skein-cli 0.1.0-alpha.1

package/dist/proxy/streaming.js

@@ -0,0 +1,185 @@
+/**
+ * Aggregator that consumes SSE chunks from an upstream LLM provider and
+ * builds a single normalized assistant message with concatenated text and
+ * resolved tool_use blocks.
+ *
+ * Each provider has its own delta shape; the aggregator dispatches on
+ * provider at construction time.
+ */
+export class StreamingAggregator {
+    provider;
+    buffer = '';
+    text = new Map();
+    toolUses = new Map();
+    inputTokens = 0;
+    outputTokens = 0;
+    model;
+    orderedIndices = [];
+    constructor(provider) {
+        this.provider = provider;
+    }
+    feed(chunk) {
+        this.buffer += chunk.toString('utf8');
+        let newlineIndex;
+        while ((newlineIndex = this.buffer.indexOf('\n')) !== -1) {
+            const line = this.buffer.slice(0, newlineIndex).trimEnd();
+            this.buffer = this.buffer.slice(newlineIndex + 1);
+            if (line.length > 0)
+                this.handleLine(line);
+        }
+    }
+    /** Call after the upstream stream has ended to flush any remaining buffered line. */
+    finish() {
+        const remainder = this.buffer.trim();
+        if (remainder.length > 0) {
+            this.handleLine(remainder);
+            this.buffer = '';
+        }
+    }
+    result() {
+        const content = [];
+        for (const idx of this.orderedIndices) {
+            const text = this.text.get(idx);
+            if (text !== undefined) {
+                content.push({ type: 'text', text });
+                continue;
+            }
+            const toolUse = this.toolUses.get(idx);
+            if (toolUse) {
+                content.push({
+                    type: 'tool_use',
+                    id: toolUse.id,
+                    name: toolUse.name,
+                    input: safeJson(toolUse.input) ?? {},
+                });
+            }
+        }
+        return {
+            content,
+            ...(this.inputTokens > 0 ? { tokensIn: this.inputTokens } : {}),
+            ...(this.outputTokens > 0 ? { tokensOut: this.outputTokens } : {}),
+            ...(this.model ? { model: this.model } : {}),
+        };
+    }
+    handleLine(line) {
+        if (!line.startsWith('data:'))
+            return;
+        const payload = line.slice('data:'.length).trim();
+        if (payload === '[DONE]')
+            return;
+        const event = safeJson(payload);
+        if (!event)
+            return;
+        if (this.provider === 'anthropic')
+            this.handleAnthropic(event);
+        else
+            this.handleOpenAi(event);
+    }
+    handleAnthropic(event) {
+        const type = event['type'];
+        if (type === 'message_start') {
+            const msg = event['message'];
+            if (typeof msg?.['model'] === 'string')
+                this.model = msg['model'];
+            const usage = msg?.['usage'];
+            if (typeof usage?.['input_tokens'] === 'number') {
+                this.inputTokens = usage['input_tokens'];
+            }
+            return;
+        }
+        if (type === 'content_block_start') {
+            const index = event['index'];
+            const block = event['content_block'];
+            if (block?.['type'] === 'text') {
+                this.text.set(index, '');
+                this.orderedIndices.push(index);
+            }
+            else if (block?.['type'] === 'tool_use') {
+                this.toolUses.set(index, {
+                    id: String(block['id'] ?? `tu_${index}`),
+                    name: String(block['name'] ?? ''),
+                    input: '',
+                });
+                this.orderedIndices.push(index);
+            }
+            return;
+        }
+        if (type === 'content_block_delta') {
+            const index = event['index'];
+            const delta = event['delta'];
+            if (delta?.['type'] === 'text_delta') {
+                const current = this.text.get(index) ?? '';
+                this.text.set(index, current + String(delta['text'] ?? ''));
+            }
+            else if (delta?.['type'] === 'input_json_delta') {
+                const tu = this.toolUses.get(index);
+                if (tu)
+                    tu.input += String(delta['partial_json'] ?? '');
+            }
+            return;
+        }
+        if (type === 'message_delta') {
+            const usage = event['usage'];
+            if (typeof usage?.['output_tokens'] === 'number') {
+                this.outputTokens = usage['output_tokens'];
+            }
+        }
+    }
+    handleOpenAi(event) {
+        if (typeof event['model'] === 'string')
+            this.model = event['model'];
