palaryn 0.1.0

package/dist/src/tracing/index.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GatewayTracer = void 0;
+var provider_1 = require("./provider");
+Object.defineProperty(exports, "GatewayTracer", { enumerable: true, get: function () { return provider_1.GatewayTracer; } });
+//# sourceMappingURL=index.js.map

package/dist/src/tracing/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/tracing/index.ts"],"names":[],"mappings":";;;AAAA,uCAA0D;AAAjD,yGAAA,aAAa,OAAA"}

package/dist/src/tracing/provider.d.ts

@@ -0,0 +1,43 @@
+import { Tracer, SpanKind, SpanStatusCode } from '@opentelemetry/api';
+export { SpanKind, SpanStatusCode };
+export interface TracingConfig {
+    enabled: boolean;
+    /** Service name reported to the collector. Defaults to 'palaryn'. */
+    service_name?: string;
+    /** Service version reported to the collector. Defaults to '0.1.0'. */
+    service_version?: string;
+    /** Deployment environment (e.g. 'production', 'staging'). Defaults to 'development'. */
+    environment?: string;
+    /** OTLP HTTP endpoint for trace export. Defaults to 'http://localhost:4318/v1/traces'. */
+    otlp_endpoint?: string;
+    /** Use SimpleSpanProcessor instead of BatchSpanProcessor. Useful for testing. */
+    use_simple_processor?: boolean;
+}
+/**
+ * GatewayTracer wraps the OpenTelemetry SDK and provides a simple interface
+ * for the gateway pipeline to create spans. When tracing is disabled the
+ * class is a no-op — getTracer() returns undefined and all other methods
+ * are safe to call.
+ */
+export declare class GatewayTracer {
+    private provider?;
+    private tracer?;
+    private config;
+    constructor(config: TracingConfig);
+    /**
+     * Initialize the TracerProvider and register it globally.
+     * If config.enabled is false this is a no-op.
+     */
+    setup(): void;
+    /**
+     * Return the active Tracer instance, or undefined when tracing is disabled.
+     * Callers should guard with `if (!tracer) ...` or optional chaining.
+     */
+    getTracer(name?: string): Tracer | undefined;
+    /**
+     * Flush pending spans and shut down the provider.
+     * Safe to call even when tracing is disabled.
+     */
+    shutdown(): Promise<void>;
+}
+//# sourceMappingURL=provider.d.ts.map

package/dist/src/tracing/provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider.d.ts","sourceRoot":"","sources":["../../../src/tracing/provider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,cAAc,EAAS,MAAM,oBAAoB,CAAC;AAM7E,OAAO,EAAE,QAAQ,EAAE,cAAc,EAAE,CAAC;AAEpC,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,qEAAqE;IACrE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,sEAAsE;IACtE,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,wFAAwF;IACxF,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,0FAA0F;IAC1F,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,iFAAiF;IACjF,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAChC;AAED;;;;;GAKG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,CAAqB;IACtC,OAAO,CAAC,MAAM,CAAC,CAAS;IACxB,OAAO,CAAC,MAAM,CAAgB;gBAElB,MAAM,EAAE,aAAa;IAIjC;;;OAGG;IACH,KAAK,IAAI,IAAI;IAiCb;;;OAGG;IACH,SAAS,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;IAU5C;;;OAGG;IACG,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;CAOhC"}

package/dist/src/tracing/provider.js

@@ -0,0 +1,74 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GatewayTracer = exports.SpanStatusCode = exports.SpanKind = void 0;
+const api_1 = require("@opentelemetry/api");
+Object.defineProperty(exports, "SpanKind", { enumerable: true, get: function () { return api_1.SpanKind; } });
+Object.defineProperty(exports, "SpanStatusCode", { enumerable: true, get: function () { return api_1.SpanStatusCode; } });
+const sdk_trace_node_1 = require("@opentelemetry/sdk-trace-node");
+const sdk_trace_base_1 = require("@opentelemetry/sdk-trace-base");
+const exporter_trace_otlp_http_1 = require("@opentelemetry/exporter-trace-otlp-http");
+const resources_1 = require("@opentelemetry/resources");
+/**
+ * GatewayTracer wraps the OpenTelemetry SDK and provides a simple interface
+ * for the gateway pipeline to create spans. When tracing is disabled the
+ * class is a no-op — getTracer() returns undefined and all other methods
+ * are safe to call.
+ */
+class GatewayTracer {
+    constructor(config) {
+        this.config = config;
+    }
+    /**
+     * Initialize the TracerProvider and register it globally.
+     * If config.enabled is false this is a no-op.
+     */
+    setup() {
+        if (!this.config.enabled) {
+            // No-op mode — getTracer() will return undefined
+            return;
+        }
+        const resource = (0, resources_1.resourceFromAttributes)({
+            'service.name': this.config.service_name || 'palaryn',
+            'service.version': this.config.service_version || '0.1.0',
+            'deployment.environment': this.config.environment || 'development',
+        });
+        const exporter = new exporter_trace_otlp_http_1.OTLPTraceExporter({
+            url: this.config.otlp_endpoint || 'http://localhost:4318/v1/traces',
+        });
+        const processor = this.config.use_simple_processor
+            ? new sdk_trace_base_1.SimpleSpanProcessor(exporter)
+            : new sdk_trace_base_1.BatchSpanProcessor(exporter);
+        this.provider = new sdk_trace_node_1.NodeTracerProvider({
+            resource,
+            spanProcessors: [processor],
+        });
+        this.provider.register();
+        this.tracer = this.provider.getTracer(this.config.service_name || 'palaryn', this.config.service_version || '0.1.0');
+    }
+    /**
+     * Return the active Tracer instance, or undefined when tracing is disabled.
+     * Callers should guard with `if (!tracer) ...` or optional chaining.
+     */
+    getTracer(name) {
+        if (!this.provider) {
+            return undefined;
+        }
+        if (name) {
+            return this.provider.getTracer(name);
+        }
+        return this.tracer;
+    }
+    /**
+     * Flush pending spans and shut down the provider.
+     * Safe to call even when tracing is disabled.
+     */
+    async shutdown() {
+        if (this.provider) {
+            await this.provider.shutdown();
+            this.provider = undefined;
+            this.tracer = undefined;
+        }
+    }
+}
+exports.GatewayTracer = GatewayTracer;
+//# sourceMappingURL=provider.js.map

