palaryn 0.4.15 → 0.4.16

package/README.md

@@ -1,8 +1,10 @@
 # Palaryn
 
-**A model-agnostic infrastructure layer that gives AI agents safe, auditable, and cost-controlled access to the outside world.**
+**The AI Agent Firewall. Policy enforcement, data loss prevention, budget controls, and full audit trails — for every tool call your agents make.**
 
-Palaryn sits as a single choke point between AI agents and external services. Every tool call is intercepted, evaluated against security policies, checked for sensitive data, metered against budgets, and logged immutably. Works with Claude, OpenAI, LangGraph, n8n, or any custom orchestrator.
+Palaryn is a governance layer that sits between AI agents and the outside world. Every outbound action is intercepted and evaluated: security policies decide what's allowed, DLP scanning catches secrets and prompt injections, budgets enforce hard spending limits, and immutable audit logs record everything. Works with Claude, OpenAI, LangGraph, n8n, or any custom orchestrator.
+
+Palaryn is **not** an observability platform — it's an enforcement layer that **emits** rich OpenTelemetry traces to your existing stack (Datadog, Grafana, Elastic, etc.).
 
 ---
 
@@ -29,7 +31,7 @@ palaryn --help
 
 ## Quick Start
 
-The fastest way to try Palaryn is a single curl call against the hosted gateway:
+The fastest way to try Palaryn is a single curl call against the hosted firewall:
 
 ```bash
 curl -X POST https://app.palaryn.com/v1/tool/execute \
@@ -60,7 +62,7 @@ The response includes the policy decision, DLP scan results, budget report, and
 
 ## Integration Methods
 
-Palaryn has a single pipeline (auth → rate limit → policy → DLP → budget → execute → audit) with multiple entry points:
+Palaryn enforces a single pipeline (auth → rate limit → policy → DLP → budget → execute → audit) with multiple entry points:
 
 | Method | Protocol | Code Change | Best For |
 |---|---|---|---|
@@ -185,12 +187,13 @@ docker compose --profile dev up
 - **Response caching** — TTL-based caching of GET responses and idempotent call deduplication
 - **Anomaly detection** — Rolling baselines with z-score anomaly flagging
 
-### Audit & Observability
+### Audit & Integrations
 
 - **Immutable audit log** — Append-only event log for every stage of the pipeline
 - **Full traceability** — Correlation via `task_id` and `tool_call_id` across the tool call lifecycle
-- **OpenTelemetry** — Spans per tool call, Prometheus metrics (latency, error rate, cost, tokens)
-- **Dashboard** — React SPA with real-time pipeline visualization, traces, budget charts, and settings
+- **OpenTelemetry export** — Rich per-step spans with GenAI semantic conventions — pipe enforcement data to Datadog, Grafana, Elastic, or any OTel-compatible backend
+- **Prometheus metrics** — 18 metric types (latency, error rate, cost, tokens, DLP detections, policy decisions)
+- **Webhook alerting** — Real-time alerts for DLP detections, budget thresholds, policy denials, and anomalies
 
 ---
 
@@ -321,7 +324,7 @@ Agents / Orchestrators
             │  MCP / REST API / HTTP Proxy
             ▼
 ┌──────────────────────────────────────┐
-│            Palaryn Gateway           │
+│           Palaryn Firewall            │
 │  ┌──────┬───────┬─────┬──────┬─────┐│
 │  │ Auth │ Rate  │ DLP │Policy│Budgt││
 │  │      │ Limit │     │      │     ││
@@ -369,4 +372,4 @@ Full documentation is available at [app.palaryn.com/docs](https://app.palaryn.co
 
 ---
 
-*"Your agents can use tools. Safely."*
+*"Your agents can use tools. Under your rules."*

package/dist/src/alerting/index.d.ts

@@ -0,0 +1,2 @@
+export { WebhookAlerter, AlertingConfig, AlertPayload, AlertEventType } from './webhook-alerter';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/alerting/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/alerting/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/src/alerting/index.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WebhookAlerter = void 0;
+var webhook_alerter_1 = require("./webhook-alerter");
+Object.defineProperty(exports, "WebhookAlerter", { enumerable: true, get: function () { return webhook_alerter_1.WebhookAlerter; } });
+//# sourceMappingURL=index.js.map

package/dist/src/alerting/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/alerting/index.ts"],"names":[],"mappings":";;;AAAA,qDAAiG;AAAxF,iHAAA,cAAc,OAAA"}

package/dist/src/alerting/webhook-alerter.d.ts

@@ -0,0 +1,40 @@
+export type AlertEventType = 'dlp.high_severity' | 'budget.threshold' | 'policy.denial' | 'anomaly.detected' | 'trust.score_drop';
+export interface AlertPayload {
+    event: AlertEventType;
+    severity: 'low' | 'medium' | 'high' | 'critical';
+    details: Record<string, unknown>;
+    workspace_id?: string;
+    actor_id?: string;
+    timestamp: string;
+}
+export interface AlertingConfig {
+    enabled: boolean;
+    webhook_url: string;
+    webhook_headers?: Record<string, string>;
+    /** Which event types to send. If empty/undefined, all events are sent. */
+    events?: AlertEventType[];
+    /** Budget utilization percentage at which to alert (default 80). */
+    budget_threshold_percent?: number;
+}
+/**
+ * Fires webhook notifications for governance/security events.