+        const usage = event['usage'];
+        if (typeof usage?.['prompt_tokens'] === 'number')
+            this.inputTokens = usage['prompt_tokens'];
+        if (typeof usage?.['completion_tokens'] === 'number')
+            this.outputTokens = usage['completion_tokens'];
+        const choices = event['choices'];
+        if (!Array.isArray(choices))
+            return;
+        for (const choice of choices) {
+            const index = choice['index'] ?? 0;
+            const delta = choice['delta'];
+            if (!delta)
+                continue;
+            if (typeof delta['content'] === 'string') {
+                if (!this.text.has(index)) {
+                    this.text.set(index, '');
+                    this.orderedIndices.push(index);
+                }
+                this.text.set(index, this.text.get(index) + delta['content']);
+            }
+            const toolCalls = delta['tool_calls'];
+            if (Array.isArray(toolCalls)) {
+                for (const tc of toolCalls) {
+                    const tcIndex = tc['index'] ?? 0;
+                    const offsetIndex = 1000 + tcIndex;
+                    const fn = tc['function'];
+                    const existing = this.toolUses.get(offsetIndex);
+                    if (!existing) {
+                        this.toolUses.set(offsetIndex, {
+                            id: String(tc['id'] ?? `tc_${tcIndex}`),
+                            name: String(fn?.['name'] ?? existing?.['name'] ?? ''),
+                            input: String(fn?.['arguments'] ?? ''),
+                        });
+                        this.orderedIndices.push(offsetIndex);
+                    }
+                    else {
+                        if (fn?.['name'])
+                            existing.name = String(fn['name']);
+                        if (fn?.['arguments'])
+                            existing.input += String(fn['arguments']);
+                    }
+                }
+            }
+        }
+    }
+}
+function safeJson(raw) {
+    try {
+        return JSON.parse(raw);
+    }
+    catch {
+        return undefined;
+    }
+}
+//# sourceMappingURL=streaming.js.map

package/dist/proxy/streaming.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"streaming.js","sourceRoot":"","sources":["../../src/proxy/streaming.ts"],"names":[],"mappings":"AAIA;;;;;;;GAOG;AACH,MAAM,OAAO,mBAAmB;IASD;IARrB,MAAM,GAAG,EAAE,CAAA;IACX,IAAI,GAAG,IAAI,GAAG,EAAkB,CAAA;IAChC,QAAQ,GAAG,IAAI,GAAG,EAAuD,CAAA;IACzE,WAAW,GAAG,CAAC,CAAA;IACf,YAAY,GAAG,CAAC,CAAA;IAChB,KAAK,CAAS;IACd,cAAc,GAAa,EAAE,CAAA;IAErC,YAA6B,QAAkB;QAAlB,aAAQ,GAAR,QAAQ,CAAU;IAAG,CAAC;IAEnD,IAAI,CAAC,KAAa;QAChB,IAAI,CAAC,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;QACrC,IAAI,YAAoB,CAAA;QACxB,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YACzD,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,OAAO,EAAE,CAAA;YACzD,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,GAAG,CAAC,CAAC,CAAA;YACjD,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC;gBAAE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAA;QAC5C,CAAC;IACH,CAAC;IAED,qFAAqF;IACrF,MAAM;QACJ,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAA;QACpC,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzB,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,CAAA;YAC1B,IAAI,CAAC,MAAM,GAAG,EAAE,CAAA;QAClB,CAAC;IACH,CAAC;IAED,MAAM;QAMJ,MAAM,OAAO,GAAmB,EAAE,CAAA;QAClC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YAC/B,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;gBACvB,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAA;gBACpC,SAAQ;YACV,CAAC;YACD,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YACtC,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,UAAU;oBAChB,EAAE,EAAE,OAAO,CAAC,EAAE;oBACd,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,KAAK,EAAE,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE;iBACrC,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;QACD,OAAO;YACL,OAAO;YACP,GAAG,CAAC,IAAI,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC/D,GAAG,CAAC,IAAI,CAAC,YAAY,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAClE,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC7C,CAAA;IACH,CAAC;IAEO,UAAU,CAAC,IAAY;QAC7B,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;YAAE,OAAM;QACrC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAA;QACjD,IAAI,OAAO,KAAK,QAAQ;YAAE,OAAM;QAChC,MAAM,KAAK,GAAG,QAAQ,CAA0B,OAAO,CAAC,CAAA;QACxD,IAAI,CAAC,KAAK;YAAE,OAAM;QAElB,IAAI,IAAI,CAAC,QAAQ,KAAK,WAAW;YAAE,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAA;;YACzD,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAA;IAC/B,CAAC;IAEO,eAAe,CAAC,KAA8B;QACpD,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,CAAuB