@aduek/ne-sy 0.1.0-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,53 @@
1
+ export type BillableCategory = "blocked_high_risk_action" | "review_routed_action" | "governed_execution" | "governed_action";
2
+ export type ExclusionReason = "malformed_audit_event" | "invalid_hash_evidence" | "duplicate_event_identity" | "missing_customer_or_workspace" | "verification_error" | "dry_run_or_demo_event" | "excluded_metadata_flag" | "action_type_not_included";
3
+ export type HashValidationMode = "off" | "validate_when_present" | "require_hashes";
4
+ export interface OutcomeMeteringConfig {
5
+ customerId: string;
6
+ workspaceId: string;
7
+ includedActionTypes: string[];
8
+ excludedMetadataFlags: string[];
9
+ includeDemoEvents: boolean;
10
+ hashValidationMode: HashValidationMode;
11
+ }
12
+ export interface UsageRecord {
13
+ customerId: string;
14
+ workspaceId: string;
15
+ eventId: string | null;
16
+ actionId: string | null;
17
+ actionType: string | null;
18
+ decision: string | null;
19
+ executionOutcome: string | null;
20
+ policyPackId: string | null;
21
+ policyVersion: string | null;
22
+ policyHash: string | null;
23
+ actionHash: string | null;
24
+ envelopeHash: string | null;
25
+ evidenceHash: string | null;
26
+ verifierVersion: string | null;
27
+ billableCategory: BillableCategory | null;
28
+ billable: boolean;
29
+ exclusionReason: ExclusionReason | null;
30
+ timestamp: string | null;
31
+ }
32
+ export interface MeteringSummary {
33
+ totalRecords: number;
34
+ billableRecords: number;
35
+ excludedRecords: number;
36
+ byCustomerWorkspace: Record<string, number>;
37
+ byPolicyPack: Record<string, number>;
38
+ byActionType: Record<string, number>;
39
+ byDecision: Record<string, number>;
40
+ byExecutionOutcome: Record<string, number>;
41
+ byBillableCategory: Record<string, number>;
42
+ byExclusionReason: Record<string, number>;
43
+ }
44
+ export interface MeteringResult {
45
+ records: UsageRecord[];
46
+ summary: MeteringSummary;
47
+ }
48
+ export declare function loadOutcomeConfig(path: string): OutcomeMeteringConfig;
49
+ export declare function meterAuditJsonl(path: string, config: OutcomeMeteringConfig | unknown): MeteringResult;
50
+ export declare function meterAuditEventsJsonl(jsonl: string, config: OutcomeMeteringConfig | unknown): MeteringResult;
51
+ export declare function meterAuditEvents(events: Iterable<unknown>, config: OutcomeMeteringConfig | unknown): MeteringResult;
52
+ export declare function summarizeUsageRecords(records: Iterable<UsageRecord>): MeteringSummary;
53
+ //# sourceMappingURL=metering.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"metering.d.ts","sourceRoot":"","sources":["../src/metering.ts"],"names":[],"mappings":"AAOA,MAAM,MAAM,gBAAgB,GACxB,0BAA0B,GAC1B,sBAAsB,GACtB,oBAAoB,GACpB,iBAAiB,CAAC;AAEtB,MAAM,MAAM,eAAe,GACvB,uBAAuB,GACvB,uBAAuB,GACvB,0BAA0B,GAC1B,+BAA+B,GAC/B,oBAAoB,GACpB,uBAAuB,GACvB,wBAAwB,GACxB,0BAA0B,CAAC;AAE/B,MAAM,MAAM,kBAAkB,GAAG,KAAK,GAAG,uBAAuB,GAAG,gBAAgB,CAAC;AAEpF,MAAM,WAAW,qBAAqB;IACpC,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,mBAAmB,EAAE,MAAM,EAAE,CAAC;IAC9B,qBAAqB,EAAE,MAAM,EAAE,CAAC;IAChC,iBAAiB,EAAE,OAAO,CAAC;IAC3B,kBAAkB,EAAE,kBAAkB,CAAC;CACxC;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,gBAAgB,EAAE,gBAAgB,GAAG,IAAI,CAAC;IAC1C,QAAQ,EAAE,OAAO,CAAC;IAClB,eAAe,EAAE,eAAe,GAAG,IAAI,CAAC;IACxC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED,MAAM,WAAW,eAAe;IAC9B,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,MAAM,CAAC;IACxB,mBAAmB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC5C,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACrC,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACrC,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnC,kBAAkB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC3C,kBAAkB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC3C,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC3C;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,WAAW,EAAE,CAAC;IACvB,OAAO,EAAE,eAAe,CAAC;CAC1B;AAID,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,qBAAqB,CAErE;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,qBAAqB,GAAG,OAAO,GAAG,cAAc,CAErG;AAED,wBAAgB,qBAAqB,CACnC,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,qBAAqB,GAAG,OAAO,GACtC,cAAc,CAYhB;AAED,wBAAgB,gBAAgB,CAC9B,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,EACzB,MAAM,EAAE,qBAAqB,GAAG,OAAO,GACtC,cAAc,CAKhB;AAED,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,QAAQ,CAAC,WAAW,CAAC,GAAG,eAAe,CAcrF"}
