visus-mcp 0.2.0 → 0.3.0

package/ROADMAP.md

@@ -1,41 +1,84 @@
 # Visus MCP — Product Roadmap
 
-## v0.1.0 ✅ PUBLISHED
+## v0.1.0 ✅ PUBLISHED (2026-03-21)
 - 43 injection pattern categories
-- PII redaction (email, phone, SSN, CC, IP)
-- undici fetch() renderer
+- PII redaction (email, phone, SSN, credit card, IP)
+- undici fetch() renderer (static + server-rendered pages)
 - visus_fetch + visus_fetch_structured tools
 - 95/95 tests passing
 - Published to npm
+- Claude Desktop smoke tested (4/4 passing)
 
-## v0.2.0 — IN PROGRESS
-- Lambda browser renderer (Playwright, Amazon Linux x86_64)
-- BYOC support (user-supplied Lambda endpoint)
-- Lateos managed endpoint (open, no auth — rate limiting deferred)
-- CDK deployment template for self-hosted users
-- Three-tier renderer fallback: Lambda → fetch()
+## v0.2.0 ✅ PUBLISHED + DEPLOYED (2026-03-22)
+- Playwright headless Chromium (JavaScript-rendered pages, SPAs)
+- AWS Lambda renderer (x86_64, Amazon Linux, Node.js 20)
+- API Gateway (REST API)
+- Cognito User Pool with OAuth 2.0 (email authentication)
+- DynamoDB audit logging table (KMS-encrypted, PITR in prod)
+- IAM roles with scoped permissions
+- CloudWatch structured logging (30-day retention)
+- Dual-mode runtime (stdio MCP + Lambda unified codebase)
+- BYOC support (user-supplied Lambda endpoint via VISUS_RENDERER_URL)
+- Lateos managed endpoint live:
+  https://wyomy29zd7.execute-api.us-east-1.amazonaws.com
+- 95/95 tests passing (no regressions)
+- Lambda smoke tests: 3/3 passing
+  - example.com (static): 1.0s warm
+  - github.com (SPA): 6.2s warm
+  - medlineplus.gov (clinical): 3.0s warm
 
 ## v0.3.0 — PLANNED
-- API key authentication for managed endpoint
-- Cognito user pool for multi-user support
-- DynamoDB audit logging (HIPAA compliance trail)
-- Rate limiting on managed tier (free vs paid)
-- CloudWatch metrics dashboard
+Focus: managed tier activation — make the deployed
+infrastructure useful to end users
+
+- Activate Cognito authentication on managed endpoint
+  (currently deployed but open — no auth enforced)
+- Free tier rate limiting (requests/day per user)
+- API key management for managed tier users
+- CloudWatch metrics dashboard (usage visibility)
+- WAF rules on API Gateway (bot protection)
+- CORS restricted to authenticated origins
+- npm publish v0.3.0
 
 ## v0.4.0 — PLANNED
-- Paid tier billing (Stripe integration)
+Focus: paid tier + enterprise
+
+- Stripe billing integration
 - Usage dashboard for managed tier users
-- BYOC enterprise tier (dedicated Lambda, SLA)
+- Paid tier gating (rate limit increase)
+- BYOC enterprise tier (dedicated Lambda, SLA documentation)
 - Lateos platform integration
+- Multi-region consideration (me-central-1 for MENA healthcare)
+
+## Phase 3 — USER SESSION RELAY (future)
+Focus: login-gated content (LinkedIn, X, EHR portals)
+
+- Chrome extension / in-app browser layer
+- User-authenticated session relay
+- Content passes through Visus sanitizer before reaching Claude
+- Zero Lateos infrastructure in the auth path (user's own session)
+- Tagline: "What the web shows you, Lateos reads safely"
+- This is the feature that unlocks LinkedIn, X, and clinical portals
+
+## Architecture Decisions (permanent record)
+
+| Decision | Rationale |
+|---|---|
+| Sanitizer always runs locally | PHI never touches Lateos infrastructure |
+| x86_64 Lambda only | ARM64 incompatible with Playwright |
+| us-east-1 for managed endpoint | Best Lambda cold start globally |
+| me-central-1 reserved | Future Lateos backend (MENA healthcare) |
+| Open endpoint until v0.3.0 | Minimize adoption friction at launch |
+| Cognito deployed in v0.2.0 | Available, not yet enforced |
+| DynamoDB deployed in v0.2.0 | Available, not yet activated for audit |
+| undici fallback retained | Graceful degradation if Lambda unavailable |
+
+## Known Limitations (Phase 2)
 
-## Deferred / Under Consideration
-- Playwright local rendering (blocked by macOS ARM64 compatibility)
-- Chrome extension / user-session relay (Phase 3 Visus feature)
-- WAF protection on managed endpoint (post-v0.3.0)
-- Pattern library expansion based on bypass reports
-
-## Architecture Decisions
-- Sanitizer ALWAYS runs locally — PHI never touches Lateos infrastructure
-- Managed tier open (no auth) until v0.3.0 — minimize adoption friction
-- BYOC uses same CDK template as Lateos managed deployment
-- x86_64 Lambda required for Playwright (ARM64 incompatible)
+| Limitation | Resolution |
+|---|---|
+| Login-gated pages (LinkedIn, X) | Phase 3 user-session relay |
+| Lambda cold start 4-5s | Provisioned concurrency (v0.3.0) |
+| No rate limiting on managed endpoint | v0.3.0 |
+| DynamoDB audit log not yet active | v0.3.0 activation |
+| Cognito auth deployed but not enforced | v0.3.0 activation |

package/dist/sanitizer/index.d.ts

@@ -12,6 +12,11 @@ export interface SanitizationResult {
     sanitization: {
         patterns_detected: string[];
         pii_types_redacted: string[];
+        pii_allowlisted: Array<{
+            type: string;
+            value: string;
+            reason: string;
+        }>;
         content_modified: boolean;
     };
     metadata: {
@@ -32,13 +37,14 @@ export interface SanitizationResult {
  *
  * Pipeline:
  * 1. Injection detection and neutralization (43 patterns)
- * 2. PII redaction (email, phone, SSN, CC, IP)
+ * 2. PII redaction (email, phone, SSN, CC, IP) with allowlisting
  * 3. Metadata collection and logging
  *
  * @param content Raw content from web page
+ * @param sourceUrl Optional source URL for domain-scoped PII allowlisting
  * @returns Sanitized content with detection metadata
  */
-export declare function sanitize(content: string): SanitizationResult;
+export declare function sanitize(content: string, sourceUrl?: string): SanitizationResult;
 /**
  * Quick check: does content need sanitization?
  * (Used for optimization - skip pipeline if content is clean)