+ * Non-blocking: errors are logged but never thrown to the caller.
+ * Follows the same fire-and-forget + retry pattern as ApprovalWebhook.
+ */
+export declare class WebhookAlerter {
+    private webhookUrl;
+    private headers;
+    private eventFilter;
+    readonly budgetThresholdPercent: number;
+    constructor(config: AlertingConfig);
+    /** Send an alert if the event type passes the filter. Fire-and-forget. */
+    alert(payload: AlertPayload): void;
+    alertDLPHighSeverity(detections: string[], severity: 'high' | 'critical', workspaceId?: string, actorId?: string): void;
+    alertBudgetThreshold(utilizationPercent: number, budgetType: string, spentUsd: number, limitUsd: number, workspaceId?: string, actorId?: string): void;
+    alertPolicyDenial(ruleId: string, toolName: string, reasons: string[], workspaceId?: string, actorId?: string): void;
+    alertAnomalyDetected(anomalyTypes: string[], action: string, workspaceId?: string, actorId?: string): void;
+    alertTrustScoreDrop(score: number, previousScore: number, workspaceId?: string, actorId?: string): void;
+    private sendWithRetry;
+    private send;
+}
+//# sourceMappingURL=webhook-alerter.d.ts.map

package/dist/src/alerting/webhook-alerter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"webhook-alerter.d.ts","sourceRoot":"","sources":["../../../src/alerting/webhook-alerter.ts"],"names":[],"mappings":"AAOA,MAAM,MAAM,cAAc,GACtB,mBAAmB,GACnB,kBAAkB,GAClB,eAAe,GACf,kBAAkB,GAClB,kBAAkB,CAAC;AAEvB,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,cAAc,CAAC;IACtB,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACjD,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACzC,0EAA0E;IAC1E,MAAM,CAAC,EAAE,cAAc,EAAE,CAAC;IAC1B,oEAAoE;IACpE,wBAAwB,CAAC,EAAE,MAAM,CAAC;CACnC;AAED;;;;GAIG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,OAAO,CAAyB;IACxC,OAAO,CAAC,WAAW,CAA6B;IAChD,QAAQ,CAAC,sBAAsB,EAAE,MAAM,CAAC;gBAE5B,MAAM,EAAE,cAAc;IASlC,0EAA0E;IAC1E,KAAK,CAAC,OAAO,EAAE,YAAY,GAAG,IAAI;IAWlC,oBAAoB,CAClB,UAAU,EAAE,MAAM,EAAE,EACpB,QAAQ,EAAE,MAAM,GAAG,UAAU,EAC7B,WAAW,CAAC,EAAE,MAAM,EACpB,OAAO,CAAC,EAAE,MAAM,GACf,IAAI;IAWP,oBAAoB,CAClB,kBAAkB,EAAE,MAAM,EAC1B,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,WAAW,CAAC,EAAE,MAAM,EACpB,OAAO,CAAC,EAAE,MAAM,GACf,IAAI;IAWP,iBAAiB,CACf,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EAAE,EACjB,WAAW,CAAC,EAAE,MAAM,EACpB,OAAO,CAAC,EAAE,MAAM,GACf,IAAI;IAWP,oBAAoB,CAClB,YAAY,EAAE,MAAM,EAAE,EACtB,MAAM,EAAE,MAAM,EACd,WAAW,CAAC,EAAE,MAAM,EACpB,OAAO,CAAC,EAAE,MAAM,GACf,IAAI;IAWP,mBAAmB,CACjB,KAAK,EAAE,MAAM,EACb,aAAa,EAAE,MAAM,EACrB,WAAW,CAAC,EAAE,MAAM,EACpB,OAAO,CAAC,EAAE,MAAM,GACf,IAAI;YAaO,aAAa;IAmB3B,OAAO,CAAC,IAAI;CA0Cb"}

package/dist/src/alerting/webhook-alerter.js

@@ -0,0 +1,172 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WebhookAlerter = void 0;
+const http = __importStar(require("http"));
+const https = __importStar(require("https"));
+const url_1 = require("url");
+/**
+ * Fires webhook notifications for governance/security events.
