veryfront 0.1.379 → 0.1.381

package/esm/src/agent/middleware/cost-tracking/tracker.d.ts

@@ -0,0 +1,65 @@
+import type { AgentMiddleware, AgentResponse } from "../../types.js";
+export interface CostConfig {
+    /** Provider pricing (cost per 1M tokens) */
+    pricing: {
+        [provider: string]: {
+            input: number;
+            output: number;
+        };
+    };
+    limits?: {
+        daily?: number;
+        monthly?: number;
+        /** Per-user daily cost limit */
+        userDaily?: number;
+    };
+    /** Maximum number of per-user cost entries to retain (default: 10_000) */
+    maxTrackedUsers?: number;
+    onLimitExceeded?: (usage: UsageSummary) => void;
+}
+export interface UsageRecord {
+    timestamp: number;
+    agentId: string;
+    model: string;
+    provider: string;
+    tokens: {
+        prompt: number;
+        completion: number;
+        total: number;
+    };
+    cost: number;
+    userId?: string;
+}
+export interface UsageSummary {
+    requests: number;
+    tokens: {
+        prompt: number;
+        completion: number;
+        total: number;
+    };
+    cost: number;
+    byProvider: Record<string, {
+        requests: number;
+        tokens: number;
+        cost: number;
+    }>;
+    period: {
+        start: number;
+        end: number;
+    };
+}
+export declare function createCostTracker(config: CostConfig): {
+    track: (agentId: string, model: string, response: AgentResponse, userId?: string) => UsageRecord;
+    isOverBudget: (userId?: string) => string | null;
+    getSummary: (startTime?: number, endTime?: number) => UsageSummary;
+    getDailySummary: () => UsageSummary;
+    getMonthlySummary: () => UsageSummary;
+    getAllRecords: () => UsageRecord[];
+    getTrackedUserCount: () => number;
+    clear: () => void;
+    destroy: () => void;
+};
+export declare function costTrackingMiddleware(config: CostConfig): AgentMiddleware & {
+    destroy(): void;
+};
+//# sourceMappingURL=tracker.d.ts.map

package/esm/src/agent/middleware/cost-tracking/tracker.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tracker.d.ts","sourceRoot":"","sources":["../../../../../src/src/agent/middleware/cost-tracking/tracker.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAQrE,MAAM,WAAW,UAAU;IACzB,4CAA4C;IAC5C,OAAO,EAAE;QACP,CAAC,QAAQ,EAAE,MAAM,GAAG;YAClB,KAAK,EAAE,MAAM,CAAC;YACd,MAAM,EAAE,MAAM,CAAC;SAChB,CAAC;KACH,CAAC;IACF,MAAM,CAAC,EAAE;QACP,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,gCAAgC;QAChC,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC;IACF,0EAA0E;IAC1E,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,eAAe,CAAC,EAAE,CAAC,KAAK,EAAE,YAAY,KAAK,IAAI,CAAC;CACjD;AAED,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE;QACN,MAAM,EAAE,MAAM,CAAC;QACf,UAAU,EAAE,MAAM,CAAC;QACnB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;IACF,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE;QACN,MAAM,EAAE,MAAM,CAAC;QACf,UAAU,EAAE,MAAM,CAAC;QACnB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;IACF,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAChB,MAAM,EACN;QACE,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,MAAM,CAAC;QACf,IAAI,EAAE,MAAM,CAAC;KACd,CACF,CAAC;IACF,MAAM,EAAE;QACN,KAAK,EAAE,MAAM,CAAC;QACd,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;CACH;AAwOD,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,UAAU,GAAG;IACrD,KAAK,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,CAAC,EAAE,MAAM,KAAK,WAAW,CAAC;IACjG,YAAY,EAAE,CAAC,MAAM,CAAC,EAAE,MAAM,KAAK,MAAM,GAAG,IAAI,CAAC;IACjD,UAAU,EAAE,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,KAAK,YAAY,CAAC;IACnE,eAAe,EAAE,MAAM,YAAY,CAAC;IACpC,iBAAiB,EAAE,MAAM,YAAY,CAAC;IACtC,aAAa,EAAE,MAAM,WAAW,EAAE,CAAC;IACnC,mBAAmB,EAAE,MAAM,MAAM,CAAC;IAClC,KAAK,EAAE,MAAM,IAAI,CAAC;IAClB,OAAO,EAAE,MAAM,IAAI,CAAC;CACrB,CAcA;AAED,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,UAAU,GACjB,eAAe,GAAG;IAAE,OAAO,IAAI,IAAI,CAAA;CAAE,CA4BvC"}