@@ -0,0 +1,224 @@
1
+ import { readFileSync } from "node:fs";
2
+ import { validateAuditEvent } from "./audit.js";
3
+ import { hashAction, hashAuditEvidence, hashEnvelope } from "./evidence.js";
4
+ import { isRecord } from "./utils.js";
5
+ const HEX_64 = /^[0-9a-f]{64}$/;
6
+ export function loadOutcomeConfig(path) {
7
+ return normalizeConfig(JSON.parse(readFileSync(path, "utf8")));
8
+ }
9
+ export function meterAuditJsonl(path, config) {
10
+ return meterAuditEventsJsonl(readFileSync(path, "utf8"), config);
11
+ }
12
+ export function meterAuditEventsJsonl(jsonl, config) {
13
+ const events = [];
14
+ for (const line of jsonl.split(/\r?\n/)) {
15
+ const trimmed = line.trim();
16
+ if (!trimmed)
17
+ continue;
18
+ try {
19
+ events.push(JSON.parse(trimmed));
20
+ }
21
+ catch {
22
+ events.push({ _malformedJsonLine: trimmed });
23
+ }
24
+ }
25
+ return meterAuditEvents(events, config);
26
+ }
27
+ export function meterAuditEvents(events, config) {
28
+ const outcomeConfig = normalizeConfig(config);
29
+ const seen = new Set();
30
+ const records = Array.from(events, (event) => meterEvent(event, outcomeConfig, seen));
31
+ return { records, summary: summarizeUsageRecords(records) };
32
+ }
33
+ export function summarizeUsageRecords(records) {
34
+ const recordList = Array.from(records);
35
+ return {
36
+ totalRecords: recordList.length,
37
+ billableRecords: recordList.filter((record) => record.billable).length,
38
+ excludedRecords: recordList.filter((record) => record.exclusionReason !== null).length,
39
+ byCustomerWorkspace: count(recordList, (record) => `${record.customerId}/${record.workspaceId}`),
40
+ byPolicyPack: count(recordList, (record) => `${record.policyPackId ?? "<none>"}/${record.policyVersion ?? "<none>"}`),
41
+ byActionType: count(recordList, (record) => record.actionType),
42
+ byDecision: count(recordList, (record) => record.decision),
43
+ byExecutionOutcome: count(recordList, (record) => record.executionOutcome),
44
+ byBillableCategory: count(recordList, (record) => record.billableCategory),
45
+ byExclusionReason: count(recordList, (record) => record.exclusionReason),
46
+ };
47
+ }
48
+ function meterEvent(event, config, seen) {
49
+ let exclusionReason = exclusionFor(event, config);
50
+ const dedupeKey = isRecord(event) ? dedupeKeyFor(event) : null;
51
+ if (exclusionReason === null && dedupeKey !== null) {
52
+ if (seen.has(dedupeKey)) {
53
+ exclusionReason = "duplicate_event_identity";
54
+ }
55
+ else {
56
+ seen.add(dedupeKey);
57
+ }
58
+ }
59
+ const billableCategory = exclusionReason === null ? billableCategoryFor(event) : null;
60
+ return {
61
+ ...baseFields(event, config),
62
+ billableCategory,
63
+ billable: billableCategory !== null && exclusionReason === null,
64
+ exclusionReason,
65
+ };
66
+ }
67
+ function baseFields(event, config) {
68
+ const action = isRecord(event) && isRecord(event.action) ? event.action : undefined;
69
+ const decision = isRecord(event) && isRecord(event.decision) ? event.decision : undefined;
70
+ const runtime = isRecord(event) && isRecord(event.runtime) ? event.runtime : undefined;
71
+ return {
72
+ customerId: config.customerId,
73
+ workspaceId: config.workspaceId,
74
+ eventId: stringOrNull(isRecord(event) ? event.id : undefined),
75
+ actionId: stringOrNull(action?.id),
76
+ actionType: stringOrNull(action?.type),
77
+ decision: stringOrNull(decision?.decision),
78
+ executionOutcome: stringOrNull(runtime?.executionOutcome),
79
+ policyPackId: stringOrNull(isRecord(event) ? event.policyPackId : undefined),
80
+ policyVersion: stringOrNull(isRecord(event) ? event.policyVersion : undefined),
81
+ policyHash: stringOrNull(isRecord(event) ? event.policyHash : undefined),
82
+ actionHash: stringOrNull(isRecord(event) ? event.actionHash : undefined),
83
+ envelopeHash: stringOrNull(isRecord(event) ? event.envelopeHash : undefined),
84
+ evidenceHash: stringOrNull(isRecord(event) ? event.evidenceHash : undefined),
85
+ verifierVersion: stringOrNull(isRecord(event) ? event.verifierVersion : undefined),
86
+ timestamp: stringOrNull(isRecord(event) ? event.timestamp : undefined),
87
+ };
88
+ }
89
+ function exclusionFor(event, config) {
90
+ if (!config.customerId || !config.workspaceId)
91