,CAAA;QAChD,IAAI,IAAI,KAAK,eAAe,EAAE,CAAC;YAC7B,MAAM,GAAG,GAAG,KAAK,CAAC,SAAS,CAAwC,CAAA;YACnE,IAAI,OAAO,GAAG,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ;gBAAE,IAAI,CAAC,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,CAAA;YACjE,MAAM,KAAK,GAAG,GAAG,EAAE,CAAC,OAAO,CAAwC,CAAA;YACnE,IAAI,OAAO,KAAK,EAAE,CAAC,cAAc,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAChD,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC,cAAc,CAAC,CAAA;YAC1C,CAAC;YACD,OAAM;QACR,CAAC;QACD,IAAI,IAAI,KAAK,qBAAqB,EAAE,CAAC;YACnC,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAW,CAAA;YACtC,MAAM,KAAK,GAAG,KAAK,CAAC,eAAe,CAAwC,CAAA;YAC3E,IAAI,KAAK,EAAE,CAAC,MAAM,CAAC,KAAK,MAAM,EAAE,CAAC;gBAC/B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;gBACxB,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;YACjC,CAAC;iBAAM,IAAI,KAAK,EAAE,CAAC,MAAM,CAAC,KAAK,UAAU,EAAE,CAAC;gBAC1C,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE;oBACvB,EAAE,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,MAAM,KAAK,EAAE,CAAC;oBACxC,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;oBACjC,KAAK,EAAE,EAAE;iBACV,CAAC,CAAA;gBACF,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;YACjC,CAAC;YACD,OAAM;QACR,CAAC;QACD,IAAI,IAAI,KAAK,qBAAqB,EAAE,CAAC;YACnC,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAW,CAAA;YACtC,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAwC,CAAA;YACnE,IAAI,KAAK,EAAE,CAAC,MAAM,CAAC,KAAK,YAAY,EAAE,CAAC;gBACrC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAA;gBAC1C,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAA;YAC7D,CAAC;iBAAM,IAAI,KAAK,EAAE,CAAC,MAAM,CAAC,KAAK,kBAAkB,EAAE,CAAC;gBAClD,MAAM,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;gBACnC,IAAI,EAAE;oBAAE,EAAE,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,CAAA;YACzD,CAAC;YACD,OAAM;QACR,CAAC;QACD,IAAI,IAAI,KAAK,eAAe,EAAE,CAAC;YAC7B,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAwC,CAAA;YACnE,IAAI,OAAO,KAAK,EAAE,CAAC,eAAe,CAAC,KAAK,QAAQ,EAAE,CAAC;gBACjD,IAAI,CAAC,YAAY,GAAG,KAAK,CAAC,eAAe,CAAC,CAAA;YAC5C,CAAC;QACH,CAAC;IACH,CAAC;IAEO,YAAY,CAAC,KAA8B;QACjD,IAAI,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,QAAQ;YAAE,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,CAAA;QACnE,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAwC,CAAA;QACnE,IAAI,OAAO,KAAK,EAAE,CAAC,eAAe,CAAC,KAAK,QAAQ;YAAE,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC,eAAe,CAAC,CAAA;QAC3F,IAAI,OAAO,KAAK,EAAE,CAAC,mBAAmB,CAAC,KAAK,QAAQ;YAClD,IAAI,CAAC,YAAY,GAAG,KAAK,CAAC,mBAAmB,CAAC,CAAA;QAEhD,MAAM,OAAO,GAAG,KAAK,CAAC,SAAS,CAA+C,CAAA;QAC9E,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;YAAE,OAAM;QACnC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,MAAM,KAAK,GAAI,MAAM,CAAC,OAAO,CAAY,IAAI,CAAC,CAAA;YAC9C,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAwC,CAAA;YACpE,IAAI,CAAC,KAAK;gBAAE,SAAQ;YACpB,IAAI,OAAO,KAAK,CAAC,SAAS,CAAC,KAAK,QAAQ,EAAE,CAAC;gBACzC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;oBAC1B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;oBACxB,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;gBACjC,CAAC;gBACD,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAE,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAA;YAChE,CAAC;YACD,MAAM,SAAS,GAAG,KAAK,CAAC,YAAY,CAA+C,CAAA;YACnF,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC7B,KAAK,MAAM,EAAE,IAAI,SAAS,EAAE,CAAC;oBAC3B,MAAM,OAAO,GAAI,EAAE,CAAC,OAAO,CAAY,IAAI,CAAC,CAAA;oBAC5C,MAAM,WAAW,GAAG,IAAI,GAAG,OAAO,CAAA;oBAClC,MAAM,EAAE,GAAG,EAAE,CAAC,UAAU,CAAwC,CAAA;oBAChE,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;oBAC/C,IAAI,CAAC,QAAQ,EAAE,CAAC;wBACd,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE;4BAC7B,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,MAAM,OAAO,EAAE,CAAC;4BACvC,IAAI,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;4BACtD,KAAK,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;yBACvC,CAAC,CAAA;wBACF,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;oBACvC,CAAC;yBAAM,CAAC;wBACN,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC;4BAAE,QAAQ,CAAC,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAA;wBACpD,IAAI,EAAE,EAAE,CAAC,WAAW,CAAC;4BAAE,QAAQ,CAAC,KAAK,IAAI,MAAM,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,CAAA;oBAClE,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;CACF;AAED,SAAS,QAAQ,CAAI,GAAW;IAC9B,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAM,CAAA;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAA;IAClB,CAAC;AACH,CAAC"}

package/dist/redactor/entropy.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Shannon-entropy based detector for high-entropy tokens that don't match
+ * a named regex but look like credentials. Heuristic — meant to be the
+ * last line of defense.