package/dist/sanitizer/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/sanitizer/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE;QACZ,iBAAiB,EAAE,MAAM,EAAE,CAAC;QAC5B,kBAAkB,EAAE,MAAM,EAAE,CAAC;QAC7B,gBAAgB,EAAE,OAAO,CAAC;KAC3B,CAAC;IACF,QAAQ,EAAE;QACR,eAAe,EAAE,MAAM,CAAC;QACxB,gBAAgB,EAAE,MAAM,CAAC;QACzB,cAAc,EAAE,MAAM,CAAC;QACvB,oBAAoB,EAAE,OAAO,CAAC;QAC9B,sBAAsB,EAAE;YACtB,QAAQ,EAAE,MAAM,CAAC;YACjB,IAAI,EAAE,MAAM,CAAC;YACb,MAAM,EAAE,MAAM,CAAC;YACf,GAAG,EAAE,MAAM,CAAC;SACb,CAAC;KACH,CAAC;CACH;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,kBAAkB,CAwC5D;AAyBD;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAG3D;AAED;;GAEG;AACH,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAC3E,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/sanitizer/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE;QACZ,iBAAiB,EAAE,MAAM,EAAE,CAAC;QAC5B,kBAAkB,EAAE,MAAM,EAAE,CAAC;QAC7B,eAAe,EAAE,KAAK,CAAC;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAC;YAAC,MAAM,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;QACxE,gBAAgB,EAAE,OAAO,CAAC;KAC3B,CAAC;IACF,QAAQ,EAAE;QACR,eAAe,EAAE,MAAM,CAAC;QACxB,gBAAgB,EAAE,MAAM,CAAC;QACzB,cAAc,EAAE,MAAM,CAAC;QACvB,oBAAoB,EAAE,OAAO,CAAC;QAC9B,sBAAsB,EAAE;YACtB,QAAQ,EAAE,MAAM,CAAC;YACjB,IAAI,EAAE,MAAM,CAAC;YACb,MAAM,EAAE,MAAM,CAAC;YACf,GAAG,EAAE,MAAM,CAAC;SACb,CAAC;KACH,CAAC;CACH;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,kBAAkB,CA0ChF;AA0BD;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAG3D;AAED;;GAEG;AACH,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAC3E,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC"}

package/dist/sanitizer/index.js

@@ -14,18 +14,19 @@ import { redactPII } from './pii-redactor.js';
  *
  * Pipeline:
  * 1. Injection detection and neutralization (43 patterns)
- * 2. PII redaction (email, phone, SSN, CC, IP)
+ * 2. PII redaction (email, phone, SSN, CC, IP) with allowlisting
  * 3. Metadata collection and logging
  *
  * @param content Raw content from web page
+ * @param sourceUrl Optional source URL for domain-scoped PII allowlisting
  * @returns Sanitized content with detection metadata
  */
-export function sanitize(content) {
+export function sanitize(content, sourceUrl) {
     const originalLength = content.length;
     // Step 1: Detect and neutralize injection patterns
     const injectionResult = detectAndNeutralize(content);
-    // Step 2: Redact PII from the already-sanitized content
-    const piiResult = redactPII(injectionResult.content);
+    // Step 2: Redact PII from the already-sanitized content (with allowlisting)
+    const piiResult = redactPII(injectionResult.content, sourceUrl);
     // Step 3: Combine results
     const finalContent = piiResult.content;
     const contentModified = injectionResult.content_modified || piiResult.content_modified;
@@ -35,6 +36,7 @@ export function sanitize(content) {
     logSanitization({
         patterns_detected: injectionResult.patterns_detected,
         pii_types_redacted: piiResult.pii_types_redacted,
+        pii_allowlisted: piiResult.pii_allowlisted,
         severity_score: severityScore,
         has_critical_threats: criticalThreats,
         content_modified: contentModified
@@ -44,6 +46,7 @@ export function sanitize(content) {
         sanitization: {
             patterns_detected: injectionResult.patterns_detected,
             pii_types_redacted: piiResult.pii_types_redacted,
+            pii_allowlisted: piiResult.pii_allowlisted,
             content_modified: contentModified
         },
         metadata: {
@@ -66,7 +69,7 @@ function logSanitization(event) {
         ...event
     };
     // Only log if there were detections (reduce noise)
-    if (event.content_modified) {
+    if (event.content_modified || event.pii_allowlisted.length > 0) {
         console.error(JSON.stringify(logEntry));
     }
 }

