RubyGems - vaultak - Versions diffs - 0.6.1 - Mend

vaultak 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: a3cd3eb63bb56e4ceb3ff51ec94fdc8f338b4813f2a962155f64fae6bf971cb4
+  data.tar.gz: 2a3958bc73a515d5f5ced9bd0bc43e5f67d84b62cdf4ec7bcb4d2453ffdedcfe
+SHA512:
+  metadata.gz: 26366a685be751a9a4cbda61e98b7d7d614053a4a214f7f95292f6d35e948370bacc1d97f7084feb935ec133bcb653cda5ce22736b9c2659f9ad96963ec4c9e8
+  data.tar.gz: 2e3ee2cf02a2b24c13b70be9d9060865575476a1ecb7a0a39e72182ee65e8868d794c2480e8ee8083580df422ee0ce36d936d40b7f95b357ec598851cb284fd5

data/lib/vaultak.rb ADDED Viewed

@@ -0,0 +1,226 @@
+require 'net/http'
+require 'json'
+require 'uri'
+require 'fileutils'
+require 'digest'
+require 'time'
+module Vaultak
+  VERSION = "0.6.1"
+  class Client
+    def initialize(options = {})
+      @api_key = options[:api_key] || ENV['VAULTAK_API_KEY'] || ''
+      @agent_id = options[:agent_id] || 'default'
+      @alert_threshold = options[:alert_threshold] || 30
+      @pause_threshold = options[:pause_threshold] || 60
+      @rollback_threshold = options[:rollback_threshold] || 85
+      @blocked_resources = options[:blocked_resources] || []
+      @allowed_resources = options[:allowed_resources]
+      @max_actions_per_minute = options[:max_actions_per_minute] || 60
+      @api_endpoint = options[:api_endpoint] || 'https://vaultak.com'
+      @session_id = SecureRandom.uuid rescue "#{Time.now.to_i}-#{rand(9999)}"
+      @action_times = []
+      @file_snapshots = {}
+      @paused = false
+      @originals = {}
+    end
+    def monitor(agent_id = nil, &block)
+      @current_agent_id = agent_id || @agent_id
+      @_installed = false
+      _install
+      @_installed = true
+      begin
+        yield self if block_given?
+      rescue VaultakPauseError, VaultakBlockError
+        _uninstall if @_installed
+        @_installed = false
+        raise
+      ensure
+        _uninstall if @_installed
+        @_installed = false
+      end
+    end
+    def intercept(action_type, resource, payload = {})
+      return 'BLOCK' if @paused
+      # Rate limiting
+      now = Time.now.to_f
+      @action_times.reject! { |t| now - t > 60 }
+      if @action_times.length >= @max_actions_per_minute
+        _send_action(action_type, resource, payload, 90, 'BLOCK')
+        return 'BLOCK'
+      end
+      # Policy checks
+      @blocked_resources.each do |pattern|
+        if File.fnmatch(pattern, resource) || resource.include?(pattern.gsub('*', ''))
+          _send_action(action_type, resource, payload, 95, 'BLOCK')
+          return 'BLOCK'
+        end
+      end
+      if @allowed_resources
+        allowed = @allowed_resources.any? { |p| File.fnmatch(p, resource) }
+        unless allowed
+          _send_action(action_type, resource, payload, 80, 'BLOCK')
+          return 'BLOCK'
+        end
+      end
+      score = _compute_score(action_type, resource)
+      if score >= @rollback_threshold
+        _send_action(action_type, resource, payload, score, 'ROLLBACK')
+        _execute_rollback
+        @paused = true
+        raise VaultakPauseError, "Risk score #{score} exceeded rollback threshold. State restored."
+      elsif score >= @pause_threshold
+        _send_action(action_type, resource, payload, score, 'PAUSE')
+        @paused = true
+        raise VaultakPauseError, "Risk score #{score} exceeded pause threshold. Awaiting review."
+      elsif score >= @alert_threshold
+        _send_action(action_type, resource, payload, score, 'ALERT')
+      else
+        _send_action(action_type, resource, payload, score, 'ALLOW')
+      end
+      @action_times << now
+      'ALLOW'
+    end
+    def snapshot_file(path)
+      if File.exist?(path)
+        @file_snapshots[path] = File.binread(path)
+      else
+        @file_snapshots[path] = nil
+      end
+    end
+    def approve
+      @paused = false
+    end
+    def log_action(action_type, resource, payload = {})
+      _send_action(action_type, resource, payload, 0, 'ALLOW')
+    end
+    private
+    def _install
+      client = self
+      # Patch File.write
+      @originals[:file_write] = File.method(:write)
+      File.define_singleton_method(:write) do |path, *args|
+        client.snapshot_file(path.to_s)
+        decision = client.intercept('file_write', path.to_s, { method: 'File.write' })
