@1claw/openapi-spec 0.9.0 → 0.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +1 -1
  2. package/openapi.json +344 -0
  3. package/openapi.yaml +4022 -3770
  4. package/package.json +1 -1
package/README.md CHANGED
@@ -40,7 +40,7 @@ openapi-generator generate \
40
40
  import spec from "@1claw/openapi-spec/openapi.json";
41
41
  ```
42
42
 
43
- ## What's in the spec (v2.1.0)
43
+ ## What's in the spec (v0.10.0)
44
44
 
45
45
  - **Vaults** — CRUD, CMEK enable/disable, key rotation with job tracking
46
46
  - **Secrets** — CRUD, versioning, CMEK-encrypted flag
package/openapi.json CHANGED
@@ -4277,6 +4277,14 @@
4277
4277
  "oidc_client_id": {
4278
4278
  "type": "string",
4279
4279
  "description": "OIDC client ID (required for oidc_client_credentials auth)"
4280
+ },
4281
+ "shroud_enabled": {
4282
+ "type": "boolean",
4283
+ "default": false,
4284
+ "description": "Enable Shroud LLM Proxy for this agent"
4285
+ },
4286
+ "shroud_config": {
4287
+ "$ref": "#/components/schemas/ShroudConfig"
4280
4288
  }
4281
4289
  }
4282
4290
  },
@@ -4330,6 +4338,13 @@
4330
4338
  "type": "string",
4331
4339
  "format": "uuid"
4332
4340
  }
4341
+ },
4342
+ "shroud_enabled": {
4343
+ "type": "boolean",
4344
+ "description": "Enable/disable Shroud LLM Proxy"
4345
+ },
4346
+ "shroud_config": {
4347
+ "$ref": "#/components/schemas/ShroudConfig"
4333
4348
  }
4334
4349
  }
4335
4350
  },
@@ -4341,6 +4356,7 @@
4341
4356
  "auth_method",
4342
4357
  "is_active",
4343
4358
  "intents_api_enabled",
4359
+ "shroud_enabled",
4344
4360
  "created_at"
4345
4361
  ],
4346
4362
  "properties": {
@@ -4423,6 +4439,13 @@
4423
4439
  "type": "string",
4424
4440
  "description": "P-256 ECDH public key (base64 SEC1 uncompressed point, auto-generated at creation)"
4425
4441
  },
4442
+ "shroud_enabled": {
4443
+ "type": "boolean",
4444
+ "description": "Whether this agent routes LLM traffic through the Shroud TEE proxy"
4445
+ },
4446
+ "shroud_config": {
4447
+ "$ref": "#/components/schemas/ShroudConfig"
4448
+ },
4426
4449
  "created_at": {
4427
4450
  "type": "string",
4428
4451
  "format": "date-time"
@@ -4489,6 +4512,327 @@
4489
4512
  "ecdh_public_key": {
4490
4513
  "type": "string",
4491
4514
  "description": "P-256 ECDH public key (base64 SEC1 uncompressed point)"
4515
+ },
4516
+ "shroud_enabled": {
4517
+ "type": "boolean",
4518
+ "description": "Whether this agent routes LLM traffic through the Shroud TEE proxy"
4519
+ },
4520
+ "shroud_config": {
4521
+ "$ref": "#/components/schemas/ShroudConfig"
4522
+ }
4523
+ }
4524
+ },
4525
+ "ShroudConfig": {
4526
+ "type": "object",
4527
+ "description": "Per-agent Shroud LLM Proxy configuration",
4528
+ "properties": {
4529
+ "pii_policy": {
4530
+ "type": "string",
4531
+ "enum": [
4532
+ "block",
4533
+ "redact",
4534
+ "warn",
4535
+ "allow"
4536
+ ],
4537
+ "default": "redact",
4538
+ "description": "How PII detections are handled"
4539
+ },
4540
+ "injection_threshold": {
4541
+ "type": "number",
4542
+ "minimum": 0,
4543
+ "maximum": 1,
4544
+ "default": 0.7,
4545
+ "description": "Prompt injection score threshold (0.0–1.0). Requests above are blocked"
4546
+ },
4547
+ "context_injection_threshold": {
4548
+ "type": "number",
4549
+ "minimum": 0,
4550
+ "maximum": 1,
4551
+ "default": 0.7,
4552
+ "description": "Context injection score threshold (0.0–1.0)"
4553
+ },
4554
+ "allowed_providers": {
4555
+ "type": "array",
4556
+ "items": {
4557
+ "type": "string"
4558
+ },
4559
+ "description": "LLM providers this agent may use (empty = all)"
4560
+ },
4561
+ "allowed_models": {
4562
+ "type": "array",
4563
+ "items": {
4564
+ "type": "string"
4565
+ },
4566
+ "description": "Specific models allowed (empty = all)"
4567
+ },
4568