package/dist/sanitizer/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sanitizer/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AACpG,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAuB9C;;;;;;;;;;GAUG;AACH,MAAM,UAAU,QAAQ,CAAC,OAAe;IACtC,MAAM,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC;IAEtC,mDAAmD;IACnD,MAAM,eAAe,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;IAErD,wDAAwD;IACxD,MAAM,SAAS,GAAG,SAAS,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;IAErD,0BAA0B;IAC1B,MAAM,YAAY,GAAG,SAAS,CAAC,OAAO,CAAC;IACvC,MAAM,eAAe,GAAG,eAAe,CAAC,gBAAgB,IAAI,SAAS,CAAC,gBAAgB,CAAC;IAEvF,MAAM,aAAa,GAAG,gBAAgB,CAAC,eAAe,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC;IACxF,MAAM,eAAe,GAAG,kBAAkB,CAAC,eAAe,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC;IAE5F,2DAA2D;IAC3D,eAAe,CAAC;QACd,iBAAiB,EAAE,eAAe,CAAC,iBAAiB;QACpD,kBAAkB,EAAE,SAAS,CAAC,kBAAkB;QAChD,cAAc,EAAE,aAAa;QAC7B,oBAAoB,EAAE,eAAe;QACrC,gBAAgB,EAAE,eAAe;KAClC,CAAC,CAAC;IAEH,OAAO;QACL,OAAO,EAAE,YAAY;QACrB,YAAY,EAAE;YACZ,iBAAiB,EAAE,eAAe,CAAC,iBAAiB;YACpD,kBAAkB,EAAE,SAAS,CAAC,kBAAkB;YAChD,gBAAgB,EAAE,eAAe;SAClC;QACD,QAAQ,EAAE;YACR,eAAe,EAAE,cAAc;YAC/B,gBAAgB,EAAE,YAAY,CAAC,MAAM;YACrC,cAAc,EAAE,aAAa;YAC7B,oBAAoB,EAAE,eAAe;YACrC,sBAAsB,EAAE,eAAe,CAAC,QAAQ,CAAC,sBAAsB;SACxE;KACF,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,KAMxB;IACC,MAAM,QAAQ,GAAG;QACf,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,KAAK,EAAE,cAAc;QACrB,GAAG,KAAK;KACT,CAAC;IAEF,mDAAmD;IACnD,IAAI,KAAK,CAAC,gBAAgB,EAAE,CAAC;QAC3B,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC1C,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,QAAgB;IAChD,sDAAsD;IACtD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAC3E,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sanitizer/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AACpG,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAwB9C;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,QAAQ,CAAC,OAAe,EAAE,SAAkB;IAC1D,MAAM,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC;IAEtC,mDAAmD;IACnD,MAAM,eAAe,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;IAErD,4EAA4E;IAC5E,MAAM,SAAS,GAAG,SAAS,CAAC,eAAe,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAEhE,0BAA0B;IAC1B,MAAM,YAAY,GAAG,SAAS,CAAC,OAAO,CAAC;IACvC,MAAM,eAAe,GAAG,eAAe,CAAC,gBAAgB,IAAI,SAAS,CAAC,gBAAgB,CAAC;IAEvF,MAAM,aAAa,GAAG,gBAAgB,CAAC,eAAe,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC;IACxF,MAAM,eAAe,GAAG,kBAAkB,CAAC,eAAe,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC;IAE5F,2DAA2D;IAC3D,eAAe,CAAC;QACd,iBAAiB,EAAE,eAAe,CAAC,iBAAiB;QACpD,kBAAkB,EAAE,SAAS,CAAC,kBAAkB;QAChD,eAAe,EAAE,SAAS,CAAC,eAAe;QAC1C,cAAc,EAAE,aAAa;QAC7B,oBAAoB,EAAE,eAAe;QACrC,gBAAgB,EAAE,eAAe;KAClC,CAAC,CAAC;IAEH,OAAO;QACL,OAAO,EAAE,YAAY;QACrB,YAAY,EAAE;YACZ,iBAAiB,EAAE,eAAe,CAAC,iBAAiB;YACpD,kBAAkB,EAAE,SAAS,CAAC,kBAAkB;YAChD,eAAe,EAAE,SAAS,CAAC,eAAe;YAC1C,gBAAgB,EAAE,eAAe;SAClC;QACD,QAAQ,EAAE;YACR,eAAe,EAAE,cAAc;YAC/B,gBAAgB,EAAE,YAAY,CAAC,MAAM;YACrC,cAAc,EAAE,aAAa;YAC7B,oBAAoB,EAAE,eAAe;YACrC,sBAAsB,EAAE,eAAe,CAAC,QAAQ,CAAC,sBAAsB;SACxE;KACF,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,KAOxB;IACC,MAAM,QAAQ,GAAG;QACf,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,KAAK,EAAE,cAAc;QACrB,GAAG,KAAK;KACT,CAAC;IAEF,mDAAmD;IACnD,IAAI,KAAK,CAAC,gBAAgB,IAAI,KAAK,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/D,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC1C,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,QAAgB;IAChD,sDAAsD;IACtD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAC3E,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC"}

package/dist/sanitizer/pii-allowlist.d.ts

@@ -0,0 +1,49 @@
+/**
+ * PII Allowlist Configuration
+ *
+ * Defines trusted phone numbers that should NOT be redacted from web content.
+ * Primarily for verified health authority and government emergency numbers.
+ *
+ * CRITICAL: Only add numbers that are:
+ * 1. Publicly published institutional/government numbers
+ * 2. Verified health/safety authorities
+ * 3. Not personal contact information
+ */
+export interface TrustedPhoneNumber {
+    /** Display name for logging */
+    name: string;
+    /** Normalized phone number variants (all formats this number might appear in) */
+    numbers: string[];
+    /** Optional: domains where this number is trusted (empty = trusted everywhere) */
+    trustedDomains?: string[];
+    /** Category for audit logging */
+    category: 'emergency' | 'health_authority' | 'government' | 'helpline';
+}
+export interface PIIAllowlistConfig {
+    /** When true, trusted numbers only preserved if source domain matches trustedDomains */
+    strictDomainMode: boolean;
+    /** List of verified trusted phone numbers */
+    trustedPhoneNumbers: TrustedPhoneNumber[];
+}
+/**
+ * Normalize a phone number to digits-only format for comparison
+ */
+export declare function normalizePhoneNumber(phone: string): string;
+/**
+ * Extract domain from URL (returns hostname without www.)
+ */
+export declare function extractDomain(url: string): string;
+/**
+ * Built-in allowlist of verified health authority and emergency numbers
+ */
+export declare const DEFAULT_ALLOWLIST: PIIAllowlistConfig;
+/**
+ * Check if a phone number should be allowlisted (not redacted)
+ *
+ * @param phoneNumber The phone number to check (in any format)
+ * @param sourceUrl Optional source URL for domain-scoped allowlisting
+ * @param config Optional custom config (defaults to DEFAULT_ALLOWLIST)
+ * @returns The trusted number entry if allowlisted, null otherwise
+ */
+export declare function isAllowlistedPhoneNumber(phoneNumber: string, sourceUrl?: string, config?: PIIAllowlistConfig): TrustedPhoneNumber | null;
+//# sourceMappingURL=pii-allowlist.d.ts.map

package/dist/sanitizer/pii-allowlist.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pii-allowlist.d.ts","sourceRoot":"","sources":["../../src/sanitizer/pii-allowlist.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,MAAM,WAAW,kBAAkB;IACjC,+BAA+B;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,iFAAiF;IACjF,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,kFAAkF;IAClF,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,iCAAiC;IACjC,QAAQ,EAAE,WAAW,GAAG,kBAAkB,GAAG,YAAY,GAAG,UAAU,CAAC;CACxE;AAED,MAAM,WAAW,kBAAkB;IACjC,wFAAwF;IACxF,gBAAgB,EAAE,OAAO,CAAC;IAC1B,6CAA6C;IAC7C,mBAAmB,EAAE,kBAAkB,EAAE,CAAC;CAC3C;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAE1D;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAOjD;AAED;;GAEG;AACH,eAAO,MAAM,iBAAiB,EAAE,kBA+J/B,CAAC;AAEF;;;;;;;GAOG;AACH,wBAAgB,wBAAwB,CACtC,WAAW,EAAE,MAAM,EACnB,SAAS,CAAC,EAAE,MAAM,EAClB,MAAM,GAAE,kBAAsC,GAC7C,kBAAkB,GAAG,IAAI,CA+C3B"}

