@a5c-ai/agent-platform 5.0.1-staging.016f0b0e8119
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +48 -0
- package/dist/anycli/cache.d.ts +45 -0
- package/dist/anycli/cache.d.ts.map +1 -0
- package/dist/anycli/cache.js +118 -0
- package/dist/anycli/index.d.ts +10 -0
- package/dist/anycli/index.d.ts.map +1 -0
- package/dist/anycli/index.js +25 -0
- package/dist/anycli/types.d.ts +32 -0
- package/dist/anycli/types.d.ts.map +1 -0
- package/dist/anycli/types.js +9 -0
- package/dist/api/breakpoints.d.ts +93 -0
- package/dist/api/breakpoints.d.ts.map +1 -0
- package/dist/api/breakpoints.js +334 -0
- package/dist/api/effects.d.ts +14 -0
- package/dist/api/effects.d.ts.map +1 -0
- package/dist/api/effects.js +306 -0
- package/dist/api/effectsTypes.d.ts +79 -0
- package/dist/api/effectsTypes.d.ts.map +1 -0
- package/dist/api/effectsTypes.js +6 -0
- package/dist/api/eventStream.d.ts +34 -0
- package/dist/api/eventStream.d.ts.map +1 -0
- package/dist/api/eventStream.js +126 -0
- package/dist/api/index.d.ts +10 -0
- package/dist/api/index.d.ts.map +1 -0
- package/dist/api/index.js +27 -0
- package/dist/api/runs.d.ts +85 -0
- package/dist/api/runs.d.ts.map +1 -0
- package/dist/api/runs.js +247 -0
- package/dist/api/utils.d.ts +28 -0
- package/dist/api/utils.d.ts.map +1 -0
- package/dist/api/utils.js +74 -0
- package/dist/breakpoints/approvalChains.d.ts +68 -0
- package/dist/breakpoints/approvalChains.d.ts.map +1 -0
- package/dist/breakpoints/approvalChains.js +111 -0
- package/dist/breakpoints/delegation.d.ts +42 -0
- package/dist/breakpoints/delegation.d.ts.map +1 -0
- package/dist/breakpoints/delegation.js +199 -0
- package/dist/breakpoints/delegationTypes.d.ts +46 -0
- package/dist/breakpoints/delegationTypes.d.ts.map +1 -0
- package/dist/breakpoints/delegationTypes.js +10 -0
- package/dist/breakpoints/postures.d.ts +28 -0
- package/dist/breakpoints/postures.d.ts.map +1 -0
- package/dist/breakpoints/postures.js +100 -0
- package/dist/compression/compaction.d.ts +82 -0
- package/dist/compression/compaction.d.ts.map +1 -0
- package/dist/compression/compaction.js +310 -0
- package/dist/cost/claudeCodeParser.d.ts +81 -0
- package/dist/cost/claudeCodeParser.d.ts.map +1 -0
- package/dist/cost/claudeCodeParser.js +232 -0
- package/dist/cost/collector.d.ts +42 -0
- package/dist/cost/collector.d.ts.map +1 -0
- package/dist/cost/collector.js +105 -0
- package/dist/cost/effectCost.d.ts +23 -0
- package/dist/cost/effectCost.d.ts.map +1 -0
- package/dist/cost/effectCost.js +26 -0
- package/dist/cost/index.d.ts +7 -0
- package/dist/cost/index.d.ts.map +1 -0
- package/dist/cost/index.js +28 -0
- package/dist/cost/journal.d.ts +40 -0
- package/dist/cost/journal.d.ts.map +1 -0
- package/dist/cost/journal.js +137 -0
- package/dist/cost/types.d.ts +164 -0
- package/dist/cost/types.d.ts.map +1 -0
- package/dist/cost/types.js +228 -0
- package/dist/daemon/automationExecutor.d.ts +16 -0
- package/dist/daemon/automationExecutor.d.ts.map +1 -0
- package/dist/daemon/automationExecutor.js +222 -0
- package/dist/daemon/config.d.ts +8 -0
- package/dist/daemon/config.d.ts.map +1 -0
- package/dist/daemon/config.js +209 -0
- package/dist/daemon/daemonLog.d.ts +13 -0
- package/dist/daemon/daemonLog.d.ts.map +1 -0
- package/dist/daemon/daemonLog.js +64 -0
- package/dist/daemon/fileWatcher.d.ts +9 -0
- package/dist/daemon/fileWatcher.d.ts.map +1 -0
- package/dist/daemon/fileWatcher.js +141 -0
- package/dist/daemon/index.d.ts +9 -0
- package/dist/daemon/index.d.ts.map +1 -0
- package/dist/daemon/index.js +25 -0
- package/dist/daemon/lifecycle.d.ts +12 -0
- package/dist/daemon/lifecycle.d.ts.map +1 -0
- package/dist/daemon/lifecycle.js +257 -0
- package/dist/daemon/loop.d.ts +21 -0
- package/dist/daemon/loop.d.ts.map +1 -0
- package/dist/daemon/loop.js +196 -0
- package/dist/daemon/timerScheduler.d.ts +13 -0
- package/dist/daemon/timerScheduler.d.ts.map +1 -0
- package/dist/daemon/timerScheduler.js +122 -0
- package/dist/daemon/types.d.ts +93 -0
- package/dist/daemon/types.d.ts.map +1 -0
- package/dist/daemon/types.js +25 -0
- package/dist/daemon/webhookListener.d.ts +6 -0
- package/dist/daemon/webhookListener.d.ts.map +1 -0
- package/dist/daemon/webhookListener.js +110 -0
- package/dist/governance/authority.d.ts +68 -0
- package/dist/governance/authority.d.ts.map +1 -0
- package/dist/governance/authority.js +136 -0
- package/dist/governance/bridge.d.ts +17 -0
- package/dist/governance/bridge.d.ts.map +1 -0
- package/dist/governance/bridge.js +46 -0
- package/dist/governance/builtins.d.ts +25 -0
- package/dist/governance/builtins.d.ts.map +1 -0
- package/dist/governance/builtins.js +67 -0
- package/dist/governance/categories.d.ts +58 -0
- package/dist/governance/categories.d.ts.map +1 -0
- package/dist/governance/categories.js +120 -0
- package/dist/governance/decisionTrail.d.ts +60 -0
- package/dist/governance/decisionTrail.d.ts.map +1 -0
- package/dist/governance/decisionTrail.js +68 -0
- package/dist/governance/engine.d.ts +20 -0
- package/dist/governance/engine.d.ts.map +1 -0
- package/dist/governance/engine.js +124 -0
- package/dist/governance/index.d.ts +20 -0
- package/dist/governance/index.d.ts.map +1 -0
- package/dist/governance/index.js +75 -0
- package/dist/governance/logging.d.ts +18 -0
- package/dist/governance/logging.d.ts.map +1 -0
- package/dist/governance/logging.js +83 -0
- package/dist/governance/mandate.d.ts +83 -0
- package/dist/governance/mandate.d.ts.map +1 -0
- package/dist/governance/mandate.js +180 -0
- package/dist/governance/permissionEvents.d.ts +51 -0
- package/dist/governance/permissionEvents.d.ts.map +1 -0
- package/dist/governance/permissionEvents.js +52 -0
- package/dist/governance/permissionPropagation.d.ts +18 -0
- package/dist/governance/permissionPropagation.d.ts.map +1 -0
- package/dist/governance/permissionPropagation.js +58 -0
- package/dist/governance/postureBridge.d.ts +17 -0
- package/dist/governance/postureBridge.d.ts.map +1 -0
- package/dist/governance/postureBridge.js +117 -0
- package/dist/governance/sandboxBridge.d.ts +49 -0
- package/dist/governance/sandboxBridge.d.ts.map +1 -0
- package/dist/governance/sandboxBridge.js +77 -0
- package/dist/governance/sandboxPolicy.d.ts +51 -0
- package/dist/governance/sandboxPolicy.d.ts.map +1 -0
- package/dist/governance/sandboxPolicy.js +177 -0
- package/dist/governance/types.d.ts +3 -0
- package/dist/governance/types.d.ts.map +1 -0
- package/dist/governance/types.js +5 -0
- package/dist/harness/amux/amuxBridge.d.ts +71 -0
- package/dist/harness/amux/amuxBridge.d.ts.map +1 -0
- package/dist/harness/amux/amuxBridge.js +117 -0
- package/dist/harness/amux/amuxClientFactory.d.ts +29 -0
- package/dist/harness/amux/amuxClientFactory.d.ts.map +1 -0
- package/dist/harness/amux/amuxClientFactory.js +90 -0
- package/dist/harness/amux/amuxEventEmitter.d.ts +51 -0
- package/dist/harness/amux/amuxEventEmitter.d.ts.map +1 -0
- package/dist/harness/amux/amuxEventEmitter.js +143 -0
- package/dist/harness/amux/amuxEventMapper.d.ts +58 -0
- package/dist/harness/amux/amuxEventMapper.d.ts.map +1 -0
- package/dist/harness/amux/amuxEventMapper.js +92 -0
- package/dist/harness/amux/amuxHarnessMap.d.ts +25 -0
- package/dist/harness/amux/amuxHarnessMap.d.ts.map +1 -0
- package/dist/harness/amux/amuxHarnessMap.js +55 -0
- package/dist/harness/amux/amuxStdinReader.d.ts +45 -0
- package/dist/harness/amux/amuxStdinReader.d.ts.map +1 -0
- package/dist/harness/amux/amuxStdinReader.js +106 -0
- package/dist/harness/amux/amuxTypes.d.ts +122 -0
- package/dist/harness/amux/amuxTypes.d.ts.map +1 -0
- package/dist/harness/amux/amuxTypes.js +11 -0
- package/dist/harness/amux/index.d.ts +17 -0
- package/dist/harness/amux/index.d.ts.map +1 -0
- package/dist/harness/amux/index.js +34 -0
- package/dist/harness/backgroundTracker.d.ts +64 -0
- package/dist/harness/backgroundTracker.d.ts.map +1 -0
- package/dist/harness/backgroundTracker.js +107 -0
- package/dist/harness/builtInHarness.d.ts +3 -0
- package/dist/harness/builtInHarness.d.ts.map +1 -0
- package/dist/harness/builtInHarness.js +18 -0
- package/dist/harness/capabilityRouter.d.ts +76 -0
- package/dist/harness/capabilityRouter.d.ts.map +1 -0
- package/dist/harness/capabilityRouter.js +176 -0
- package/dist/harness/fallbackChains.d.ts +42 -0
