npm - palaryn - Versions diffs - 0.1.0 - Mend

palaryn 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (607) hide show

package/LICENSE +21 -0
package/README.md +716 -0
package/dist/sdk/typescript/src/client.d.ts +71 -0
package/dist/sdk/typescript/src/client.d.ts.map +1 -0
package/dist/sdk/typescript/src/client.js +176 -0
package/dist/sdk/typescript/src/client.js.map +1 -0
package/dist/sdk/typescript/src/errors.d.ts +50 -0
package/dist/sdk/typescript/src/errors.d.ts.map +1 -0
package/dist/sdk/typescript/src/errors.js +103 -0
package/dist/sdk/typescript/src/errors.js.map +1 -0
package/dist/sdk/typescript/src/index.d.ts +4 -0
package/dist/sdk/typescript/src/index.d.ts.map +1 -0
package/dist/sdk/typescript/src/index.js +15 -0
package/dist/sdk/typescript/src/index.js.map +1 -0
package/dist/sdk/typescript/src/types.d.ts +101 -0
package/dist/sdk/typescript/src/types.d.ts.map +1 -0
package/dist/sdk/typescript/src/types.js +6 -0
package/dist/sdk/typescript/src/types.js.map +1 -0
package/dist/src/admin/index.d.ts +2 -0
package/dist/src/admin/index.d.ts.map +1 -0
package/dist/src/admin/index.js +6 -0
package/dist/src/admin/index.js.map +1 -0
package/dist/src/admin/routes.d.ts +5 -0
package/dist/src/admin/routes.d.ts.map +1 -0
package/dist/src/admin/routes.js +471 -0
package/dist/src/admin/routes.js.map +1 -0
package/dist/src/admin/templates.d.ts +51 -0
package/dist/src/admin/templates.d.ts.map +1 -0
package/dist/src/admin/templates.js +500 -0
package/dist/src/admin/templates.js.map +1 -0
package/dist/src/anomaly/detector.d.ts +141 -0
package/dist/src/anomaly/detector.d.ts.map +1 -0
package/dist/src/anomaly/detector.js +554 -0
package/dist/src/anomaly/detector.js.map +1 -0
package/dist/src/anomaly/index.d.ts +2 -0
package/dist/src/anomaly/index.d.ts.map +1 -0
package/dist/src/anomaly/index.js +7 -0
package/dist/src/anomaly/index.js.map +1 -0
package/dist/src/approval/manager.d.ts +147 -0
package/dist/src/approval/manager.d.ts.map +1 -0
package/dist/src/approval/manager.js +511 -0
package/dist/src/approval/manager.js.map +1 -0
package/dist/src/approval/webhook.d.ts +36 -0
package/dist/src/approval/webhook.d.ts.map +1 -0
package/dist/src/approval/webhook.js +135 -0
package/dist/src/approval/webhook.js.map +1 -0
package/dist/src/audit/logger.d.ts +70 -0
package/dist/src/audit/logger.d.ts.map +1 -0
package/dist/src/audit/logger.js +440 -0
package/dist/src/audit/logger.js.map +1 -0
package/dist/src/auth/index.d.ts +6 -0
package/dist/src/auth/index.d.ts.map +1 -0
package/dist/src/auth/index.js +22 -0
package/dist/src/auth/index.js.map +1 -0
package/dist/src/auth/password.d.ts +3 -0
package/dist/src/auth/password.d.ts.map +1 -0
package/dist/src/auth/password.js +25 -0
package/dist/src/auth/password.js.map +1 -0
package/dist/src/auth/pkce.d.ts +13 -0
package/dist/src/auth/pkce.d.ts.map +1 -0
package/dist/src/auth/pkce.js +58 -0
package/dist/src/auth/pkce.js.map +1 -0
package/dist/src/auth/providers.d.ts +28 -0
package/dist/src/auth/providers.d.ts.map +1 -0
package/dist/src/auth/providers.js +198 -0
package/dist/src/auth/providers.js.map +1 -0
package/dist/src/auth/routes.d.ts +14 -0
package/dist/src/auth/routes.d.ts.map +1 -0
package/dist/src/auth/routes.js +431 -0
package/dist/src/auth/routes.js.map +1 -0
package/dist/src/auth/session.d.ts +24 -0
package/dist/src/auth/session.d.ts.map +1 -0
package/dist/src/auth/session.js +105 -0
package/dist/src/auth/session.js.map +1 -0
package/dist/src/billing/index.d.ts +7 -0
package/dist/src/billing/index.d.ts.map +1 -0
package/dist/src/billing/index.js +14 -0
package/dist/src/billing/index.js.map +1 -0
package/dist/src/billing/plan-enforcer.d.ts +44 -0
package/dist/src/billing/plan-enforcer.d.ts.map +1 -0
package/dist/src/billing/plan-enforcer.js +110 -0
package/dist/src/billing/plan-enforcer.js.map +1 -0
package/dist/src/billing/routes.d.ts +15 -0
package/dist/src/billing/routes.d.ts.map +1 -0
package/dist/src/billing/routes.js +193 -0
package/dist/src/billing/routes.js.map +1 -0
package/dist/src/billing/stripe-client.d.ts +14 -0
package/dist/src/billing/stripe-client.d.ts.map +1 -0
package/dist/src/billing/stripe-client.js +51 -0
package/dist/src/billing/stripe-client.js.map +1 -0
package/dist/src/billing/webhook-handler.d.ts +19 -0
package/dist/src/billing/webhook-handler.d.ts.map +1 -0
package/dist/src/billing/webhook-handler.js +169 -0
package/dist/src/billing/webhook-handler.js.map +1 -0
package/dist/src/billing/webhook-routes.d.ts +5 -0
package/dist/src/billing/webhook-routes.d.ts.map +1 -0
package/dist/src/billing/webhook-routes.js +30 -0
package/dist/src/billing/webhook-routes.js.map +1 -0
package/dist/src/budget/manager.d.ts +95 -0
package/dist/src/budget/manager.d.ts.map +1 -0
package/dist/src/budget/manager.js +547 -0
package/dist/src/budget/manager.js.map +1 -0
package/dist/src/budget/usage-extractor.d.ts +38 -0
package/dist/src/budget/usage-extractor.d.ts.map +1 -0
package/dist/src/budget/usage-extractor.js +165 -0
package/dist/src/budget/usage-extractor.js.map +1 -0
package/dist/src/cli.d.ts +3 -0
package/dist/src/cli.d.ts.map +1 -0
package/dist/src/cli.js +115 -0
package/dist/src/cli.js.map +1 -0
package/dist/src/config/defaults.d.ts +3 -0
package/dist/src/config/defaults.d.ts.map +1 -0
package/dist/src/config/defaults.js +243 -0
package/dist/src/config/defaults.js.map +1 -0
package/dist/src/config/validate.d.ts +15 -0
package/dist/src/config/validate.d.ts.map +1 -0
package/dist/src/config/validate.js +105 -0
package/dist/src/config/validate.js.map +1 -0
package/dist/src/dlp/composite-scanner.d.ts +47 -0
package/dist/src/dlp/composite-scanner.d.ts.map +1 -0
package/dist/src/dlp/composite-scanner.js +186 -0
package/dist/src/dlp/composite-scanner.js.map +1 -0
package/dist/src/dlp/index.d.ts +10 -0
package/dist/src/dlp/index.d.ts.map +1 -0
package/dist/src/dlp/index.js +26 -0
package/dist/src/dlp/index.js.map +1 -0
package/dist/src/dlp/interfaces.d.ts +33 -0
package/dist/src/dlp/interfaces.d.ts.map +1 -0
package/dist/src/dlp/interfaces.js +3 -0
package/dist/src/dlp/interfaces.js.map +1 -0
package/dist/src/dlp/patterns.d.ts +9 -0
package/dist/src/dlp/patterns.d.ts.map +1 -0
package/dist/src/dlp/patterns.js +25 -0
package/dist/src/dlp/patterns.js.map +1 -0
package/dist/src/dlp/prompt-injection-backend.d.ts +68 -0
package/dist/src/dlp/prompt-injection-backend.d.ts.map +1 -0
package/dist/src/dlp/prompt-injection-backend.js +148 -0
package/dist/src/dlp/prompt-injection-backend.js.map +1 -0
package/dist/src/dlp/prompt-injection-patterns.d.ts +32 -0
package/dist/src/dlp/prompt-injection-patterns.d.ts.map +1 -0
package/dist/src/dlp/prompt-injection-patterns.js +290 -0
package/dist/src/dlp/prompt-injection-patterns.js.map +1 -0
package/dist/src/dlp/regex-backend.d.ts +32 -0
package/dist/src/dlp/regex-backend.d.ts.map +1 -0
package/dist/src/dlp/regex-backend.js +153 -0
package/dist/src/dlp/regex-backend.js.map +1 -0
package/dist/src/dlp/scanner.d.ts +122 -0
package/dist/src/dlp/scanner.d.ts.map +1 -0
package/dist/src/dlp/scanner.js +444 -0
package/dist/src/dlp/scanner.js.map +1 -0
package/dist/src/dlp/text-normalizer.d.ts +41 -0
package/dist/src/dlp/text-normalizer.d.ts.map +1 -0
package/dist/src/dlp/text-normalizer.js +203 -0
package/dist/src/dlp/text-normalizer.js.map +1 -0
package/dist/src/dlp/trufflehog-backend.d.ts +64 -0
package/dist/src/dlp/trufflehog-backend.d.ts.map +1 -0
package/dist/src/dlp/trufflehog-backend.js +151 -0
package/dist/src/dlp/trufflehog-backend.js.map +1 -0
package/dist/src/executor/http-executor.d.ts +25 -0
package/dist/src/executor/http-executor.d.ts.map +1 -0
package/dist/src/executor/http-executor.js +333 -0
package/dist/src/executor/http-executor.js.map +1 -0
package/dist/src/executor/index.d.ts +6 -0
package/dist/src/executor/index.d.ts.map +1 -0
package/dist/src/executor/index.js +12 -0
package/dist/src/executor/index.js.map +1 -0
package/dist/src/executor/interfaces.d.ts +11 -0
package/dist/src/executor/interfaces.d.ts.map +1 -0
package/dist/src/executor/interfaces.js +3 -0
package/dist/src/executor/interfaces.js.map +1 -0