package/esm/src/agent/middleware/cost-tracking/tracker.js

@@ -0,0 +1,223 @@
+import * as dntShim from "../../../../_dnt.shims.js";
+import { agentLogger } from "../../../utils/logger/logger.js";
+import { COST_LIMIT_EXCEEDED } from "../../../errors/index.js";
+const ONE_DAY_MS = 24 * 60 * 60 * 1_000;
+const THIRTY_DAYS_MS = 30 * 24 * 60 * 60 * 1_000;
+const RESET_CHECK_INTERVAL_MS = 60_000;
+function getProvider(model) {
+    return model.split("/")[0] || "unknown";
+}
+class CostTracker {
+    config;
+    records = [];
+    dailyTotal = 0;
+    monthlyTotal = 0;
+    userDailyTotals = new Map();
+    maxTrackedUsers;
+    lastDayReset = Date.now();
+    lastMonthReset = Date.now();
+    resetInterval = null;
+    constructor(config) {
+        this.config = config;
+        this.maxTrackedUsers = config.maxTrackedUsers ?? 10_000;
+        this.startPeriodicReset();
+    }
+    isOverBudget(userId) {
+        const dailyLimit = this.config.limits?.daily;
+        if (dailyLimit && this.dailyTotal >= dailyLimit) {
+            return "Daily cost limit exceeded";
+        }
+        const monthlyLimit = this.config.limits?.monthly;
+        if (monthlyLimit && this.monthlyTotal >= monthlyLimit) {
+            return "Monthly cost limit exceeded";
+        }
+        const userDailyLimit = this.config.limits?.userDaily;
+        if (userDailyLimit && userId) {
+            const userTotal = this.userDailyTotals.get(userId) ?? 0;
+            if (userTotal >= userDailyLimit) {
+                return "Per-user daily cost limit exceeded";
+            }
+        }
+        return null;
+    }
+    track(agentId, model, response, userId) {
+        if (!response.usage) {
+            agentLogger.warn("No usage data in response, cannot track costs");
+            return this.createEmptyRecord(agentId, model);
+        }
+        const provider = getProvider(model);
+        const cost = this.calculateCost(provider, response.usage.promptTokens, response.usage.completionTokens);
+        const record = {
+            timestamp: Date.now(),
+            agentId,
+            model,
+            provider,
+            tokens: {
+                prompt: response.usage.promptTokens,
+                completion: response.usage.completionTokens,
+                total: response.usage.totalTokens,
+            },
+            cost,
+            userId,
+        };
+        this.records.push(record);
+        this.dailyTotal += cost;
+        this.monthlyTotal += cost;
+        if (userId && this.maxTrackedUsers > 0) {
+            // Keep tracking the current user even after the cap is reached by
+            // evicting the oldest tracked user first. This preserves per-user
+            // enforcement for active users without unbounded memory growth.
+            if (!this.userDailyTotals.has(userId) &&
+                this.userDailyTotals.size >= this.maxTrackedUsers) {
+                const oldestTrackedUser = this.userDailyTotals.keys().next().value;
+                if (oldestTrackedUser !== undefined) {
+                    this.userDailyTotals.delete(oldestTrackedUser);
+                }
+            }
+            this.userDailyTotals.set(userId, (this.userDailyTotals.get(userId) ?? 0) + cost);
+        }
+        this.checkLimits(userId);
+        return record;
+    }
+    calculateCost(provider, inputTokens, outputTokens) {
+        const pricing = this.config.pricing[provider];
+        if (!pricing) {
+            agentLogger.warn(`No pricing configured for provider: ${provider}`);
+            return 0;
+        }
+        return (inputTokens / 1_000_000) * pricing.input + (outputTokens / 1_000_000) * pricing.output;
+    }
+    getSummary(startTime, endTime) {
+        const start = startTime ?? 0;
+        const end = endTime ?? Date.now();
+        const summary = {
+            requests: 0,
+            tokens: { prompt: 0, completion: 0, total: 0 },
+            cost: 0,
+            byProvider: {},
+            period: { start, end },
+        };
+        for (const record of this.records) {
+            if (record.timestamp < start || record.timestamp > end)
+                continue;
+            summary.requests++;