+ *
+ * Default thresholds tuned to balance precision and recall:
+ *   - length ≥ 24 chars
+ *   - entropy ≥ 4.5 bits/char (base64-ish or random hex)
+ *   - alphabet limited to typical credential characters
+ *   - skips URLs, paths, ISO timestamps, UUIDs, common nouns
+ */
+export interface EntropyHit {
+    token: string;
+    entropy: number;
+    start: number;
+    end: number;
+}
+export interface EntropyOptions {
+    minLength?: number;
+    minEntropy?: number;
+    /** When true, replace each hit with `[REDACTED:high-entropy]`. */
+    replace?: boolean;
+}
+export declare function shannonEntropy(input: string): number;
+export declare function findHighEntropyTokens(input: string, options?: EntropyOptions): EntropyHit[];
+export declare function replaceHighEntropyTokens(input: string, options?: EntropyOptions): {
+    text: string;
+    hits: EntropyHit[];
+};

package/dist/redactor/entropy.js

@@ -0,0 +1,98 @@
+/**
+ * Shannon-entropy based detector for high-entropy tokens that don't match
+ * a named regex but look like credentials. Heuristic — meant to be the
+ * last line of defense.
+ *
+ * Default thresholds tuned to balance precision and recall:
+ *   - length ≥ 24 chars
+ *   - entropy ≥ 4.5 bits/char (base64-ish or random hex)
+ *   - alphabet limited to typical credential characters
+ *   - skips URLs, paths, ISO timestamps, UUIDs, common nouns
+ */
+const DEFAULTS = {
+    minLength: 24,
+    minEntropy: 4.5,
+};
+const TOKEN_REGEX = /[A-Za-z0-9+/=_-]{16,}/g;
+const URL_REGEX = /^[a-z]+:\/\//i;
+const UUID_REGEX = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+const SHA1_REGEX = /^[0-9a-f]{40}$/i;
+const SHA256_REGEX = /^[0-9a-f]{64}$/i;
+const ISO_TS_REGEX = /^\d{4}-\d{2}-\d{2}T\d{2}/;
+const PATH_HINT = /\//;
+export function shannonEntropy(input) {
+    if (input.length === 0)
+        return 0;
+    const counts = new Map();
+    for (const char of input)
+        counts.set(char, (counts.get(char) ?? 0) + 1);
+    let entropy = 0;
+    const len = input.length;
+    for (const count of counts.values()) {
+        const p = count / len;
+        entropy -= p * Math.log2(p);
+    }
+    return entropy;
+}
+export function findHighEntropyTokens(input, options = {}) {
+    const minLength = options.minLength ?? DEFAULTS.minLength;
+    const minEntropy = options.minEntropy ?? DEFAULTS.minEntropy;
+    const hits = [];
+    let match;
+    TOKEN_REGEX.lastIndex = 0;
+    while ((match = TOKEN_REGEX.exec(input))) {
+        const token = match[0];
+        if (token.length < minLength)
+            continue;
+        if (isStructuredId(token))
+            continue;
+        if (looksLikePathOrUrl(input, match.index, token))
+            continue;
+        const entropy = shannonEntropy(token);
+        if (entropy < minEntropy)
+            continue;
+        hits.push({
+            token,
+            entropy,
+            start: match.index,
+            end: match.index + token.length,
+        });
+    }
+    return hits;
+}
+export function replaceHighEntropyTokens(input, options = {}) {
+    const hits = findHighEntropyTokens(input, options);
+    if (hits.length === 0)
+        return { text: input, hits: [] };
+    let cursor = 0;
+    const parts = [];
+    for (const hit of hits) {
+        parts.push(input.slice(cursor, hit.start));
+        parts.push('[REDACTED:high-entropy]');
+        cursor = hit.end;
+    }
+    parts.push(input.slice(cursor));
+    return { text: parts.join(''), hits };
+}
+function isStructuredId(token) {
+    if (UUID_REGEX.test(token))
+        return true;
+    if (SHA1_REGEX.test(token))
+        return true;
+    if (SHA256_REGEX.test(token))
+        return true;
+    if (ISO_TS_REGEX.test(token))
+        return true;
+    return false;
+}
+function looksLikePathOrUrl(haystack, index, token) {
+    if (PATH_HINT.test(token))
+        return true;
+    const prefix = haystack.slice(Math.max(0, index - 8), index);
+    if (URL_REGEX.test(prefix.trim()))
+        return true;
+    if (/[\/.@]/.test(prefix.slice(-1)))
+        return true;
+    return false;
+}
+//# sourceMappingURL=entropy.js.map