+ "denied_models": {
4569
+ "type": "array",
4570
+ "items": {
4571
+ "type": "string"
4572
+ },
4573
+ "description": "Models explicitly blocked"
4574
+ },
4575
+ "max_tokens_per_request": {
4576
+ "type": "integer",
4577
+ "description": "Maximum input tokens per request"
4578
+ },
4579
+ "max_requests_per_minute": {
4580
+ "type": "integer",
4581
+ "description": "Rate limit (requests per minute)"
4582
+ },
4583
+ "max_requests_per_day": {
4584
+ "type": "integer",
4585
+ "description": "Rate limit (requests per day)"
4586
+ },
4587
+ "daily_budget_usd": {
4588
+ "type": "number",
4589
+ "description": "Daily LLM spend cap in USD (0 = unlimited)"
4590
+ },
4591
+ "enable_secret_redaction": {
4592
+ "type": "boolean",
4593
+ "default": true,
4594
+ "description": "Whether vault secrets are redacted from prompts/responses"
4595
+ },
4596
+ "enable_response_filtering": {
4597
+ "type": "boolean",
4598
+ "default": true,
4599
+ "description": "Whether response credential scanning is active"
4600
+ },
4601
+ "unicode_normalization": {
4602
+ "$ref": "#/components/schemas/UnicodeNormalizationConfig"
4603
+ },
4604
+ "command_injection_detection": {
4605
+ "$ref": "#/components/schemas/CommandInjectionConfig"
4606
+ },
4607
+ "social_engineering_detection": {
4608
+ "$ref": "#/components/schemas/SocialEngineeringConfig"
4609
+ },
4610
+ "encoding_detection": {
4611
+ "$ref": "#/components/schemas/EncodingDetectionConfig"
4612
+ },
4613
+ "network_detection": {
4614
+ "$ref": "#/components/schemas/NetworkDetectionConfig"
4615
+ },
4616
+ "filesystem_detection": {
4617
+ "$ref": "#/components/schemas/FilesystemDetectionConfig"
4618
+ },
4619
+ "sanitization_mode": {
4620
+ "type": "string",
4621
+ "enum": [
4622
+ "block",
4623
+ "surgical",
4624
+ "log_only"
4625
+ ],
4626
+ "default": "block",
4627
+ "description": "Global behavior when threats are detected (block=reject, surgical=remove only malicious parts, log_only=audit without action)"
4628
+ },
4629
+ "threat_logging": {
4630
+ "type": "boolean",
4631
+ "default": true,
4632
+ "description": "Whether to log all detected threats to audit (even when action is allow/warn)"
4633
+ }
4634
+ }
4635
+ },
4636
+ "UnicodeNormalizationConfig": {
4637
+ "type": "object",
4638
+ "description": "Unicode normalization and homoglyph detection settings",
4639
+ "properties": {
4640
+ "enabled": {
4641
+ "type": "boolean",
4642
+ "default": true,
4643
+ "description": "Enable Unicode normalization"
4644
+ },
4645
+ "strip_zero_width": {
4646
+ "type": "boolean",
4647
+ "default": true,
4648
+ "description": "Remove zero-width and invisible Unicode characters"
4649
+ },
4650
+ "normalize_homoglyphs": {
4651
+ "type": "boolean",
4652
+ "default": true,
4653
+ "description": "Replace look-alike characters (e.g., Cyrillic а → Latin a)"
4654
+ },
4655
+ "normalization_form": {
4656
+ "type": "string",
4657
+ "enum": [
4658
+ "NFC",
4659
+ "NFKC",
4660
+ "NFD",
4661
+ "NFKD"
4662
+ ],
4663
+ "default": "NFKC",
4664
+ "description": "Unicode normalization form to apply"
4665
+ }
4666
+ }
4667
+ },
4668
+ "CommandInjectionConfig": {
4669
+ "type": "object",
4670
+ "description": "Shell/command injection detection settings",
4671
+ "properties": {
4672
+ "enabled": {
4673
+ "type": "boolean",
4674
+ "default": true,
4675
+ "description": "Enable command injection detection"
4676
+ },
4677
+ "action": {
4678
+ "type": "string",
4679
+ "enum": [
4680
+ "block",
4681
+ "sanitize",
4682
+ "warn",
4683
+ "log"
4684
+ ],
4685
+ "default": "block",
4686
+ "description": "Action when command injection is detected"
4687
+ },
4688
+ "patterns": {
4689
+ "type": "string",
4690
+ "enum": [
4691
+ "default",
4692
+ "strict",
4693
+ "custom"
4694
+ ],
4695