+            summary.tokens.prompt += record.tokens.prompt;
+            summary.tokens.completion += record.tokens.completion;
+            summary.tokens.total += record.tokens.total;
+            summary.cost += record.cost;
+            const providerStats = (summary.byProvider[record.provider] ??= {
+                requests: 0,
+                tokens: 0,
+                cost: 0,
+            });
+            providerStats.requests++;
+            providerStats.tokens += record.tokens.total;
+            providerStats.cost += record.cost;
+        }
+        return summary;
+    }
+    getDailySummary() {
+        const now = Date.now();
+        return this.getSummary(now - ONE_DAY_MS, now);
+    }
+    getMonthlySummary() {
+        const now = Date.now();
+        return this.getSummary(now - THIRTY_DAYS_MS, now);
+    }
+    checkLimits(userId) {
+        const dailyLimit = this.config.limits?.daily;
+        if (dailyLimit && this.dailyTotal >= dailyLimit) {
+            this.config.onLimitExceeded?.(this.getDailySummary());
+            return;
+        }
+        const monthlyLimit = this.config.limits?.monthly;
+        if (monthlyLimit && this.monthlyTotal >= monthlyLimit) {
+            this.config.onLimitExceeded?.(this.getMonthlySummary());
+            return;
+        }
+        const userDailyLimit = this.config.limits?.userDaily;
+        if (userDailyLimit && userId) {
+            const userTotal = this.userDailyTotals.get(userId) ?? 0;
+            if (userTotal >= userDailyLimit) {
+                this.config.onLimitExceeded?.(this.getDailySummary());
+            }
+        }
+    }
+    startPeriodicReset() {
+        this.resetInterval = dntShim.setInterval(() => {
+            const now = Date.now();
+            if (now - this.lastDayReset >= ONE_DAY_MS) {
+                this.dailyTotal = 0;
+                this.userDailyTotals.clear();
+                this.lastDayReset = now;
+            }
+            if (now - this.lastMonthReset >= THIRTY_DAYS_MS) {
+                this.monthlyTotal = 0;
+                this.lastMonthReset = now;
+            }
+        }, RESET_CHECK_INTERVAL_MS);
+    }
+    destroy() {
+        if (this.resetInterval) {
+            clearInterval(this.resetInterval);
+            this.resetInterval = null;
+        }
+        this.clear();
+    }
+    createEmptyRecord(agentId, model) {
+        return {
+            timestamp: Date.now(),
+            agentId,
+            model,
+            provider: getProvider(model),
+            tokens: { prompt: 0, completion: 0, total: 0 },
+            cost: 0,
+        };
+    }
+    getAllRecords() {
+        return [...this.records];
+    }
+    getTrackedUserCount() {
+        return this.userDailyTotals.size;
+    }
+    clear() {
+        this.records = [];
+        this.dailyTotal = 0;
+        this.monthlyTotal = 0;
+        this.userDailyTotals.clear();
+    }
+}
+export function createCostTracker(config) {
+    const tracker = new CostTracker(config);
+    return {
+        track: tracker.track.bind(tracker),
+        isOverBudget: tracker.isOverBudget.bind(tracker),
+        getSummary: tracker.getSummary.bind(tracker),
+        getDailySummary: tracker.getDailySummary.bind(tracker),
+        getMonthlySummary: tracker.getMonthlySummary.bind(tracker),
+        getAllRecords: tracker.getAllRecords.bind(tracker),
+        getTrackedUserCount: tracker.getTrackedUserCount.bind(tracker),
+        clear: tracker.clear.bind(tracker),
+        destroy: tracker.destroy.bind(tracker),
+    };
+}
+export function costTrackingMiddleware(config) {
+    const tracker = createCostTracker(config);
+    const middleware = (async (context, next) => {
+        const userId = context.data?.userId;
+        const budgetError = tracker.isOverBudget(userId);
+        if (budgetError) {
+            throw COST_LIMIT_EXCEEDED.create({
+                detail: budgetError,
+                context: { userId },
+            });
+        }
+        const result = await next();
+        tracker.track(context.agentId, context.model || "unknown", result, userId);
+        return result;
+    });
+    middleware.destroy = () => {
+        tracker.destroy();
+    };
+    return middleware;
+}