package/dist/redactor/entropy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"entropy.js","sourceRoot":"","sources":["../../src/redactor/entropy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAgBH,MAAM,QAAQ,GAAG;IACf,SAAS,EAAE,EAAE;IACb,UAAU,EAAE,GAAG;CAChB,CAAA;AAED,MAAM,WAAW,GAAG,wBAAwB,CAAA;AAC5C,MAAM,SAAS,GAAG,eAAe,CAAA;AACjC,MAAM,UAAU,GAAG,iEAAiE,CAAA;AACpF,MAAM,UAAU,GAAG,iBAAiB,CAAA;AACpC,MAAM,YAAY,GAAG,iBAAiB,CAAA;AACtC,MAAM,YAAY,GAAG,0BAA0B,CAAA;AAC/C,MAAM,SAAS,GAAG,IAAI,CAAA;AAEtB,MAAM,UAAU,cAAc,CAAC,KAAa;IAC1C,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,CAAA;IAChC,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAA;IACxC,KAAK,MAAM,IAAI,IAAI,KAAK;QAAE,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAA;IACvE,IAAI,OAAO,GAAG,CAAC,CAAA;IACf,MAAM,GAAG,GAAG,KAAK,CAAC,MAAM,CAAA;IACxB,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC;QACpC,MAAM,CAAC,GAAG,KAAK,GAAG,GAAG,CAAA;QACrB,OAAO,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IAC7B,CAAC;IACD,OAAO,OAAO,CAAA;AAChB,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,KAAa,EAAE,UAA0B,EAAE;IAC/E,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,QAAQ,CAAC,SAAS,CAAA;IACzD,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,QAAQ,CAAC,UAAU,CAAA;IAC5D,MAAM,IAAI,GAAiB,EAAE,CAAA;IAC7B,IAAI,KAA6B,CAAA;IACjC,WAAW,CAAC,SAAS,GAAG,CAAC,CAAA;IACzB,OAAO,CAAC,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QACtB,IAAI,KAAK,CAAC,MAAM,GAAG,SAAS;YAAE,SAAQ;QACtC,IAAI,cAAc,CAAC,KAAK,CAAC;YAAE,SAAQ;QACnC,IAAI,kBAAkB,CAAC,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC;YAAE,SAAQ;QAC3D,MAAM,OAAO,GAAG,cAAc,CAAC,KAAK,CAAC,CAAA;QACrC,IAAI,OAAO,GAAG,UAAU;YAAE,SAAQ;QAClC,IAAI,CAAC,IAAI,CAAC;YACR,KAAK;YACL,OAAO;YACP,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,GAAG,EAAE,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC,MAAM;SAChC,CAAC,CAAA;IACJ,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AAED,MAAM,UAAU,wBAAwB,CACtC,KAAa,EACb,UAA0B,EAAE;IAE5B,MAAM,IAAI,GAAG,qBAAqB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAA;IAClD,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,EAAE,CAAA;IACvD,IAAI,MAAM,GAAG,CAAC,CAAA;IACd,MAAM,KAAK,GAAa,EAAE,CAAA;IAC1B,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,CAAA;QAC1C,KAAK,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAA;QACrC,MAAM,GAAG,GAAG,CAAC,GAAG,CAAA;IAClB,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAA;IAC/B,OAAO,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,CAAA;AACvC,CAAC;AAED,SAAS,cAAc,CAAC,KAAa;IACnC,IAAI,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IACvC,IAAI,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IACvC,IAAI,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IACzC,IAAI,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IACzC,OAAO,KAAK,CAAA;AACd,CAAC;AAED,SAAS,kBAAkB,CAAC,QAAgB,EAAE,KAAa,EAAE,KAAa;IACxE,IAAI,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IACtC,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAA;IAC5D,IAAI,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QAAE,OAAO,IAAI,CAAA;IAC9C,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAA;IAChD,OAAO,KAAK,CAAA;AACd,CAAC"}

package/dist/redactor/index.d.ts

@@ -0,0 +1,52 @@
+export type Tier = 'secrets' | 'entropy' | 'pii-regex' | 'pii-ml';
+export interface RedactionHit {
+    tier: Tier;
+    id: string;
+    category?: string;
+    start: number;
+    end: number;
+    match: string;
+    rationale?: string;
+}
+export interface RedactOptions {
+    tiers?: Partial<Record<Tier, boolean>>;
+    ml?: boolean;
+    entropy?: {
+        minLength?: number;
+        minEntropy?: number;
+    };
+}
+export interface RedactionResult {
+    text: string;
+    hits: RedactionHit[];
+}
+/**
+ * Apply the secrets tier (Gitleaks-style regex). Returns a fresh string
+ * with every match replaced by the pattern's replacement template.
+ */
+export declare function redactSecrets(input: string): {
+    text: string;
+    hits: RedactionHit[];
+};
+/**
+ * Full tiered redact: secrets → entropy → PII regex → optional ML.
+ */
+export declare function redact(input: string, options?: RedactOptions): Promise<RedactionResult>;
+/**
+ * Synchronous redact — runs regex + entropy + PII regex tiers (no ML).
+ * Used by hot paths that can't await (proxy recorder, HF push).