- package/dist/harness/fallbackChains.d.ts.map +1 -0
- package/dist/harness/fallbackChains.js +69 -0
- package/dist/harness/hostContract.d.ts +63 -0
- package/dist/harness/hostContract.d.ts.map +1 -0
- package/dist/harness/hostContract.js +136 -0
- package/dist/harness/index.d.ts +18 -0
- package/dist/harness/index.d.ts.map +1 -0
- package/dist/harness/index.js +91 -0
- package/dist/harness/internal/createRun/askUserQuestion.d.ts +11 -0
- package/dist/harness/internal/createRun/askUserQuestion.d.ts.map +1 -0
- package/dist/harness/internal/createRun/askUserQuestion.js +162 -0
- package/dist/harness/internal/createRun/index.d.ts +25 -0
- package/dist/harness/internal/createRun/index.d.ts.map +1 -0
- package/dist/harness/internal/createRun/index.js +137 -0
- package/dist/harness/internal/createRun/orchestration/constants.d.ts +7 -0
- package/dist/harness/internal/createRun/orchestration/constants.d.ts.map +1 -0
- package/dist/harness/internal/createRun/orchestration/constants.js +13 -0
- package/dist/harness/internal/createRun/orchestration/effects.d.ts +43 -0
- package/dist/harness/internal/createRun/orchestration/effects.d.ts.map +1 -0
- package/dist/harness/internal/createRun/orchestration/effects.js +490 -0
- package/dist/harness/internal/createRun/orchestration/effectsHelpers.d.ts +20 -0
- package/dist/harness/internal/createRun/orchestration/effectsHelpers.d.ts.map +1 -0
- package/dist/harness/internal/createRun/orchestration/effectsHelpers.js +79 -0
- package/dist/harness/internal/createRun/orchestration/externalPhase.d.ts +3 -0
- package/dist/harness/internal/createRun/orchestration/externalPhase.d.ts.map +1 -0
- package/dist/harness/internal/createRun/orchestration/externalPhase.js +319 -0
- package/dist/harness/internal/createRun/orchestration/externalPhaseHelpers.d.ts +16 -0
- package/dist/harness/internal/createRun/orchestration/externalPhaseHelpers.d.ts.map +1 -0
- package/dist/harness/internal/createRun/orchestration/externalPhaseHelpers.js +104 -0
- package/dist/harness/internal/createRun/orchestration/index.d.ts +14 -0
- package/dist/harness/internal/createRun/orchestration/index.d.ts.map +1 -0
- package/dist/harness/internal/createRun/orchestration/index.js +36 -0
- package/dist/harness/internal/createRun/orchestration/internalPhase.d.ts +3 -0
- package/dist/harness/internal/createRun/orchestration/internalPhase.d.ts.map +1 -0
- package/dist/harness/internal/createRun/orchestration/internalPhase.js +464 -0
- package/dist/harness/internal/createRun/orchestration/internalTools.d.ts +26 -0
- package/dist/harness/internal/createRun/orchestration/internalTools.d.ts.map +1 -0
- package/dist/harness/internal/createRun/orchestration/internalTools.js +262 -0
- package/dist/harness/internal/createRun/orchestration/internalToolsHelpers.d.ts +17 -0
- package/dist/harness/internal/createRun/orchestration/internalToolsHelpers.d.ts.map +1 -0
- package/dist/harness/internal/createRun/orchestration/internalToolsHelpers.js +23 -0
- package/dist/harness/internal/createRun/orchestration/taskResult.d.ts +10 -0
- package/dist/harness/internal/createRun/orchestration/taskResult.d.ts.map +1 -0
- package/dist/harness/internal/createRun/orchestration/taskResult.js +67 -0
- package/dist/harness/internal/createRun/orchestration/types.d.ts +46 -0
- package/dist/harness/internal/createRun/orchestration/types.d.ts.map +1 -0
- package/dist/harness/internal/createRun/orchestration/types.js +2 -0
- package/dist/harness/internal/createRun/orchestration/verbose.d.ts +7 -0
- package/dist/harness/internal/createRun/orchestration/verbose.d.ts.map +1 -0
- package/dist/harness/internal/createRun/orchestration/verbose.js +240 -0
- package/dist/harness/internal/createRun/output.d.ts +38 -0
- package/dist/harness/internal/createRun/output.d.ts.map +1 -0
- package/dist/harness/internal/createRun/output.js +415 -0
- package/dist/harness/internal/createRun/pi.d.ts +34 -0
- package/dist/harness/internal/createRun/pi.d.ts.map +1 -0
- package/dist/harness/internal/createRun/pi.js +216 -0
- package/dist/harness/internal/createRun/planProcess/agentOutput.d.ts +5 -0
- package/dist/harness/internal/createRun/planProcess/agentOutput.d.ts.map +1 -0
- package/dist/harness/internal/createRun/planProcess/agentOutput.js +113 -0
- package/dist/harness/internal/createRun/planProcess/delegation.d.ts +23 -0
- package/dist/harness/internal/createRun/planProcess/delegation.d.ts.map +1 -0
- package/dist/harness/internal/createRun/planProcess/delegation.js +176 -0
- package/dist/harness/internal/createRun/planProcess/external.d.ts +14 -0
- package/dist/harness/internal/createRun/planProcess/external.d.ts.map +1 -0
- package/dist/harness/internal/createRun/planProcess/external.js +139 -0
- package/dist/harness/internal/createRun/planProcess/index.d.ts +12 -0
- package/dist/harness/internal/createRun/planProcess/index.d.ts.map +1 -0
- package/dist/harness/internal/createRun/planProcess/index.js +24 -0
- package/dist/harness/internal/createRun/planProcess/paths.d.ts +7 -0
- package/dist/harness/internal/createRun/planProcess/paths.d.ts.map +1 -0
- package/dist/harness/internal/createRun/planProcess/paths.js +98 -0
- package/dist/harness/internal/createRun/planProcess/phase.d.ts +6 -0
- package/dist/harness/internal/createRun/planProcess/phase.d.ts.map +1 -0
- package/dist/harness/internal/createRun/planProcess/phase.js +361 -0
- package/dist/harness/internal/createRun/planProcess/phaseHelpers.d.ts +37 -0
- package/dist/harness/internal/createRun/planProcess/phaseHelpers.d.ts.map +1 -0
- package/dist/harness/internal/createRun/planProcess/phaseHelpers.js +159 -0
- package/dist/harness/internal/createRun/planProcess/phaseTypes.d.ts +25 -0
- package/dist/harness/internal/createRun/planProcess/phaseTypes.d.ts.map +1 -0
- package/dist/harness/internal/createRun/planProcess/phaseTypes.js +6 -0
- package/dist/harness/internal/createRun/planProcess/prompts.d.ts +20 -0
- package/dist/harness/internal/createRun/planProcess/prompts.d.ts.map +1 -0
- package/dist/harness/internal/createRun/planProcess/prompts.js +208 -0
- package/dist/harness/internal/createRun/planProcess/recovery.d.ts +18 -0
- package/dist/harness/internal/createRun/planProcess/recovery.d.ts.map +1 -0
- package/dist/harness/internal/createRun/planProcess/recovery.js +188 -0
- package/dist/harness/internal/createRun/planProcess/recovery.test.d.ts +2 -0
- package/dist/harness/internal/createRun/planProcess/recovery.test.d.ts.map +1 -0
- package/dist/harness/internal/createRun/planProcess/recovery.test.js +68 -0
- package/dist/harness/internal/createRun/planProcess/runState.d.ts +40 -0
- package/dist/harness/internal/createRun/planProcess/runState.d.ts.map +1 -0
- package/dist/harness/internal/createRun/planProcess/runState.js +179 -0
- package/dist/harness/internal/createRun/planProcess/understandIntent.d.ts +22 -0
- package/dist/harness/internal/createRun/planProcess/understandIntent.d.ts.map +1 -0
- package/dist/harness/internal/createRun/planProcess/understandIntent.js +65 -0
- package/dist/harness/internal/createRun/planProcess/validation.d.ts +2 -0
- package/dist/harness/internal/createRun/planProcess/validation.d.ts.map +1 -0
- package/dist/harness/internal/createRun/planProcess/validation.js +212 -0
- package/dist/harness/internal/createRun/planProcess/validationSource.d.ts +11 -0
- package/dist/harness/internal/createRun/planProcess/validationSource.d.ts.map +1 -0
- package/dist/harness/internal/createRun/planProcess/validationSource.js +328 -0
- package/dist/harness/internal/createRun/planProcess/validationText.d.ts +3 -0
- package/dist/harness/internal/createRun/planProcess/validationText.d.ts.map +1 -0
- package/dist/harness/internal/createRun/planProcess/validationText.js +145 -0
- package/dist/harness/internal/createRun/prompts.d.ts +49 -0
- package/dist/harness/internal/createRun/prompts.d.ts.map +1 -0
- package/dist/harness/internal/createRun/prompts.js +307 -0
- package/dist/harness/internal/createRun/resumeState.d.ts +28 -0
- package/dist/harness/internal/createRun/resumeState.d.ts.map +1 -0
- package/dist/harness/internal/createRun/resumeState.js +133 -0
- package/dist/harness/internal/createRun/utils.d.ts +182 -0
- package/dist/harness/internal/createRun/utils.d.ts.map +1 -0