+ "default": "default",
4696
+ "description": "Pattern strictness level"
4697
+ },
4698
+ "custom_patterns": {
4699
+ "type": "array",
4700
+ "items": {
4701
+ "type": "string"
4702
+ },
4703
+ "description": "Custom regex patterns for detection (only used when patterns=custom)"
4704
+ }
4705
+ }
4706
+ },
4707
+ "SocialEngineeringConfig": {
4708
+ "type": "object",
4709
+ "description": "Social engineering and manipulation detection settings",
4710
+ "properties": {
4711
+ "enabled": {
4712
+ "type": "boolean",
4713
+ "default": true,
4714
+ "description": "Enable social engineering detection"
4715
+ },
4716
+ "action": {
4717
+ "type": "string",
4718
+ "enum": [
4719
+ "block",
4720
+ "warn",
4721
+ "log"
4722
+ ],
4723
+ "default": "warn",
4724
+ "description": "Action when manipulation attempts are detected"
4725
+ },
4726
+ "sensitivity": {
4727
+ "type": "string",
4728
+ "enum": [
4729
+ "low",
4730
+ "medium",
4731
+ "high"
4732
+ ],
4733
+ "default": "medium",
4734
+ "description": "Detection sensitivity level"
4735
+ }
4736
+ }
4737
+ },
4738
+ "EncodingDetectionConfig": {
4739
+ "type": "object",
4740
+ "description": "Encoding/obfuscation detection settings",
4741
+ "properties": {
4742
+ "enabled": {
4743
+ "type": "boolean",
4744
+ "default": true,
4745
+ "description": "Enable encoding detection"
4746
+ },
4747
+ "action": {
4748
+ "type": "string",
4749
+ "enum": [
4750
+ "block",
4751
+ "decode",
4752
+ "warn",
4753
+ "log"
4754
+ ],
4755
+ "default": "warn",
4756
+ "description": "Action when obfuscated content is detected"
4757
+ },
4758
+ "detect_base64": {
4759
+ "type": "boolean",
4760
+ "default": true,
4761
+ "description": "Detect Base64-encoded content"
4762
+ },
4763
+ "detect_hex": {
4764
+ "type": "boolean",
4765
+ "default": true,
4766
+ "description": "Detect hex-encoded content (\\\\x41, 0x41)"
4767
+ },
4768
+ "detect_unicode_escape": {
4769
+ "type": "boolean",
4770
+ "default": true,
4771
+ "description": "Detect Unicode escape sequences (\\\\u0041)"
4772
+ }
4773
+ }
4774
+ },
4775
+ "NetworkDetectionConfig": {
4776
+ "type": "object",
4777
+ "description": "Suspicious URL/domain detection settings",
4778
+ "properties": {
4779
+ "enabled": {
4780
+ "type": "boolean",
4781
+ "default": true,
4782
+ "description": "Enable network/URL detection"
4783
+ },
4784
+ "action": {
4785
+ "type": "string",
4786
+ "enum": [
4787
+ "block",
4788
+ "warn",
4789
+ "log"
4790
+ ],
4791
+ "default": "warn",
4792
+ "description": "Action when suspicious URLs are detected"
4793
+ },
4794
+ "blocked_domains": {
4795
+ "type": "array",
4796
+ "items": {
4797
+ "type": "string"
4798
+ },
4799
+ "description": "Domains to always block (e.g., pastebin.com, ngrok.io)"
4800
+ },
4801
+ "allowed_domains": {
4802
+ "type": "array",
4803
+ "items": {
4804
+ "type": "string"
4805
+ },
4806
+ "description": "Domains to always allow (allowlist mode when non-empty)"
4807
+ }
4808
+ }
4809
+ },
4810
+ "FilesystemDetectionConfig": {
4811
+ "type": "object",
4812
+ "description": "Filesystem path detection settings",
4813
+ "properties": {
4814
+ "enabled": {
4815
+ "type": "boolean",
4816
+ "default": false,
4817
+ "description": "Enable filesystem path detection (disabled by default as it can be noisy)"
4818
+ },
4819
+ "action": {
4820
+ "type": "string",
4821
+ "enum": [
4822
+ "block",
4823
+ "sanitize",
4824
+ "warn",
4825
+ "log"
4826
+ ],
4827
+ "default": "log",
4828
+ "description": "Action when filesystem paths are detected"
4829
+ },
4830
+ "blocked_paths": {
4831
+ "type": "array",
4832
+ "items": {
4833
+ "type": "string"
4834
+ },
4835
+ "description": "Path patterns to block (e.g., /etc/passwd, ~/.ssh)"
4492
4836
  }
4493
4837
  }
4494
4838
  },