package/esm/src/agent/middleware/index.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Agent Middleware
+ *
+ * @module agent/middleware
+ */
+export { createMiddlewareChain, MiddlewareChain } from "./chain.js";
+export { createRateLimiter, type RateLimitConfig, rateLimitMiddleware, type RateLimitResult, } from "./rate-limit/index.js";
+export { type CacheConfig, type CacheEntry, cacheMiddleware, createCache } from "./cache/index.js";
+export { type CostConfig, costTrackingMiddleware, createCostTracker, type UsageRecord, type UsageSummary, } from "./cost-tracking/index.js";
+export { COMMON_BLOCKED_PATTERNS, InputValidator, OutputFilter, type SecurityConfig, securityMiddleware, type SecurityViolation, } from "./security/index.js";
+//# sourceMappingURL=index.d.ts.map

package/esm/src/agent/middleware/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/src/agent/middleware/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,qBAAqB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAEpE,OAAO,EACL,iBAAiB,EACjB,KAAK,eAAe,EACpB,mBAAmB,EACnB,KAAK,eAAe,GACrB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,KAAK,WAAW,EAAE,KAAK,UAAU,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAEnG,OAAO,EACL,KAAK,UAAU,EACf,sBAAsB,EACtB,iBAAiB,EACjB,KAAK,WAAW,EAChB,KAAK,YAAY,GAClB,MAAM,0BAA0B,CAAC;AAElC,OAAO,EACL,uBAAuB,EACvB,cAAc,EACd,YAAY,EACZ,KAAK,cAAc,EACnB,kBAAkB,EAClB,KAAK,iBAAiB,GACvB,MAAM,qBAAqB,CAAC"}

package/esm/src/agent/middleware/index.js

@@ -0,0 +1,10 @@
+/**
+ * Agent Middleware
+ *
+ * @module agent/middleware
+ */
+export { createMiddlewareChain, MiddlewareChain } from "./chain.js";
+export { createRateLimiter, rateLimitMiddleware, } from "./rate-limit/index.js";
+export { cacheMiddleware, createCache } from "./cache/index.js";
+export { costTrackingMiddleware, createCostTracker, } from "./cost-tracking/index.js";
+export { COMMON_BLOCKED_PATTERNS, InputValidator, OutputFilter, securityMiddleware, } from "./security/index.js";

package/esm/src/agent/middleware/rate-limit/index.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Middleware - Rate Limit
+ *
+ * @module agent/middleware/rate-limit
+ */
+export { createRateLimiter, type RateLimitConfig, rateLimitMiddleware, type RateLimitResult, } from "./limiter.js";
+//# sourceMappingURL=index.d.ts.map

package/esm/src/agent/middleware/rate-limit/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/src/agent/middleware/rate-limit/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,iBAAiB,EACjB,KAAK,eAAe,EACpB,mBAAmB,EACnB,KAAK,eAAe,GACrB,MAAM,cAAc,CAAC"}

package/esm/src/agent/middleware/rate-limit/index.js

@@ -0,0 +1,6 @@
+/**
+ * Middleware - Rate Limit
+ *
+ * @module agent/middleware/rate-limit
+ */
+export { createRateLimiter, rateLimitMiddleware, } from "./limiter.js";