+ * Non-blocking: errors are logged but never thrown to the caller.
+ * Follows the same fire-and-forget + retry pattern as ApprovalWebhook.
+ */
+class WebhookAlerter {
+    constructor(config) {
+        this.webhookUrl = config.webhook_url;
+        this.headers = config.webhook_headers || {};
+        this.eventFilter = config.events && config.events.length > 0
+            ? new Set(config.events)
+            : null;
+        this.budgetThresholdPercent = config.budget_threshold_percent ?? 80;
+    }
+    /** Send an alert if the event type passes the filter. Fire-and-forget. */
+    alert(payload) {
+        if (this.eventFilter && !this.eventFilter.has(payload.event)) {
+            return; // filtered out
+        }
+        this.sendWithRetry(payload).catch((err) => {
+            console.error(`[WebhookAlerter] All retry attempts failed for ${payload.event}: ${err.message}`);
+        });
+    }
+    // Convenience methods for common alert scenarios
+    alertDLPHighSeverity(detections, severity, workspaceId, actorId) {
+        this.alert({
+            event: 'dlp.high_severity',
+            severity,
+            details: { detections, detection_count: detections.length },
+            workspace_id: workspaceId,
+            actor_id: actorId,
+            timestamp: new Date().toISOString(),
+        });
+    }
+    alertBudgetThreshold(utilizationPercent, budgetType, spentUsd, limitUsd, workspaceId, actorId) {
+        this.alert({
+            event: 'budget.threshold',
+            severity: utilizationPercent >= 100 ? 'critical' : 'high',
+            details: { utilization_percent: utilizationPercent, budget_type: budgetType, spent_usd: spentUsd, limit_usd: limitUsd },
+            workspace_id: workspaceId,
+            actor_id: actorId,
+            timestamp: new Date().toISOString(),
+        });
+    }
+    alertPolicyDenial(ruleId, toolName, reasons, workspaceId, actorId) {
+        this.alert({
+            event: 'policy.denial',
+            severity: 'medium',
+            details: { rule_id: ruleId, tool_name: toolName, reasons },
+            workspace_id: workspaceId,
+            actor_id: actorId,
+            timestamp: new Date().toISOString(),
+        });
+    }
+    alertAnomalyDetected(anomalyTypes, action, workspaceId, actorId) {
+        this.alert({
+            event: 'anomaly.detected',
+            severity: 'high',
+            details: { anomaly_types: anomalyTypes, action },
+            workspace_id: workspaceId,
+            actor_id: actorId,
+            timestamp: new Date().toISOString(),
+        });
+    }
+    alertTrustScoreDrop(score, previousScore, workspaceId, actorId) {
+        this.alert({
+            event: 'trust.score_drop',
+            severity: score < 30 ? 'critical' : 'high',
+            details: { score, previous_score: previousScore, drop: previousScore - score },
+            workspace_id: workspaceId,
+            actor_id: actorId,
+            timestamp: new Date().toISOString(),
+        });
+    }
+    // --- Internal ---
+    async sendWithRetry(payload, maxAttempts = 3) {
+        const backoffMs = [1000, 2000, 4000];
+        let lastError;
+        for (let attempt = 0; attempt < maxAttempts; attempt++) {
+            try {
+                await this.send(payload);
+                return;
+            }
+            catch (err) {
+                lastError = err instanceof Error ? err : new Error(String(err));