- package/dist/harness/internal/createRun/utils.js +133 -0
- package/dist/harness/internal.d.ts +13 -0
- package/dist/harness/internal.d.ts.map +1 -0
- package/dist/harness/internal.js +149 -0
- package/dist/harness/invoker/launch.d.ts +20 -0
- package/dist/harness/invoker/launch.d.ts.map +1 -0
- package/dist/harness/invoker/launch.js +23 -0
- package/dist/harness/invoker/processControl.d.ts +11 -0
- package/dist/harness/invoker/processControl.d.ts.map +1 -0
- package/dist/harness/invoker/processControl.js +50 -0
- package/dist/harness/invoker.d.ts +43 -0
- package/dist/harness/invoker.d.ts.map +1 -0
- package/dist/harness/invoker.js +210 -0
- package/dist/harness/modeSelector.d.ts +50 -0
- package/dist/harness/modeSelector.d.ts.map +1 -0
- package/dist/harness/modeSelector.js +124 -0
- package/dist/harness/modelSelection.d.ts +37 -0
- package/dist/harness/modelSelection.d.ts.map +1 -0
- package/dist/harness/modelSelection.js +81 -0
- package/dist/harness/operatorCommands.d.ts +38 -0
- package/dist/harness/operatorCommands.d.ts.map +1 -0
- package/dist/harness/operatorCommands.js +118 -0
- package/dist/harness/piSecureSandbox.d.ts +8 -0
- package/dist/harness/piSecureSandbox.d.ts.map +1 -0
- package/dist/harness/piSecureSandbox.js +366 -0
- package/dist/harness/piSecureSandboxTypes.d.ts +51 -0
- package/dist/harness/piSecureSandboxTypes.d.ts.map +1 -0
- package/dist/harness/piSecureSandboxTypes.js +6 -0
- package/dist/harness/piWrapper/compaction.d.ts +13 -0
- package/dist/harness/piWrapper/compaction.d.ts.map +1 -0
- package/dist/harness/piWrapper/compaction.js +38 -0
- package/dist/harness/piWrapper/instructionPrompts.d.ts +2 -0
- package/dist/harness/piWrapper/instructionPrompts.d.ts.map +1 -0
- package/dist/harness/piWrapper/instructionPrompts.js +97 -0
- package/dist/harness/piWrapper/moduleSupport.d.ts +77 -0
- package/dist/harness/piWrapper/moduleSupport.d.ts.map +1 -0
- package/dist/harness/piWrapper/moduleSupport.js +204 -0
- package/dist/harness/piWrapper.d.ts +80 -0
- package/dist/harness/piWrapper.d.ts.map +1 -0
- package/dist/harness/piWrapper.js +389 -0
- package/dist/harness/piWrapper.test.d.ts +2 -0
- package/dist/harness/piWrapper.test.d.ts.map +1 -0
- package/dist/harness/piWrapper.test.js +193 -0
- package/dist/harness/planMode.d.ts +68 -0
- package/dist/harness/planMode.d.ts.map +1 -0
- package/dist/harness/planMode.js +145 -0
- package/dist/harness/selectionPolicies.d.ts +29 -0
- package/dist/harness/selectionPolicies.d.ts.map +1 -0
- package/dist/harness/selectionPolicies.js +165 -0
- package/dist/harness/types.d.ts +266 -0
- package/dist/harness/types.d.ts.map +1 -0
- package/dist/harness/types.js +34 -0
- package/dist/index.d.ts +16 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +54 -0
- package/dist/interaction/askUserQuestion/core.d.ts +8 -0
- package/dist/interaction/askUserQuestion/core.d.ts.map +1 -0
- package/dist/interaction/askUserQuestion/core.js +112 -0
- package/dist/interaction/askUserQuestion/terminal.d.ts +15 -0
- package/dist/interaction/askUserQuestion/terminal.d.ts.map +1 -0
- package/dist/interaction/askUserQuestion/terminal.js +128 -0
- package/dist/interaction/askUserQuestion.d.ts +10 -0
- package/dist/interaction/askUserQuestion.d.ts.map +1 -0
- package/dist/interaction/askUserQuestion.js +295 -0
- package/dist/interaction/askUserQuestionTypes.d.ts +31 -0
- package/dist/interaction/askUserQuestionTypes.d.ts.map +1 -0
- package/dist/interaction/askUserQuestionTypes.js +6 -0
- package/dist/interaction/index.d.ts +4 -0
- package/dist/interaction/index.d.ts.map +1 -0
- package/dist/interaction/index.js +20 -0
- package/dist/interaction/interactionRouter.d.ts +25 -0
- package/dist/interaction/interactionRouter.d.ts.map +1 -0
- package/dist/interaction/interactionRouter.js +55 -0
- package/dist/mcp/channels/allowlist.d.ts +19 -0
- package/dist/mcp/channels/allowlist.d.ts.map +1 -0
- package/dist/mcp/channels/allowlist.js +140 -0
- package/dist/mcp/channels/channelManager.d.ts +64 -0
- package/dist/mcp/channels/channelManager.d.ts.map +1 -0
- package/dist/mcp/channels/channelManager.js +137 -0
- package/dist/mcp/channels/inboundQueue.d.ts +47 -0
- package/dist/mcp/channels/inboundQueue.d.ts.map +1 -0
- package/dist/mcp/channels/inboundQueue.js +96 -0
- package/dist/mcp/channels/index.d.ts +17 -0
- package/dist/mcp/channels/index.d.ts.map +1 -0
- package/dist/mcp/channels/index.js +39 -0
- package/dist/mcp/channels/outbound.d.ts +33 -0
- package/dist/mcp/channels/outbound.d.ts.map +1 -0
- package/dist/mcp/channels/outbound.js +94 -0
- package/dist/mcp/channels/permissionRelay.d.ts +62 -0
- package/dist/mcp/channels/permissionRelay.d.ts.map +1 -0
- package/dist/mcp/channels/permissionRelay.js +159 -0
- package/dist/mcp/channels/types.d.ts +135 -0
- package/dist/mcp/channels/types.d.ts.map +1 -0
- package/dist/mcp/channels/types.js +16 -0
- package/dist/mcp/client/config.d.ts +28 -0
- package/dist/mcp/client/config.d.ts.map +1 -0
- package/dist/mcp/client/config.js +142 -0
- package/dist/mcp/client/executor.d.ts +30 -0
- package/dist/mcp/client/executor.d.ts.map +1 -0
- package/dist/mcp/client/executor.js +60 -0
- package/dist/mcp/client/index.d.ts +12 -0
- package/dist/mcp/client/index.d.ts.map +1 -0
- package/dist/mcp/client/index.js +27 -0
- package/dist/mcp/client/manager.d.ts +74 -0
- package/dist/mcp/client/manager.d.ts.map +1 -0
- package/dist/mcp/client/manager.js +214 -0
- package/dist/mcp/client/toolRegistry.d.ts +50 -0
- package/dist/mcp/client/toolRegistry.d.ts.map +1 -0
- package/dist/mcp/client/toolRegistry.js +118 -0
- package/dist/mcp/client/types.d.ts +96 -0
- package/dist/mcp/client/types.d.ts.map +1 -0
- package/dist/mcp/client/types.js +15 -0
- package/dist/mcp/transport/index.d.ts +9 -0
- package/dist/mcp/transport/index.d.ts.map +1 -0
- package/dist/mcp/transport/index.js +13 -0
- package/dist/mcp/transport/session.d.ts +18 -0
- package/dist/mcp/transport/session.d.ts.map +1 -0
- package/dist/mcp/transport/session.js +78 -0
- package/dist/mcp/transport/types.d.ts +19 -0
- package/dist/mcp/transport/types.d.ts.map +1 -0
- package/dist/mcp/transport/types.js +7 -0
- package/dist/mcp/transport/websocket.d.ts +41 -0
- package/dist/mcp/transport/websocket.d.ts.map +1 -0
- package/dist/mcp/transport/websocket.js +271 -0
- package/dist/observability/health.d.ts +19 -0
- package/dist/observability/health.d.ts.map +1 -0
- package/dist/observability/health.js +129 -0
- package/dist/observability/index.d.ts +7 -0
- package/dist/observability/index.d.ts.map +1 -0
- package/dist/observability/index.js +22 -0
- package/dist/observability/runStatus.d.ts +44 -0
- package/dist/observability/runStatus.d.ts.map +1 -0
- package/dist/observability/runStatus.js +169 -0
- package/dist/observability/timeline.d.ts +11 -0
- package/dist/observability/timeline.d.ts.map +1 -0
- package/dist/observability/timeline.js +176 -0
- package/dist/observability/types.d.ts +62 -0
- package/dist/observability/types.d.ts.map +1 -0
- package/dist/observability/types.js +8 -0
- package/dist/observability/webhooks.d.ts +68 -0
- package/dist/observability/webhooks.d.ts.map +1 -0
- package/dist/observability/webhooks.js +132 -0
- package/dist/plugins/index.d.ts +11 -0
- package/dist/plugins/index.d.ts.map +1 -0
- package/dist/plugins/index.js +18 -0
- package/dist/plugins/loader.d.ts +37 -0
- package/dist/plugins/loader.d.ts.map +1 -0
- package/dist/plugins/loader.js +112 -0
- package/dist/plugins/sandbox.d.ts +38 -0
- package/dist/plugins/sandbox.d.ts.map +1 -0
- package/dist/plugins/sandbox.js +109 -0
- package/dist/plugins/types.d.ts +27 -0
- package/dist/plugins/types.d.ts.map +1 -0
- package/dist/plugins/types.js +7 -0
- package/dist/plugins/version-check.d.ts +23 -0
- package/dist/plugins/version-check.d.ts.map +1 -0
- package/dist/plugins/version-check.js +70 -0
- package/dist/processes/index.d.ts +12 -0
- package/dist/processes/index.d.ts.map +1 -0
- package/dist/processes/index.js +15 -0
- package/dist/processes/recommender.d.ts +36 -0
- package/dist/processes/recommender.d.ts.map +1 -0
- package/dist/processes/recommender.js +73 -0
- package/dist/processes/scorer.d.ts +26 -0
- package/dist/processes/scorer.d.ts.map +1 -0
- package/dist/processes/scorer.js +104 -0
- package/dist/processes/types.d.ts +48 -0