package/esm/src/agent/middleware/rate-limit/limiter.d.ts

@@ -0,0 +1,20 @@
+export interface RateLimitConfig {
+    strategy: "fixed-window" | "sliding-window" | "token-bucket";
+    maxRequests: number;
+    windowMs: number;
+    identify?: (context: Record<string, unknown>) => string;
+    errorMessage?: string;
+}
+export interface RateLimitResult {
+    allowed: boolean;
+    remaining: number;
+    resetAt: number;
+    retryAfter?: number;
+}
+export declare function createRateLimiter(config: RateLimitConfig): {
+    check: (context?: Record<string, unknown>) => RateLimitResult;
+    reset: (context?: Record<string, unknown>) => void;
+    clear: () => void;
+};
+export declare function rateLimitMiddleware(config: RateLimitConfig): <T>(context: Record<string, unknown>, next: () => Promise<T>) => Promise<T>;
+//# sourceMappingURL=limiter.d.ts.map

package/esm/src/agent/middleware/rate-limit/limiter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"limiter.d.ts","sourceRoot":"","sources":["../../../../../src/src/agent/middleware/rate-limit/limiter.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,cAAc,GAAG,gBAAgB,GAAG,cAAc,CAAC;IAC7D,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,MAAM,CAAC;IACxD,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAoHD,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,eAAe,GAAG;IAC1D,KAAK,EAAE,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,eAAe,CAAC;IAC9D,KAAK,EAAE,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;IACnD,KAAK,EAAE,MAAM,IAAI,CAAC;CACnB,CAkBA;AAED,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,eAAe,GACtB,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,IAAI,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,KAAK,OAAO,CAAC,CAAC,CAAC,CAsC7E"}

package/esm/src/agent/middleware/rate-limit/limiter.js

@@ -0,0 +1,136 @@
+import { createError, toError } from "../../../errors/veryfront-error.js";
+import { setActiveSpanAttributes, withSpan } from "../../../observability/tracing/otlp-setup.js";
+class FixedWindowLimiter {
+    config;
+    requests = new Map();
+    constructor(config) {
+        this.config = config;
+    }
+    check(identifier) {
+        const now = Date.now();
+        const entry = this.requests.get(identifier);
+        if (!entry || now >= entry.resetAt) {
+            const resetAt = now + this.config.windowMs;
+            this.requests.set(identifier, { count: 1, resetAt });
+            return {
+                allowed: true,
+                remaining: this.config.maxRequests - 1,
+                resetAt,
+            };
+        }
+        if (entry.count >= this.config.maxRequests) {
+            return {
+                allowed: false,
+                remaining: 0,
+                resetAt: entry.resetAt,
+                retryAfter: Math.ceil((entry.resetAt - now) / 1000),
+            };
+        }
+        entry.count++;
+        return {
+            allowed: true,
+            remaining: this.config.maxRequests - entry.count,
+            resetAt: entry.resetAt,
+        };
+    }
+    reset(identifier) {
+        this.requests.delete(identifier);
+    }
+    clear() {
+        this.requests.clear();
+    }
+}
+class TokenBucketLimiter {
+    config;
+    buckets = new Map();
+    refillRate;
+    constructor(config) {
+        this.config = config;
+        this.refillRate = config.maxRequests / config.windowMs;
+    }
+    check(identifier) {
+        const now = Date.now();
+        const bucket = this.buckets.get(identifier);
+        if (!bucket) {
+            const tokens = this.config.maxRequests - 1;
+            this.buckets.set(identifier, { tokens, lastRefill: now });
+            return {
+                allowed: true,
+                remaining: tokens,
+                resetAt: now + this.config.windowMs,
+            };
+        }
+        const timePassed = now - bucket.lastRefill;
+        bucket.tokens = Math.min(this.config.maxRequests, bucket.tokens + timePassed * this.refillRate);
+        bucket.lastRefill = now;
+        if (bucket.tokens < 1) {
+            const timeUntilToken = (1 - bucket.tokens) / this.refillRate;
+            return {
+                allowed: false,
+                remaining: 0,
+                resetAt: now + this.config.windowMs,
+                retryAfter: Math.ceil(timeUntilToken / 1000),
+            };
+        }
+        bucket.tokens--;
+        return {
+            allowed: true,
+            remaining: Math.floor(bucket.tokens),
+            resetAt: now + this.config.windowMs,
+        };
+    }
+    reset(identifier) {
+        this.buckets.delete(identifier);
+    }
+    clear() {
+        this.buckets.clear();
+    }
+}
+function createLimiterByStrategy(config) {
+    if (config.strategy === "fixed-window")
+        return new FixedWindowLimiter(config);
+    return new TokenBucketLimiter(config);
+}
+export function createRateLimiter(config) {
+    const limiter = createLimiterByStrategy(config);
+    function getIdentifier(context) {
+        return config.identify?.(context ?? {}) ?? "default";
+    }
+    return {
+        check(context) {
+            return limiter.check(getIdentifier(context));
+        },
+        reset(context) {
+            limiter.reset(getIdentifier(context));
+        },
+        clear() {
+            limiter.clear();
+        },
+    };
+}
+export function rateLimitMiddleware(config) {
+    const limiter = createRateLimiter(config);
+    return function middleware(context, next) {
+        return withSpan("agent.middleware.rateLimit", () => {
+            const result = limiter.check(context);
+            setActiveSpanAttributes({
+                "rateLimit.allowed": result.allowed,
+                "rateLimit.remaining": result.remaining,
+                "rateLimit.strategy": config.strategy,
+            });
+            if (result.allowed)
+                return next();
+            setActiveSpanAttributes({
+                "rateLimit.retryAfter": result.retryAfter ?? 0,
+            });
+            throw toError(createError({
+                type: "agent",
+                message: config.errorMessage ??
+                    `Rate limit exceeded. Try again in ${result.retryAfter} seconds.`,
+            }));
+        }, {
+            "rateLimit.strategy": config.strategy,
+            "rateLimit.maxRequests": config.maxRequests,
+        });
+    };
+}