package/dist/src/executor/noop-executor.d.ts +13 -0
package/dist/src/executor/noop-executor.d.ts.map +1 -0
package/dist/src/executor/noop-executor.js +21 -0
package/dist/src/executor/noop-executor.js.map +1 -0
package/dist/src/executor/registry.d.ts +30 -0
package/dist/src/executor/registry.d.ts.map +1 -0
package/dist/src/executor/registry.js +62 -0
package/dist/src/executor/registry.js.map +1 -0
package/dist/src/executor/slack-executor.d.ts +24 -0
package/dist/src/executor/slack-executor.d.ts.map +1 -0
package/dist/src/executor/slack-executor.js +147 -0
package/dist/src/executor/slack-executor.js.map +1 -0
package/dist/src/index.d.ts +25 -0
package/dist/src/index.d.ts.map +1 -0
package/dist/src/index.js +74 -0
package/dist/src/index.js.map +1 -0
package/dist/src/mcp/auth-verifier.d.ts +23 -0
package/dist/src/mcp/auth-verifier.d.ts.map +1 -0
package/dist/src/mcp/auth-verifier.js +162 -0
package/dist/src/mcp/auth-verifier.js.map +1 -0
package/dist/src/mcp/bridge.d.ts +132 -0
package/dist/src/mcp/bridge.d.ts.map +1 -0
package/dist/src/mcp/bridge.js +734 -0
package/dist/src/mcp/bridge.js.map +1 -0
package/dist/src/mcp/http-transport.d.ts +32 -0
package/dist/src/mcp/http-transport.d.ts.map +1 -0
package/dist/src/mcp/http-transport.js +538 -0
package/dist/src/mcp/http-transport.js.map +1 -0
package/dist/src/mcp/index.d.ts +10 -0
package/dist/src/mcp/index.d.ts.map +1 -0
package/dist/src/mcp/index.js +17 -0
package/dist/src/mcp/index.js.map +1 -0
package/dist/src/mcp/oauth-pages.d.ts +23 -0
package/dist/src/mcp/oauth-pages.d.ts.map +1 -0
package/dist/src/mcp/oauth-pages.js +121 -0
package/dist/src/mcp/oauth-pages.js.map +1 -0
package/dist/src/mcp/oauth-postgres-stores.d.ts +55 -0
package/dist/src/mcp/oauth-postgres-stores.d.ts.map +1 -0
package/dist/src/mcp/oauth-postgres-stores.js +226 -0
package/dist/src/mcp/oauth-postgres-stores.js.map +1 -0
package/dist/src/mcp/oauth-provider.d.ts +95 -0
package/dist/src/mcp/oauth-provider.d.ts.map +1 -0
package/dist/src/mcp/oauth-provider.js +360 -0
package/dist/src/mcp/oauth-provider.js.map +1 -0
package/dist/src/mcp/oauth-stores.d.ts +62 -0
package/dist/src/mcp/oauth-stores.d.ts.map +1 -0
package/dist/src/mcp/oauth-stores.js +154 -0
package/dist/src/mcp/oauth-stores.js.map +1 -0
package/dist/src/mcp/server.d.ts +18 -0
package/dist/src/mcp/server.d.ts.map +1 -0
package/dist/src/mcp/server.js +51 -0
package/dist/src/mcp/server.js.map +1 -0
package/dist/src/metrics/collector.d.ts +106 -0
package/dist/src/metrics/collector.d.ts.map +1 -0
package/dist/src/metrics/collector.js +311 -0
package/dist/src/metrics/collector.js.map +1 -0
package/dist/src/metrics/index.d.ts +2 -0
package/dist/src/metrics/index.d.ts.map +1 -0
package/dist/src/metrics/index.js +6 -0
package/dist/src/metrics/index.js.map +1 -0
package/dist/src/middleware/auth.d.ts +77 -0
package/dist/src/middleware/auth.d.ts.map +1 -0
package/dist/src/middleware/auth.js +720 -0
package/dist/src/middleware/auth.js.map +1 -0
package/dist/src/middleware/session.d.ts +18 -0
package/dist/src/middleware/session.d.ts.map +1 -0
package/dist/src/middleware/session.js +67 -0
package/dist/src/middleware/session.js.map +1 -0
package/dist/src/middleware/validate.d.ts +3 -0
package/dist/src/middleware/validate.d.ts.map +1 -0
package/dist/src/middleware/validate.js +85 -0
package/dist/src/middleware/validate.js.map +1 -0
package/dist/src/policy/engine.d.ts +107 -0
package/dist/src/policy/engine.d.ts.map +1 -0
package/dist/src/policy/engine.js +646 -0
package/dist/src/policy/engine.js.map +1 -0
package/dist/src/policy/index.d.ts +3 -0
package/dist/src/policy/index.d.ts.map +1 -0
package/dist/src/policy/index.js +8 -0
package/dist/src/policy/index.js.map +1 -0
package/dist/src/policy/opa-engine.d.ts +176 -0
package/dist/src/policy/opa-engine.d.ts.map +1 -0
package/dist/src/policy/opa-engine.js +790 -0
package/dist/src/policy/opa-engine.js.map +1 -0
package/dist/src/proxy/forward-proxy.d.ts +30 -0
package/dist/src/proxy/forward-proxy.d.ts.map +1 -0
package/dist/src/proxy/forward-proxy.js +580 -0
package/dist/src/proxy/forward-proxy.js.map +1 -0
package/dist/src/proxy/index.d.ts +2 -0
package/dist/src/proxy/index.d.ts.map +1 -0
package/dist/src/proxy/index.js +8 -0
package/dist/src/proxy/index.js.map +1 -0
package/dist/src/ratelimit/limiter.d.ts +45 -0
package/dist/src/ratelimit/limiter.d.ts.map +1 -0
package/dist/src/ratelimit/limiter.js +158 -0
package/dist/src/ratelimit/limiter.js.map +1 -0
package/dist/src/replay/engine.d.ts +40 -0
package/dist/src/replay/engine.d.ts.map +1 -0
package/dist/src/replay/engine.js +106 -0
package/dist/src/replay/engine.js.map +1 -0
package/dist/src/replay/index.d.ts +2 -0
package/dist/src/replay/index.d.ts.map +1 -0
package/dist/src/replay/index.js +6 -0
package/dist/src/replay/index.js.map +1 -0
package/dist/src/saas/index.d.ts +2 -0
package/dist/src/saas/index.d.ts.map +1 -0
package/dist/src/saas/index.js +18 -0
package/dist/src/saas/index.js.map +1 -0
package/dist/src/saas/routes.d.ts +18 -0
package/dist/src/saas/routes.d.ts.map +1 -0
package/dist/src/saas/routes.js +1566 -0
package/dist/src/saas/routes.js.map +1 -0
package/dist/src/server/app.d.ts +44 -0
package/dist/src/server/app.d.ts.map +1 -0
package/dist/src/server/app.js +854 -0
package/dist/src/server/app.js.map +1 -0
package/dist/src/server/errors.d.ts +32 -0
package/dist/src/server/errors.d.ts.map +1 -0
package/dist/src/server/errors.js +39 -0
package/dist/src/server/errors.js.map +1 -0
package/dist/src/server/gateway.d.ts +165 -0
package/dist/src/server/gateway.d.ts.map +1 -0
package/dist/src/server/gateway.js +964 -0
package/dist/src/server/gateway.js.map +1 -0
package/dist/src/server/index.d.ts +2 -0
package/dist/src/server/index.d.ts.map +1 -0
package/dist/src/server/index.js +295 -0
package/dist/src/server/index.js.map +1 -0
package/dist/src/server/logger.d.ts +33 -0
package/dist/src/server/logger.d.ts.map +1 -0
package/dist/src/server/logger.js +230 -0
package/dist/src/server/logger.js.map +1 -0
package/dist/src/server/stream-proxy.d.ts +32 -0
package/dist/src/server/stream-proxy.d.ts.map +1 -0
package/dist/src/server/stream-proxy.js +184 -0
package/dist/src/server/stream-proxy.js.map +1 -0
package/dist/src/storage/file-persistence.d.ts +48 -0
package/dist/src/storage/file-persistence.d.ts.map +1 -0
package/dist/src/storage/file-persistence.js +280 -0
package/dist/src/storage/file-persistence.js.map +1 -0
package/dist/src/storage/index.d.ts +5 -0
package/dist/src/storage/index.d.ts.map +1 -0
package/dist/src/storage/index.js +21 -0
package/dist/src/storage/index.js.map +1 -0
package/dist/src/storage/interfaces.d.ts +237 -0
package/dist/src/storage/interfaces.d.ts.map +1 -0
package/dist/src/storage/interfaces.js +3 -0
package/dist/src/storage/interfaces.js.map +1 -0
package/dist/src/storage/memory.d.ts +162 -0
package/dist/src/storage/memory.d.ts.map +1 -0
package/dist/src/storage/memory.js +603 -0
package/dist/src/storage/memory.js.map +1 -0
package/dist/src/storage/postgres.d.ts +267 -0
package/dist/src/storage/postgres.d.ts.map +1 -0
package/dist/src/storage/postgres.js +1555 -0
package/dist/src/storage/postgres.js.map +1 -0
package/dist/src/storage/redis.d.ts +202 -0
package/dist/src/storage/redis.d.ts.map +1 -0
package/dist/src/storage/redis.js +629 -0
package/dist/src/storage/redis.js.map +1 -0
package/dist/src/tracing/index.d.ts +2 -0
package/dist/src/tracing/index.d.ts.map +1 -0
package/dist/src/tracing/index.js +6 -0
package/dist/src/tracing/index.js.map +1 -0
package/dist/src/tracing/provider.d.ts +43 -0
package/dist/src/tracing/provider.d.ts.map +1 -0
package/dist/src/tracing/provider.js +74 -0
package/dist/src/tracing/provider.js.map +1 -0
package/dist/src/trust/calculator.d.ts +54 -0
package/dist/src/trust/calculator.d.ts.map +1 -0
package/dist/src/trust/calculator.js +102 -0
package/dist/src/trust/calculator.js.map +1 -0
package/dist/src/trust/index.d.ts +2 -0
package/dist/src/trust/index.d.ts.map +1 -0
package/dist/src/trust/index.js +7 -0
package/dist/src/trust/index.js.map +1 -0
package/dist/src/types/budget.d.ts +30 -0