- package/dist/processes/types.d.ts.map +1 -0
- package/dist/processes/types.js +9 -0
- package/dist/runtime/index.d.ts +3 -0
- package/dist/runtime/index.d.ts.map +1 -0
- package/dist/runtime/index.js +28 -0
- package/dist/seams/contract.d.ts +63 -0
- package/dist/seams/contract.d.ts.map +1 -0
- package/dist/seams/contract.js +138 -0
- package/dist/seams/contract.test.d.ts +2 -0
- package/dist/seams/contract.test.d.ts.map +1 -0
- package/dist/seams/contract.test.js +99 -0
- package/dist/seams/index.d.ts +3 -0
- package/dist/seams/index.d.ts.map +1 -0
- package/dist/seams/index.js +8 -0
- package/dist/session/context.d.ts +22 -0
- package/dist/session/context.d.ts.map +1 -0
- package/dist/session/context.js +113 -0
- package/dist/session/continuityState.d.ts +39 -0
- package/dist/session/continuityState.d.ts.map +1 -0
- package/dist/session/continuityState.js +164 -0
- package/dist/session/cost.d.ts +63 -0
- package/dist/session/cost.d.ts.map +1 -0
- package/dist/session/cost.js +194 -0
- package/dist/session/discovery.d.ts +22 -0
- package/dist/session/discovery.d.ts.map +1 -0
- package/dist/session/discovery.js +35 -0
- package/dist/session/history.d.ts +30 -0
- package/dist/session/history.d.ts.map +1 -0
- package/dist/session/history.js +143 -0
- package/dist/session/index.d.ts +7 -0
- package/dist/session/index.d.ts.map +1 -0
- package/dist/session/index.js +70 -0
- package/dist/session/memoryExtraction.d.ts +65 -0
- package/dist/session/memoryExtraction.d.ts.map +1 -0
- package/dist/session/memoryExtraction.js +201 -0
- package/dist/session/parse.d.ts +45 -0
- package/dist/session/parse.d.ts.map +1 -0
- package/dist/session/parse.js +170 -0
- package/dist/session/persistence.d.ts +46 -0
- package/dist/session/persistence.d.ts.map +1 -0
- package/dist/session/persistence.js +180 -0
- package/dist/session/types.d.ts +267 -0
- package/dist/session/types.d.ts.map +1 -0
- package/dist/session/types.js +45 -0
- package/dist/session/write.d.ts +61 -0
- package/dist/session/write.d.ts.map +1 -0
- package/dist/session/write.js +213 -0
- package/dist/skills/chain.d.ts +31 -0
- package/dist/skills/chain.d.ts.map +1 -0
- package/dist/skills/chain.js +113 -0
- package/dist/skills/discovery.d.ts +34 -0
- package/dist/skills/discovery.d.ts.map +1 -0
- package/dist/skills/discovery.js +185 -0
- package/dist/skills/index.d.ts +12 -0
- package/dist/skills/index.d.ts.map +1 -0
- package/dist/skills/index.js +18 -0
- package/dist/skills/router.d.ts +35 -0
- package/dist/skills/router.d.ts.map +1 -0
- package/dist/skills/router.js +143 -0
- package/dist/skills/types.d.ts +33 -0
- package/dist/skills/types.d.ts.map +1 -0
- package/dist/skills/types.js +5 -0
- package/dist/storage/atomic.d.ts +2 -0
- package/dist/storage/atomic.d.ts.map +1 -0
- package/dist/storage/atomic.js +54 -0
- package/dist/storage/clock.d.ts +2 -0
- package/dist/storage/clock.d.ts.map +1 -0
- package/dist/storage/clock.js +6 -0
- package/dist/storage/index.d.ts +7 -0
- package/dist/storage/index.d.ts.map +1 -0
- package/dist/storage/index.js +9 -0
- package/dist/storage/journalWatcher.d.ts +24 -0
- package/dist/storage/journalWatcher.d.ts.map +1 -0
- package/dist/storage/journalWatcher.js +172 -0
- package/dist/storage/paths.d.ts +5 -0
- package/dist/storage/paths.d.ts.map +1 -0
- package/dist/storage/paths.js +26 -0
- package/dist/storage/snapshotState.d.ts +10 -0
- package/dist/storage/snapshotState.d.ts.map +1 -0
- package/dist/storage/snapshotState.js +15 -0
- package/dist/storage/storeTaskArtifacts.d.ts +6 -0
- package/dist/storage/storeTaskArtifacts.d.ts.map +1 -0
- package/dist/storage/storeTaskArtifacts.js +55 -0
- package/dist/storage/types.d.ts +21 -0
- package/dist/storage/types.d.ts.map +1 -0
- package/dist/storage/types.js +2 -0
- package/dist/tasks/crud.d.ts +33 -0
- package/dist/tasks/crud.d.ts.map +1 -0
- package/dist/tasks/crud.js +150 -0
- package/dist/tasks/index.d.ts +2 -0
- package/dist/tasks/index.d.ts.map +1 -0
- package/dist/tasks/index.js +9 -0
- package/package.json +159 -0
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* GAP-SEC: Deterministic Policy Categories.
|
|
3
|
+
*
|
|
4
|
+
* Categorizes policy rules into A/B/C/D tiers with distinct enforcement
|
|
5
|
+
* behaviors and wraps the base policy engine with category-aware evaluation.
|
|
6
|
+
*/
|
|
7
|
+
import type { PolicyRule, PolicyEvaluationContext, PolicyDecision } from './types';
|
|
8
|
+
/** Policy category identifiers. */
|
|
9
|
+
export type PolicyCategory = 'A' | 'B' | 'C' | 'D';
|
|
10
|
+
/** A PolicyRule annotated with a category. */
|
|
11
|
+
export interface CategorizedPolicyRule extends PolicyRule {
|
|
12
|
+
category?: PolicyCategory;
|
|
13
|
+
}
|
|
14
|
+
/** Enforcement behavior per category. */
|
|
15
|
+
export interface CategoryEnforcementBehavior {
|
|
16
|
+
category: PolicyCategory;
|
|
17
|
+
description: string;
|
|
18
|
+
immutable: boolean;
|
|
19
|
+
requiresClassification: boolean;
|
|
20
|
+
isFallback: boolean;
|
|
21
|
+
}
|
|
22
|
+
/** Extended decision with category metadata. */
|
|
23
|
+
export interface CategorizedPolicyDecision extends PolicyDecision {
|
|
24
|
+
requiresClassification?: boolean;
|
|
25
|
+
usedFallback?: boolean;
|
|
26
|
+
}
|
|
27
|
+
/** Categorized engine interface. */
|
|
28
|
+
export interface CategorizedPolicyEngine {
|
|
29
|
+
readonly rules: readonly CategorizedPolicyRule[];
|
|
30
|
+
evaluate(context: PolicyEvaluationContext): CategorizedPolicyDecision;
|
|
31
|
+
}
|
|
32
|
+
/**
|
|
33
|
+
* Wrap a plain PolicyRule with a category annotation.
|
|
34
|
+
*/
|
|
35
|
+
export declare function categorizePolicyRule(rule: PolicyRule, category: PolicyCategory): CategorizedPolicyRule;
|
|
36
|
+
/**
|
|
37
|
+
* Infer a category for a rule that lacks one.
|
|
38
|
+
*
|
|
39
|
+
* Heuristic:
|
|
40
|
+
* - rate-limit + deny -> A (critical)
|
|
41
|
+
* - permission + deny -> C (needs classification)
|
|
42
|
+
* - trust-level -> D (fallback)
|
|
43
|
+
* - everything else -> B (advisory)
|
|
44
|
+
*/
|
|
45
|
+
export declare function inferPolicyCategory(rule: PolicyRule): PolicyCategory;
|
|
46
|
+
/**
|
|
47
|
+
* Create a categorized policy engine that evaluates rules with
|
|
48
|
+
* category-aware precedence:
|
|
49
|
+
*
|
|
50
|
+
* 1. Category A (immutable) - evaluated first, cannot be overridden
|
|
51
|
+
* 2. Category B (advisory) - warnings / normal evaluation
|
|
52
|
+
* 3. Category C (classification-required) - denials flagged
|
|
53
|
+
* 4. Category D (fallback) - posture-based fallback
|
|
54
|
+
*
|
|
55
|
+
* Accepts CategorizedPolicyRule[] (rules without a category are auto-inferred).
|
|
56
|
+
*/
|
|
57
|
+
export declare function createCategorizedEngine(rules: CategorizedPolicyRule[]): CategorizedPolicyEngine;
|
|
58
|
+
//# sourceMappingURL=categories.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"categories.d.ts","sourceRoot":"","sources":["../../src/governance/categories.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAAE,UAAU,EAAE,uBAAuB,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAMnF,mCAAmC;AACnC,MAAM,MAAM,cAAc,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;AAEnD,8CAA8C;AAC9C,MAAM,WAAW,qBAAsB,SAAQ,UAAU;IACvD,QAAQ,CAAC,EAAE,cAAc,CAAC;CAC3B;AAED,yCAAyC;AACzC,MAAM,WAAW,2BAA2B;IAC1C,QAAQ,EAAE,cAAc,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,OAAO,CAAC;IACnB,sBAAsB,EAAE,OAAO,CAAC;IAChC,UAAU,EAAE,OAAO,CAAC;CACrB;AAED,gDAAgD;AAChD,MAAM,WAAW,yBAA0B,SAAQ,cAAc;IAC/D,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB;AAED,oCAAoC;AACpC,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,KAAK,EAAE,SAAS,qBAAqB,EAAE,CAAC;IACjD,QAAQ,CAAC,OAAO,EAAE,uBAAuB,GAAG,yBAAyB,CAAC;CACvE;AAiBD;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,cAAc,GAAG,qBAAqB,CAEtG;AAED;;;;;;;;GAQG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,UAAU,GAAG,cAAc,CAKpE;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,qBAAqB,EAAE,GAAG,uBAAuB,CAuE/F"}
|
|
@@ -0,0 +1,120 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* GAP-SEC: Deterministic Policy Categories.
|
|
4
|
+
*
|
|
5
|
+
* Categorizes policy rules into A/B/C/D tiers with distinct enforcement
|
|
6
|
+
* behaviors and wraps the base policy engine with category-aware evaluation.