package/esm/src/agent/middleware/security/index.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Middleware - Security
+ *
+ * @module agent/middleware/security
+ */
+export { COMMON_BLOCKED_PATTERNS, InputValidator, OutputFilter, type SecurityConfig, securityMiddleware, type SecurityViolation, } from "./validator.js";
+//# sourceMappingURL=index.d.ts.map

package/esm/src/agent/middleware/security/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/src/agent/middleware/security/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,uBAAuB,EACvB,cAAc,EACd,YAAY,EACZ,KAAK,cAAc,EACnB,kBAAkB,EAClB,KAAK,iBAAiB,GACvB,MAAM,gBAAgB,CAAC"}

package/esm/src/agent/middleware/security/index.js

@@ -0,0 +1,6 @@
+/**
+ * Middleware - Security
+ *
+ * @module agent/middleware/security
+ */
+export { COMMON_BLOCKED_PATTERNS, InputValidator, OutputFilter, securityMiddleware, } from "./validator.js";

package/esm/src/prompt/factory.js

@@ -1,5 +1,5 @@
 import { createError, toError } from "../errors/veryfront-error.js";
-import { COMMON_BLOCKED_PATTERNS } from "../agent/middleware/security/validator.js";
+import { COMMON_BLOCKED_PATTERNS } from "../agent/middleware/index.js";
 const BLOCKED_PROMPT_PATTERNS = COMMON_BLOCKED_PATTERNS.promptInjection;
 export function prompt(config) {
     const { content, description, generate, suggestion } = config;

package/esm/src/utils/version-constant.d.ts

@@ -1,2 +1,2 @@
-export declare const VERSION = "0.1.379";
+export declare const VERSION = "0.1.381";
 //# sourceMappingURL=version-constant.d.ts.map

package/esm/src/utils/version-constant.js

@@ -1,3 +1,3 @@
 // Keep in sync with deno.json version.
 // scripts/release.ts updates this constant during releases.
-export const VERSION = "0.1.379";
+export const VERSION = "0.1.381";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "veryfront",
-  "version": "0.1.379",
+  "version": "0.1.381",
   "description": "The simplest way to build AI-powered apps",
   "keywords": [
     "react",