package/dist/src/types/budget.d.ts.map +1 -0
package/dist/src/types/budget.js +3 -0
package/dist/src/types/budget.js.map +1 -0
package/dist/src/types/config.d.ts +176 -0
package/dist/src/types/config.d.ts.map +1 -0
package/dist/src/types/config.js +3 -0
package/dist/src/types/config.js.map +1 -0
package/dist/src/types/events.d.ts +24 -0
package/dist/src/types/events.d.ts.map +1 -0
package/dist/src/types/events.js +3 -0
package/dist/src/types/events.js.map +1 -0
package/dist/src/types/index.d.ts +8 -0
package/dist/src/types/index.d.ts.map +1 -0
package/dist/src/types/index.js +24 -0
package/dist/src/types/index.js.map +1 -0
package/dist/src/types/policy.d.ts +60 -0
package/dist/src/types/policy.d.ts.map +1 -0
package/dist/src/types/policy.js +3 -0
package/dist/src/types/policy.js.map +1 -0
package/dist/src/types/stripe-config.d.ts +12 -0
package/dist/src/types/stripe-config.d.ts.map +1 -0
package/dist/src/types/stripe-config.js +3 -0
package/dist/src/types/stripe-config.js.map +1 -0
package/dist/src/types/subscription.d.ts +24 -0
package/dist/src/types/subscription.d.ts.map +1 -0
package/dist/src/types/subscription.js +38 -0
package/dist/src/types/subscription.js.map +1 -0
package/dist/src/types/tool-call.d.ts +42 -0
package/dist/src/types/tool-call.d.ts.map +1 -0
package/dist/src/types/tool-call.js +3 -0
package/dist/src/types/tool-call.js.map +1 -0
package/dist/src/types/tool-result.d.ts +58 -0
package/dist/src/types/tool-result.d.ts.map +1 -0
package/dist/src/types/tool-result.js +3 -0
package/dist/src/types/tool-result.js.map +1 -0
package/dist/src/types/user.d.ts +101 -0
package/dist/src/types/user.d.ts.map +1 -0
package/dist/src/types/user.js +6 -0
package/dist/src/types/user.js.map +1 -0
package/dist/tests/integration/api.test.d.ts +2 -0
package/dist/tests/integration/api.test.d.ts.map +1 -0
package/dist/tests/integration/api.test.js +1199 -0
package/dist/tests/integration/api.test.js.map +1 -0
package/dist/tests/integration/proxy.test.d.ts +2 -0
package/dist/tests/integration/proxy.test.d.ts.map +1 -0
package/dist/tests/integration/proxy.test.js +251 -0
package/dist/tests/integration/proxy.test.js.map +1 -0
package/dist/tests/integration/storage.test.d.ts +16 -0
package/dist/tests/integration/storage.test.d.ts.map +1 -0
package/dist/tests/integration/storage.test.js +826 -0
package/dist/tests/integration/storage.test.js.map +1 -0
package/dist/tests/unit/admin.test.d.ts +2 -0
package/dist/tests/unit/admin.test.d.ts.map +1 -0
package/dist/tests/unit/admin.test.js +698 -0
package/dist/tests/unit/admin.test.js.map +1 -0
package/dist/tests/unit/anomaly-detector.test.d.ts +2 -0
package/dist/tests/unit/anomaly-detector.test.d.ts.map +1 -0
package/dist/tests/unit/anomaly-detector.test.js +903 -0
package/dist/tests/unit/anomaly-detector.test.js.map +1 -0
package/dist/tests/unit/approval-manager.test.d.ts +2 -0
package/dist/tests/unit/approval-manager.test.d.ts.map +1 -0
package/dist/tests/unit/approval-manager.test.js +528 -0
package/dist/tests/unit/approval-manager.test.js.map +1 -0
package/dist/tests/unit/approval-webhook.test.d.ts +2 -0
package/dist/tests/unit/approval-webhook.test.d.ts.map +1 -0
package/dist/tests/unit/approval-webhook.test.js +355 -0
package/dist/tests/unit/approval-webhook.test.js.map +1 -0
package/dist/tests/unit/audit-logger.test.d.ts +2 -0
package/dist/tests/unit/audit-logger.test.d.ts.map +1 -0
package/dist/tests/unit/audit-logger.test.js +635 -0
package/dist/tests/unit/audit-logger.test.js.map +1 -0
package/dist/tests/unit/auth-routes.test.d.ts +2 -0
package/dist/tests/unit/auth-routes.test.d.ts.map +1 -0
package/dist/tests/unit/auth-routes.test.js +281 -0
package/dist/tests/unit/auth-routes.test.js.map +1 -0
package/dist/tests/unit/auth.test.d.ts +2 -0
package/dist/tests/unit/auth.test.d.ts.map +1 -0
package/dist/tests/unit/auth.test.js +1382 -0
package/dist/tests/unit/auth.test.js.map +1 -0
package/dist/tests/unit/billing.test.d.ts +2 -0
package/dist/tests/unit/billing.test.d.ts.map +1 -0
package/dist/tests/unit/billing.test.js +579 -0
package/dist/tests/unit/billing.test.js.map +1 -0
package/dist/tests/unit/budget-manager.test.d.ts +2 -0
package/dist/tests/unit/budget-manager.test.d.ts.map +1 -0
package/dist/tests/unit/budget-manager.test.js +778 -0
package/dist/tests/unit/budget-manager.test.js.map +1 -0
package/dist/tests/unit/budget-race.test.d.ts +2 -0
package/dist/tests/unit/budget-race.test.d.ts.map +1 -0
package/dist/tests/unit/budget-race.test.js +58 -0
package/dist/tests/unit/budget-race.test.js.map +1 -0
package/dist/tests/unit/cli.test.d.ts +2 -0
package/dist/tests/unit/cli.test.d.ts.map +1 -0
package/dist/tests/unit/cli.test.js +93 -0
package/dist/tests/unit/cli.test.js.map +1 -0
package/dist/tests/unit/concurrency.test.d.ts +2 -0
package/dist/tests/unit/concurrency.test.d.ts.map +1 -0
package/dist/tests/unit/concurrency.test.js +1270 -0
package/dist/tests/unit/concurrency.test.js.map +1 -0
package/dist/tests/unit/config-validate.test.d.ts +2 -0
package/dist/tests/unit/config-validate.test.d.ts.map +1 -0
package/dist/tests/unit/config-validate.test.js +230 -0
package/dist/tests/unit/config-validate.test.js.map +1 -0
package/dist/tests/unit/defaults.test.d.ts +2 -0
package/dist/tests/unit/defaults.test.d.ts.map +1 -0
package/dist/tests/unit/defaults.test.js +364 -0
package/dist/tests/unit/defaults.test.js.map +1 -0
package/dist/tests/unit/dlp-backends.test.d.ts +2 -0
package/dist/tests/unit/dlp-backends.test.d.ts.map +1 -0
package/dist/tests/unit/dlp-backends.test.js +563 -0
package/dist/tests/unit/dlp-backends.test.js.map +1 -0
package/dist/tests/unit/dlp-scanner.test.d.ts +2 -0
package/dist/tests/unit/dlp-scanner.test.d.ts.map +1 -0
package/dist/tests/unit/dlp-scanner.test.js +739 -0
package/dist/tests/unit/dlp-scanner.test.js.map +1 -0
package/dist/tests/unit/error-responses.test.d.ts +2 -0
package/dist/tests/unit/error-responses.test.d.ts.map +1 -0
package/dist/tests/unit/error-responses.test.js +101 -0
package/dist/tests/unit/error-responses.test.js.map +1 -0
package/dist/tests/unit/executor-registry.test.d.ts +2 -0
package/dist/tests/unit/executor-registry.test.d.ts.map +1 -0
package/dist/tests/unit/executor-registry.test.js +390 -0
package/dist/tests/unit/executor-registry.test.js.map +1 -0
package/dist/tests/unit/forward-proxy.test.d.ts +2 -0
package/dist/tests/unit/forward-proxy.test.d.ts.map +1 -0
package/dist/tests/unit/forward-proxy.test.js +621 -0
package/dist/tests/unit/forward-proxy.test.js.map +1 -0
package/dist/tests/unit/gateway-features.test.d.ts +2 -0
package/dist/tests/unit/gateway-features.test.d.ts.map +1 -0
package/dist/tests/unit/gateway-features.test.js +753 -0
package/dist/tests/unit/gateway-features.test.js.map +1 -0
package/dist/tests/unit/http-executor.test.d.ts +2 -0
package/dist/tests/unit/http-executor.test.d.ts.map +1 -0
package/dist/tests/unit/http-executor.test.js +310 -0
package/dist/tests/unit/http-executor.test.js.map +1 -0
package/dist/tests/unit/mcp-bridge.test.d.ts +2 -0
package/dist/tests/unit/mcp-bridge.test.d.ts.map +1 -0
package/dist/tests/unit/mcp-bridge.test.js +1136 -0
package/dist/tests/unit/mcp-bridge.test.js.map +1 -0
package/dist/tests/unit/mcp-http-transport.test.d.ts +2 -0
package/dist/tests/unit/mcp-http-transport.test.d.ts.map +1 -0
package/dist/tests/unit/mcp-http-transport.test.js +899 -0
package/dist/tests/unit/mcp-http-transport.test.js.map +1 -0
package/dist/tests/unit/mcp-oauth.test.d.ts +2 -0
package/dist/tests/unit/mcp-oauth.test.d.ts.map +1 -0
package/dist/tests/unit/mcp-oauth.test.js +759 -0
package/dist/tests/unit/mcp-oauth.test.js.map +1 -0
package/dist/tests/unit/mcp-server.test.d.ts +15 -0
package/dist/tests/unit/mcp-server.test.d.ts.map +1 -0
package/dist/tests/unit/mcp-server.test.js +158 -0
package/dist/tests/unit/mcp-server.test.js.map +1 -0
package/dist/tests/unit/metrics.test.d.ts +2 -0
package/dist/tests/unit/metrics.test.d.ts.map +1 -0
package/dist/tests/unit/metrics.test.js +208 -0
package/dist/tests/unit/metrics.test.js.map +1 -0
package/dist/tests/unit/oauth.test.d.ts +2 -0