+        raise VaultakBlockError, "File write blocked: #{path}" if decision == 'BLOCK'
+        client.instance_variable_get(:@originals)[:file_write].call(path, *args)
+      end
+      # Patch File.delete
+      @originals[:file_delete] = File.method(:delete)
+      File.define_singleton_method(:delete) do |*paths|
+        paths.each do |path|
+          decision = client.intercept('delete', path.to_s, {})
+          raise VaultakBlockError, "File delete blocked: #{path}" if decision == 'BLOCK'
+        end
+        client.instance_variable_get(:@originals)[:file_delete].call(*paths)
+      end
+      $stderr.puts "[Vaultak] Ruby agent monitoring active: #{@current_agent_id}"
+    end
+    def _uninstall
+      return if @originals.empty?
+      # Store originals locally before clearing
+      orig_write = @originals[:file_write]
+      orig_delete = @originals[:file_delete]
+      @originals = {}
+      # Restore File methods using stored originals
+      if orig_write
+        File.define_singleton_method(:write) { |*args| orig_write.call(*args) }
+      end
+      if orig_delete
+        File.define_singleton_method(:delete) { |*args| orig_delete.call(*args) }
+      end
+    end
+    def _compute_score(action_type, resource)
+      scores = {
+        'file_write' => 40, 'file_read' => 10, 'delete' => 75,
+        'api_call' => 35, 'execute' => 60, 'database_write' => 50,
+        'database_read' => 15
+      }
+      score = scores[action_type] || 30
+      sensitive = %w[prod production secret .env password key token credential]
+      score += 30 if sensitive.any? { |p| resource.downcase.include?(p) }
+      [score, 100].min
+    end
+    def _execute_rollback
+      orig_delete = @originals[:file_delete]
+      @file_snapshots.each do |path, snapshot|
+        begin
+          if snapshot.nil?
+            if File.exist?(path)
+              if orig_delete
+                orig_delete.call(path)
+              else
+                File.unlink(path)
+              end
+            end
+          else
+            File.binwrite(path, snapshot)
+          end
+          $stderr.puts "[Vaultak] Rolled back: #{path}"
+        rescue => e
+          $stderr.puts "[Vaultak] Rollback failed for #{path}: #{e.message}"
+        end
+      end
+      @file_snapshots = {}
+    end
+    def _send_action(action_type, resource, payload, score, decision)
+      data = {
+        agent_id: @current_agent_id || @agent_id,
+        session_id: @session_id,
+        action_type: action_type,
+        resource: resource,
+        payload: payload,
+        risk_score: score / 100.0,
+        decision: decision,
+        timestamp: Time.now.utc.strftime('%Y-%m-%dT%H:%M:%SZ'),
+        source: 'ruby-sdk'
+      }.to_json
+      Thread.new do
+        begin
+          uri = URI("#{@api_endpoint}/api/actions")
+          http = Net::HTTP.new(uri.host, uri.port)
+          http.use_ssl = uri.scheme == 'https'
+          http.open_timeout = 3
+          http.read_timeout = 3
+          req = Net::HTTP::Post.new(uri.path)
+          req['Content-Type'] = 'application/json'
+          req['x-api-key'] = @api_key
+          req.body = data
+          http.request(req)
+        rescue
+        end
+      end
+    end
+  end
+  class VaultakPauseError < StandardError; end
+  class VaultakBlockError < StandardError; end
+  # Convenience method
+  def self.monitor(agent_id, options = {}, &block)
+    client = Client.new(options)
+    client.monitor(agent_id, &block)
+  end
+end

metadata ADDED Viewed

@@ -0,0 +1,45 @@
+--- !ruby/object:Gem::Specification
+name: vaultak
+version: !ruby/object:Gem::Version
+  version: 0.6.1
+platform: ruby
+authors:
+- Vaultak
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2026-04-13 00:00:00.000000000 Z
+dependencies: []
+description: Monitor every action, enforce policies, and automatically roll back damage
+  from AI agents.
+email:
+- support@vaultak.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/vaultak.rb
+homepage: https://vaultak.com
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.7.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3.1
+signing_key:
+specification_version: 4
+summary: Runtime security for autonomous AI agents
+test_files: []