package/dist/sanitizer/pii-allowlist.js

@@ -0,0 +1,231 @@
+/**
+ * PII Allowlist Configuration
+ *
+ * Defines trusted phone numbers that should NOT be redacted from web content.
+ * Primarily for verified health authority and government emergency numbers.
+ *
+ * CRITICAL: Only add numbers that are:
+ * 1. Publicly published institutional/government numbers
+ * 2. Verified health/safety authorities
+ * 3. Not personal contact information
+ */
+/**
+ * Normalize a phone number to digits-only format for comparison
+ */
+export function normalizePhoneNumber(phone) {
+    return phone.replace(/\D/g, '');
+}
+/**
+ * Extract domain from URL (returns hostname without www.)
+ */
+export function extractDomain(url) {
+    try {
+        const parsedUrl = new URL(url);
+        return parsedUrl.hostname.replace(/^www\./, '').toLowerCase();
+    }
+    catch {
+        return '';
+    }
+}
+/**
+ * Built-in allowlist of verified health authority and emergency numbers
+ */
+export const DEFAULT_ALLOWLIST = {
+    strictDomainMode: false, // Default: trust globally, not domain-scoped
+    trustedPhoneNumbers: [
+        // Emergency Services
+        {
+            name: 'Emergency Services (911)',
+            numbers: ['911'],
+            category: 'emergency'
+        },
+        // Poison Control
+        {
+            name: 'Poison Control Center',
+            numbers: [
+                '18002221222',
+                '8002221222',
+                '1-800-222-1222',
+                '800-222-1222'
+            ],
+            trustedDomains: [
+                'medlineplus.gov',
+                'cdc.gov',
+                'fda.gov',
+                'aapcc.org',
+                'poison.org',
+                'nih.gov',
+                'nlm.nih.gov'
+            ],
+            category: 'health_authority'
+        },
+        // FDA MedWatch (adverse event reporting)
+        {
+            name: 'FDA MedWatch',
+            numbers: [
+                '18003321088',
+                '8003321088',
+                '1-800-332-1088',
+                '800-332-1088'
+            ],
+            trustedDomains: [
+                'fda.gov',
+                'medlineplus.gov',
+                'cdc.gov',
+                'nih.gov'
+            ],
+            category: 'health_authority'
+        },
+        // CDC INFO
+        {
+            name: 'CDC INFO',
+            numbers: [
+                '18002324636',
+                '8002324636',
+                '1-800-232-4636',
+                '800-232-4636'
+            ],
+            trustedDomains: [
+                'cdc.gov',
+                'medlineplus.gov',
+                'nih.gov'
+            ],
+            category: 'health_authority'
+        },
+        // SAMHSA National Helpline (substance abuse/mental health)
+        {
+            name: 'SAMHSA National Helpline',
+            numbers: [
+                '18006624357',
+                '8006624357',
+                '1-800-662-4357',
+                '800-662-4357'
+            ],
+            trustedDomains: [
+                'samhsa.gov',
+                'medlineplus.gov',
+                'cdc.gov',
+                'nih.gov'
+            ],
+            category: 'helpline'
+        },
+        // National Suicide Prevention Lifeline
+        {
+            name: 'National Suicide Prevention Lifeline',
+            numbers: [
+                '18002738255',
+                '8002738255',
+                '1-800-273-8255',
+                '800-273-8255',
+                '988' // New 3-digit code
+            ],
+            trustedDomains: [
+                'suicidepreventionlifeline.org',
+                'samhsa.gov',
+                'medlineplus.gov',
+                'cdc.gov',
+                'nih.gov'
+            ],
+            category: 'helpline'
+        },
+        // National Domestic Violence Hotline
+        {
+            name: 'National Domestic Violence Hotline',
+            numbers: [
+                '18007997233',
+                '8007997233',
+                '1-800-799-7233',
+                '800-799-7233'
+            ],
+            trustedDomains: [
+                'thehotline.org',
+                'cdc.gov',
+                'medlineplus.gov',
+                'nih.gov'
+            ],
+            category: 'helpline'
+        },
+        // Medicare
+        {
+            name: 'Medicare',
+            numbers: [
+                '18006331795',
+                '8006331795',
+                '1-800-633-1795',
+                '800-633-1795'
+            ],
+            trustedDomains: [
+                'medicare.gov',
+                'cms.gov',
+                'medlineplus.gov',
+                'nih.gov'
+            ],
+            category: 'government'
+        },
+        // Veterans Crisis Line
+        {
+            name: 'Veterans Crisis Line',
+            numbers: [
+                '18002738255',
+                '8002738255',
+                '1-800-273-8255',
+                '800-273-8255'
+            ],
+            trustedDomains: [
+                'va.gov',
+                'veteranscrisisline.net',
+                'medlineplus.gov',
+                'nih.gov'
+            ],
+            category: 'helpline'
+        }
+    ]
+};
+/**
+ * Check if a phone number should be allowlisted (not redacted)
+ *
+ * @param phoneNumber The phone number to check (in any format)
+ * @param sourceUrl Optional source URL for domain-scoped allowlisting
+ * @param config Optional custom config (defaults to DEFAULT_ALLOWLIST)
+ * @returns The trusted number entry if allowlisted, null otherwise
+ */
+export function isAllowlistedPhoneNumber(phoneNumber, sourceUrl, config = DEFAULT_ALLOWLIST) {
+    const normalized = normalizePhoneNumber(phoneNumber);
+    const sourceDomain = sourceUrl ? extractDomain(sourceUrl) : '';
+    for (const trustedEntry of config.trustedPhoneNumbers) {
+        // Check if any variant of this trusted number matches
+        const matchesNumber = trustedEntry.numbers.some(variant => {
+            const normalizedVariant = normalizePhoneNumber(variant);
+            return normalized === normalizedVariant;
+        });
+        if (!matchesNumber) {
+            continue; // Number doesn't match, check next entry
+        }
+        // Number matches - now check domain restrictions
+        const hasDomainRestrictions = trustedEntry.trustedDomains && trustedEntry.trustedDomains.length > 0;
+        if (!hasDomainRestrictions) {
+            // No domain restrictions - trust globally
+            return trustedEntry;
+        }
+        // Has domain restrictions
+        if (config.strictDomainMode && !sourceUrl) {
+            // Strict mode requires domain match, but no URL provided
+            continue;
+        }
+        if (sourceUrl && trustedEntry.trustedDomains) {
+            // Check if source domain matches any trusted domain
+            const isDomainTrusted = trustedEntry.trustedDomains.some(trustedDomain => {
+                return sourceDomain.endsWith(trustedDomain);
+            });
+            if (isDomainTrusted) {
+                return trustedEntry;
+            }
+        }
+        // In non-strict mode, trust the number even if domain doesn't match
+        if (!config.strictDomainMode) {
+            return trustedEntry;
+        }
+    }
+    return null; // No match found
+}
+//# sourceMappingURL=pii-allowlist.js.map

