholds.
+     */
+    static isHighEntropy(str: string, threshold?: number): boolean;
+}
+//# sourceMappingURL=scanner.d.ts.map

package/dist/src/dlp/scanner.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"scanner.d.ts","sourceRoot":"","sources":["../../../src/dlp/scanner.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,eAAe,EAAe,MAAM,sBAAsB,CAAC;AAC7F,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAM5C;;;GAGG;AACH,qBAAa,UAAU;IACrB,OAAO,CAAC,MAAM,CAAY;gBAEd,MAAM,EAAE,SAAS;IAI7B;;;;;;OAMG;IACH,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,QAAQ,GAAE,MAAW,GAAG,SAAS;IA2BrD;;;;;OAKG;IACH,OAAO,CAAC,UAAU;IA8ClB,sEAAsE;IACtE,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAKvC;;;;OAIG;IACH,OAAO,CAAC,UAAU;IAwClB;;;;;;;OAOG;IACH,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,GAAG,MAAM;IAgB7D;;;;;;;;;;;;OAYG;IACH,eAAe,CAAC,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,GAAG,OAAO;IAenE;;;OAGG;IACH,OAAO,CAAC,oBAAoB;IA2B5B;;;;;OAKG;IACH,OAAO,CAAC,qBAAqB;IAgE7B;;;;;;;OAOG;IACH,MAAM,CAAC,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,EAAE;IAuCxC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,QAAQ;IAgBvB;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,QAAQ;IAgBvB;;;;;OAKG;IACH,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC;IAsB/B;;;;;;OAMG;IACH,OAAO,CAAC,iBAAiB;IA+BzB;;;;;;;OAOG;IACH,MAAM,CAAC,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM;IAkB5C;;;;;;;;;;OAUG;IACH,MAAM,CAAC,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,GAAE,MAAY,GAAG,OAAO;CAIpE"}