shieldstack-ts 0.1.0

package/tests/pii.test.ts

@@ -0,0 +1,21 @@
+import { describe, it, expect } from 'vitest';
+import { PIIRedactor } from '../src/sanitizers/pii';
+
+describe('PIIRedactor', () => {
+  it('should redact emails', () => {
+    const redactor = new PIIRedactor({ emails: true, policy: 'redact' });
+    const result = redactor.redact('Contact me at admin@shieldstack.com please.');
+    expect(result.redactedText).toBe('Contact me at [REDACTED_EMAIL] please.');
+  });
+
+  it('should hash credit cards', () => {
+    const redactor = new PIIRedactor({ creditCards: true, phoneNumbers: false, policy: 'hash' });
+    const result = redactor.redact('My card is 1234-5678-9012-3456');
+    expect(result.redactedText).toBe('My card is [HASHED_CREDITCARD]');
+  });
+
+  it('should handle blocking policy', () => {
+    const redactor = new PIIRedactor({ phoneNumbers: true, policy: 'block' });
+    expect(() => redactor.redact('Call 1-800-555-0199')).toThrowError('PII blocked');
+  });
+});

package/tests/redis.integration.ts

@@ -0,0 +1,65 @@
+import { ShieldStack, RedisStore } from './dist/index';
+
+async function main() {
+  let Redis: any;
+  try {
+    // Dynamic import so this doesn't fail at compile time
+    const mod = await import('ioredis');
+    Redis = mod.default;
+  } catch {
+    console.error('❌ Please install ioredis first: npm install ioredis');
+    process.exit(1);
+  }
+
+  const client = new Redis({ host: '127.0.0.1', port: 6379 });
+
+  console.log('🔌 Connecting to Redis at 127.0.0.1:6379...');
+  await client.ping();
+  console.log('✅ Redis connected!\n');
+
+  // Flush test keys before starting
+  await client.del('shieldstack:test:live-user');
+
+  const shield = new ShieldStack({
+    tokenLimiter: {
+      maxTokens: 100,
+      windowMs: 30000,  // 30 seconds
+      store: new RedisStore(client, 'shieldstack:test:'),
+    },
+    pii: { policy: 'redact', emails: true },
+    injectionDetection: { threshold: 0.8 },
+  });
+
+  console.log('--- Test 1: Token limit stored in Redis ---');
+  const r1 = await shield.evaluateRequest('Hello from server pod 1', 'live-user', 60);
+  console.log(`✅ Pod 1 allowed. Safe text: "${r1}"`);
+
+  console.log('--- Test 2: Second request from a different pod (shared Redis) ---');
+  // New ShieldStack instance (simulating a second pod) pointing to same Redis
+  const shield2 = new ShieldStack({
+    tokenLimiter: {
+      maxTokens: 100,
+      windowMs: 30000,
+      store: new RedisStore(client, 'shieldstack:test:'),
+    },
+  });
+
+  try {
+    await shield2.evaluateRequest('Hello from server pod 2', 'live-user', 50);
+    console.log('❌ This should have been blocked!');
+  } catch (e: any) {
+    console.log(`✅ Pod 2 blocked (60 + 50 > 100). Reason: ${e.message}`);
+  }
+
+  console.log('\n--- Test 3: Verify key in Redis ---');
+  const raw = await client.get('shieldstack:test:live-user');
+  console.log(`✅ Raw Redis value: ${raw}`);
+
+  await client.quit();
+  console.log('\n🎉 Live Redis verification complete!');
+}
+
+main().catch(err => {
+  console.error('Error:', err);
+  process.exit(1);
+});