package/dist/sanitizer/pii-allowlist.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pii-allowlist.js","sourceRoot":"","sources":["../../src/sanitizer/pii-allowlist.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAoBH;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,KAAa;IAChD,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AAClC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,GAAW;IACvC,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC/B,OAAO,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IAChE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAuB;IACnD,gBAAgB,EAAE,KAAK,EAAE,6CAA6C;IAEtE,mBAAmB,EAAE;QACnB,qBAAqB;QACrB;YACE,IAAI,EAAE,0BAA0B;YAChC,OAAO,EAAE,CAAC,KAAK,CAAC;YAChB,QAAQ,EAAE,WAAW;SACtB;QAED,iBAAiB;QACjB;YACE,IAAI,EAAE,uBAAuB;YAC7B,OAAO,EAAE;gBACP,aAAa;gBACb,YAAY;gBACZ,gBAAgB;gBAChB,cAAc;aACf;YACD,cAAc,EAAE;gBACd,iBAAiB;gBACjB,SAAS;gBACT,SAAS;gBACT,WAAW;gBACX,YAAY;gBACZ,SAAS;gBACT,aAAa;aACd;YACD,QAAQ,EAAE,kBAAkB;SAC7B;QAED,yCAAyC;QACzC;YACE,IAAI,EAAE,cAAc;YACpB,OAAO,EAAE;gBACP,aAAa;gBACb,YAAY;gBACZ,gBAAgB;gBAChB,cAAc;aACf;YACD,cAAc,EAAE;gBACd,SAAS;gBACT,iBAAiB;gBACjB,SAAS;gBACT,SAAS;aACV;YACD,QAAQ,EAAE,kBAAkB;SAC7B;QAED,WAAW;QACX;YACE,IAAI,EAAE,UAAU;YAChB,OAAO,EAAE;gBACP,aAAa;gBACb,YAAY;gBACZ,gBAAgB;gBAChB,cAAc;aACf;YACD,cAAc,EAAE;gBACd,SAAS;gBACT,iBAAiB;gBACjB,SAAS;aACV;YACD,QAAQ,EAAE,kBAAkB;SAC7B;QAED,2DAA2D;QAC3D;YACE,IAAI,EAAE,0BAA0B;YAChC,OAAO,EAAE;gBACP,aAAa;gBACb,YAAY;gBACZ,gBAAgB;gBAChB,cAAc;aACf;YACD,cAAc,EAAE;gBACd,YAAY;gBACZ,iBAAiB;gBACjB,SAAS;gBACT,SAAS;aACV;YACD,QAAQ,EAAE,UAAU;SACrB;QAED,uCAAuC;QACvC;YACE,IAAI,EAAE,sCAAsC;YAC5C,OAAO,EAAE;gBACP,aAAa;gBACb,YAAY;gBACZ,gBAAgB;gBAChB,cAAc;gBACd,KAAK,CAAC,mBAAmB;aAC1B;YACD,cAAc,EAAE;gBACd,+BAA+B;gBAC/B,YAAY;gBACZ,iBAAiB;gBACjB,SAAS;gBACT,SAAS;aACV;YACD,QAAQ,EAAE,UAAU;SACrB;QAED,qCAAqC;QACrC;YACE,IAAI,EAAE,oCAAoC;YAC1C,OAAO,EAAE;gBACP,aAAa;gBACb,YAAY;gBACZ,gBAAgB;gBAChB,cAAc;aACf;YACD,cAAc,EAAE;gBACd,gBAAgB;gBAChB,SAAS;gBACT,iBAAiB;gBACjB,SAAS;aACV;YACD,QAAQ,EAAE,UAAU;SACrB;QAED,WAAW;QACX;YACE,IAAI,EAAE,UAAU;YAChB,OAAO,EAAE;gBACP,aAAa;gBACb,YAAY;gBACZ,gBAAgB;gBAChB,cAAc;aACf;YACD,cAAc,EAAE;gBACd,cAAc;gBACd,SAAS;gBACT,iBAAiB;gBACjB,SAAS;aACV;YACD,QAAQ,EAAE,YAAY;SACvB;QAED,uBAAuB;QACvB;YACE,IAAI,EAAE,sBAAsB;YAC5B,OAAO,EAAE;gBACP,aAAa;gBACb,YAAY;gBACZ,gBAAgB;gBAChB,cAAc;aACf;YACD,cAAc,EAAE;gBACd,QAAQ;gBACR,wBAAwB;gBACxB,iBAAiB;gBACjB,SAAS;aACV;YACD,QAAQ,EAAE,UAAU;SACrB;KACF;CACF,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,UAAU,wBAAwB,CACtC,WAAmB,EACnB,SAAkB,EAClB,SAA6B,iBAAiB;IAE9C,MAAM,UAAU,GAAG,oBAAoB,CAAC,WAAW,CAAC,CAAC;IACrD,MAAM,YAAY,GAAG,SAAS,CAAC,CAAC,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAE/D,KAAK,MAAM,YAAY,IAAI,MAAM,CAAC,mBAAmB,EAAE,CAAC;QACtD,sDAAsD;QACtD,MAAM,aAAa,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;YACxD,MAAM,iBAAiB,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;YACxD,OAAO,UAAU,KAAK,iBAAiB,CAAC;QAC1C,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,SAAS,CAAC,yCAAyC;QACrD,CAAC;QAED,iDAAiD;QACjD,MAAM,qBAAqB,GAAG,YAAY,CAAC,cAAc,IAAI,YAAY,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC;QAEpG,IAAI,CAAC,qBAAqB,EAAE,CAAC;YAC3B,0CAA0C;YAC1C,OAAO,YAAY,CAAC;QACtB,CAAC;QAED,0BAA0B;QAC1B,IAAI,MAAM,CAAC,gBAAgB,IAAI,CAAC,SAAS,EAAE,CAAC;YAC1C,yDAAyD;YACzD,SAAS;QACX,CAAC;QAED,IAAI,SAAS,IAAI,YAAY,CAAC,cAAc,EAAE,CAAC;YAC7C,oDAAoD;YACpD,MAAM,eAAe,GAAG,YAAY,CAAC,cAAc,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE;gBACvE,OAAO,YAAY,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;YAC9C,CAAC,CAAC,CAAC;YAEH,IAAI,eAAe,EAAE,CAAC;gBACpB,OAAO,YAAY,CAAC;YACtB,CAAC;QACH,CAAC;QAED,oEAAoE;QACpE,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;YAC7B,OAAO,YAAY,CAAC;QACtB,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC,CAAC,iBAAiB;AAChC,CAAC"}