+ */
+export declare function redactText(input: string): {
+    text: string;
+    hits: {
+        pattern: string;
+        count: number;
+    }[];
+};
+export declare function redactObject<T>(value: T): T;
+export declare function hasSecret(input: string): boolean;
+export { SECRET_PATTERNS } from './secret-patterns.js';
+export type { SecretPattern, Category as SecretCategory } from './secret-patterns.js';
+export type { PiiHit, PiiCategory } from './pii-patterns.js';
+export type { NerHit } from './ner.js';
+export { loadNerPipeline, DEFAULT_NER_MODEL, lastNerError } from './ner.js';

package/dist/redactor/index.js

@@ -0,0 +1,152 @@
+import { SECRET_PATTERNS } from './secret-patterns.js';
+import { findHighEntropyTokens, replaceHighEntropyTokens } from './entropy.js';
+import { findPiiHits, redactPii } from './pii-patterns.js';
+import { nerPiiAnalyze, redactNer } from './ner.js';
+/**
+ * Apply the secrets tier (Gitleaks-style regex). Returns a fresh string
+ * with every match replaced by the pattern's replacement template.
+ */
+export function redactSecrets(input) {
+    let text = input;
+    const hits = [];
+    for (const pattern of SECRET_PATTERNS) {
+        pattern.regex.lastIndex = 0;
+        const matches = [];
+        let match;
+        while ((match = pattern.regex.exec(text))) {
+            matches.push({ start: match.index, end: match.index + match[0].length, match: match[0] });
+            if (match[0].length === 0)
+                pattern.regex.lastIndex++;
+        }
+        if (matches.length === 0)
+            continue;
+        text = applyReplacement(text, pattern, matches);
+        for (const m of matches) {
+            hits.push({
+                tier: 'secrets',
+                id: pattern.id,
+                category: pattern.category,
+                start: m.start,
+                end: m.end,
+                match: m.match,
+            });
+        }
+    }
+    return { text, hits };
+}
+/**
+ * Full tiered redact: secrets → entropy → PII regex → optional ML.
+ */
+export async function redact(input, options = {}) {
+    const tiers = {
+        secrets: options.tiers?.secrets !== false,
+        entropy: options.tiers?.entropy !== false,
+        'pii-regex': options.tiers?.['pii-regex'] !== false,
+        'pii-ml': options.ml === true && options.tiers?.['pii-ml'] !== false,
+    };
+    const hits = [];
+    let text = input;
+    if (tiers.secrets) {
+        const result = redactSecrets(text);
+        text = result.text;
+        hits.push(...result.hits);
+    }
+    if (tiers.entropy) {
+        const result = replaceHighEntropyTokens(text, options.entropy ?? {});
+        text = result.text;
+        for (const hit of result.hits) {
+            hits.push({
+                tier: 'entropy',
+                id: 'high-entropy',
+                start: hit.start,
+                end: hit.end,
+                match: hit.token,
+                rationale: `entropy=${hit.entropy.toFixed(2)} bits/char`,
+            });
+        }
+    }
+    if (tiers['pii-regex']) {
+        const result = redactPii(text);
+        text = result.text;
+        for (const hit of result.hits) {
+            hits.push({
+                tier: 'pii-regex',
+                id: hit.category,
+                category: hit.category,
+                start: hit.start,
+                end: hit.end,
+                match: hit.match,
+                ...(hit.rationale ? { rationale: hit.rationale } : {}),
+            });
+        }
+    }
+    if (tiers['pii-ml']) {
+        const nerHits = await nerPiiAnalyze(text);
+        const result = redactNer(text, nerHits);
+        text = result.text;
+        for (const hit of result.hits) {
+            hits.push({
+                tier: 'pii-ml',
+                id: hit.category,
+                category: hit.category,
+                start: hit.start,
+                end: hit.end,
+                match: hit.match,
+                rationale: `model score=${hit.score.toFixed(2)}`,
+            });
+        }
+    }
+    return { text, hits };
+}
+/**
+ * Synchronous redact — runs regex + entropy + PII regex tiers (no ML).
+ * Used by hot paths that can't await (proxy recorder, HF push).