|
|
7
|
+
*/
|
|
8
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
9
|
+
exports.categorizePolicyRule = categorizePolicyRule;
|
|
10
|
+
exports.inferPolicyCategory = inferPolicyCategory;
|
|
11
|
+
exports.createCategorizedEngine = createCategorizedEngine;
|
|
12
|
+
const engine_1 = require("./engine");
|
|
13
|
+
// ---------------------------------------------------------------------------
|
|
14
|
+
// Category behaviours
|
|
15
|
+
// ---------------------------------------------------------------------------
|
|
16
|
+
const _CATEGORY_BEHAVIORS = {
|
|
17
|
+
A: { category: 'A', description: 'Immutable critical rules', immutable: true, requiresClassification: false, isFallback: false },
|
|
18
|
+
B: { category: 'B', description: 'Advisory rules', immutable: false, requiresClassification: false, isFallback: false },
|
|
19
|
+
C: { category: 'C', description: 'Classification-required rules', immutable: false, requiresClassification: true, isFallback: false },
|
|
20
|
+
D: { category: 'D', description: 'Fallback posture-based rules', immutable: false, requiresClassification: false, isFallback: true },
|
|
21
|
+
};
|
|
22
|
+
// ---------------------------------------------------------------------------
|
|
23
|
+
// Core functions
|
|
24
|
+
// ---------------------------------------------------------------------------
|
|
25
|
+
/**
|
|
26
|
+
* Wrap a plain PolicyRule with a category annotation.
|
|
27
|
+
*/
|
|
28
|
+
function categorizePolicyRule(rule, category) {
|
|
29
|
+
return { ...rule, category };
|
|
30
|
+
}
|
|
31
|
+
/**
|
|
32
|
+
* Infer a category for a rule that lacks one.
|
|
33
|
+
*
|
|
34
|
+
* Heuristic:
|
|
35
|
+
* - rate-limit + deny -> A (critical)
|
|
36
|
+
* - permission + deny -> C (needs classification)
|
|
37
|
+
* - trust-level -> D (fallback)
|
|
38
|
+
* - everything else -> B (advisory)
|
|
39
|
+
*/
|
|
40
|
+
function inferPolicyCategory(rule) {
|
|
41
|
+
if (rule.kind === 'rate-limit' && rule.action === 'deny')
|
|
42
|
+
return 'A';
|
|
43
|
+
if (rule.kind === 'permission' && rule.action === 'deny')
|
|
44
|
+
return 'C';
|
|
45
|
+
if (rule.kind === 'trust-level')
|
|
46
|
+
return 'D';
|
|
47
|
+
return 'B';
|
|
48
|
+
}
|
|
49
|
+
/**
|
|
50
|
+
* Create a categorized policy engine that evaluates rules with
|
|
51
|
+
* category-aware precedence:
|
|
52
|
+
*
|
|
53
|
+
* 1. Category A (immutable) - evaluated first, cannot be overridden
|
|
54
|
+
* 2. Category B (advisory) - warnings / normal evaluation
|
|
55
|
+
* 3. Category C (classification-required) - denials flagged
|
|
56
|
+
* 4. Category D (fallback) - posture-based fallback
|
|
57
|
+
*
|
|
58
|
+
* Accepts CategorizedPolicyRule[] (rules without a category are auto-inferred).
|
|
59
|
+
*/
|
|
60
|
+
function createCategorizedEngine(rules) {
|
|
61
|
+
// Ensure every rule has a category
|
|
62
|
+
const categorized = rules.map(r => r.category ? r : { ...r, category: inferPolicyCategory(r) });
|
|
63
|
+
// Partition by category
|
|
64
|
+
const byCategory = { A: [], B: [], C: [], D: [] };
|
|
65
|
+
for (const rule of categorized) {
|
|
66
|
+
byCategory[rule.category].push(rule);
|
|
67
|
+
}
|
|
68
|
+
// Build per-category engines
|
|
69
|
+
const engineA = (0, engine_1.createPolicyEngine)(byCategory.A);
|
|
70
|
+
const engineB = (0, engine_1.createPolicyEngine)(byCategory.B);
|
|
71
|
+
const engineC = (0, engine_1.createPolicyEngine)(byCategory.C);
|
|
72
|
+
const engineD = (0, engine_1.createPolicyEngine)(byCategory.D);
|
|
73
|
+
return {
|
|
74
|
+
rules: Object.freeze([...categorized]),
|
|
75
|
+
evaluate(context) {
|
|
76
|
+
const allWarnings = [];
|
|
77
|
+
// 1. Category A - immutable, first match wins
|
|
78
|
+
if (byCategory.A.length > 0) {
|
|
79
|
+
const decisionA = engineA.evaluate(context);
|
|
80
|
+
allWarnings.push(...decisionA.warnings);
|
|
81
|
+
if (!decisionA.allowed) {
|
|
82
|
+
return { ...decisionA, warnings: allWarnings };
|
|
83
|
+
}
|
|
84
|
+
// If A explicitly allows, still continue to collect warnings from B
|
|
85
|
+
// but A deny is final.
|
|
86
|
+
}
|
|
87
|
+
// 2. Category B - advisory (collect warnings)
|
|
88
|
+
if (byCategory.B.length > 0) {
|
|
89
|
+
const decisionB = engineB.evaluate(context);
|
|
90
|
+
allWarnings.push(...decisionB.warnings);
|
|
91
|
+
// B deny/allow also applies if no A deny
|
|
92
|
+
if (!decisionB.allowed) {
|
|
93
|
+
return { ...decisionB, warnings: allWarnings };
|
|
94
|
+
}
|
|
95
|
+
}
|
|
96
|
+
// 3. Category C - requires classification
|
|
97
|
+
if (byCategory.C.length > 0) {
|
|
98
|
+
const decisionC = engineC.evaluate(context);
|
|
99
|
+
allWarnings.push(...decisionC.warnings);
|
|
100
|
+
if (!decisionC.allowed) {
|
|
101
|
+
return { ...decisionC, warnings: allWarnings, requiresClassification: true };
|
|
102
|
+
}
|
|
103
|
+
}
|
|
104
|
+
// 4. Category D - fallback
|
|
105
|
+
if (byCategory.D.length > 0) {
|
|
106
|
+
const decisionD = engineD.evaluate(context);
|
|
107
|
+
allWarnings.push(...decisionD.warnings);
|
|
108
|
+
if (decisionD.rule) {
|
|
109
|
+
return { ...decisionD, warnings: allWarnings, usedFallback: true };
|
|
110
|
+
}
|
|
111
|
+
}
|
|
112
|
+
// Default allow
|
|
113
|
+
return {
|
|
114
|
+
allowed: true,
|
|
115
|
+
reason: 'Allowed by default policy',
|
|
116
|
+
warnings: allWarnings,
|
|
117
|
+
};
|
|
118
|
+
},
|
|
119
|
+
};
|
|
120
|
+
}
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* GAP-OBS-004: Policy Decision Trail.
|
|
3
|
+
*
|
|
4
|
+
* Audit trail for governance policy decisions. Records which policies
|
|
5
|
+
* were evaluated, their results, and the final decision for each
|
|
6
|
+
* effect dispatch.
|
|
7
|
+
*/
|
|
8
|
+
import type { PolicyRule, PolicyDecision } from "./types";
|
|
9
|
+
/** Record of a single policy's evaluation against an effect. */
|
|
10
|
+
export interface PolicyEvalRecord {
|
|
11
|
+
ruleId: string;
|
|
12
|
+
ruleKind: string;
|
|
13
|
+
action: string;
|
|
14
|
+
matched: boolean;
|
|
15
|
+
priority: number;
|
|
16
|
+
}
|
|
17
|
+
/** Full audit entry for one effect dispatch decision. */
|
|
18
|
+
export interface DecisionTrailEntry {
|
|
19
|
+
effectId: string;
|
|
20
|
+
effectKind: string;
|
|
21
|
+
evaluatedAt: string;
|
|
22
|
+
policies: PolicyEvalRecord[];
|
|
23
|
+
finalOutcome: "allow" | "deny";
|
|
24
|
+
decidingRuleId: string | undefined;
|
|
25
|
+
reason: string;
|
|
26
|
+
warnings: string[];
|
|
27
|
+
runId?: string;
|
|
28
|
+
stepId?: string;
|
|
29
|
+
}
|
|
30
|
+
/** Options to build a decision trail entry. */
|
|
31
|
+
export interface DecisionTrailOptions {
|
|
32
|
+
effectId: string;
|
|
33
|
+
effectKind: string;
|
|
34
|
+
rulesEvaluated: PolicyRule[];
|
|
35
|
+
finalDecision: PolicyDecision;
|
|
36
|
+
matchedRuleId?: string;
|
|
37
|
+
runId?: string;
|
|
38
|
+
stepId?: string;
|
|
39
|
+
}
|
|
40
|
+
/** Summary statistics for a set of decision trail entries. */
|
|
41
|
+
export interface DecisionTrailSummary {
|
|
42
|
+
totalEffects: number;
|
|
43
|
+
allowCount: number;
|
|
44
|
+
denyCount: number;
|
|
45
|
+
topDecidingRules: Array<{
|
|
46
|
+
ruleId: string;
|
|
47
|
+
count: number;
|
|
48
|
+
}>;
|
|
49
|
+
}
|
|
50
|
+
/**
|
|
51
|
+
* Build a DecisionTrailEntry from evaluation options.
|
|
52
|
+
* Pure function — no I/O.
|
|
53
|
+
*/
|
|
54
|
+
export declare function buildDecisionTrailEntry(options: DecisionTrailOptions): DecisionTrailEntry;
|
|
55
|
+
/**
|
|
56
|
+
* Summarize a collection of decision trail entries.
|
|
57
|
+
* Pure function — no I/O.