package/dist/src/tracing/provider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider.js","sourceRoot":"","sources":["../../../src/tracing/provider.ts"],"names":[],"mappings":";;;AAAA,4CAA6E;AAMpE,yFANQ,cAAQ,OAMR;AAAE,+FANQ,oBAAc,OAMR;AALjC,kEAAmE;AACnE,kEAAuG;AACvG,sFAA4E;AAC5E,wDAAkE;AAkBlE;;;;;GAKG;AACH,MAAa,aAAa;IAKxB,YAAY,MAAqB;QAC/B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED;;;OAGG;IACH,KAAK;QACH,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,iDAAiD;YACjD,OAAO;QACT,CAAC;QAED,MAAM,QAAQ,GAAG,IAAA,kCAAsB,EAAC;YACtC,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,SAAS;YACrD,iBAAiB,EAAE,IAAI,CAAC,MAAM,CAAC,eAAe,IAAI,OAAO;YACzD,wBAAwB,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,aAAa;SACnE,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,IAAI,4CAAiB,CAAC;YACrC,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,iCAAiC;SACpE,CAAC,CAAC;QAEH,MAAM,SAAS,GAAkB,IAAI,CAAC,MAAM,CAAC,oBAAoB;YAC/D,CAAC,CAAC,IAAI,oCAAmB,CAAC,QAAQ,CAAC;YACnC,CAAC,CAAC,IAAI,mCAAkB,CAAC,QAAQ,CAAC,CAAC;QAErC,IAAI,CAAC,QAAQ,GAAG,IAAI,mCAAkB,CAAC;YACrC,QAAQ;YACR,cAAc,EAAE,CAAC,SAAS,CAAC;SAC5B,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;QAEzB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CACnC,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,SAAS,EACrC,IAAI,CAAC,MAAM,CAAC,eAAe,IAAI,OAAO,CACvC,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,SAAS,CAAC,IAAa;QACrB,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACnB,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,IAAI,IAAI,EAAE,CAAC;YACT,OAAO,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACvC,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,QAAQ;QACZ,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;YAC/B,IAAI,CAAC,QAAQ,GAAG,SAAS,CAAC;YAC1B,IAAI,CAAC,MAAM,GAAG,SAAS,CAAC;QAC1B,CAAC;IACH,CAAC;CACF;AAvED,sCAuEC"}

package/dist/src/trust/calculator.d.ts

@@ -0,0 +1,54 @@
+import { AnomalyDetector } from '../anomaly/detector';
+import { AuditLogger } from '../audit/logger';
+import { BudgetManager } from '../budget/manager';
+export interface TrustScoreWeights {
+    anomaly_weight: number;
+    high_severity_weight: number;
+    dlp_weight: number;
+    dlp_high_weight: number;
+    error_rate_weight: number;
+    escalation_weight: number;
+    budget_velocity_weight: number;
+}
+export interface TrustScoreBreakdown {
+    anomalies: {
+        count: number;
+        high_count: number;
+        impact: number;
+    };
+    dlp: {
+        detections: number;
+        high_severity: number;
+        impact: number;
+    };
+    error_rate: {
+        pct: number;
+        impact: number;
+    };
+    escalations: {
+        count: number;
+        impact: number;
+    };
+    budget_velocity: {
+        current_rate: number;
+        impact: number;
+    };
+}
+export interface TrustScoreResult {
+    actor_id: string;
+    score: number;
+    risk_level: 'low' | 'medium' | 'high' | 'critical';
+    breakdown: TrustScoreBreakdown;
+    calculated_at: string;
+}
+export declare const DEFAULT_WEIGHTS: TrustScoreWeights;
+export declare class TrustScoreCalculator {
+    private anomalyDetector;
+    private auditLogger;
+    private budgetManager;
+    private weights;
+    constructor(anomalyDetector: AnomalyDetector, auditLogger: AuditLogger, budgetManager: BudgetManager, weights?: TrustScoreWeights);
+    calculate(actorId: string): TrustScoreResult;
+    getLeaderboard(actorIds: string[]): TrustScoreResult[];
+}
+//# sourceMappingURL=calculator.d.ts.map