package/src/deno.js

@@ -1,6 +1,6 @@
 export default {
   "name": "veryfront",
-  "version": "0.1.379",
+  "version": "0.1.381",
   "license": "Apache-2.0",
   "nodeModulesDir": "auto",
   "workspace": [
@@ -343,8 +343,8 @@ export default {
     "test:coverage": "rm -rf coverage && VF_DISABLE_LRU_INTERVAL=1 SSR_TRANSFORM_PER_PROJECT_LIMIT=0 REVALIDATION_PER_PROJECT_LIMIT=0 NODE_ENV=production LOG_FORMAT=text deno test --no-check --parallel --fail-fast --allow-all --coverage=coverage '--ignore=tests/integration/compiled-binary-e2e.test.ts' --unstable-worker-options --unstable-net || exit 1",
     "test:coverage:unit": "rm -rf coverage && VF_DISABLE_LRU_INTERVAL=1 SSR_TRANSFORM_PER_PROJECT_LIMIT=0 REVALIDATION_PER_PROJECT_LIMIT=0 NODE_ENV=production LOG_FORMAT=text deno test --no-check --parallel --fail-fast --allow-all --coverage=coverage '--ignore=tests,src/workflow/__tests__' --unstable-worker-options --unstable-net $(find src cli -name '*.test.ts' ! -name '*.integration.test.ts') || exit 1",
     "test:coverage:integration": "rm -rf coverage && VF_DISABLE_LRU_INTERVAL=1 SSR_TRANSFORM_PER_PROJECT_LIMIT=0 REVALIDATION_PER_PROJECT_LIMIT=0 NODE_ENV=production LOG_FORMAT=text deno test --no-check --parallel --fail-fast --allow-all --coverage=coverage '--ignore=tests/e2e,tests/integration/compiled-binary-e2e.test.ts' tests --unstable-worker-options --unstable-net || exit 1",
-    "coverage:report": "deno coverage coverage --include=src/ --exclude=tests --exclude=src/**/*_test.ts --exclude=src/**/*_test.tsx --exclude=src/**/*.test.ts --exclude=src/**/*.test.tsx --lcov > coverage/lcov.info && deno run --allow-read scripts/lint/check-coverage.ts 80",
-    "coverage:html": "deno coverage coverage --include=src/ --exclude=tests --exclude=src/**/*_test.ts --exclude=src/**/*_test.tsx --exclude=src/**/*.test.ts --exclude=src/**/*.test.tsx --html",
+    "coverage:report": "deno coverage coverage --include=src/ --exclude=tests '--exclude=src/**/*_test.ts' '--exclude=src/**/*_test.tsx' '--exclude=src/**/*.test.ts' '--exclude=src/**/*.test.tsx' --lcov > coverage/lcov.info && deno run --allow-read scripts/lint/check-coverage.ts 80",
+    "coverage:html": "deno coverage coverage --include=src/ --exclude=tests '--exclude=src/**/*_test.ts' '--exclude=src/**/*_test.tsx' '--exclude=src/**/*.test.ts' '--exclude=src/**/*.test.tsx' --html",
     "bench": "VF_DISABLE_LRU_INTERVAL=1 NODE_ENV=production LOG_FORMAT=text deno bench --no-check --allow-all --unstable-worker-options --unstable-net $(find src -name '*.bench.ts')",
     "clean": "rm -rf .cache/",
     "lint": "DENO_NO_PACKAGE_JSON=1 deno lint src/ cli/",

package/src/deps/esm.sh/@types/react-dom@19.2.3/client.d.ts

@@ -4,7 +4,7 @@
 
 // See https://github.com/facebook/react/blob/main/packages/react-dom/client.js to see how the exports are declared,
 
-import React = require("https://esm.sh/@types/react@19.2.14/index.d.ts");
+import React = require("https://esm.sh/@types/react@19.2.3/index.d.ts");
 
 export {};
 

package/src/deps/esm.sh/@types/{react@19.2.14 → react@19.2.3}/global.d.ts

@@ -18,7 +18,6 @@ interface KeyboardEvent extends Event {}
 interface MouseEvent extends Event {}
 interface TouchEvent extends Event {}
 interface PointerEvent extends Event {}
-interface SubmitEvent extends Event {}
 interface ToggleEvent extends Event {}
 interface TransitionEvent extends Event {}
 interface UIEvent extends Event {}