package/dist/tests/unit/oauth.test.d.ts.map +1 -0
package/dist/tests/unit/oauth.test.js +281 -0
package/dist/tests/unit/oauth.test.js.map +1 -0
package/dist/tests/unit/opa-circuit-breaker.test.d.ts +2 -0
package/dist/tests/unit/opa-circuit-breaker.test.d.ts.map +1 -0
package/dist/tests/unit/opa-circuit-breaker.test.js +297 -0
package/dist/tests/unit/opa-circuit-breaker.test.js.map +1 -0
package/dist/tests/unit/opa-engine.test.d.ts +2 -0
package/dist/tests/unit/opa-engine.test.d.ts.map +1 -0
package/dist/tests/unit/opa-engine.test.js +1813 -0
package/dist/tests/unit/opa-engine.test.js.map +1 -0
package/dist/tests/unit/pipeline-timing.test.d.ts +2 -0
package/dist/tests/unit/pipeline-timing.test.d.ts.map +1 -0
package/dist/tests/unit/pipeline-timing.test.js +528 -0
package/dist/tests/unit/pipeline-timing.test.js.map +1 -0
package/dist/tests/unit/policy-engine.test.d.ts +2 -0
package/dist/tests/unit/policy-engine.test.d.ts.map +1 -0
package/dist/tests/unit/policy-engine.test.js +1345 -0
package/dist/tests/unit/policy-engine.test.js.map +1 -0
package/dist/tests/unit/policy-store.test.d.ts +2 -0
package/dist/tests/unit/policy-store.test.d.ts.map +1 -0
package/dist/tests/unit/policy-store.test.js +60 -0
package/dist/tests/unit/policy-store.test.js.map +1 -0
package/dist/tests/unit/postgres-storage.test.d.ts +2 -0
package/dist/tests/unit/postgres-storage.test.d.ts.map +1 -0
package/dist/tests/unit/postgres-storage.test.js +614 -0
package/dist/tests/unit/postgres-storage.test.js.map +1 -0
package/dist/tests/unit/prompt-injection-backend.test.d.ts +2 -0
package/dist/tests/unit/prompt-injection-backend.test.d.ts.map +1 -0
package/dist/tests/unit/prompt-injection-backend.test.js +621 -0
package/dist/tests/unit/prompt-injection-backend.test.js.map +1 -0
package/dist/tests/unit/proxy-hardening.test.d.ts +2 -0
package/dist/tests/unit/proxy-hardening.test.d.ts.map +1 -0
package/dist/tests/unit/proxy-hardening.test.js +166 -0
package/dist/tests/unit/proxy-hardening.test.js.map +1 -0
package/dist/tests/unit/rate-limiter.test.d.ts +2 -0
package/dist/tests/unit/rate-limiter.test.d.ts.map +1 -0
package/dist/tests/unit/rate-limiter.test.js +443 -0
package/dist/tests/unit/rate-limiter.test.js.map +1 -0
package/dist/tests/unit/redis-storage.test.d.ts +2 -0
package/dist/tests/unit/redis-storage.test.d.ts.map +1 -0
package/dist/tests/unit/redis-storage.test.js +766 -0
package/dist/tests/unit/redis-storage.test.js.map +1 -0
package/dist/tests/unit/replay-engine.test.d.ts +2 -0
package/dist/tests/unit/replay-engine.test.d.ts.map +1 -0
package/dist/tests/unit/replay-engine.test.js +371 -0
package/dist/tests/unit/replay-engine.test.js.map +1 -0
package/dist/tests/unit/saas-routes.test.d.ts +2 -0
package/dist/tests/unit/saas-routes.test.d.ts.map +1 -0
package/dist/tests/unit/saas-routes.test.js +1399 -0
package/dist/tests/unit/saas-routes.test.js.map +1 -0
package/dist/tests/unit/session.test.d.ts +2 -0
package/dist/tests/unit/session.test.d.ts.map +1 -0
package/dist/tests/unit/session.test.js +532 -0
package/dist/tests/unit/session.test.js.map +1 -0
package/dist/tests/unit/slack-executor.test.d.ts +2 -0
package/dist/tests/unit/slack-executor.test.d.ts.map +1 -0
package/dist/tests/unit/slack-executor.test.js +209 -0
package/dist/tests/unit/slack-executor.test.js.map +1 -0
package/dist/tests/unit/storage-hardening.test.d.ts +2 -0
package/dist/tests/unit/storage-hardening.test.d.ts.map +1 -0
package/dist/tests/unit/storage-hardening.test.js +165 -0
package/dist/tests/unit/storage-hardening.test.js.map +1 -0
package/dist/tests/unit/storage.test.d.ts +2 -0
package/dist/tests/unit/storage.test.d.ts.map +1 -0
package/dist/tests/unit/storage.test.js +698 -0
package/dist/tests/unit/storage.test.js.map +1 -0
package/dist/tests/unit/text-normalizer.test.d.ts +2 -0
package/dist/tests/unit/text-normalizer.test.d.ts.map +1 -0
package/dist/tests/unit/text-normalizer.test.js +229 -0
package/dist/tests/unit/text-normalizer.test.js.map +1 -0
package/dist/tests/unit/tracing.test.d.ts +2 -0
package/dist/tests/unit/tracing.test.d.ts.map +1 -0
package/dist/tests/unit/tracing.test.js +611 -0
package/dist/tests/unit/tracing.test.js.map +1 -0
package/dist/tests/unit/trust-calculator.test.d.ts +2 -0
package/dist/tests/unit/trust-calculator.test.d.ts.map +1 -0
package/dist/tests/unit/trust-calculator.test.js +497 -0
package/dist/tests/unit/trust-calculator.test.js.map +1 -0
package/dist/tests/unit/ts-sdk.test.d.ts +2 -0
package/dist/tests/unit/ts-sdk.test.d.ts.map +1 -0
package/dist/tests/unit/ts-sdk.test.js +421 -0
package/dist/tests/unit/ts-sdk.test.js.map +1 -0
package/dist/tests/unit/usage-extractor-llm.test.d.ts +2 -0
package/dist/tests/unit/usage-extractor-llm.test.d.ts.map +1 -0
package/dist/tests/unit/usage-extractor-llm.test.js +139 -0
package/dist/tests/unit/usage-extractor-llm.test.js.map +1 -0
package/dist/tests/unit/usage-extractor.test.d.ts +2 -0
package/dist/tests/unit/usage-extractor.test.d.ts.map +1 -0
package/dist/tests/unit/usage-extractor.test.js +271 -0
package/dist/tests/unit/usage-extractor.test.js.map +1 -0
package/dist/tests/unit/user-stores.test.d.ts +2 -0
package/dist/tests/unit/user-stores.test.d.ts.map +1 -0
package/dist/tests/unit/user-stores.test.js +687 -0
package/dist/tests/unit/user-stores.test.js.map +1 -0
package/dist/tests/unit/validate.test.d.ts +2 -0
package/dist/tests/unit/validate.test.d.ts.map +1 -0
package/dist/tests/unit/validate.test.js +545 -0
package/dist/tests/unit/validate.test.js.map +1 -0
package/package.json +86 -0
package/policy-packs/README.md +42 -0
package/policy-packs/default.yaml +46 -0
package/policy-packs/dev_fast.yaml +54 -0
package/policy-packs/prod_strict.yaml +83 -0

package/dist/tests/unit/storage.test.js ADDED Viewed

@@ -0,0 +1,698 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const memory_1 = require("../../src/storage/memory");
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+function makeBudgetState(overrides = {}) {
+    return {
+        task_id: 'task-001',
+        workspace_id: 'ws-001',
+        actor_id: 'actor-001',
+        spent_usd: 0,
+        steps: 0,
+        started_at: new Date().toISOString(),
+        ...overrides,
+    };
+}
+function makeAuditEvent(overrides = {}) {
+    return {
+        event_id: 'evt-001',
+        event_type: 'TOOL_CALL_RECEIVED',
+        timestamp: new Date().toISOString(),
+        tool_call_id: 'tc-001',
+        task_id: 'task-001',
+        workspace_id: 'ws-001',
+        actor_id: 'actor-001',
+        tool_name: 'http_request',
+        metadata: {},
+        ...overrides,
+    };
+}
+function makeToolResult(overrides = {}) {
+    return {
+        tool_call_id: 'tc-001',
+        task_id: 'task-001',
+        status: 'ok',
+        policy: { decision: 'allow', reasons: [] },
+        dlp: { detected: [], redactions: [], severity: 'low' },
+        budget: { estimated_cost_usd: 0, spent_cost_usd_task: 0, remaining_cost_usd_task: 100 },
+        timing: { started_at: '2026-01-01T00:00:00.000Z', duration_ms: 10 },
+        ...overrides,
+    };
+}
+function makeApprovalRecord(overrides = {}) {
+    return {
+        approval_id: 'appr-001',
+        tool_call_id: 'tc-001',
+        task_id: 'task-001',
+        workspace_id: 'ws-001',
+        actor_id: 'actor-001',
+        tool_name: 'http.get',
+        tool_capability: 'read',
+        args_summary: '{}',
+        scope: 'global',
+        reason: 'test',
+        token_hash: 'hash-001',
+        status: 'pending',
+        created_at: new Date().toISOString(),
+        expires_at: new Date(Date.now() + 3600000).toISOString(),
+        ...overrides,
+    };
+}
+// ---------------------------------------------------------------------------
+// InMemoryBudgetStore
+// ---------------------------------------------------------------------------
+describe('InMemoryBudgetStore', () => {
+    let store;
+    beforeEach(() => {
+        store = new memory_1.InMemoryBudgetStore();
+    });
+    // -- get / set task states ------------------------------------------------