package/dist/src/trust/calculator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"calculator.d.ts","sourceRoot":"","sources":["../../../src/trust/calculator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAElD,MAAM,WAAW,iBAAiB;IAChC,cAAc,EAAE,MAAM,CAAC;IACvB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,CAAC;IACxB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,sBAAsB,EAAE,MAAM,CAAC;CAChC;AAED,MAAM,WAAW,mBAAmB;IAClC,SAAS,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IACjE,GAAG,EAAE;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,aAAa,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IACnE,UAAU,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IAC5C,WAAW,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IAC/C,eAAe,EAAE;QAAE,YAAY,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;CAC3D;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACnD,SAAS,EAAE,mBAAmB,CAAC;IAC/B,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,eAAO,MAAM,eAAe,EAAE,iBAQ7B,CAAC;AAEF,qBAAa,oBAAoB;IAE7B,OAAO,CAAC,eAAe;IACvB,OAAO,CAAC,WAAW;IACnB,OAAO,CAAC,aAAa;IACrB,OAAO,CAAC,OAAO;gBAHP,eAAe,EAAE,eAAe,EAChC,WAAW,EAAE,WAAW,EACxB,aAAa,EAAE,aAAa,EAC5B,OAAO,GAAE,iBAAmC;IAGtD,SAAS,CAAC,OAAO,EAAE,MAAM,GAAG,gBAAgB;IAuF5C,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,gBAAgB,EAAE;CAKvD"}

package/dist/src/trust/calculator.js

@@ -0,0 +1,102 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TrustScoreCalculator = exports.DEFAULT_WEIGHTS = void 0;
+exports.DEFAULT_WEIGHTS = {
+    anomaly_weight: 2,
+    high_severity_weight: 5,
+    dlp_weight: 3,
+    dlp_high_weight: 10,
+    error_rate_weight: 1,
+    escalation_weight: 15,
+    budget_velocity_weight: 20,
+};
+class TrustScoreCalculator {
+    constructor(anomalyDetector, auditLogger, budgetManager, weights = exports.DEFAULT_WEIGHTS) {
+        this.anomalyDetector = anomalyDetector;
+        this.auditLogger = auditLogger;
+        this.budgetManager = budgetManager;
+        this.weights = weights;
+    }
+    calculate(actorId) {
+        let score = 100;
+        // 1. Anomaly component
+        const actorAlerts = this.anomalyDetector.getAlertsForEntity('actor', actorId);
+        const highAlerts = actorAlerts.filter(a => a.severity === 'high');
+        const anomalyImpact = actorAlerts.length * this.weights.anomaly_weight +
+            highAlerts.length * this.weights.high_severity_weight;
+        score -= anomalyImpact;
+        // 2. DLP component
+        const dlpEvents = this.auditLogger
+            .getEventsByType('DLP_SCANNED')
+            .filter(e => e.actor_id === actorId);
+        const dlpWithDetections = dlpEvents.filter(e => {
+            const detected = e.metadata?.detected;
+            return detected && detected.length > 0;
+        });
+        const dlpHighSeverity = dlpEvents.filter(e => e.metadata?.severity === 'high');
+        const dlpImpact = dlpWithDetections.length * this.weights.dlp_weight +
+            dlpHighSeverity.length * this.weights.dlp_high_weight;
+        score -= dlpImpact;
+        // 3. Error rate component
+        const baseline = this.anomalyDetector.getBaseline('actor', actorId, 'error_rate');
+        const errorPct = baseline ? baseline.mean * 100 : 0;
+        const errorImpact = errorPct * this.weights.error_rate_weight;
+        score -= errorImpact;
+        // 4. Capability escalation component
+        const escalations = actorAlerts.filter(a => a.anomaly_type === 'capability_escalation');
+        const escalationImpact = escalations.length * this.weights.escalation_weight;
+        score -= escalationImpact;
+        // 5. Budget velocity component
+        const spending = this.budgetManager.getActorSpending(actorId);
+        // If daily spend is more than 2x the average per-task spend, flag it
+        let budgetVelocityRate = 0;
+        let budgetImpact = 0;
+        if (spending.task_count > 0 && spending.total_spend > 0) {
+            const avgPerTask = spending.total_spend / spending.task_count;
+            budgetVelocityRate = spending.daily_spend / avgPerTask;
+            if (budgetVelocityRate > 2) {
+                budgetImpact = this.weights.budget_velocity_weight;
+                score -= budgetImpact;
+            }
+        }
+        score = Math.max(0, Math.min(100, score));
+        const risk_level = score >= 80 ? 'low' : score >= 50 ? 'medium' : score >= 30 ? 'high' : 'critical';
+        return {
+            actor_id: actorId,
+            score,
+            risk_level,
+            breakdown: {
+                anomalies: {
+                    count: actorAlerts.length,
+                    high_count: highAlerts.length,
+                    impact: anomalyImpact,
+                },
+                dlp: {
+                    detections: dlpWithDetections.length,
+                    high_severity: dlpHighSeverity.length,
+                    impact: dlpImpact,
+                },
+                error_rate: {
+                    pct: errorPct,
+                    impact: errorImpact,
+                },
+                escalations: {
+                    count: escalations.length,
+                    impact: escalationImpact,
+                },
+                budget_velocity: {
+                    current_rate: budgetVelocityRate,
+                    impact: budgetImpact,
+                },
+            },
+            calculated_at: new Date().toISOString(),
+        };
+    }
+    getLeaderboard(actorIds) {
+        return actorIds
+            .map(id => this.calculate(id))
+            .sort((a, b) => b.score - a.score);
+    }
+}
+exports.TrustScoreCalculator = TrustScoreCalculator;
+//# sourceMappingURL=calculator.js.map