+                if (attempt < maxAttempts - 1) {
+                    await new Promise(resolve => setTimeout(resolve, backoffMs[attempt]));
+                }
+            }
+        }
+        throw lastError;
+    }
+    send(payload) {
+        return new Promise((resolve, reject) => {
+            const url = new url_1.URL(this.webhookUrl);
+            const isHttps = url.protocol === 'https:';
+            const transport = isHttps ? https : http;
+            const bodyStr = JSON.stringify(payload);
+            const headers = {
+                'Content-Type': 'application/json',
+                'Content-Length': Buffer.byteLength(bodyStr).toString(),
+                'User-Agent': 'Palaryn-Alerter/0.1',
+                ...this.headers,
+            };
+            const options = {
+                hostname: url.hostname,
+                port: url.port || (isHttps ? 443 : 80),
+                path: url.pathname + url.search,
+                method: 'POST',
+                headers,
+                timeout: 5000,
+            };
+            const req = transport.request(options, (res) => {
+                res.resume();
+                if (res.statusCode && res.statusCode >= 200 && res.statusCode < 300) {
+                    resolve();
+                }
+                else {
+                    reject(new Error(`Webhook returned HTTP ${res.statusCode}`));
+                }
+            });
+            req.on('error', reject);
+            req.on('timeout', () => {
+                req.destroy();
+                reject(new Error('Webhook request timeout'));
+            });
+            req.write(bodyStr);
+            req.end();
+        });
+    }
+}
+exports.WebhookAlerter = WebhookAlerter;
+//# sourceMappingURL=webhook-alerter.js.map

package/dist/src/alerting/webhook-alerter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"webhook-alerter.js","sourceRoot":"","sources":["../../../src/alerting/webhook-alerter.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAC7B,6CAA+B;AAC/B,6BAA0B;AA+B1B;;;;GAIG;AACH,MAAa,cAAc;IAMzB,YAAY,MAAsB;QAChC,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,WAAW,CAAC;QACrC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,eAAe,IAAI,EAAE,CAAC;QAC5C,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC;YAC1D,CAAC,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC;YACxB,CAAC,CAAC,IAAI,CAAC;QACT,IAAI,CAAC,sBAAsB,GAAG,MAAM,CAAC,wBAAwB,IAAI,EAAE,CAAC;IACtE,CAAC;IAED,0EAA0E;IAC1E,KAAK,CAAC,OAAqB;QACzB,IAAI,IAAI,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAC7D,OAAO,CAAC,eAAe;QACzB,CAAC;QACD,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACxC,OAAO,CAAC,KAAK,CAAC,kDAAkD,OAAO,CAAC,KAAK,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QACnG,CAAC,CAAC,CAAC;IACL,CAAC;IAED,iDAAiD;IAEjD,oBAAoB,CAClB,UAAoB,EACpB,QAA6B,EAC7B,WAAoB,EACpB,OAAgB;QAEhB,IAAI,CAAC,KAAK,CAAC;YACT,KAAK,EAAE,mBAAmB;YAC1B,QAAQ;YACR,OAAO,EAAE,EAAE,UAAU,EAAE,eAAe,EAAE,UAAU,CAAC,MAAM,EAAE;YAC3D,YAAY,EAAE,WAAW;YACzB,QAAQ,EAAE,OAAO;YACjB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC,CAAC;IACL,CAAC;IAED,oBAAoB,CAClB,kBAA0B,EAC1B,UAAkB,EAClB,QAAgB,EAChB,QAAgB,EAChB,WAAoB,EACpB,OAAgB;QAEhB,IAAI,CAAC,KAAK,CAAC;YACT,KAAK,EAAE,kBAAkB;YACzB,QAAQ,EAAE,kBAAkB,IAAI,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM;YACzD,OAAO,EAAE,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,WAAW,