|
|
58
|
+
*/
|
|
59
|
+
export declare function summarizeDecisionTrail(entries: DecisionTrailEntry[]): DecisionTrailSummary;
|
|
60
|
+
//# sourceMappingURL=decisionTrail.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"decisionTrail.d.ts","sourceRoot":"","sources":["../../src/governance/decisionTrail.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAM1D,gEAAgE;AAChE,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,yDAAyD;AACzD,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,gBAAgB,EAAE,CAAC;IAC7B,YAAY,EAAE,OAAO,GAAG,MAAM,CAAC;IAC/B,cAAc,EAAE,MAAM,GAAG,SAAS,CAAC;IACnC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,+CAA+C;AAC/C,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,UAAU,EAAE,CAAC;IAC7B,aAAa,EAAE,cAAc,CAAC;IAC9B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,8DAA8D;AAC9D,MAAM,WAAW,oBAAoB;IACnC,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,gBAAgB,EAAE,KAAK,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CAC5D;AAMD;;;GAGG;AACH,wBAAgB,uBAAuB,CACrC,OAAO,EAAE,oBAAoB,GAC5B,kBAAkB,CAqBpB;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CACpC,OAAO,EAAE,kBAAkB,EAAE,GAC5B,oBAAoB,CA8BtB"}
|
|
@@ -0,0 +1,68 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* GAP-OBS-004: Policy Decision Trail.
|
|
4
|
+
*
|
|
5
|
+
* Audit trail for governance policy decisions. Records which policies
|
|
6
|
+
* were evaluated, their results, and the final decision for each
|
|
7
|
+
* effect dispatch.
|
|
8
|
+
*/
|
|
9
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
10
|
+
exports.buildDecisionTrailEntry = buildDecisionTrailEntry;
|
|
11
|
+
exports.summarizeDecisionTrail = summarizeDecisionTrail;
|
|
12
|
+
// ---------------------------------------------------------------------------
|
|
13
|
+
// Core functions
|
|
14
|
+
// ---------------------------------------------------------------------------
|
|
15
|
+
/**
|
|
16
|
+
* Build a DecisionTrailEntry from evaluation options.
|
|
17
|
+
* Pure function — no I/O.
|
|
18
|
+
*/
|
|
19
|
+
function buildDecisionTrailEntry(options) {
|
|
20
|
+
const policies = options.rulesEvaluated.map((rule) => ({
|
|
21
|
+
ruleId: rule.id,
|
|
22
|
+
ruleKind: rule.kind,
|
|
23
|
+
action: rule.action,
|
|
24
|
+
matched: rule.id === options.matchedRuleId,
|
|
25
|
+
priority: rule.priority,
|
|
26
|
+
}));
|
|
27
|
+
return {
|
|
28
|
+
effectId: options.effectId,
|
|
29
|
+
effectKind: options.effectKind,
|
|
30
|
+
evaluatedAt: new Date().toISOString(),
|
|
31
|
+
policies,
|
|
32
|
+
finalOutcome: options.finalDecision.allowed ? "allow" : "deny",
|
|
33
|
+
decidingRuleId: options.matchedRuleId,
|
|
34
|
+
reason: options.finalDecision.reason,
|
|
35
|
+
warnings: options.finalDecision.warnings,
|
|
36
|
+
runId: options.runId,
|
|
37
|
+
stepId: options.stepId,
|
|
38
|
+
};
|
|
39
|
+
}
|
|
40
|
+
/**
|
|
41
|
+
* Summarize a collection of decision trail entries.
|
|
42
|
+
* Pure function — no I/O.
|
|
43
|
+
*/
|
|
44
|
+
function summarizeDecisionTrail(entries) {
|
|
45
|
+
let allowCount = 0;
|
|
46
|
+
let denyCount = 0;
|
|
47
|
+
const ruleFreq = new Map();
|
|
48
|
+
for (const entry of entries) {
|
|
49
|
+
if (entry.finalOutcome === "allow") {
|
|
50
|
+
allowCount++;
|
|
51
|
+
}
|
|
52
|
+
else {
|
|
53
|
+
denyCount++;
|
|
54
|
+
}
|
|
55
|
+
if (entry.decidingRuleId) {
|
|
56
|
+
ruleFreq.set(entry.decidingRuleId, (ruleFreq.get(entry.decidingRuleId) ?? 0) + 1);
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
const topDecidingRules = [...ruleFreq.entries()]
|
|
60
|
+
.map(([ruleId, count]) => ({ ruleId, count }))
|
|
61
|
+
.sort((a, b) => b.count - a.count);
|
|
62
|
+
return {
|
|
63
|
+
totalEffects: entries.length,
|
|
64
|
+
allowCount,
|
|
65
|
+
denyCount,
|
|
66
|
+
topDecidingRules,
|
|
67
|
+
};
|
|
68
|
+
}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Governance Policy Engine (GAP-SEC-001).
|
|
3
|
+
* Evaluates declarative policy rules with precedence: deny > warn > allow > default-allow.
|
|
4
|
+
*/
|
|
5
|
+
import type { PolicyRule, PolicyCondition, PolicyEvaluationContext, PolicyEngine } from './types';
|
|
6
|
+
/**
|
|
7
|
+
* Evaluate a single condition against the evaluation context.
|
|
8
|
+
*/
|
|
9
|
+
export declare function matchCondition(condition: PolicyCondition, context: PolicyEvaluationContext): boolean;
|
|
10
|
+
/**
|
|
11
|
+
* Create a policy engine from a set of rules.
|
|
12
|
+
*
|
|
13
|
+
* Evaluation precedence:
|
|
14
|
+
* 1. Deny rules (sorted by priority desc) — first match blocks
|
|
15
|
+
* 2. Warn rules (all matching collected as warnings)
|
|
16
|
+
* 3. Allow rules (sorted by priority desc) — first match allows explicitly
|
|
17
|
+
* 4. Default: allow
|
|
18
|
+
*/
|
|
19
|
+
export declare function createPolicyEngine(rules: PolicyRule[]): PolicyEngine;
|
|
20
|
+
//# sourceMappingURL=engine.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../../src/governance/engine.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EACV,UAAU,EACV,eAAe,EACf,uBAAuB,EAEvB,YAAY,EACb,MAAM,SAAS,CAAC;AAiBjB;;GAEG;AACH,wBAAgB,cAAc,CAAC,SAAS,EAAE,eAAe,EAAE,OAAO,EAAE,uBAAuB,GAAG,OAAO,CAwCpG;AAaD;;;;;;;;GAQG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,UAAU,EAAE,GAAG,YAAY,CAmDpE"}
|
|
@@ -0,0 +1,124 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Governance Policy Engine (GAP-SEC-001).
|
|
4
|
+
* Evaluates declarative policy rules with precedence: deny > warn > allow > default-allow.
|
|
5
|
+
*/
|
|
6
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
7
|
+
exports.matchCondition = matchCondition;
|
|
8
|
+
exports.createPolicyEngine = createPolicyEngine;
|
|
9
|
+
const types_1 = require("./types");
|
|
10
|
+
/**
|
|
11
|
+
* Resolve a dot-notation field path against the evaluation context.
|
|
12
|
+
* Returns undefined if any segment is missing.
|
|
13
|
+
*/
|
|
14
|
+
function resolveField(context, fieldPath) {
|
|
15
|
+
const parts = fieldPath.split('.');
|
|
16
|
+
let current = context;
|
|
17
|
+
for (const part of parts) {
|
|
18
|
+
if (current == null || typeof current !== 'object')
|
|
19
|
+
return undefined;
|
|
20
|
+
current = current[part];
|
|
21
|
+
}
|
|
22
|
+
return current;
|
|
23
|
+
}
|
|
24
|
+
/**
|
|
25
|
+
* Evaluate a single condition against the evaluation context.
|
|
26
|
+
*/
|
|
27
|
+
function matchCondition(condition, context) {
|
|
28
|
+
const fieldValue = resolveField(context, condition.field);
|
|
29
|
+
if (fieldValue === undefined || fieldValue === null)
|
|
30
|
+
return false;
|
|
31
|
+
switch (condition.op) {
|
|
32
|
+
case 'eq':
|
|
33
|
+
return String(fieldValue) === condition.value;
|
|
34
|
+
case 'neq':
|
|
35
|
+
return String(fieldValue) !== condition.value;
|
|
36
|
+
case 'gt':
|
|
37
|
+
return typeof fieldValue === 'number' && fieldValue > Number(condition.value);
|
|
38
|
+
case 'lt':
|
|
39
|
+
return typeof fieldValue === 'number' && fieldValue < Number(condition.value);
|
|
40
|
+
case 'gte':
|
|
41
|
+
return typeof fieldValue === 'number' && fieldValue >= Number(condition.value);
|
|
42
|
+
case 'lte':
|
|
43
|
+
return typeof fieldValue === 'number' && fieldValue <= Number(condition.value);
|
|
44
|
+
case 'contains':
|
|
45
|
+
if (Array.isArray(fieldValue)) {
|
|
46
|
+
return fieldValue.includes(condition.value);
|
|
47
|
+
}
|
|
48
|
+
return String(fieldValue).includes(condition.value);
|
|
49
|
+
case 'matches':
|
|
50
|
+
try {
|
|
51
|
+
return new RegExp(condition.value).test(String(fieldValue));
|
|
52
|
+
}
|
|
53
|
+
catch {
|
|
54
|
+
return false;
|
|
55
|
+
}
|
|
56
|
+
default:
|
|
57
|
+
return false;
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
/**
|
|
61
|
+
* Check whether a rule matches the given context.
|
|
62
|
+
* Uses the stateful shouldMatch callback if present, otherwise declarative matchCondition.
|
|
63
|
+
*/
|
|
64
|
+
function ruleMatches(rule, context) {
|
|
65
|
+
if ((0, types_1.isStatefulRule)(rule)) {
|
|
66
|
+
return rule.shouldMatch(context);
|
|
67
|
+
}
|
|
68
|
+
return matchCondition(rule.condition, context);
|
|
69
|
+
}
|
|
70
|
+
/**
|
|
71
|
+
* Create a policy engine from a set of rules.