package/dist/src/trust/calculator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"calculator.js","sourceRoot":"","sources":["../../../src/trust/calculator.ts"],"names":[],"mappings":";;;AA8Ba,QAAA,eAAe,GAAsB;IAChD,cAAc,EAAE,CAAC;IACjB,oBAAoB,EAAE,CAAC;IACvB,UAAU,EAAE,CAAC;IACb,eAAe,EAAE,EAAE;IACnB,iBAAiB,EAAE,CAAC;IACpB,iBAAiB,EAAE,EAAE;IACrB,sBAAsB,EAAE,EAAE;CAC3B,CAAC;AAEF,MAAa,oBAAoB;IAC/B,YACU,eAAgC,EAChC,WAAwB,EACxB,aAA4B,EAC5B,UAA6B,uBAAe;QAH5C,oBAAe,GAAf,eAAe,CAAiB;QAChC,gBAAW,GAAX,WAAW,CAAa;QACxB,kBAAa,GAAb,aAAa,CAAe;QAC5B,YAAO,GAAP,OAAO,CAAqC;IACnD,CAAC;IAEJ,SAAS,CAAC,OAAe;QACvB,IAAI,KAAK,GAAG,GAAG,CAAC;QAEhB,uBAAuB;QACvB,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,CAAC,kBAAkB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC9E,MAAM,UAAU,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;QAClE,MAAM,aAAa,GACjB,WAAW,CAAC,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,cAAc;YAChD,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,oBAAoB,CAAC;QACxD,KAAK,IAAI,aAAa,CAAC;QAEvB,mBAAmB;QACnB,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW;aAC/B,eAAe,CAAC,aAAa,CAAC;aAC9B,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC;QACvC,MAAM,iBAAiB,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;YAC7C,MAAM,QAAQ,GAAG,CAAC,CAAC,QAAQ,EAAE,QAAgC,CAAC;YAC9D,OAAO,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;QACH,MAAM,eAAe,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,QAAQ,KAAK,MAAM,CAAC,CAAC;QAC/E,MAAM,SAAS,GACb,iBAAiB,CAAC,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU;YAClD,eAAe,CAAC,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC;QACxD,KAAK,IAAI,SAAS,CAAC;QAEnB,0BAA0B;QAC1B,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,OAAO,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC;QAClF,MAAM,QAAQ,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACpD,MAAM,WAAW,GAAG,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC;QAC9D,KAAK,IAAI,WAAW,CAAC;QAErB,qCAAqC;QACrC,MAAM,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,KAAK,uBAAuB,CAAC,CAAC;QACxF,MAAM,gBAAgB,GAAG,WAAW,CAAC,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC;QAC7E,KAAK,IAAI,gBAAgB,CAAC;QAE1B,+BAA+B;QAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAC9D,qEAAqE;QACrE,IAAI,kBAAkB,GAAG,CAAC,CAAC;QAC3B,IAAI,YAAY,GAAG,CAAC,CAAC;QACrB,IAAI,QAAQ,CAAC,UAAU,GAAG,CAAC,IAAI,QAAQ,CAAC,WAAW,GAAG,CAAC,EAAE,CAAC;YACxD,MAAM,UAAU,GAAG,QAAQ,CAAC,WAAW,GAAG,QAAQ,CAAC,UAAU,CAAC;YAC9D,kBAAkB,GAAG,QAAQ,CAAC,WAAW,GAAG,UAAU,CAAC;YACvD,IAAI,kBAAkB,GAAG,CAAC,EAAE,CAAC;gBAC3B,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,sBAAsB,CAAC;gBACnD,KAAK,IAAI,YAAY,CAAC;YACxB,CAAC;QACH,CAAC;QAED,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;QAE1C,MAAM,UAAU,GACd,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC;QAEnF,OAAO;YACL,QAAQ,EAAE,OAAO;YACjB,KAAK;YACL,UAAU;YACV,SAAS,EAAE;gBACT,SAAS,EAAE;oBACT,KAAK,EAAE,WAAW,CAAC,MAAM;oBACzB,UAAU,EAAE,UAAU,CAAC,MAAM;oBAC7B,MAAM,EAAE,aAAa;iBACtB;gBACD,GAAG,EAAE;oBACH,UAAU,EAAE,iBAAiB,CAAC,MAAM;oBACpC,aAAa,EAAE,eAAe,CAAC,MAAM;oBACrC,MAAM,EAAE,SAAS;iBAClB;gBACD,UAAU,EAAE;oBACV,GAAG,EAAE,QAAQ;oBACb,MAAM,EAAE,WAAW;iBACpB;gBACD,WAAW,EAAE;oBACX,KAAK,EAAE,WAAW,CAAC,MAAM;oBACzB,MAAM,EAAE,gBAAgB;iBACzB;gBACD,eAAe,EAAE;oBACf,YAAY,EAAE,kBAAkB;oBAChC,MAAM,EAAE,YAAY;iBACrB;aACF;YACD,aAAa,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACxC,CAAC;IACJ,CAAC;IAED,cAAc,CAAC,QAAkB;QAC/B,OAAO,QAAQ;aACZ,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;aAC7B,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IACvC,CAAC;CACF;AApGD,oDAoGC"}