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE;YACvH,YAAY,EAAE,WAAW;YACzB,QAAQ,EAAE,OAAO;YACjB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC,CAAC;IACL,CAAC;IAED,iBAAiB,CACf,MAAc,EACd,QAAgB,EAChB,OAAiB,EACjB,WAAoB,EACpB,OAAgB;QAEhB,IAAI,CAAC,KAAK,CAAC;YACT,KAAK,EAAE,eAAe;YACtB,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO,EAAE;YAC1D,YAAY,EAAE,WAAW;YACzB,QAAQ,EAAE,OAAO;YACjB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC,CAAC;IACL,CAAC;IAED,oBAAoB,CAClB,YAAsB,EACtB,MAAc,EACd,WAAoB,EACpB,OAAgB;QAEhB,IAAI,CAAC,KAAK,CAAC;YACT,KAAK,EAAE,kBAAkB;YACzB,QAAQ,EAAE,MAAM;YAChB,OAAO,EAAE,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,EAAE;YAChD,YAAY,EAAE,WAAW;YACzB,QAAQ,EAAE,OAAO;YACjB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC,CAAC;IACL,CAAC;IAED,mBAAmB,CACjB,KAAa,EACb,aAAqB,EACrB,WAAoB,EACpB,OAAgB;QAEhB,IAAI,CAAC,KAAK,CAAC;YACT,KAAK,EAAE,kBAAkB;YACzB,QAAQ,EAAE,KAAK,GAAG,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM;YAC1C,OAAO,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,EAAE,IAAI,EAAE,aAAa,GAAG,KAAK,EAAE;YAC9E,YAAY,EAAE,WAAW;YACzB,QAAQ,EAAE,OAAO;YACjB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC,CAAC;IACL,CAAC;IAED,mBAAmB;IAEX,KAAK,CAAC,aAAa,CAAC,OAAqB,EAAE,WAAW,GAAG,CAAC;QAChE,MAAM,SAAS,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QACrC,IAAI,SAA4B,CAAC;QAEjC,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,WAAW,EAAE,OAAO,EAAE,EAAE,CAAC;YACvD,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBACzB,OAAO;YACT,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,SAAS,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;gBAChE,IAAI,OAAO,GAAG,WAAW,GAAG,CAAC,EAAE,CAAC;oBAC9B,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;gBACxE,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,SAAS,CAAC;IAClB,CAAC;IAEO,IAAI,CAAC,OAAqB;QAChC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,SAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACrC,MAAM,OAAO,GAAG,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC;YAC1C,MAAM,SAAS,GAAG,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;YACzC,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YAExC,MAAM,OAAO,GAA2B;gBACtC,cAAc,EAAE,kBAAkB;gBAClC,gBAAgB,EAAE,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE;gBACvD,YAAY,EAAE,qBAAqB;gBACnC,GAAG,IAAI,CAAC,OAAO;aAChB,CAAC;YAEF,MAAM,OAAO,GAAG;gBACd,QAAQ,EAAE,GAAG,CAAC,QAAQ;gBACtB,IAAI,EAAE,GAAG,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtC,IAAI,EAAE,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC,MAAM;gBAC/B,MAAM,EAAE,MAAM;gBACd,OAAO;gBACP,OAAO,EAAE,IAAI;aACd,CAAC;YAEF,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBAC7C,GAAG,CAAC,MAAM,EAAE,CAAC;gBACb,IAAI,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,UAAU,IAAI,GAAG,IAAI,GAAG,CAAC,UAAU,GAAG,GAAG,EAAE,CAAC;oBACpE,OAAO,EAAE,CAAC;gBACZ,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,IAAI,KAAK,CAAC,yBAAyB,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;gBAC/D,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YACxB,GAAG,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;gBACrB,GAAG,CAAC,OAAO,EAAE,CAAC;gBACd,MAAM,CAAC,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC,CAAC;YAC/C,CAAC,CAAC,CAAC;YAEH,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACnB,GAAG,CAAC,GAAG,EAAE,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AA7KD,wCA6KC"}

package/dist/src/budget/manager.d.ts