package/dist/sanitizer/pii-redactor.d.ts

@@ -5,19 +5,31 @@
  * to prevent leakage of sensitive data to the LLM.
  *
  * Redacts: emails, phone numbers, SSNs, credit cards, IP addresses
+ * Supports allowlisting of trusted institutional phone numbers (e.g., Poison Control)
  */
+import { type PIIAllowlistConfig } from './pii-allowlist.js';
 export interface PIIRedactionResult {
     content: string;
     pii_types_redacted: string[];
+    pii_allowlisted: Array<{
+        type: string;
+        value: string;
+        reason: string;
+    }>;
     content_modified: boolean;
     metadata: {
         redaction_counts: Record<string, number>;
+        allowlist_counts: Record<string, number>;
     };
 }
 /**
  * Redact PII from content
+ *
+ * @param content Content to redact PII from
+ * @param sourceUrl Optional source URL for domain-scoped allowlisting
+ * @param allowlistConfig Optional custom allowlist config
  */
-export declare function redactPII(content: string): PIIRedactionResult;
+export declare function redactPII(content: string, sourceUrl?: string, allowlistConfig?: PIIAllowlistConfig): PIIRedactionResult;
 /**
  * Check if content contains any PII (without redacting)
  */

package/dist/sanitizer/pii-redactor.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"pii-redactor.d.ts","sourceRoot":"","sources":["../../src/sanitizer/pii-redactor.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,QAAQ,EAAE;QACR,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAC1C,CAAC;CACH;AAuID;;GAEG;AACH,wBAAgB,SAAS,CAAC,OAAO,EAAE,MAAM,GAAG,kBAAkB,CAmC7D;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAYpD;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CAcxD"}
+{"version":3,"file":"pii-redactor.d.ts","sourceRoot":"","sources":["../../src/sanitizer/pii-redactor.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAEL,KAAK,kBAAkB,EAExB,MAAM,oBAAoB,CAAC;AAE5B,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,eAAe,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACxE,gBAAgB,EAAE,OAAO,CAAC;IAC1B,QAAQ,EAAE;QACR,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACzC,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAC1C,CAAC;CACH;AAuID;;;;;;GAMG;AACH,wBAAgB,SAAS,CACvB,OAAO,EAAE,MAAM,EACf,SAAS,CAAC,EAAE,MAAM,EAClB,eAAe,GAAE,kBAAsC,GACtD,kBAAkB,CA2DpB;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAYpD;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CAcxD"}

package/dist/sanitizer/pii-redactor.js

@@ -5,7 +5,9 @@
  * to prevent leakage of sensitive data to the LLM.
  *
  * Redacts: emails, phone numbers, SSNs, credit cards, IP addresses
+ * Supports allowlisting of trusted institutional phone numbers (e.g., Poison Control)
  */
+import { isAllowlistedPhoneNumber, DEFAULT_ALLOWLIST } from './pii-allowlist.js';
 /**
  * PII detection patterns with validators
  */
@@ -129,10 +131,16 @@ function luhnCheck(digits) {
 }
 /**
  * Redact PII from content
+ *
+ * @param content Content to redact PII from
+ * @param sourceUrl Optional source URL for domain-scoped allowlisting
+ * @param allowlistConfig Optional custom allowlist config
  */
-export function redactPII(content) {
+export function redactPII(content, sourceUrl, allowlistConfig = DEFAULT_ALLOWLIST) {
     const piiTypesRedacted = new Set();
     const redactionCounts = {};
+    const allowlistCounts = {};
+    const piiAllowlisted = [];
     let sanitizedContent = content;
     for (const pattern of PII_PATTERNS) {
         const matches = Array.from(sanitizedContent.matchAll(pattern.regex));
@@ -142,6 +150,20 @@ export function redactPII(content) {
             if (pattern.validator && !pattern.validator(matchedText)) {
                 continue;
             }
+            // Check allowlist for phone numbers
+            if (pattern.type === 'PHONE') {
+                const allowlistedEntry = isAllowlistedPhoneNumber(matchedText, sourceUrl, allowlistConfig);
+                if (allowlistedEntry) {
+                    // This is a trusted number - DO NOT redact
+                    piiAllowlisted.push({
+                        type: pattern.type,
+                        value: matchedText,
+                        reason: `Trusted ${allowlistedEntry.category}: ${allowlistedEntry.name}`
+                    });
+                    allowlistCounts[pattern.name] = (allowlistCounts[pattern.name] || 0) + 1;
+                    continue; // Skip redaction
+                }
+            }
             // Redact the PII
             sanitizedContent = sanitizedContent.replace(matchedText, `[REDACTED:${pattern.type}]`);
             piiTypesRedacted.add(pattern.name);
@@ -151,9 +173,11 @@ export function redactPII(content) {
     return {
         content: sanitizedContent,
         pii_types_redacted: Array.from(piiTypesRedacted),
+        pii_allowlisted: piiAllowlisted,
         content_modified: sanitizedContent !== content,
         metadata: {
-            redaction_counts: redactionCounts
+            redaction_counts: redactionCounts,
+            allowlist_counts: allowlistCounts
         }
     };
 }