+    describe('get/set task states', () => {
+        it('returns undefined for a non-existent task', () => {
+            expect(store.getTaskState('missing')).toBeUndefined();
+        });
+        it('stores and retrieves a task state', () => {
+            const state = makeBudgetState({ task_id: 'task-100' });
+            store.setTaskState('task-100', state);
+            expect(store.getTaskState('task-100')).toEqual(state);
+        });
+        it('overwrites an existing task state', () => {
+            const original = makeBudgetState({ spent_usd: 0 });
+            store.setTaskState('task-100', original);
+            const updated = makeBudgetState({ spent_usd: 5.5 });
+            store.setTaskState('task-100', updated);
+            expect(store.getTaskState('task-100')?.spent_usd).toBe(5.5);
+        });
+        it('stores multiple independent task states', () => {
+            const s1 = makeBudgetState({ task_id: 'task-1', spent_usd: 1 });
+            const s2 = makeBudgetState({ task_id: 'task-2', spent_usd: 2 });
+            store.setTaskState('task-1', s1);
+            store.setTaskState('task-2', s2);
+            expect(store.getTaskState('task-1')?.spent_usd).toBe(1);
+            expect(store.getTaskState('task-2')?.spent_usd).toBe(2);
+        });
+    });
+    // -- getCounter -----------------------------------------------------------
+    describe('getCounter', () => {
+        it('returns 0 for a missing key', () => {
+            expect(store.getCounter('nonexistent-key')).toBe(0);
+        });
+        it('returns the current value after incrementing', () => {
+            store.incrementCounter('calls:actor-001', 1);
+            expect(store.getCounter('calls:actor-001')).toBe(1);
+        });
+    });
+    // -- incrementCounter -----------------------------------------------------
+    describe('incrementCounter', () => {
+        it('accumulates multiple increments', () => {
+            store.incrementCounter('cost:ws-001', 0.25);
+            store.incrementCounter('cost:ws-001', 0.75);
+            store.incrementCounter('cost:ws-001', 1.0);
+            expect(store.getCounter('cost:ws-001')).toBe(2.0);
+        });
+        it('handles separate keys independently', () => {
+            store.incrementCounter('a', 10);
+            store.incrementCounter('b', 20);
+            expect(store.getCounter('a')).toBe(10);
+            expect(store.getCounter('b')).toBe(20);
+        });
+        it('handles negative increments', () => {
+            store.incrementCounter('c', 10);
+            store.incrementCounter('c', -3);
+            expect(store.getCounter('c')).toBe(7);
+        });
+    });
+    // -- getRetryCount / incrementRetryCount ----------------------------------
+    describe('getRetryCount / incrementRetryCount', () => {
+        it('returns 0 for a never-retried tool call', () => {
+            expect(store.getRetryCount('tc-unknown')).toBe(0);
+        });
+        it('increments and returns the new count', () => {
+            const count = store.incrementRetryCount('tc-001');
+            expect(count).toBe(1);
+            expect(store.getRetryCount('tc-001')).toBe(1);
+        });
+        it('accumulates across multiple increments', () => {
+            store.incrementRetryCount('tc-001');
+            store.incrementRetryCount('tc-001');
+            const third = store.incrementRetryCount('tc-001');
+            expect(third).toBe(3);
+            expect(store.getRetryCount('tc-001')).toBe(3);
+        });
+        it('tracks different tool calls independently', () => {
+            store.incrementRetryCount('tc-A');
+            store.incrementRetryCount('tc-A');
+            store.incrementRetryCount('tc-B');
+            expect(store.getRetryCount('tc-A')).toBe(2);
+            expect(store.getRetryCount('tc-B')).toBe(1);
+        });
+    });
+    // -- reset ----------------------------------------------------------------
+    describe('reset()', () => {
+        it('clears all task states, counters, and retry counts', () => {
+            store.setTaskState('task-1', makeBudgetState());
+            store.incrementCounter('cost:ws-1', 5);
+            store.incrementRetryCount('tc-1');
+            store.reset();
+            expect(store.getTaskState('task-1')).toBeUndefined();
+            expect(store.getCounter('cost:ws-1')).toBe(0);
+            expect(store.getRetryCount('tc-1')).toBe(0);
+        });
+    });
+});
+// ---------------------------------------------------------------------------
+// InMemoryAuditStore
+// ---------------------------------------------------------------------------
+describe('InMemoryAuditStore', () => {
+    let store;
+    beforeEach(() => {
+        store = new memory_1.InMemoryAuditStore();
+    });
+    // -- append and getAll ----------------------------------------------------
+    describe('append and getAll', () => {
+        it('starts empty', () => {
+            expect(store.getAll()).toEqual([]);
+        });
+        it('appends events and returns them via getAll', () => {
+            const e1 = makeAuditEvent({ event_id: 'e1' });
+            const e2 = makeAuditEvent({ event_id: 'e2' });
+            store.append(e1);
+            store.append(e2);
+            const all = store.getAll();
+            expect(all).toHaveLength(2);
+            expect(all[0].event_id).toBe('e1');
+            expect(all[1].event_id).toBe('e2');
+        });
+        it('getAll returns a copy (not a reference to internal array)', () => {
+            store.append(makeAuditEvent({ event_id: 'e1' }));
+            const snapshot = store.getAll();
+            store.append(makeAuditEvent({ event_id: 'e2' }));
+            // The snapshot should still have only 1 event
+            expect(snapshot).toHaveLength(1);
+            expect(store.getAll()).toHaveLength(2);
+        });
+    });
+    // -- getByTaskId ----------------------------------------------------------
+    describe('getByTaskId', () => {
+        it('filters events by task_id', () => {
+            store.append(makeAuditEvent({ event_id: 'e1', task_id: 'task-A', timestamp: '2025-01-01T00:00:01Z' }));
+            store.append(makeAuditEvent({ event_id: 'e2', task_id: 'task-B', timestamp: '2025-01-01T00:00:02Z' }));
+            store.append(makeAuditEvent({ event_id: 'e3', task_id: 'task-A', timestamp: '2025-01-01T00:00:03Z' }));
+            const results = store.getByTaskId('task-A');
+            expect(results).toHaveLength(2);
+            expect(results.map(e => e.event_id)).toEqual(['e1', 'e3']);
+        });
+        it('returns empty array when no events match', () => {
+            store.append(makeAuditEvent({ task_id: 'task-X' }));
+            expect(store.getByTaskId('task-Z')).toEqual([]);
+        });
+        it('returns results sorted by timestamp', () => {
+            store.append(makeAuditEvent({ event_id: 'late', task_id: 'task-A', timestamp: '2025-01-01T00:00:05Z' }));
+            store.append(makeAuditEvent({ event_id: 'early', task_id: 'task-A', timestamp: '2025-01-01T00:00:01Z' }));
+            store.append(makeAuditEvent({ event_id: 'mid', task_id: 'task-A', timestamp: '2025-01-01T00:00:03Z' }));
+            const results = store.getByTaskId('task-A');
+            expect(results.map(e => e.event_id)).toEqual(['early', 'mid', 'late']);
+        });
+    });
+    // -- getByToolCallId ------------------------------------------------------
+    describe('getByToolCallId', () => {
+        it('filters events by tool_call_id', () => {
+            store.append(makeAuditEvent({ event_id: 'e1', tool_call_id: 'tc-A', timestamp: '2025-01-01T00:00:01Z' }));
+            store.append(makeAuditEvent({ event_id: 'e2', tool_call_id: 'tc-B', timestamp: '2025-01-01T00:00:02Z' }));
+            store.append(makeAuditEvent({ event_id: 'e3', tool_call_id: 'tc-A', timestamp: '2025-01-01T00:00:03Z' }));
+            const results = store.getByToolCallId('tc-A');
+            expect(results).toHaveLength(2);