package/dist/src/trust/index.d.ts

@@ -0,0 +1,2 @@
+export { TrustScoreCalculator, TrustScoreWeights, TrustScoreBreakdown, TrustScoreResult, DEFAULT_WEIGHTS, } from './calculator';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/trust/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/trust/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,oBAAoB,EACpB,iBAAiB,EACjB,mBAAmB,EACnB,gBAAgB,EAChB,eAAe,GAChB,MAAM,cAAc,CAAC"}

package/dist/src/trust/index.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_WEIGHTS = exports.TrustScoreCalculator = void 0;
+var calculator_1 = require("./calculator");
+Object.defineProperty(exports, "TrustScoreCalculator", { enumerable: true, get: function () { return calculator_1.TrustScoreCalculator; } });
+Object.defineProperty(exports, "DEFAULT_WEIGHTS", { enumerable: true, get: function () { return calculator_1.DEFAULT_WEIGHTS; } });
+//# sourceMappingURL=index.js.map

package/dist/src/trust/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/trust/index.ts"],"names":[],"mappings":";;;AAAA,2CAMsB;AALpB,kHAAA,oBAAoB,OAAA;AAIpB,6GAAA,eAAe,OAAA"}

package/dist/src/types/budget.d.ts

@@ -0,0 +1,30 @@
+export interface TokenPricing {
+    input_per_token: number;
+    output_per_token: number;
+}
+export interface BudgetConfig {
+    task_budget_usd?: number;
+    user_daily_budget_usd?: number;
+    user_monthly_budget_usd?: number;
+    workspace_daily_budget_usd?: number;
+    workspace_monthly_budget_usd?: number;
+    max_steps_per_task?: number;
+    max_retries_per_call?: number;
+    max_wall_clock_ms?: number;
+    cost_table?: Record<string, number>;
+    token_pricing?: Record<string, TokenPricing>;
+}
+export interface BudgetState {
+    task_id: string;
+    workspace_id: string;
+    actor_id: string;
+    spent_usd: number;
+    steps: number;
+    started_at: string;
+}
+export interface CostEstimate {
+    tool_name: string;
+    capability: string;
+    estimated_cost_usd: number;
+}
+//# sourceMappingURL=budget.d.ts.map

package/dist/src/types/budget.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"budget.d.ts","sourceRoot":"","sources":["../../../src/types/budget.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,YAAY;IAC3B,eAAe,EAAE,MAAM,CAAC;IACxB,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,YAAY;IAC3B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,4BAA4B,CAAC,EAAE,MAAM,CAAC;IACtC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACpC,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;CAC9C;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,kBAAkB,EAAE,MAAM,CAAC;CAC5B"}

package/dist/src/types/budget.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=budget.js.map

package/dist/src/types/budget.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"budget.js","sourceRoot":"","sources":["../../../src/types/budget.ts"],"names":[],"mappings":""}