@@ -18,6 +18,10 @@ export declare class BudgetManager {
     private workspaceMonthlySpend;
     private callRetryCounts;
     private costRecords;
+    private userDailyCallCount;
+    private userMonthlyCallCount;
+    private workspaceDailyCallCount;
+    private workspaceMonthlyCallCount;
     private reservations;
     /** Promise-based mutex per budget key to serialize concurrent reservations */
     private budgetLocks;
@@ -84,6 +88,8 @@ export declare class BudgetManager {
     getActorSpending(actorId: string, days?: number): {
         daily_spend: number;
         monthly_spend: number;
+        daily_calls: number;
+        monthly_calls: number;
         task_count: number;
         total_spend: number;
     };
@@ -95,6 +101,10 @@ export declare class BudgetManager {
         user_monthly_total: number;
         workspace_daily_total: number;
         workspace_monthly_total: number;
+        user_daily_call_total: number;
+        user_monthly_call_total: number;
+        workspace_daily_call_total: number;
+        workspace_monthly_call_total: number;
     };
 }
 //# sourceMappingURL=manager.d.ts.map

package/dist/src/budget/manager.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"manager.d.ts","sourceRoot":"","sources":["../../../src/budget/manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAe,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC1E,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AAC/D,OAAO,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AAC3E,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAgB9C,MAAM,WAAW,UAAU;IACzB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,KAAK,CAAC,EAAE,SAAS,CAAC;CACnB;AAED,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAAe;IAC7B,OAAO,CAAC,SAAS,CAAyB;IAC1C,OAAO,CAAC,aAAa,CAAC,CAAc;IAEpC,OAAO,CAAC,UAAU,CAA2B;IAC7C,OAAO,CAAC,cAAc,CAAsB;IAC5C,OAAO,CAAC,gBAAgB,CAAsB;IAC9C,OAAO,CAAC,mBAAmB,CAAsB;IACjD,OAAO,CAAC,qBAAqB,CAAsB;IACnD,OAAO,CAAC,eAAe,CAAsB;IAC7C,OAAO,CAAC,WAAW,CAA0B;IAC7C,OAAO,CAAC,YAAY,CAA2G;IAC/H,8EAA8E;IAC9E,OAAO,CAAC,WAAW,CAA6B;gBAEpC,MAAM,EAAE,YAAY,EAAE,KAAK,CAAC,EAAE,WAAW;IA4BrD;;;OAGG;IACH,gBAAgB,IAAI,IAAI;IA0BxB,YAAY,CAAC,QAAQ,EAAE,QAAQ,GAAG,YAAY;IAqC9C,KAAK,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,EAAE,qBAAqB,GAAG;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,YAAY,CAAA;KAAE;IAmGzH;;;;;OAKG;IACG,eAAe,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,EAAE,qBAAqB,GAAG,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,YAAY,CAAC;QAAC,cAAc,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAqC3K;;OAEG;IACH,OAAO,CAAC,oBAAoB;IA2C5B;;;OAGG;IACH,iBAAiB,CAAC,cAAc,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,IAAI;IAqCnE;;;OAGG;IACH,kBAAkB,CAAC,cAAc,EAAE,MAAM,GAAG,IAAI;IAmChD;;;;OAIG;IACH,MAAM,CAAC,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,GAAG,UAAU,EAAE,iBAAiB,UAAQ,GAAG,IAAI;IA4D9F,yEAAyE;IACzE,OAAO,CAAC,kBAAkB;IA2B1B,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE;IAkBpE,SAAS,CAAC,QAAQ,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,EAAE,eAAe,CAAC,EAAE,YAAY,GAAG,YAAY;IAWlG,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,EAAE,aAAa,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,SAAS,GAAG,YAAY;IAUvH,YAAY,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;IAKtC,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,UAAU,GAAG,SAAS;IAKzD,OAAO,CAAC,YAAY;IAoBpB,OAAO,CAAC,UAAU;IAKlB,OAAO,CAAC,WAAW;IAKb,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAI5B,KAAK,IAAI,IAAI;IAab,6CAA6C;IAC7C,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG;QAChD,WAAW,EAAE,MAAM,CAAC;QACpB,aAAa,EAAE,MAAM,CAAC;QACtB,UAAU,EAAE,MAAM,CAAC;QACnB,WAAW,EAAE,MAAM,CAAC;KACrB;IA+BD,SAAS,IAAI,YAAY;IAIzB,4DAA4D;IAC5D,kBAAkB,IAAI;QACpB,UAAU,EAAE,MAAM,CAAC;QACnB,gBAAgB,EAAE,MAAM,CAAC;QACzB,kBAAkB,EAAE,MAAM,CAAC;QAC3B,qBAAqB,EAAE,MAAM,CAAC;QAC9B,uBAAuB,EAAE,MAAM,CAAC;KACjC;CAqCF"}