+            expect(results.map(e => e.event_id)).toEqual(['e1', 'e3']);
+        });
+        it('returns empty array when no events match', () => {
+            expect(store.getByToolCallId('tc-nonexistent')).toEqual([]);
+        });
+        it('returns results sorted by timestamp', () => {
+            store.append(makeAuditEvent({ event_id: 'z', tool_call_id: 'tc-1', timestamp: '2025-06-01T00:00:00Z' }));
+            store.append(makeAuditEvent({ event_id: 'a', tool_call_id: 'tc-1', timestamp: '2025-01-01T00:00:00Z' }));
+            const results = store.getByToolCallId('tc-1');
+            expect(results.map(e => e.event_id)).toEqual(['a', 'z']);
+        });
+    });
+    // -- getByEventType -------------------------------------------------------
+    describe('getByEventType', () => {
+        it('filters events by event_type', () => {
+            store.append(makeAuditEvent({ event_id: 'e1', event_type: 'TOOL_CALL_RECEIVED' }));
+            store.append(makeAuditEvent({ event_id: 'e2', event_type: 'POLICY_DECIDED' }));
+            store.append(makeAuditEvent({ event_id: 'e3', event_type: 'TOOL_CALL_RECEIVED' }));
+            store.append(makeAuditEvent({ event_id: 'e4', event_type: 'DLP_SCANNED' }));
+            const results = store.getByEventType('TOOL_CALL_RECEIVED');
+            expect(results).toHaveLength(2);
+            expect(results.map(e => e.event_id)).toEqual(['e1', 'e3']);
+        });
+        it('returns empty array for an event type with no matches', () => {
+            store.append(makeAuditEvent({ event_type: 'TOOL_EXECUTED' }));
+            expect(store.getByEventType('INCIDENT_RAISED')).toEqual([]);
+        });
+        it('filters across all known event types', () => {
+            const types = [
+                'TOOL_CALL_RECEIVED',
+                'POLICY_DECIDED',
+                'DLP_SCANNED',
+                'BUDGET_CHECKED',
+                'TOOL_EXECUTED',
+                'TOOL_RESULT_RETURNED',
+                'APPROVAL_REQUESTED',
+                'APPROVAL_APPROVED',
+                'APPROVAL_DENIED',
+                'APPROVAL_EXPIRED',
+                'INCIDENT_RAISED',
+            ];
+            types.forEach((t, i) => {
+                store.append(makeAuditEvent({ event_id: `e${i}`, event_type: t }));
+            });
+            types.forEach((t, i) => {
+                const results = store.getByEventType(t);
+                expect(results).toHaveLength(1);
+                expect(results[0].event_id).toBe(`e${i}`);
+            });
+        });
+    });
+    // -- clear ----------------------------------------------------------------
+    describe('clear()', () => {
+        it('empties all events', () => {
+            store.append(makeAuditEvent({ event_id: 'e1' }));
+            store.append(makeAuditEvent({ event_id: 'e2' }));
+            expect(store.getAll()).toHaveLength(2);
+            store.clear();
+            expect(store.getAll()).toEqual([]);
+        });
+        it('allows new events after clearing', () => {
+            store.append(makeAuditEvent({ event_id: 'before' }));
+            store.clear();
+            store.append(makeAuditEvent({ event_id: 'after' }));
+            expect(store.getAll()).toHaveLength(1);
+            expect(store.getAll()[0].event_id).toBe('after');
+        });
+    });
+});
+// ---------------------------------------------------------------------------
+// InMemoryApprovalStore
+// ---------------------------------------------------------------------------
+describe('InMemoryApprovalStore', () => {
+    let store;
+    beforeEach(() => {
+        store = new memory_1.InMemoryApprovalStore();
+    });
+    // -- save and getById -----------------------------------------------------
+    describe('save and getById', () => {
+        it('returns undefined for a non-existent approval', () => {
+            expect(store.getById('no-such-id')).toBeUndefined();
+        });
+        it('saves and retrieves an approval by ID', () => {
+            const approval = makeApprovalRecord({
+                approval_id: 'apr-001',
+                tool_call_id: 'tc-001',
+                workspace_id: 'ws-001',
+            });
+            store.save('apr-001', approval);
+            expect(store.getById('apr-001')).toEqual(approval);
+        });
+        it('overwrites existing approval with same ID', () => {
+            store.save('apr-001', makeApprovalRecord({ status: 'pending' }));
+            store.save('apr-001', makeApprovalRecord({ status: 'approved' }));
+            expect(store.getById('apr-001')?.status).toBe('approved');
+        });
+    });
+    // -- getByToken via indexToken --------------------------------------------
+    describe('getByToken via indexToken', () => {
+        it('returns undefined for an unindexed token', () => {
+            expect(store.getByToken('token-xyz')).toBeUndefined();
+        });
+        it('retrieves approval by its indexed token', () => {
+            const approval = makeApprovalRecord({ approval_id: 'apr-001', status: 'pending' });
+            store.save('apr-001', approval);
+            store.indexToken('jwt-token-abc', 'apr-001');
+            expect(store.getByToken('jwt-token-abc')).toEqual(approval);
+        });
+        it('returns undefined if token references a deleted/missing approval', () => {
+            store.indexToken('orphan-token', 'missing-id');
+            expect(store.getByToken('orphan-token')).toBeUndefined();
+        });
+        it('supports multiple tokens pointing to different approvals', () => {
+            const apr1 = makeApprovalRecord({ approval_id: 'apr-001' });
+            const apr2 = makeApprovalRecord({ approval_id: 'apr-002' });
+            store.save('apr-001', apr1);
+            store.save('apr-002', apr2);
+            store.indexToken('token-1', 'apr-001');
+            store.indexToken('token-2', 'apr-002');
+            expect(store.getByToken('token-1')).toEqual(apr1);
+            expect(store.getByToken('token-2')).toEqual(apr2);
+        });
+    });
+    // -- getByToolCallId ------------------------------------------------------
+    describe('getByToolCallId', () => {
+        it('returns undefined when no approvals match', () => {
+            store.save('apr-001', makeApprovalRecord({ tool_call_id: 'tc-AAA' }));
+            expect(store.getByToolCallId('tc-ZZZ')).toBeUndefined();
+        });
+        it('searches all approvals and returns the matching one', () => {
+            store.save('apr-001', makeApprovalRecord({ tool_call_id: 'tc-001', status: 'pending' }));
+            store.save('apr-002', makeApprovalRecord({ tool_call_id: 'tc-002', status: 'pending' }));
+            store.save('apr-003', makeApprovalRecord({ tool_call_id: 'tc-003', status: 'approved' }));
+            const result = store.getByToolCallId('tc-002');
+            expect(result).toMatchObject({ tool_call_id: 'tc-002', status: 'pending' });
+        });
+        it('returns the first match when multiple approvals share the same tool_call_id', () => {
+            store.save('apr-001', makeApprovalRecord({ tool_call_id: 'tc-dup', approval_id: 'apr-001' }));
+            store.save('apr-002', makeApprovalRecord({ tool_call_id: 'tc-dup', approval_id: 'apr-002' }));
+            const result = store.getByToolCallId('tc-dup');
+            // Map iteration order is insertion order, so first saved wins
+            expect(result?.approval_id).toBe('apr-001');
+        });
+    });
+    // -- findPending ----------------------------------------------------------
+    describe('findPending', () => {
+        it('returns only pending approvals', () => {
+            store.save('apr-001', makeApprovalRecord({ status: 'pending', workspace_id: 'ws-001' }));
+            store.save('apr-002', makeApprovalRecord({ status: 'approved', workspace_id: 'ws-001' }));
+            store.save('apr-003', makeApprovalRecord({ status: 'pending', workspace_id: 'ws-001' }));