package/dist/src/types/config.d.ts

@@ -0,0 +1,176 @@
+import { BudgetConfig } from './budget';
+import { TracingConfig } from '../tracing';
+import { AnomalyConfig } from '../anomaly';
+import { OAuthConfig, FrontendConfig } from './user';
+import { StripeConfig } from './stripe-config';
+export interface GatewayConfig {
+    port: number;
+    host: string;
+    auth: AuthConfig;
+    policy: PolicyConfig;
+    dlp: DLPConfig;
+    budget: BudgetConfig;
+    audit: AuditConfig;
+    executor: ExecutorConfig;
+    approval: ApprovalConfig;
+    rate_limit?: RateLimitConfig;
+    tracing?: TracingConfig;
+    anomaly?: AnomalyConfig;
+    /** Rate limit for public endpoints (health, metrics). Default: 60 req/min */
+    public_rate_limit?: {
+        max_per_window: number;
+        window_ms: number;
+    };
+    /** Forward proxy configuration */
+    proxy?: ProxyConfig;
+    /** CORS allowed origins. Defaults to '*' in development, must be set in production. */
+    cors_origins?: string[];
+    /** OAuth configuration for SaaS login (Google/GitHub) */
+    oauth?: OAuthConfig;
+    /** Frontend SPA configuration */
+    frontend?: FrontendConfig;
+    /** Stripe billing configuration */
+    stripe?: StripeConfig;
+    /** MCP OAuth 2.0 configuration for Claude Code / MCP client auth */
+    mcp_oauth?: MCPOAuthConfig;
+}
+export interface MCPOAuthConfig {
+    enabled: boolean;
+    /** Base URL for OAuth endpoints (default: derived from host + port) */
+    base_url?: string;
+    /** Access token TTL in seconds (default: 3600 = 1 hour) */
+    access_token_ttl?: number;
+    /** Refresh token TTL in seconds (default: 2592000 = 30 days) */
+    refresh_token_ttl?: number;
+}
+export interface AuthConfig {
+    enabled: boolean;
+    api_keys: Record<string, ApiKeyConfig>;
+    jwt?: JWTAuthConfig;
+    rbac?: RBACConfig;
+    jwt_secret?: string;
+    /** Trusted proxy IPs/CIDRs. Only trust X-Forwarded-For from these sources. */
+    trusted_proxies?: string[];
+}
+export interface ApiKeyConfig {
+    workspace_id: string;
+    description?: string;
+    roles?: string[];
+    rate_limit_override?: number;
+    expires_at?: string;
+    created_at?: string;
+    last_used_at?: string;
+    revoked?: boolean;
+}
+export interface JWTAuthConfig {
+    enabled: boolean;
+    secret?: string;
+    jwks_uri?: string;
+    issuer?: string;
+    audience?: string;
+    algorithms?: string[];
+    workspace_claim?: string;
+    roles_claim?: string;
+    actor_claim?: string;
+}
+export interface RBACConfig {
+    enabled: boolean;
+    roles: Record<string, RoleDefinition>;
+    default_role?: string;
+}
+export interface RoleDefinition {
+    description?: string;
+    permissions: Permission[];
+}
+export type Permission = 'tool:execute' | 'tool:execute:read' | 'tool:execute:write' | 'tool:execute:delete' | 'tool:execute:admin' | 'approval:manage' | 'policy:read' | 'policy:write' | 'trace:read' | 'admin:full' | string;
+export interface PolicyConfig {
+    pack_path: string;
+    default_effect: 'ALLOW' | 'DENY';
+    hot_reload: boolean;
+    /** OPA policy engine configuration (optional, works alongside YAML engine) */
+    opa?: OPAConfig;
+}
+export interface OPAConfig {
+    enabled: boolean;
+    /** OPA server URL (e.g., 'http://localhost:8181') */
+    server_url?: string;
+    /** Policy path in OPA (e.g., 'v1/data/palaryn/policy') */
+    policy_path?: string;
+    /** Rego policy string (for inline/local evaluation without OPA server) */
+    rego_policy?: string;
+    /** Timeout for OPA requests in ms (default: 5000) */
+    timeout_ms?: number;
+    /** Fallback decision if OPA is unreachable (default: 'deny') */
+    fallback_decision?: 'allow' | 'deny' | 'transform' | 'require_approval';
+    /** Default Rego package name for inline policies (default: 'palaryn.policy') */
+    package_name?: string;
+}
+export interface DLPConfig {
+    enabled: boolean;
+    scan_args: boolean;
+    scan_output: boolean;
+    secrets_detection: boolean;
+    pii_detection: boolean;
+    prompt_injection_detection?: boolean;
+    /** Action when prompt injection is detected: 'log' (default), 'flag', or 'block' */
+    prompt_injection_action?: 'log' | 'flag' | 'block';
+    /** Minimum severity to trigger blocking (when action is 'block'). Default: 'high' */
+    prompt_injection_block_threshold?: 'medium' | 'high';
+    /** Response mode when injection is blocked: 'deny' (default), 'sanitize', or 'require_approval' */
+    prompt_injection_response?: 'deny' | 'sanitize' | 'require_approval';
+    default_redaction_method: 'mask' | 'hash' | 'drop' | 'tokenize';
+    trufflehog?: {
+        enabled: boolean;
+        binary_path?: string;
+        timeout_ms?: number;
+    };
+}
+export interface AuditConfig {
+    enabled: boolean;
+    log_dir: string;
+    console_output: boolean;
+    retention_days: number;
+}
+export interface ExecutorConfig {
+    http: {
+        timeout_ms: number;
+        max_retries: number;
+        backoff_base_ms: number;
+    };
+    cache: {
+        enabled: boolean;
+        ttl_ms: number;
+    };
+}
+export interface ApprovalConfig {
+    enabled: boolean;
+    token_secret: string;
+    default_ttl_seconds: number;
+    webhook_url?: string;
+    webhook_headers?: Record<string, string>;
+}
+export interface RateLimitConfig {
+    enabled: boolean;
+    /** Max requests per actor per window */
+    actor_max_per_window: number;
+    /** Max requests per workspace per window */
+    workspace_max_per_window: number;
+    /** Window duration in milliseconds */
+    window_ms: number;
+}
+export interface ProxyConfig {
+    enabled: boolean;
+    /** Port for the forward proxy server (default: 3128) */
+    port: number;
+    /** Domains to skip proxy pipeline for (e.g. palaryn's own domain) */
+    passthrough_domains?: string[];
+    /** Default workspace ID for sidecar mode (no per-request auth needed) */
+    default_workspace_id?: string;
+    /** Default actor ID for sidecar mode */
+    default_actor_id?: string;
+    /** Require Proxy-Authorization for every request (default: true unless sidecar defaults set) */
+    require_auth?: boolean;
+    /** Enable SSRF protection to block requests to private IPs (default: true) */
+    ssrf_protection?: boolean;
+}
+//# sourceMappingURL=config.d.ts.map