+{"version":3,"file":"manager.d.ts","sourceRoot":"","sources":["../../../src/budget/manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAe,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC1E,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AAC/D,OAAO,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AAC3E,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAgB9C,MAAM,WAAW,UAAU;IACzB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,KAAK,CAAC,EAAE,SAAS,CAAC;CACnB;AAED,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAAe;IAC7B,OAAO,CAAC,SAAS,CAAyB;IAC1C,OAAO,CAAC,aAAa,CAAC,CAAc;IAEpC,OAAO,CAAC,UAAU,CAA2B;IAC7C,OAAO,CAAC,cAAc,CAAsB;IAC5C,OAAO,CAAC,gBAAgB,CAAsB;IAC9C,OAAO,CAAC,mBAAmB,CAAsB;IACjD,OAAO,CAAC,qBAAqB,CAAsB;IACnD,OAAO,CAAC,eAAe,CAAsB;IAC7C,OAAO,CAAC,WAAW,CAA0B;IAC7C,OAAO,CAAC,kBAAkB,CAAsB;IAChD,OAAO,CAAC,oBAAoB,CAAsB;IAClD,OAAO,CAAC,uBAAuB,CAAsB;IACrD,OAAO,CAAC,yBAAyB,CAAsB;IACvD,OAAO,CAAC,YAAY,CAA8H;IAClJ,8EAA8E;IAC9E,OAAO,CAAC,WAAW,CAA6B;gBAEpC,MAAM,EAAE,YAAY,EAAE,KAAK,CAAC,EAAE,WAAW;IAoCrD;;;OAGG;IACH,gBAAgB,IAAI,IAAI;IAmCxB,YAAY,CAAC,QAAQ,EAAE,QAAQ,GAAG,YAAY;IAqC9C,KAAK,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,EAAE,qBAAqB,GAAG;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,YAAY,CAAA;KAAE;IA2JzH;;;;;OAKG;IACG,eAAe,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,EAAE,qBAAqB,GAAG,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,YAAY,CAAC;QAAC,cAAc,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAqC3K;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAyD5B;;;OAGG;IACH,iBAAiB,CAAC,cAAc,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,IAAI;IAqCnE;;;OAGG;IACH,kBAAkB,CAAC,cAAc,EAAE,MAAM,GAAG,IAAI;IAqDhD;;;;OAIG;IACH,MAAM,CAAC,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,GAAG,UAAU,EAAE,iBAAiB,UAAQ,GAAG,IAAI;IA6E9F,yEAAyE;IACzE,OAAO,CAAC,kBAAkB;IAgC1B,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE;IAkBpE,SAAS,CAAC,QAAQ,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,EAAE,eAAe,CAAC,EAAE,YAAY,GAAG,YAAY;IAclG,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,EAAE,aAAa,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,SAAS,GAAG,YAAY;IAUvH,YAAY,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;IAKtC,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,UAAU,GAAG,SAAS;IAKzD,OAAO,CAAC,YAAY;IAoBpB,OAAO,CAAC,UAAU;IAKlB,OAAO,CAAC,WAAW;IAKb,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAI5B,KAAK,IAAI,IAAI;IAiBb,6CAA6C;IAC7C,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG;QAChD,WAAW,EAAE,MAAM,CAAC;QACpB,aAAa,EAAE,MAAM,CAAC;QACtB,WAAW,EAAE,MAAM,CAAC;QACpB,aAAa,EAAE,MAAM,CAAC;QACtB,UAAU,EAAE,MAAM,CAAC;QACnB,WAAW,EAAE,MAAM,CAAC;KACrB;IAqCD,SAAS,IAAI,YAAY;IAIzB,4DAA4D;IAC5D,kBAAkB,IAAI;QACpB,UAAU,EAAE,MAAM,CAAC;QACnB,gBAAgB,EAAE,MAAM,CAAC;QACzB,kBAAkB,EAAE,MAAM,CAAC;QAC3B,qBAAqB,EAAE,MAAM,CAAC;QAC9B,uBAAuB,EAAE,MAAM,CAAC;QAChC,qBAAqB,EAAE,MAAM,CAAC;QAC9B,uBAAuB,EAAE,MAAM,CAAC;QAChC,0BAA0B,EAAE,MAAM,CAAC;QACnC,4BAA4B,EAAE,MAAM,CAAC;KACtC;CA6DF"}