+            store.save('apr-004', makeApprovalRecord({ status: 'denied', workspace_id: 'ws-001' }));
+            const pending = store.findPending();
+            expect(pending).toHaveLength(2);
+            expect(pending.every((a) => a.status === 'pending')).toBe(true);
+        });
+        it('returns empty array when nothing is pending', () => {
+            store.save('apr-001', makeApprovalRecord({ status: 'approved', workspace_id: 'ws-001' }));
+            expect(store.findPending()).toEqual([]);
+        });
+        it('filters by workspace when workspaceId is provided', () => {
+            store.save('apr-001', makeApprovalRecord({ status: 'pending', workspace_id: 'ws-A' }));
+            store.save('apr-002', makeApprovalRecord({ status: 'pending', workspace_id: 'ws-B' }));
+            store.save('apr-003', makeApprovalRecord({ status: 'pending', workspace_id: 'ws-A' }));
+            const wsA = store.findPending('ws-A');
+            expect(wsA).toHaveLength(2);
+            expect(wsA.every((a) => a.workspace_id === 'ws-A')).toBe(true);
+            const wsB = store.findPending('ws-B');
+            expect(wsB).toHaveLength(1);
+            expect(wsB[0].workspace_id).toBe('ws-B');
+        });
+        it('returns empty array when workspace has no pending items', () => {
+            store.save('apr-001', makeApprovalRecord({ status: 'pending', workspace_id: 'ws-A' }));
+            expect(store.findPending('ws-Z')).toEqual([]);
+        });
+        it('returns all pending when workspaceId is undefined', () => {
+            store.save('apr-001', makeApprovalRecord({ status: 'pending', workspace_id: 'ws-A' }));
+            store.save('apr-002', makeApprovalRecord({ status: 'pending', workspace_id: 'ws-B' }));
+            const all = store.findPending(undefined);
+            expect(all).toHaveLength(2);
+        });
+    });
+    // -- clear ----------------------------------------------------------------
+    describe('clear()', () => {
+        it('empties both approvals and token index maps', () => {
+            store.save('apr-001', makeApprovalRecord({ status: 'pending', tool_call_id: 'tc-001' }));
+            store.indexToken('token-abc', 'apr-001');
+            store.clear();
+            expect(store.getById('apr-001')).toBeUndefined();
+            expect(store.getByToken('token-abc')).toBeUndefined();
+            expect(store.findPending()).toEqual([]);
+        });
+        it('allows saving new approvals after clearing', () => {
+            const apr1 = makeApprovalRecord({ approval_id: 'apr-001', status: 'pending' });
+            const apr2 = makeApprovalRecord({ approval_id: 'apr-002', status: 'pending' });
+            store.save('apr-001', apr1);
+            store.clear();
+            store.save('apr-002', apr2);
+            expect(store.getById('apr-001')).toBeUndefined();
+            expect(store.getById('apr-002')).toEqual(apr2);
+        });
+    });
+});
+// ---------------------------------------------------------------------------
+// InMemoryIdempotencyStore
+// ---------------------------------------------------------------------------
+describe('InMemoryIdempotencyStore', () => {
+    let store;
+    let realDateNow;
+    beforeEach(() => {
+        store = new memory_1.InMemoryIdempotencyStore();
+        realDateNow = Date.now;
+    });
+    afterEach(() => {
+        Date.now = realDateNow;
+    });
+    // -- set and get ----------------------------------------------------------
+    describe('set and get', () => {
+        it('returns undefined for a key that was never set', async () => {
+            expect(await store.get('unknown')).toBeUndefined();
+        });
+        it('returns the cached result within TTL', async () => {
+            const result = makeToolResult({ tool_call_id: 'tc-001' });
+            store.set('tc-001', result, 60000);
+            expect(await store.get('tc-001')).toEqual(result);
+        });
+        it('stores different results for different keys', async () => {
+            const resultA = makeToolResult({ tool_call_id: 'tc-A' });
+            const resultB = makeToolResult({ tool_call_id: 'tc-B' });
+            store.set('tc-A', resultA, 60000);
+            store.set('tc-B', resultB, 60000);
+            expect(await store.get('tc-A')).toEqual(resultA);
+            expect(await store.get('tc-B')).toEqual(resultB);
+        });
+        it('overwrites previous value for the same key', async () => {
+            const result1 = makeToolResult({ tool_call_id: 'tc-v1' });
+            const result2 = makeToolResult({ tool_call_id: 'tc-v2' });
+            store.set('tc-001', result1, 60000);
+            store.set('tc-001', result2, 60000);
+            expect(await store.get('tc-001')).toEqual(result2);
+        });
+    });
+    // -- has ------------------------------------------------------------------
+    describe('has()', () => {
+        it('returns true for a cached and non-expired entry', async () => {
+            store.set('tc-001', makeToolResult(), 60000);
+            expect(await store.has('tc-001')).toBe(true);
+        });
+        it('returns false for a key that was never set', async () => {
+            expect(await store.has('missing')).toBe(false);
+        });
+    });
+    // -- expiration via get ---------------------------------------------------
+    describe('expiration', () => {
+        it('get returns undefined for expired entries', async () => {
+            const baseTime = 1000000;
+            Date.now = jest.fn(() => baseTime);
+            store.set('tc-001', makeToolResult(), 5000);
+            // Advance time past expiration
+            Date.now = jest.fn(() => baseTime + 5001);
+            expect(await store.get('tc-001')).toBeUndefined();
+        });
+        it('has returns false for expired entries', async () => {
+            const baseTime = 1000000;
+            Date.now = jest.fn(() => baseTime);
+            store.set('tc-001', makeToolResult(), 5000);
+            // Advance time past expiration
+            Date.now = jest.fn(() => baseTime + 5001);
+            expect(await store.has('tc-001')).toBe(false);
+        });
+        it('entry is accessible just before expiration', async () => {
+            const baseTime = 1000000;
+            Date.now = jest.fn(() => baseTime);
+            const result = makeToolResult();
+            store.set('tc-001', result, 5000);
+            // Time exactly at expiration boundary (expiresAt = baseTime + 5000)
+            Date.now = jest.fn(() => baseTime + 5000);
+            expect(await store.get('tc-001')).toEqual(result);
+        });
+        it('expired entry is deleted from internal storage on access', async () => {
+            const baseTime = 1000000;
+            Date.now = jest.fn(() => baseTime);
+            store.set('tc-001', makeToolResult(), 1000);
+            // Expire
+            Date.now = jest.fn(() => baseTime + 2000);
+            expect(await store.get('tc-001')).toBeUndefined();
+            // Even if we reset time, the entry was deleted
+            Date.now = jest.fn(() => baseTime);
+            expect(await store.get('tc-001')).toBeUndefined();
+        });
+    });
+    // -- clear ----------------------------------------------------------------
+    describe('clear()', () => {
+        it('empties all entries', async () => {
+            store.set('tc-001', makeToolResult({ tool_call_id: 'tc-001' }), 60000);
+            store.set('tc-002', makeToolResult({ tool_call_id: 'tc-002' }), 60000);
+            store.clear();
+            expect(await store.get('tc-001')).toBeUndefined();
+            expect(await store.get('tc-002')).toBeUndefined();
+            expect(await store.has('tc-001')).toBe(false);
+        });
+    });
+    // -- eviction when size > 10000 -------------------------------------------
+    describe('eviction when size > 10000', () => {
+        it('evicts expired entries when map exceeds 10000 entries on set', async () => {
+            const baseTime = 1000000;
+            let currentTime = baseTime;