|
|
72
|
+
*
|
|
73
|
+
* Evaluation precedence:
|
|
74
|
+
* 1. Deny rules (sorted by priority desc) — first match blocks
|
|
75
|
+
* 2. Warn rules (all matching collected as warnings)
|
|
76
|
+
* 3. Allow rules (sorted by priority desc) — first match allows explicitly
|
|
77
|
+
* 4. Default: allow
|
|
78
|
+
*/
|
|
79
|
+
function createPolicyEngine(rules) {
|
|
80
|
+
// Pre-sort rules by action group, then priority descending
|
|
81
|
+
const denyRules = rules.filter(r => r.action === 'deny').sort((a, b) => b.priority - a.priority);
|
|
82
|
+
const warnRules = rules.filter(r => r.action === 'warn').sort((a, b) => b.priority - a.priority);
|
|
83
|
+
const allowRules = rules.filter(r => r.action === 'allow').sort((a, b) => b.priority - a.priority);
|
|
84
|
+
return {
|
|
85
|
+
rules: Object.freeze([...rules]),
|
|
86
|
+
evaluate(context) {
|
|
87
|
+
const warnings = [];
|
|
88
|
+
// 1. Deny rules — first match blocks
|
|
89
|
+
for (const rule of denyRules) {
|
|
90
|
+
if (ruleMatches(rule, context)) {
|
|
91
|
+
return {
|
|
92
|
+
allowed: false,
|
|
93
|
+
rule,
|
|
94
|
+
reason: `Denied by rule ${rule.id}`,
|
|
95
|
+
warnings,
|
|
96
|
+
};
|
|
97
|
+
}
|
|
98
|
+
}
|
|
99
|
+
// 2. Warn rules — collect all matching
|
|
100
|
+
for (const rule of warnRules) {
|
|
101
|
+
if (ruleMatches(rule, context)) {
|
|
102
|
+
warnings.push(`Warning from rule ${rule.id}: ${rule.metadata?.reason ?? rule.kind}`);
|
|
103
|
+
}
|
|
104
|
+
}
|
|
105
|
+
// 3. Allow rules — first match allows explicitly
|
|
106
|
+
for (const rule of allowRules) {
|
|
107
|
+
if (ruleMatches(rule, context)) {
|
|
108
|
+
return {
|
|
109
|
+
allowed: true,
|
|
110
|
+
rule,
|
|
111
|
+
reason: `Allowed by rule ${rule.id}`,
|
|
112
|
+
warnings,
|
|
113
|
+
};
|
|
114
|
+
}
|
|
115
|
+
}
|
|
116
|
+
// 4. Default: allow
|
|
117
|
+
return {
|
|
118
|
+
allowed: true,
|
|
119
|
+
reason: 'Allowed by default policy',
|
|
120
|
+
warnings,
|
|
121
|
+
};
|
|
122
|
+
},
|
|
123
|
+
};
|
|
124
|
+
}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Governance Policy Layer module (GAP-SEC-001).
|
|
3
|
+
* Centralized policy engine for evaluating security rules at effect dispatch.
|
|
4
|
+
*/
|
|
5
|
+
export type { PolicyRuleKind, PolicyConditionOp, PolicyAction, PolicyCondition, PolicyRule, StatefulPolicyRule, PolicyEvaluationContext, PolicyDecision, PolicyDecisionLog, PolicyEngine, } from './types';
|
|
6
|
+
export { isStatefulRule } from './types';
|
|
7
|
+
export { createPolicyEngine, matchCondition } from './engine';
|
|
8
|
+
export { maxIterationsPolicy, taskKindPolicy, rateLimitPolicy } from './builtins';
|
|
9
|
+
export { logPolicyDecision, readPolicyDecisionLog } from './logging';
|
|
10
|
+
export { breakpointRulesToPolicies } from './bridge';
|
|
11
|
+
export { buildDecisionTrailEntry, summarizeDecisionTrail, type DecisionTrailEntry, type DecisionTrailOptions, type DecisionTrailSummary, type PolicyEvalRecord, } from './decisionTrail';
|
|
12
|
+
export { createMandate, activateMandate, revokeMandate, deriveMandate, validateMandateForContext, mandateToPolicy, type ExecutionMandate, type MandateScope, type MandateLifecycle, type MandateProvenance, type MandateValidationResult, } from './mandate';
|
|
13
|
+
export { createAuthorityChain, validateAuthorityChain, attenuateScope, traceAuthorityToHuman, type AuthorityPrincipal, type AuthorityGrant, type AuthorityChain, type AuthorityChainLink, type AuthorityTrace, type AuthorityChainValidationResult, } from './authority';
|
|
14
|
+
export { categorizePolicyRule, createCategorizedEngine, inferPolicyCategory, type PolicyCategory, type CategorizedPolicyRule, type CategoryEnforcementBehavior, type CategorizedPolicyDecision, type CategorizedPolicyEngine, } from './categories';
|
|
15
|
+
export { postureToPolicyRules, allPosturesToPolicies, } from './postureBridge';
|
|
16
|
+
export { evaluateSandboxAccess, matchesPattern, composeSandboxPolicies, attenuateSandboxPolicy, type SandboxOperationKind, type SandboxRule, type SandboxPolicy, type SandboxDecision, type SandboxOperation, } from './sandboxPolicy';
|
|
17
|
+
export { sandboxDecisionToInteraction, buildSandboxEvent, inheritSandboxPolicy, type SandboxEvent, } from './sandboxBridge';
|
|
18
|
+
export { createPermissionEvent, aggregateChainEvents, filterEvents, type PermissionEvent, type PermissionEventSource, type CreatePermissionEventOptions, type FilterCriteria, } from './permissionEvents';
|
|
19
|
+
export { formatPermissionForTui, formatPermissionForJsonStream, formatPermissionForCli, createPropagationConfig, shouldPropagate, type PropagationTarget, type PropagationConfig, } from './permissionPropagation';
|
|
20
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/governance/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,YAAY,EACV,cAAc,EACd,iBAAiB,EACjB,YAAY,EACZ,eAAe,EACf,UAAU,EACV,kBAAkB,EAClB,uBAAuB,EACvB,cAAc,EACd,iBAAiB,EACjB,YAAY,GACb,MAAM,SAAS,CAAC;AAEjB,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAGzC,OAAO,EAAE,kBAAkB,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAG9D,OAAO,EAAE,mBAAmB,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAGlF,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAC;AAGrE,OAAO,EAAE,yBAAyB,EAAE,MAAM,UAAU,CAAC;AAGrD,OAAO,EACL,uBAAuB,EACvB,sBAAsB,EACtB,KAAK,kBAAkB,EACvB,KAAK,oBAAoB,EACzB,KAAK,oBAAoB,EACzB,KAAK,gBAAgB,GACtB,MAAM,iBAAiB,CAAC;AAGzB,OAAO,EACL,aAAa,EACb,eAAe,EACf,aAAa,EACb,aAAa,EACb,yBAAyB,EACzB,eAAe,EACf,KAAK,gBAAgB,EACrB,KAAK,YAAY,EACjB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,uBAAuB,GAC7B,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,oBAAoB,EACpB,sBAAsB,EACtB,cAAc,EACd,qBAAqB,EACrB,KAAK,kBAAkB,EACvB,KAAK,cAAc,EACnB,KAAK,cAAc,EACnB,KAAK,kBAAkB,EACvB,KAAK,cAAc,EACnB,KAAK,8BAA8B,GACpC,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,oBAAoB,EACpB,uBAAuB,EACvB,mBAAmB,EACnB,KAAK,cAAc,EACnB,KAAK,qBAAqB,EAC1B,KAAK,2BAA2B,EAChC,KAAK,yBAAyB,EAC9B,KAAK,uBAAuB,GAC7B,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,oBAAoB,EACpB,qBAAqB,GACtB,MAAM,iBAAiB,CAAC;AAGzB,OAAO,EACL,qBAAqB,EACrB,cAAc,EACd,sBAAsB,EACtB,sBAAsB,EACtB,KAAK,oBAAoB,EACzB,KAAK,WAAW,EAChB,KAAK,aAAa,EAClB,KAAK,eAAe,EACpB,KAAK,gBAAgB,GACtB,MAAM,iBAAiB,CAAC;AAGzB,OAAO,EACL,4BAA4B,EAC5B,iBAAiB,EACjB,oBAAoB,EACpB,KAAK,YAAY,GAClB,MAAM,iBAAiB,CAAC;AAGzB,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,YAAY,EACZ,KAAK,eAAe,EACpB,KAAK,qBAAqB,EAC1B,KAAK,4BAA4B,EACjC,KAAK,cAAc,GACpB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,sBAAsB,EACtB,6BAA6B,EAC7B,sBAAsB,EACtB,uBAAuB,EACvB,eAAe,EACf,KAAK,iBAAiB,EACtB,KAAK,iBAAiB,GACvB,MAAM,yBAAyB,CAAC"}
|
|
@@ -0,0 +1,75 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Governance Policy Layer module (GAP-SEC-001).
|
|
4
|
+
* Centralized policy engine for evaluating security rules at effect dispatch.