package/tests/redisStore.test.ts

@@ -0,0 +1,107 @@
+import { describe, it, expect, vi } from 'vitest';
+import { RedisStore } from '../src/budgeting/RedisStore';
+import { TokenLimiter } from '../src/budgeting/tokenLimiter';
+
+function createMockRedisClient() {
+  const store: Map<string, { value: string; expiresAt?: number }> = new Map();
+
+  return {
+    async get(key: string): Promise<string | null> {
+      const entry = store.get(key);
+      if (!entry) return null;
+      if (entry.expiresAt && Date.now() > entry.expiresAt) {
+        store.delete(key);
+        return null;
+      }
+      return entry.value;
+    },
+    async set(key: string, value: string, px?: 'PX', ms?: number): Promise<'OK'> {
+      store.set(key, {
+        value,
+        expiresAt: px && ms ? Date.now() + ms : undefined,
+      });
+      return 'OK';
+    },
+    async del(key: string): Promise<number> {
+      return store.delete(key) ? 1 : 0;
+    },
+    _store: store,
+  };
+}
+
+describe('RedisStore', () => {
+  it('should store and retrieve a bucket', async () => {
+    const client = createMockRedisClient();
+    const redisStore = new RedisStore(client, 'test:');
+
+    const bucket = { tokensUsed: 50, resetAt: Date.now() + 60000 };
+    await redisStore.set('user1', bucket);
+
+    const retrieved = await redisStore.get('user1');
+    expect(retrieved).toEqual(bucket);
+  });
+
+  it('should return null for missing keys', async () => {
+    const client = createMockRedisClient();
+    const redisStore = new RedisStore(client, 'test:');
+
+    const result = await redisStore.get('nonexistent');
+    expect(result).toBeNull();
+  });
+
+  it('should delete a bucket', async () => {
+    const client = createMockRedisClient();
+    const redisStore = new RedisStore(client, 'test:');
+
+    await redisStore.set('user1', { tokensUsed: 10, resetAt: Date.now() + 60000 });
+    await redisStore.delete('user1');
+
+    const result = await redisStore.get('user1');
+    expect(result).toBeNull();
+  });
+
+  it('should use key prefix correctly', async () => {
+    const client = createMockRedisClient();
+    const redisStore = new RedisStore(client, 'shieldstack:prod:');
+
+    await redisStore.set('userA', { tokensUsed: 100, resetAt: Date.now() + 60000 });
+
+    const rawKeys = [...client._store.keys()];
+    expect(rawKeys[0]).toBe('shieldstack:prod:userA');
+  });
+});
+
+describe('TokenLimiter with RedisStore', () => {
+  it('should enforce token limits via Redis', async () => {
+    const client = createMockRedisClient();
+    const redisStore = new RedisStore(client, 'test:limiter:');
+
+    const limiter = new TokenLimiter({
+      maxTokens: 100,
+      windowMs: 60000,
+      store: redisStore,
+    });
+
+    // First request should be allowed
+    const result1 = await limiter.checkLimit('user1', 60);
+    expect(result1.allowed).toBe(true);
+    expect(result1.remainingTokens).toBe(40);
+
+    // Second request pushes over limit
+    const result2 = await limiter.checkLimit('user1', 50);
+    expect(result2.allowed).toBe(false);
+  });
+
+  it('should persist state across limiter instances (simulating distributed behavior)', async () => {
+    const client = createMockRedisClient();
+    const redisStore = new RedisStore(client, 'test:distributed:');
+
+    const limiterA = new TokenLimiter({ maxTokens: 100, windowMs: 60000, store: redisStore });
+    await limiterA.checkLimit('shared-user', 70);
+
+    const limiterB = new TokenLimiter({ maxTokens: 100, windowMs: 60000, store: redisStore });
+    const result = await limiterB.checkLimit('shared-user', 40);
+
+    expect(result.allowed).toBe(false);
+  });
+});

package/tests/tokenLimiter.test.ts

@@ -0,0 +1,27 @@
+import { describe, it, expect } from 'vitest';
+import { TokenLimiter } from '../src/budgeting/tokenLimiter';
+
+describe('TokenLimiter', () => {
+  it('should allow requests under the limit', async () => {
+    const limiter = new TokenLimiter({ maxTokens: 100, windowMs: 10000 });
+    const result = await limiter.checkLimit('user1', 50);
+    expect(result.allowed).toBe(true);
+    expect(result.remainingTokens).toBe(50);
+  });
+
+  it('should block requests over the limit', async () => {
+    const limiter = new TokenLimiter({ maxTokens: 100, windowMs: 10000 });
+    await limiter.checkLimit('user1', 80);
+    const result2 = await limiter.checkLimit('user1', 30);
+    expect(result2.allowed).toBe(false);
+  });
+
+  it('should support token refunds', async () => {
+    const limiter = new TokenLimiter({ maxTokens: 100, windowMs: 10000 });
+    await limiter.checkLimit('user1', 60);
+    await limiter.refund('user1', 20);
+    
+    const result = await limiter.checkLimit('user1', 50);
+    expect(result.allowed).toBe(true);
+  });
+});

package/tsconfig.json

@@ -0,0 +1,20 @@
+{
+  "compilerOptions": {
+    "target": "ESNext",
+    "module": "ESNext",
+    "moduleResolution": "bundler",
+    "lib": ["ESNext", "DOM"],
+    "declaration": true,
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "outDir": "./dist",
+    "baseUrl": ".",
+    "paths": {
+      "@/*": ["src/*"]
+    }
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "dist", "examples"]
+}

package/tsup.config.ts

@@ -0,0 +1,10 @@
+import { defineConfig } from 'tsup';
+
+export default defineConfig({
+  entry: ['src/index.ts'],
+  format: ['cjs', 'esm'],
+  dts: true,
+  clean: true,
+  target: 'esnext',
+  outDir: 'dist',
+});