package/dist/src/types/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/types/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAC3C,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,QAAQ,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,UAAU,CAAC;IACjB,MAAM,EAAE,YAAY,CAAC;IACrB,GAAG,EAAE,SAAS,CAAC;IACf,MAAM,EAAE,YAAY,CAAC;IACrB,KAAK,EAAE,WAAW,CAAC;IACnB,QAAQ,EAAE,cAAc,CAAC;IACzB,QAAQ,EAAE,cAAc,CAAC;IACzB,UAAU,CAAC,EAAE,eAAe,CAAC;IAC7B,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,6EAA6E;IAC7E,iBAAiB,CAAC,EAAE;QAClB,cAAc,EAAE,MAAM,CAAC;QACvB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,kCAAkC;IAClC,KAAK,CAAC,EAAE,WAAW,CAAC;IACpB,uFAAuF;IACvF,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,yDAAyD;IACzD,KAAK,CAAC,EAAE,WAAW,CAAC;IACpB,iCAAiC;IACjC,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,mCAAmC;IACnC,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,oEAAoE;IACpE,SAAS,CAAC,EAAE,cAAc,CAAC;CAC5B;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,uEAAuE;IACvE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,2DAA2D;IAC3D,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,gEAAgE;IAChE,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,OAAO,CAAC;IAGjB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;IAGvC,GAAG,CAAC,EAAE,aAAa,CAAC;IAGpB,IAAI,CAAC,EAAE,UAAU,CAAC;IAGlB,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,8EAA8E;IAC9E,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC5B;AAED,MAAM,WAAW,YAAY;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IAEjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IAEtB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IACtC,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,cAAc;IAC7B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,UAAU,EAAE,CAAC;CAC3B;AAED,MAAM,MAAM,UAAU,GAClB,cAAc,GACd,mBAAmB,GACnB,oBAAoB,GACpB,qBAAqB,GACrB,oBAAoB,GACpB,iBAAiB,GACjB,aAAa,GACb,cAAc,GACd,YAAY,GACZ,YAAY,GACZ,MAAM,CAAC;AAEX,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,OAAO,GAAG,MAAM,CAAC;IACjC,UAAU,EAAE,OAAO,CAAC;IACpB,8EAA8E;IAC9E,GAAG,CAAC,EAAE,SAAS,CAAC;CACjB;AAED,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,OAAO,CAAC;IACjB,qDAAqD;IACrD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,0DAA0D;IAC1D,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,0EAA0E;IAC1E,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,qDAAqD;IACrD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,gEAAgE;IAChE,iBAAiB,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,WAAW,GAAG,kBAAkB,CAAC;IACxE,gFAAgF;IAChF,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,EAAE,OAAO,CAAC;IACnB,WAAW,EAAE,OAAO,CAAC;IACrB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,aAAa,EAAE,OAAO,CAAC;IACvB,0BAA0B,CAAC,EAAE,OAAO,CAAC;IACrC,oFAAoF;IACpF,uBAAuB,CAAC,EAAE,KAAK,GAAG,MAAM,GAAG,OAAO,CAAC;IACnD,qFAAqF;IACrF,gCAAgC,CAAC,EAAE,QAAQ,GAAG,MAAM,CAAC;IACrD,mGAAmG;IACnG,yBAAyB,CAAC,EAAE,MAAM,GAAG,UAAU,GAAG,kBAAkB,CAAC;IACrE,wBAAwB,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,UAAU,CAAC;IAChE,UAAU,CAAC,EAAE;QACX,OAAO,EAAE,OAAO,CAAC;QACjB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,CAAC;CACH;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,cAAc,EAAE,OAAO,CAAC;IACxB,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE;QACJ,UAAU,EAAE,MAAM,CAAC;QACnB,WAAW,EAAE,MAAM,CAAC;QACpB,eAAe,EAAE,MAAM,CAAC;KACzB,CAAC;IACF,KAAK,EAAE;QACL,OAAO,EAAE,OAAO,CAAC;QACjB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;CACH;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC1C;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,wCAAwC;IACxC,oBAAoB,EAAE,MAAM,CAAC;IAC7B,4CAA4C;IAC5C,wBAAwB,EAAE,MAAM,CAAC;IACjC,sCAAsC;IACtC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,wDAAwD;IACxD,IAAI,EAAE,MAAM,CAAC;IACb,qEAAqE;IACrE,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,yEAAyE;IACzE,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,wCAAwC;IACxC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,gGAAgG;IAChG,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,8EAA8E;IAC9E,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B"}