|
|
5
|
+
*/
|
|
6
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
7
|
+
exports.shouldPropagate = exports.createPropagationConfig = exports.formatPermissionForCli = exports.formatPermissionForJsonStream = exports.formatPermissionForTui = exports.filterEvents = exports.aggregateChainEvents = exports.createPermissionEvent = exports.inheritSandboxPolicy = exports.buildSandboxEvent = exports.sandboxDecisionToInteraction = exports.attenuateSandboxPolicy = exports.composeSandboxPolicies = exports.matchesPattern = exports.evaluateSandboxAccess = exports.allPosturesToPolicies = exports.postureToPolicyRules = exports.inferPolicyCategory = exports.createCategorizedEngine = exports.categorizePolicyRule = exports.traceAuthorityToHuman = exports.attenuateScope = exports.validateAuthorityChain = exports.createAuthorityChain = exports.mandateToPolicy = exports.validateMandateForContext = exports.deriveMandate = exports.revokeMandate = exports.activateMandate = exports.createMandate = exports.summarizeDecisionTrail = exports.buildDecisionTrailEntry = exports.breakpointRulesToPolicies = exports.readPolicyDecisionLog = exports.logPolicyDecision = exports.rateLimitPolicy = exports.taskKindPolicy = exports.maxIterationsPolicy = exports.matchCondition = exports.createPolicyEngine = exports.isStatefulRule = void 0;
|
|
8
|
+
var types_1 = require("./types");
|
|
9
|
+
Object.defineProperty(exports, "isStatefulRule", { enumerable: true, get: function () { return types_1.isStatefulRule; } });
|
|
10
|
+
// Engine
|
|
11
|
+
var engine_1 = require("./engine");
|
|
12
|
+
Object.defineProperty(exports, "createPolicyEngine", { enumerable: true, get: function () { return engine_1.createPolicyEngine; } });
|
|
13
|
+
Object.defineProperty(exports, "matchCondition", { enumerable: true, get: function () { return engine_1.matchCondition; } });
|
|
14
|
+
// Built-in policies
|
|
15
|
+
var builtins_1 = require("./builtins");
|
|
16
|
+
Object.defineProperty(exports, "maxIterationsPolicy", { enumerable: true, get: function () { return builtins_1.maxIterationsPolicy; } });
|
|
17
|
+
Object.defineProperty(exports, "taskKindPolicy", { enumerable: true, get: function () { return builtins_1.taskKindPolicy; } });
|
|
18
|
+
Object.defineProperty(exports, "rateLimitPolicy", { enumerable: true, get: function () { return builtins_1.rateLimitPolicy; } });
|
|
19
|
+
// Audit logging
|
|
20
|
+
var logging_1 = require("./logging");
|
|
21
|
+
Object.defineProperty(exports, "logPolicyDecision", { enumerable: true, get: function () { return logging_1.logPolicyDecision; } });
|
|
22
|
+
Object.defineProperty(exports, "readPolicyDecisionLog", { enumerable: true, get: function () { return logging_1.readPolicyDecisionLog; } });
|
|
23
|
+
// Breakpoint bridge
|
|
24
|
+
var bridge_1 = require("./bridge");
|
|
25
|
+
Object.defineProperty(exports, "breakpointRulesToPolicies", { enumerable: true, get: function () { return bridge_1.breakpointRulesToPolicies; } });
|
|
26
|
+
// Decision trail (GAP-OBS-004)
|
|
27
|
+
var decisionTrail_1 = require("./decisionTrail");
|
|
28
|
+
Object.defineProperty(exports, "buildDecisionTrailEntry", { enumerable: true, get: function () { return decisionTrail_1.buildDecisionTrailEntry; } });
|
|
29
|
+
Object.defineProperty(exports, "summarizeDecisionTrail", { enumerable: true, get: function () { return decisionTrail_1.summarizeDecisionTrail; } });
|
|
30
|
+
// Mandate system
|
|
31
|
+
var mandate_1 = require("./mandate");
|
|
32
|
+
Object.defineProperty(exports, "createMandate", { enumerable: true, get: function () { return mandate_1.createMandate; } });
|
|
33
|
+
Object.defineProperty(exports, "activateMandate", { enumerable: true, get: function () { return mandate_1.activateMandate; } });
|
|
34
|
+
Object.defineProperty(exports, "revokeMandate", { enumerable: true, get: function () { return mandate_1.revokeMandate; } });
|
|
35
|
+
Object.defineProperty(exports, "deriveMandate", { enumerable: true, get: function () { return mandate_1.deriveMandate; } });
|
|
36
|
+
Object.defineProperty(exports, "validateMandateForContext", { enumerable: true, get: function () { return mandate_1.validateMandateForContext; } });
|
|
37
|
+
Object.defineProperty(exports, "mandateToPolicy", { enumerable: true, get: function () { return mandate_1.mandateToPolicy; } });
|
|
38
|
+
// Authority chain
|
|
39
|
+
var authority_1 = require("./authority");
|
|
40
|
+
Object.defineProperty(exports, "createAuthorityChain", { enumerable: true, get: function () { return authority_1.createAuthorityChain; } });
|
|
41
|
+
Object.defineProperty(exports, "validateAuthorityChain", { enumerable: true, get: function () { return authority_1.validateAuthorityChain; } });
|
|
42
|
+
Object.defineProperty(exports, "attenuateScope", { enumerable: true, get: function () { return authority_1.attenuateScope; } });
|
|
43
|
+
Object.defineProperty(exports, "traceAuthorityToHuman", { enumerable: true, get: function () { return authority_1.traceAuthorityToHuman; } });
|
|
44
|
+
// Categorized policy engine
|
|
45
|
+
var categories_1 = require("./categories");
|
|
46
|
+
Object.defineProperty(exports, "categorizePolicyRule", { enumerable: true, get: function () { return categories_1.categorizePolicyRule; } });
|
|
47
|
+
Object.defineProperty(exports, "createCategorizedEngine", { enumerable: true, get: function () { return categories_1.createCategorizedEngine; } });
|
|
48
|
+
Object.defineProperty(exports, "inferPolicyCategory", { enumerable: true, get: function () { return categories_1.inferPolicyCategory; } });
|
|
49
|
+
// Posture-to-policy bridge
|
|
50
|
+
var postureBridge_1 = require("./postureBridge");
|
|
51
|
+
Object.defineProperty(exports, "postureToPolicyRules", { enumerable: true, get: function () { return postureBridge_1.postureToPolicyRules; } });
|
|
52
|
+
Object.defineProperty(exports, "allPosturesToPolicies", { enumerable: true, get: function () { return postureBridge_1.allPosturesToPolicies; } });
|
|
53
|
+
// Sandbox policy (GAP-SEC-002)
|
|
54
|
+
var sandboxPolicy_1 = require("./sandboxPolicy");
|
|
55
|
+
Object.defineProperty(exports, "evaluateSandboxAccess", { enumerable: true, get: function () { return sandboxPolicy_1.evaluateSandboxAccess; } });
|
|
56
|
+
Object.defineProperty(exports, "matchesPattern", { enumerable: true, get: function () { return sandboxPolicy_1.matchesPattern; } });
|
|
57
|
+
Object.defineProperty(exports, "composeSandboxPolicies", { enumerable: true, get: function () { return sandboxPolicy_1.composeSandboxPolicies; } });
|
|
58
|
+
Object.defineProperty(exports, "attenuateSandboxPolicy", { enumerable: true, get: function () { return sandboxPolicy_1.attenuateSandboxPolicy; } });
|
|
59
|
+
// Sandbox bridge (GAP-SEC-002)
|
|
60
|
+
var sandboxBridge_1 = require("./sandboxBridge");
|
|
61
|
+
Object.defineProperty(exports, "sandboxDecisionToInteraction", { enumerable: true, get: function () { return sandboxBridge_1.sandboxDecisionToInteraction; } });
|
|
62
|
+
Object.defineProperty(exports, "buildSandboxEvent", { enumerable: true, get: function () { return sandboxBridge_1.buildSandboxEvent; } });
|
|
63
|
+
Object.defineProperty(exports, "inheritSandboxPolicy", { enumerable: true, get: function () { return sandboxBridge_1.inheritSandboxPolicy; } });
|
|
64
|
+
// Permission events
|
|
65
|
+
var permissionEvents_1 = require("./permissionEvents");
|
|
66
|
+
Object.defineProperty(exports, "createPermissionEvent", { enumerable: true, get: function () { return permissionEvents_1.createPermissionEvent; } });
|
|
67
|
+
Object.defineProperty(exports, "aggregateChainEvents", { enumerable: true, get: function () { return permissionEvents_1.aggregateChainEvents; } });
|
|
68
|
+
Object.defineProperty(exports, "filterEvents", { enumerable: true, get: function () { return permissionEvents_1.filterEvents; } });
|
|
69
|
+
// Permission propagation
|
|
70
|
+
var permissionPropagation_1 = require("./permissionPropagation");
|
|
71
|
+
Object.defineProperty(exports, "formatPermissionForTui", { enumerable: true, get: function () { return permissionPropagation_1.formatPermissionForTui; } });
|
|
72
|
+
Object.defineProperty(exports, "formatPermissionForJsonStream", { enumerable: true, get: function () { return permissionPropagation_1.formatPermissionForJsonStream; } });
|
|
73
|
+
Object.defineProperty(exports, "formatPermissionForCli", { enumerable: true, get: function () { return permissionPropagation_1.formatPermissionForCli; } });
|
|
74
|
+
Object.defineProperty(exports, "createPropagationConfig", { enumerable: true, get: function () { return permissionPropagation_1.createPropagationConfig; } });
|
|
75
|
+
Object.defineProperty(exports, "shouldPropagate", { enumerable: true, get: function () { return permissionPropagation_1.shouldPropagate; } });
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Governance policy decision audit logging (GAP-SEC-001).
|
|
3
|
+
* Appends decisions to a JSONL file for audit trail.
|
|
4
|
+
* Uses async handle-based I/O with fsync for crash safety.
|
|
5
|
+
*/
|
|
6
|
+
import type { PolicyDecisionLog } from './types';
|
|
7
|
+
/**
|
|
8
|
+
* Append a policy decision to the audit log.
|
|
9
|
+
* Uses handle-based async I/O with fsync for crash safety.
|
|
10
|
+
*/
|
|
11
|
+
export declare function logPolicyDecision(logDir: string, entry: PolicyDecisionLog): Promise<void>;
|
|
12
|
+
/**
|
|
13
|
+
* Read all policy decisions from the audit log.
|
|
14
|
+
* Returns empty array if the file does not exist.
|
|
15
|
+
* Throws on permission errors or other unexpected failures.
|
|
16
|
+
*/
|
|
17
|
+
export declare function readPolicyDecisionLog(logDir: string): Promise<PolicyDecisionLog[]>;
|
|
18
|
+
//# sourceMappingURL=logging.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"logging.d.ts","sourceRoot":"","sources":["../../src/governance/logging.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAC;AAIjD;;;GAGG;AACH,wBAAsB,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC,CAW/F;AAED;;;;GAIG;AACH,wBAAsB,qBAAqB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,EAAE,CAAC,CAaxF"}
|