+ */
+export function redactText(input) {
+    const secrets = redactSecrets(input);
+    const entropy = replaceHighEntropyTokens(secrets.text);
+    const pii = redactPii(entropy.text);
+    const aggregated = new Map();
+    for (const hit of secrets.hits) {
+        aggregated.set(hit.id, (aggregated.get(hit.id) ?? 0) + 1);
+    }
+    for (const _ of entropy.hits) {
+        aggregated.set('high-entropy', (aggregated.get('high-entropy') ?? 0) + 1);
+    }
+    for (const hit of pii.hits) {
+        aggregated.set(hit.category, (aggregated.get(hit.category) ?? 0) + 1);
+    }
+    return {
+        text: pii.text,
+        hits: [...aggregated.entries()].map(([pattern, count]) => ({ pattern, count })),
+    };
+}
+export function redactObject(value) {
+    return JSON.parse(JSON.stringify(value, (_, v) => (typeof v === 'string' ? redactText(v).text : v)));
+}
+export function hasSecret(input) {
+    for (const pattern of SECRET_PATTERNS) {
+        pattern.regex.lastIndex = 0;
+        if (pattern.regex.test(input))
+            return true;
+    }
+    return findHighEntropyTokens(input).length > 0 || findPiiHits(input).length > 0;
+}
+function applyReplacement(text, pattern, matches) {
+    if (!pattern.replacement.includes('$')) {
+        let cursor = 0;
+        const parts = [];
+        for (const m of matches) {
+            parts.push(text.slice(cursor, m.start));
+            parts.push(pattern.replacement);
+            cursor = m.end;
+        }
+        parts.push(text.slice(cursor));
+        return parts.join('');
+    }
+    pattern.regex.lastIndex = 0;
+    return text.replace(pattern.regex, pattern.replacement);
+}
+export { SECRET_PATTERNS } from './secret-patterns.js';
+export { loadNerPipeline, DEFAULT_NER_MODEL, lastNerError } from './ner.js';
+//# sourceMappingURL=index.js.map

package/dist/redactor/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/redactor/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAsB,MAAM,sBAAsB,CAAA;AAC1E,OAAO,EAAE,qBAAqB,EAAE,wBAAwB,EAAE,MAAM,cAAc,CAAA;AAC9E,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAA;AAC1D,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,UAAU,CAAA;AAyBnD;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,IAAI,IAAI,GAAG,KAAK,CAAA;IAChB,MAAM,IAAI,GAAmB,EAAE,CAAA;IAC/B,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;QACtC,OAAO,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAA;QAC3B,MAAM,OAAO,GAAoD,EAAE,CAAA;QACnE,IAAI,KAA6B,CAAA;QACjC,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;YAC1C,OAAO,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAA;YACzF,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,CAAC,KAAK,CAAC,SAAS,EAAE,CAAA;QACtD,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,SAAQ;QAClC,IAAI,GAAG,gBAAgB,CAAC,IAAI,EAAE,OAAO,EAAE,OAAO,CAAC,CAAA;QAC/C,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;YACxB,IAAI,CAAC,IAAI,CAAC;gBACR,IAAI,EAAE,SAAS;gBACf,EAAE,EAAE,OAAO,CAAC,EAAE;gBACd,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,GAAG,EAAE,CAAC,CAAC,GAAG;gBACV,KAAK,EAAE,CAAC,CAAC,KAAK;aACf,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAA;AACvB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,MAAM,CAAC,KAAa,EAAE,UAAyB,EAAE;IACrE,MAAM,KAAK,GAAG;QACZ,OAAO,EAAE,OAAO,CAAC,KAAK,EAAE,OAAO,KAAK,KAAK;QACzC,OAAO,EAAE,OAAO,CAAC,KAAK,EAAE,OAAO,KAAK,KAAK;QACzC,WAAW,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,WAAW,CAAC,KAAK,KAAK;QACnD,QAAQ,EAAE,OAAO,CAAC,EAAE,KAAK,IAAI,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC,QAAQ,CAAC,KAAK,KAAK;KACrE,CAAA;IAED,MAAM,IAAI,GAAmB,EAAE,CAAA;IAC/B,IAAI,IAAI,GAAG,KAAK,CAAA;IAEhB,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;QAClB,MAAM,MAAM,GAAG,aAAa,CAAC,IAAI,CAAC,CAAA;QAClC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAA;QAClB,IAAI,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,CAAA;IAC3B,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;QAClB,MAAM,MAAM,GAAG,wBAAwB,CAAC,IAAI,EAAE,OAAO,CAAC,OAAO,IAAI,EAAE,CAAC,CAAA;QACpE,IAAI,GAAG,MAAM,CAAC,IAAI,CAAA;QAClB,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;YAC9B,IAAI,CAAC,IAAI,CAAC;gBACR,IAAI,EAAE,SAAS;gBACf,EAAE,EAAE,cAAc;gBAClB,KAAK,EAAE,GAAG,CAAC,KAAK;gBAChB,GAAG,EAAE,GAAG,CAAC,GAAG;gBACZ,KAAK,EAAE,GAAG,CAAC,KAAK;gBAChB,SAAS,EAAE,WAAW,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,YAAY;aACzD,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IACD,IAAI,KAAK,CAAC,WAAW,CAAC,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,CAAA;QAC9B,IAAI,GAAG,MAAM,CAAC,IAAI,CAAA;QAClB,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;YAC9B,IAAI,CAAC,IAAI,CAAC;gBACR,IAAI,EAAE,WAAW;gBACjB,EAAE,EAAE,GAAG,CAAC,QAAQ;gBAChB,QAAQ,EAAE,GAAG,CAAC,QAAQ;gBACtB,KAAK,EAAE,GAAG,CAAC,KAAK;gBAChB,GAAG,EAAE,GAAG,CAAC,GAAG;gBACZ,KAAK,EAAE,GAAG,CAAC,KAAK;gBAChB,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACvD,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IACD,IAAI,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpB,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,CAAA;QACzC,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;QACvC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAA;QAClB,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;YAC9B,IAAI,CAAC,IAAI,CAAC;gBACR,IAAI,EAAE,QAAQ;gBACd,EAAE,EAAE,GAAG,CAAC,QAAQ;gBAChB,QAAQ,EAAE,GAAG,CAAC,QAAQ;gBACtB,KAAK,EAAE,GAAG,CAAC,KAAK;gBAChB,GAAG,EAAE,GAAG,CAAC,GAAG;gBACZ,KAAK,EAAE,GAAG,CAAC,KAAK;gBAChB,SAAS,EAAE,eAAe,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;aACjD,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAA;AACvB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,UAAU,CAAC,KAAa;IAItC,MAAM,OAAO,GAAG,aAAa,CAAC,KAAK,CAAC,CAAA;IACpC,MAAM,OAAO,GAAG,wBAAwB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAA;IACtD,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAA;IACnC,MAAM,UAAU,GAAG,IAAI,GAAG,EAAkB,CAAA;IAC5C,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QAC/B,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAA;IAC3D,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QAC7B,UAAU,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAA;IAC3E,CAAC;IACD,KAAK,MAAM,GAAG,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QAC3B,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAA;IACvE,CAAC;IACD,OAAO;QACL,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,IAAI,EAAE,CAAC,GAAG,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;KAChF,CAAA;AACH,CAAC;AAED,MAAM,UAAU,YAAY,CAAI,KAAQ;IACtC,OAAO,IAAI,CAAC,KAAK,CACf,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAClF,CAAA;AACH,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,KAAa;IACrC,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;QACtC,OAAO,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAA;QAC3B,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC;YAAE,OAAO,IAAI,CAAA;IAC5C,CAAC;IACD,OAAO,qBAAqB,CAAC,KAAK,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,WAAW,CAAC,KAAK,CAAC,CAAC,MAAM,GAAG,CAAC,CAAA;AACjF,CAAC;AAED,SAAS,gBAAgB,CACvB,IAAY,EACZ,OAAsB,EACtB,OAAwD;IAExD,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACvC,IAAI,MAAM,GAAG,CAAC,CAAA;QACd,MAAM,KAAK,GAAa,EAAE,CAAA;QAC1B,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;YACxB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAA;YACvC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAA;YAC/B,MAAM,GAAG,CAAC,CAAC,GAAG,CAAA;QAChB,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAA;QAC9B,OAAO,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IACvB,CAAC;IACD,OAAO,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAA;IAC3B,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,WAAW,CAAC,CAAA;AACzD,CAAC;AAED,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAA;AAItD,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,UAAU,CAAA"}

package/dist/redactor/ner.d.ts

@@ -0,0 +1,53 @@
+/**
+ * Optional ML-based PII detection via Transformers.js.
+ *
+ * Default model: `iiiorg/piiranha-v1-detect-personal-information` —
+ * a DeBERTa-v3 fine-tune released by Inferentia Internet Investigation
+ * that detects 17 PII categories and works well on English text. The
+ * model is lazy-loaded and cached in ~/.cache/huggingface/.
+ *
+ * `@huggingface/transformers` is declared as an OPTIONAL dependency.
+ * If onnxruntime-node fails to install (e.g. unsupported platform),
+ * the rest of Skein keeps working — calls to `nerPiiAnalyze` just
+ * return an empty hit list and the orchestrator logs a one-time
+ * notice.
+ *
+ * Set SKEIN_PII_MODEL to override the default.
+ */
+export declare const DEFAULT_NER_MODEL: string;
+export interface NerHit {
+    category: string;
+    start: number;
+    end: number;
+    match: string;
+    score: number;
+}
+interface TransformerPipeline {
+    (input: string, options?: Record<string, unknown>): Promise<Array<{
+        entity?: string;
+        entity_group?: string;
+        score: number;
+        start: number;
+        end: number;
+        word: string;
+    }>>;
+}
+/**
+ * Initialize the NER pipeline. Returns undefined if @huggingface/transformers
+ * is not installed or the model fails to load. Logs the reason exactly once.
+ */
+export declare function loadNerPipeline(): Promise<TransformerPipeline | undefined>;
+/**
+ * Run the configured PII NER over `input`. Returns hits with the
+ * model's score (0..1). Score threshold defaults to 0.5.
+ */
+export declare function nerPiiAnalyze(input: string, minScore?: number): Promise<NerHit[]>;
+export declare function lastNerError(): string | undefined;
+/**
+ * Replace NER hits in the input with `[REDACTED:<category>]`.
+ */
+export declare function redactNer(input: string, hits: NerHit[]): {
+    text: string;
+    hits: NerHit[];
+};
+export {};