+            Date.now = jest.fn(() => currentTime);
+            // Fill with 10000 entries that will expire quickly (TTL = 1ms)
+            for (let i = 0; i < 10000; i++) {
+                store.set(`old-${i}`, makeToolResult({ tool_call_id: `old-${i}` }), 1);
+            }
+            // Advance time so all those entries are expired
+            currentTime = baseTime + 100;
+            Date.now = jest.fn(() => currentTime);
+            // Add one more entry to trigger eviction (size > 10000)
+            const triggerResult = makeToolResult({ tool_call_id: 'trigger' });
+            store.set('trigger', triggerResult, 60000);
+            // The new entry should still exist
+            expect(await store.get('trigger')).toEqual(triggerResult);
+            // Old expired entries should have been evicted
+            // (they are not accessible via get because they expired,
+            // but the eviction path also removes them from internal storage)
+            expect(await store.has('old-0')).toBe(false);
+            expect(await store.has('old-9999')).toBe(false);
+        });
+        it('does not evict entries that are still valid', async () => {
+            const baseTime = 1000000;
+            let currentTime = baseTime;
+            Date.now = jest.fn(() => currentTime);
+            // Fill with entries that have a long TTL
+            for (let i = 0; i < 10000; i++) {
+                store.set(`valid-${i}`, makeToolResult({ tool_call_id: `valid-${i}` }), 600000);
+            }
+            // No time advance, entries should still be valid
+            // Trigger set that pushes over 10000
+            const extraResult = makeToolResult({ tool_call_id: 'extra' });
+            store.set('extra', extraResult, 600000);
+            // Valid entries should still be present
+            expect(await store.get('valid-0')).toEqual(makeToolResult({ tool_call_id: 'valid-0' }));
+            expect(await store.get('valid-5000')).toEqual(makeToolResult({ tool_call_id: 'valid-5000' }));
+            expect(await store.get('extra')).toEqual(extraResult);
+        });
+    });
+});
+// ---------------------------------------------------------------------------
+// InMemoryRateLimitStore
+// ---------------------------------------------------------------------------
+describe('InMemoryRateLimitStore', () => {
+    let store;
+    let realDateNow;
+    beforeEach(() => {
+        store = new memory_1.InMemoryRateLimitStore();
+        realDateNow = Date.now;
+    });
+    afterEach(() => {
+        Date.now = realDateNow;
+    });
+    // -- hit records and returns correct counts -------------------------------
+    describe('hit()', () => {
+        it('records a hit and returns correct counts', () => {
+            const result = store.hit('actor:agent-001', 60000, 10);
+            expect(result.current).toBe(1);
+            expect(result.limit).toBe(10);
+            expect(result.allowed).toBe(true);
+            expect(result.resetAt).toBeGreaterThan(Date.now() - 1);
+        });
+        it('accumulates hits for the same key', () => {
+            store.hit('actor:agent-001', 60000, 10);
+            store.hit('actor:agent-001', 60000, 10);
+            const result = store.hit('actor:agent-001', 60000, 10);
+            expect(result.current).toBe(3);
+            expect(result.allowed).toBe(true);
+        });
+        it('tracks different keys independently', () => {
+            store.hit('actor:A', 60000, 10);
+            store.hit('actor:A', 60000, 10);
+            store.hit('actor:B', 60000, 10);
+            const resultA = store.hit('actor:A', 60000, 10);
+            const resultB = store.hit('actor:B', 60000, 10);
+            expect(resultA.current).toBe(3);
+            expect(resultB.current).toBe(2);
+        });
+        it('returns resetAt based on the first timestamp in the window', () => {
+            const baseTime = 1000000;
+            Date.now = jest.fn(() => baseTime);
+            const result = store.hit('key', 60000, 10);
+            expect(result.resetAt).toBe(baseTime + 60000);
+        });
+    });
+    // -- prunes expired timestamps --------------------------------------------
+    describe('prunes expired timestamps', () => {
+        it('removes timestamps outside the sliding window', () => {
+            const baseTime = 1000000;
+            const windowMs = 10000;
+            // Record hits at baseTime
+            Date.now = jest.fn(() => baseTime);
+            store.hit('key', windowMs, 100);
+            store.hit('key', windowMs, 100);
+            store.hit('key', windowMs, 100);
+            // Advance time past the window
+            Date.now = jest.fn(() => baseTime + windowMs + 1);
+            const result = store.hit('key', windowMs, 100);
+            // Old hits should be pruned, only the new one remains
+            expect(result.current).toBe(1);
+        });
+        it('keeps hits within the window and prunes old ones', () => {
+            const baseTime = 1000000;
+            const windowMs = 10000;
+            // Record hits at baseTime
+            Date.now = jest.fn(() => baseTime);
+            store.hit('key', windowMs, 100);
+            store.hit('key', windowMs, 100);
+            // Record a hit at baseTime + 5000 (still in window)
+            Date.now = jest.fn(() => baseTime + 5000);
+            store.hit('key', windowMs, 100);
+            // Advance to baseTime + 11000 (first two hits expire, third survives)
+            Date.now = jest.fn(() => baseTime + 11000);
+            const result = store.hit('key', windowMs, 100);
+            // Two old hits pruned, one surviving + one new = 2
+            expect(result.current).toBe(2);
+        });
+    });
+    // -- allowed is false when over limit -------------------------------------
+    describe('rate limiting enforcement', () => {
+        it('allowed is false when hits exceed maxRequests', () => {
+            const maxRequests = 3;
+            store.hit('key', 60000, maxRequests);
+            store.hit('key', 60000, maxRequests);
+            store.hit('key', 60000, maxRequests);
+            // Fourth hit exceeds the limit
+            const result = store.hit('key', 60000, maxRequests);
+            expect(result.current).toBe(4);
+            expect(result.allowed).toBe(false);
+        });
+        it('allowed is true when exactly at maxRequests', () => {
+            const maxRequests = 3;
+            store.hit('key', 60000, maxRequests);
+            store.hit('key', 60000, maxRequests);
+            const result = store.hit('key', 60000, maxRequests);
+            expect(result.current).toBe(3);
+            expect(result.allowed).toBe(true);
+        });
+        it('becomes allowed again after window expires', () => {
+            const baseTime = 1000000;
+            const windowMs = 5000;
+            const maxRequests = 2;
+            Date.now = jest.fn(() => baseTime);
+            store.hit('key', windowMs, maxRequests);
+            store.hit('key', windowMs, maxRequests);
+            // At limit
+            let result = store.hit('key', windowMs, maxRequests);
+            expect(result.allowed).toBe(false);
+            // Advance past the window
+            Date.now = jest.fn(() => baseTime + windowMs + 1);
+            result = store.hit('key', windowMs, maxRequests);
+            expect(result.current).toBe(1);
+            expect(result.allowed).toBe(true);
+        });
+    });
+    // -- reset ----------------------------------------------------------------
+    describe('reset()', () => {
+        it('clears all rate limit data', () => {
+            store.hit('actor:A', 60000, 10);
+            store.hit('actor:B', 60000, 10);
+            store.reset();
+            // After reset, a hit should start fresh at count 1
+            const result = store.hit('actor:A', 60000, 10);
+            expect(result.current).toBe(1);
+        });
+    });
+});
+//# sourceMappingURL=storage.test.js.map