package/dist/sanitizer/pii-redactor.js.map

@@ -1 +1 @@
-{"version":3,"file":"pii-redactor.js","sourceRoot":"","sources":["../../src/sanitizer/pii-redactor.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAkBH;;GAEG;AACH,MAAM,YAAY,GAAiB;IACjC,kBAAkB;IAClB;QACE,IAAI,EAAE,OAAO;QACb,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,sDAAsD;QAC7D,SAAS,EAAE,CAAC,KAAa,EAAE,EAAE;YAC3B,yBAAyB;YACzB,OAAO,4BAA4B,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAClD,CAAC;KACF;IAED,+CAA+C;IAC/C;QACE,IAAI,EAAE,OAAO;QACb,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,0DAA0D;QACjE,SAAS,EAAE,CAAC,KAAa,EAAE,EAAE;YAC3B,qCAAqC;YACrC,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACxC,OAAO,MAAM,CAAC,MAAM,IAAI,EAAE,IAAI,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC;QACpD,CAAC;KACF;IAED,6BAA6B;IAC7B;QACE,IAAI,EAAE,KAAK;QACX,IAAI,EAAE,KAAK;QACX,KAAK,EAAE,kCAAkC;QACzC,SAAS,EAAE,CAAC,KAAa,EAAE,EAAE;YAC3B,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACxC,oCAAoC;YACpC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAC;YACtC,8BAA8B;YAC9B,IAAI,MAAM,KAAK,WAAW;gBAAE,OAAO,KAAK,CAAC;YACzC,IAAI,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,IAAI,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,IAAI,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC;gBAAE,OAAO,KAAK,CAAC;YACzC,OAAO,IAAI,CAAC;QACd,CAAC;KACF;IAED,8DAA8D;IAC9D,iEAAiE;IACjE;QACE,IAAI,EAAE,IAAI;QACV,IAAI,EAAE,aAAa;QACnB,KAAK,EAAE,yFAAyF;QAChG,SAAS,EAAE,CAAC,KAAa,EAAE,EAAE;YAC3B,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACxC,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE;gBAAE,OAAO,KAAK,CAAC;YAC3D,OAAO,SAAS,CAAC,MAAM,CAAC,CAAC;QAC3B,CAAC;KACF;IAED,iBAAiB;IACjB;QACE,IAAI,EAAE,IAAI;QACV,IAAI,EAAE,MAAM;QACZ,KAAK,EAAE,gGAAgG;QACvG,SAAS,EAAE,CAAC,KAAa,EAAE,EAAE;YAC3B,uDAAuD;YACvD,IAAI,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC5C,IAAI,KAAK,CAAC,UAAU,CAAC,aAAa,CAAC;gBAAE,OAAO,KAAK,CAAC;YAClD,OAAO,IAAI,CAAC;QACd,CAAC;KACF;IAED,sCAAsC;IACtC;QACE,IAAI,EAAE,IAAI;QACV,IAAI,EAAE,MAAM;QACZ,KAAK,EAAE,+CAA+C;QACtD,SAAS,EAAE,GAAG,EAAE,CAAC,IAAI;KACtB;IAED,sBAAsB;IACtB;QACE,IAAI,EAAE,UAAU;QAChB,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,wBAAwB;QAC/B,SAAS,EAAE,CAAC,KAAa,EAAE,EAAE;YAC3B,yCAAyC;YACzC,OAAO,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3C,CAAC;KACF;IAED,+DAA+D;IAC/D;QACE,IAAI,EAAE,IAAI;QACV,IAAI,EAAE,iBAAiB;QACvB,KAAK,EAAE,wBAAwB;QAC/B,SAAS,EAAE,CAAC,KAAa,EAAE,EAAE;YAC3B,mDAAmD;YACnD,OAAO,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3C,CAAC;KACF;CACF,CAAC;AAEF;;GAEG;AACH,SAAS,SAAS,CAAC,MAAc;IAC/B,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,IAAI,SAAS,GAAG,KAAK,CAAC;IAEtB,KAAK,IAAI,CAAC,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5C,IAAI,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAEvC,IAAI,SAAS,EAAE,CAAC;YACd,CAAC,IAAI,CAAC,CAAC;YACP,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBACV,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACZ,CAAC;QACH,CAAC;QAED,GAAG,IAAI,CAAC,CAAC;QACT,SAAS,GAAG,CAAC,SAAS,CAAC;IACzB,CAAC;IAED,OAAO,GAAG,GAAG,EAAE,KAAK,CAAC,CAAC;AACxB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,OAAe;IACvC,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC3C,MAAM,eAAe,GAA2B,EAAE,CAAC;IACnD,IAAI,gBAAgB,GAAG,OAAO,CAAC;IAE/B,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;QACnC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;QAErE,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAE7B,6BAA6B;YAC7B,IAAI,OAAO,CAAC,SAAS,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,EAAE,CAAC;gBACzD,SAAS;YACX,CAAC;YAED,iBAAiB;YACjB,gBAAgB,GAAG,gBAAgB,CAAC,OAAO,CACzC,WAAW,EACX,aAAa,OAAO,CAAC,IAAI,GAAG,CAC7B,CAAC;YAEF,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACnC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,gBAAgB;QACzB,kBAAkB,EAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC;QAChD,gBAAgB,EAAE,gBAAgB,KAAK,OAAO;QAC9C,QAAQ,EAAE;YACR,gBAAgB,EAAE,eAAe;SAClC;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,OAAe;IACzC,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;QACnC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;QAE5D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,CAAC,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtD,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,OAAe;IAC5C,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;IAEnC,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;QACnC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;QAE5D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,CAAC,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtD,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AAC9B,CAAC"}