package/dist/src/types/config.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=config.js.map

package/dist/src/types/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../src/types/config.ts"],"names":[],"mappings":""}

package/dist/src/types/events.d.ts

@@ -0,0 +1,24 @@
+export type EventType = 'TOOL_CALL_RECEIVED' | 'POLICY_DECIDED' | 'DLP_SCANNED' | 'BUDGET_CHECKED' | 'TOOL_EXECUTED' | 'TOOL_RESULT_RETURNED' | 'APPROVAL_REQUESTED' | 'APPROVAL_APPROVED' | 'APPROVAL_DENIED' | 'APPROVAL_EXPIRED' | 'INCIDENT_RAISED' | 'USAGE_REPORTED' | 'POLICY_UPDATED' | 'POLICY_RESET';
+export type IncidentSeverity = 'low' | 'medium' | 'high' | 'critical';
+export interface AuditEvent {
+    event_id: string;
+    event_type: EventType;
+    timestamp: string;
+    tool_call_id: string;
+    task_id: string;
+    workspace_id: string;
+    actor_id: string;
+    tool_name: string;
+    metadata: Record<string, unknown>;
+}
+export interface IncidentEvent extends AuditEvent {
+    event_type: 'INCIDENT_RAISED';
+    metadata: {
+        severity: IncidentSeverity;
+        incident_type: string;
+        description: string;
+        recommended_action: string;
+        [key: string]: unknown;
+    };
+}
+//# sourceMappingURL=events.d.ts.map

package/dist/src/types/events.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"events.d.ts","sourceRoot":"","sources":["../../../src/types/events.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,SAAS,GACjB,oBAAoB,GACpB,gBAAgB,GAChB,aAAa,GACb,gBAAgB,GAChB,eAAe,GACf,sBAAsB,GACtB,oBAAoB,GACpB,mBAAmB,GACnB,iBAAiB,GACjB,kBAAkB,GAClB,iBAAiB,GACjB,gBAAgB,GAChB,gBAAgB,GAChB,cAAc,CAAC;AAEnB,MAAM,MAAM,gBAAgB,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAEtE,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,SAAS,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,aAAc,SAAQ,UAAU;IAC/C,UAAU,EAAE,iBAAiB,CAAC;IAC9B,QAAQ,EAAE;QACR,QAAQ,EAAE,gBAAgB,CAAC;QAC3B,aAAa,EAAE,MAAM,CAAC;QACtB,WAAW,EAAE,MAAM,CAAC;QACpB,kBAAkB,EAAE,MAAM,CAAC;QAC3B,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;CACH"}

package/dist/src/types/events.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=events.js.map

package/dist/src/types/events.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"events.js","sourceRoot":"","sources":["../../../src/types/events.ts"],"names":[],"mappings":""}

package/dist/src/types/index.d.ts

@@ -0,0 +1,8 @@
+export * from './tool-call';
+export * from './tool-result';
+export * from './policy';
+export * from './events';
+export * from './budget';
+export * from './config';
+export * from './user';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/types/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/types/index.ts"],"names":[],"mappings":"AAAA,cAAc,aAAa,CAAC;AAC5B,cAAc,eAAe,CAAC;AAC9B,cAAc,UAAU,CAAC;AACzB,cAAc,UAAU,CAAC;AACzB,cAAc,UAAU,CAAC;AACzB,cAAc,UAAU,CAAC;AACzB,cAAc,QAAQ,CAAC"}

package/dist/src/types/index.js

@@ -0,0 +1,24 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./tool-call"), exports);
+__exportStar(require("./tool-result"), exports);
+__exportStar(require("./policy"), exports);
+__exportStar(require("./events"), exports);
+__exportStar(require("./budget"), exports);
+__exportStar(require("./config"), exports);
+__exportStar(require("./user"), exports);
+//# sourceMappingURL=index.js.map