+{"version":3,"file":"pii-redactor.js","sourceRoot":"","sources":["../../src/sanitizer/pii-redactor.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EACL,wBAAwB,EAExB,iBAAiB,EAClB,MAAM,oBAAoB,CAAC;AAoB5B;;GAEG;AACH,MAAM,YAAY,GAAiB;IACjC,kBAAkB;IAClB;QACE,IAAI,EAAE,OAAO;QACb,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,sDAAsD;QAC7D,SAAS,EAAE,CAAC,KAAa,EAAE,EAAE;YAC3B,yBAAyB;YACzB,OAAO,4BAA4B,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAClD,CAAC;KACF;IAED,+CAA+C;IAC/C;QACE,IAAI,EAAE,OAAO;QACb,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,0DAA0D;QACjE,SAAS,EAAE,CAAC,KAAa,EAAE,EAAE;YAC3B,qCAAqC;YACrC,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACxC,OAAO,MAAM,CAAC,MAAM,IAAI,EAAE,IAAI,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC;QACpD,CAAC;KACF;IAED,6BAA6B;IAC7B;QACE,IAAI,EAAE,KAAK;QACX,IAAI,EAAE,KAAK;QACX,KAAK,EAAE,kCAAkC;QACzC,SAAS,EAAE,CAAC,KAAa,EAAE,EAAE;YAC3B,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACxC,oCAAoC;YACpC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAC;YACtC,8BAA8B;YAC9B,IAAI,MAAM,KAAK,WAAW;gBAAE,OAAO,KAAK,CAAC;YACzC,IAAI,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,IAAI,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,IAAI,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC;gBAAE,OAAO,KAAK,CAAC;YACzC,OAAO,IAAI,CAAC;QACd,CAAC;KACF;IAED,8DAA8D;IAC9D,iEAAiE;IACjE;QACE,IAAI,EAAE,IAAI;QACV,IAAI,EAAE,aAAa;QACnB,KAAK,EAAE,yFAAyF;QAChG,SAAS,EAAE,CAAC,KAAa,EAAE,EAAE;YAC3B,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACxC,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE;gBAAE,OAAO,KAAK,CAAC;YAC3D,OAAO,SAAS,CAAC,MAAM,CAAC,CAAC;QAC3B,CAAC;KACF;IAED,iBAAiB;IACjB;QACE,IAAI,EAAE,IAAI;QACV,IAAI,EAAE,MAAM;QACZ,KAAK,EAAE,gGAAgG;QACvG,SAAS,EAAE,CAAC,KAAa,EAAE,EAAE;YAC3B,uDAAuD;YACvD,IAAI,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC5C,IAAI,KAAK,CAAC,UAAU,CAAC,aAAa,CAAC;gBAAE,OAAO,KAAK,CAAC;YAClD,OAAO,IAAI,CAAC;QACd,CAAC;KACF;IAED,sCAAsC;IACtC;QACE,IAAI,EAAE,IAAI;QACV,IAAI,EAAE,MAAM;QACZ,KAAK,EAAE,+CAA+C;QACtD,SAAS,EAAE,GAAG,EAAE,CAAC,IAAI;KACtB;IAED,sBAAsB;IACtB;QACE,IAAI,EAAE,UAAU;QAChB,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,wBAAwB;QAC/B,SAAS,EAAE,CAAC,KAAa,EAAE,EAAE;YAC3B,yCAAyC;YACzC,OAAO,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3C,CAAC;KACF;IAED,+DAA+D;IAC/D;QACE,IAAI,EAAE,IAAI;QACV,IAAI,EAAE,iBAAiB;QACvB,KAAK,EAAE,wBAAwB;QAC/B,SAAS,EAAE,CAAC,KAAa,EAAE,EAAE;YAC3B,mDAAmD;YACnD,OAAO,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3C,CAAC;KACF;CACF,CAAC;AAEF;;GAEG;AACH,SAAS,SAAS,CAAC,MAAc;IAC/B,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,IAAI,SAAS,GAAG,KAAK,CAAC;IAEtB,KAAK,IAAI,CAAC,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5C,IAAI,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAEvC,IAAI,SAAS,EAAE,CAAC;YACd,CAAC,IAAI,CAAC,CAAC;YACP,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBACV,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACZ,CAAC;QACH,CAAC;QAED,GAAG,IAAI,CAAC,CAAC;QACT,SAAS,GAAG,CAAC,SAAS,CAAC;IACzB,CAAC;IAED,OAAO,GAAG,GAAG,EAAE,KAAK,CAAC,CAAC;AACxB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,SAAS,CACvB,OAAe,EACf,SAAkB,EAClB,kBAAsC,iBAAiB;IAEvD,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC3C,MAAM,eAAe,GAA2B,EAAE,CAAC;IACnD,MAAM,eAAe,GAA2B,EAAE,CAAC;IACnD,MAAM,cAAc,GAA2D,EAAE,CAAC;IAClF,IAAI,gBAAgB,GAAG,OAAO,CAAC;IAE/B,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;QACnC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;QAErE,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAE7B,6BAA6B;YAC7B,IAAI,OAAO,CAAC,SAAS,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,EAAE,CAAC;gBACzD,SAAS;YACX,CAAC;YAED,oCAAoC;YACpC,IAAI,OAAO,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;gBAC7B,MAAM,gBAAgB,GAAG,wBAAwB,CAC/C,WAAW,EACX,SAAS,EACT,eAAe,CAChB,CAAC;gBAEF,IAAI,gBAAgB,EAAE,CAAC;oBACrB,2CAA2C;oBAC3C,cAAc,CAAC,IAAI,CAAC;wBAClB,IAAI,EAAE,OAAO,CAAC,IAAI;wBAClB,KAAK,EAAE,WAAW;wBAClB,MAAM,EAAE,WAAW,gBAAgB,CAAC,QAAQ,KAAK,gBAAgB,CAAC,IAAI,EAAE;qBACzE,CAAC,CAAC;oBACH,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;oBACzE,SAAS,CAAC,iBAAiB;gBAC7B,CAAC;YACH,CAAC;YAED,iBAAiB;YACjB,gBAAgB,GAAG,gBAAgB,CAAC,OAAO,CACzC,WAAW,EACX,aAAa,OAAO,CAAC,IAAI,GAAG,CAC7B,CAAC;YAEF,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACnC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,gBAAgB;QACzB,kBAAkB,EAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC;QAChD,eAAe,EAAE,cAAc;QAC/B,gBAAgB,EAAE,gBAAgB,KAAK,OAAO;QAC9C,QAAQ,EAAE;YACR,gBAAgB,EAAE,eAAe;YACjC,gBAAgB,EAAE,eAAe;SAClC;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,OAAe;IACzC,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;QACnC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;QAE5D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,CAAC,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtD,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,OAAe;IAC5C,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;IAEnC,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;QACnC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;QAE5D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,CAAC,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtD,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AAC9B,CAAC"}

package/dist/tools/fetch-structured.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"fetch-structured.d.ts","sourceRoot":"","sources":["../../src/tools/fetch-structured.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAKH,OAAO,KAAK,EAAE,yBAAyB,EAAE,0BAA0B,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AA2EjG;;;;;GAKG;AACH,wBAAsB,oBAAoB,CACxC,KAAK,EAAE,yBAAyB,GAC/B,OAAO,CAAC,MAAM,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC,CA4FpD;AAED;;GAEG;AACH,eAAO,MAAM,kCAAkC;;;;;;;;;;;;;;;;;;;;;;;;;CAyB9C,CAAC"}
+{"version":3,"file":"fetch-structured.d.ts","sourceRoot":"","sources":["../../src/tools/fetch-structured.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAKH,OAAO,KAAK,EAAE,yBAAyB,EAAE,0BAA0B,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AA2EjG;;;;;GAKG;AACH,wBAAsB,oBAAoB,CACxC,KAAK,EAAE,yBAAyB,GAC/B,OAAO,CAAC,MAAM,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC,CA+FpD;AAED;;GAEG;AACH,eAAO,MAAM,kCAAkC;;;;;;;;;;;;;;;;;;;;;;;;;CAyB9C,CAAC"}