+ return "missing_customer_or_workspace";
92
+ if (!isRecord(event) || validateAuditEvent(event).length > 0)
93
+ return "malformed_audit_event";
94
+ if (!hashesValid(event, config.hashValidationMode))
95
+ return "invalid_hash_evidence";
96
+ if (isVerificationError(event))
97
+ return "verification_error";
98
+ if (!config.includeDemoEvents && isDemoOrFixtureEvent(event))
99
+ return "dry_run_or_demo_event";
100
+ if (hasExcludedFlag(event, config.excludedMetadataFlags))
101
+ return "excluded_metadata_flag";
102
+ const actionType = isRecord(event.action) ? event.action.type : undefined;
103
+ if (config.includedActionTypes.length > 0 && !config.includedActionTypes.includes(String(actionType))) {
104
+ return "action_type_not_included";
105
+ }
106
+ return null;
107
+ }
108
+ function hashesValid(event, mode) {
109
+ if (mode === "off")
110
+ return true;
111
+ const required = mode === "require_hashes";
112
+ const expected = [
113
+ ["actionHash", hashAction(event.action)],
114
+ ["envelopeHash", hashEnvelope({
115
+ agent: event.runtime?.agent,
116
+ action: event.action,
117
+ context: event.runtime?.context,
118
+ policyPackId: event.policyPackId,
119
+ policyVersion: event.policyVersion,
120
+ policyHash: event.policyHash,
121
+ })],
122
+ ["evidenceHash", hashAuditEvidence(event)],
123
+ ];
124
+ for (const [field, value] of expected) {
125
+ const actual = event[field];
126
+ if (actual === undefined) {
127
+ if (required)
128
+ return false;
129
+ continue;
130
+ }
131
+ if (actual !== value)
132
+ return false;
133
+ }
134
+ if (event.policyHash === undefined) {
135
+ if (required)
136
+ return false;
137
+ }
138
+ else if (!HEX_64.test(event.policyHash)) {
139
+ return false;
140
+ }
141
+ if (event.verifierVersion === undefined)
142
+ return !required;
143
+ return typeof event.verifierVersion === "string" && event.verifierVersion.length > 0;
144
+ }
145
+ function billableCategoryFor(event) {
146
+ const decision = isRecord(event) && isRecord(event.decision) ? event.decision.decision : undefined;
147
+ const outcome = isRecord(event) && isRecord(event.runtime) ? event.runtime.executionOutcome : undefined;
148
+ if (decision === "deny" && outcome === "blocked")
149
+ return "blocked_high_risk_action";
150
+ if (decision === "review" && outcome === "pending_review")
151
+ return "review_routed_action";
152
+ if ((decision === "allow" || decision === "log") && outcome === "executed")
153
+ return "governed_execution";
154
+ return "governed_action";
155
+ }
156
+ function dedupeKeyFor(event) {
157
+ if (typeof event.evidenceHash === "string")
158
+ return `evidenceHash:${event.evidenceHash}`;
159
+ if (typeof event.actionHash === "string" &&
160
+ typeof event.policyHash === "string" &&
161
+ isRecord(event.runtime) &&
162
+ typeof event.runtime.executionOutcome === "string") {
163
+ return `actionPolicyOutcome:${event.actionHash}:${event.policyHash}:${event.runtime.executionOutcome}`;
164
+ }
165
+ if (typeof event.id === "string")
166
+ return `id:${event.id}`;
167
+ return null;
168
+ }
169
+ function isVerificationError(event) {
170
+ const metadata = isRecord(event.decision) && isRecord(event.decision.metadata)
171
+ ? event.decision.metadata
172
+ : undefined;
173
+ return Boolean(metadata?.errorCategory || metadata?.errorCode || metadata?.failClosed);
174
+ }
175
+ function isDemoOrFixtureEvent(event) {
176
+ const actionMetadata = isRecord(event.action) && isRecord(event.action.metadata)
177
+ ? event.action.metadata
178
+ : undefined;
179
+ if (actionMetadata?.fixture || actionMetadata?.demo || actionMetadata?.dryRun)
180
+ return true;
181
+ const context = isRecord(event.runtime) && isRecord(event.runtime.context)
182
+ ? event.runtime.context
183
+ : undefined;
184
+ return context?.environment === "test" || context?.environment === "demo" || context?.fixture === true;
185
+ }
186
+ function hasExcludedFlag(event, flags) {
187
+ const actionMetadata = isRecord(event.action) && isRecord(event.action.metadata)
188
+ ? event.action.metadata
189
+ : undefined;
190
+ const decisionMetadata = isRecord(event.decision) && isRecord(event.decision.metadata)
191
+ ? event.decision.metadata
192
+ : undefined;
193
+ return [actionMetadata, decisionMetadata].some((metadata) => isRecord(metadata) && flags.some((flag) => metadata[flag] === true));
194
+ }
195
+ function normalizeConfig(value) {
196
+ const record = isRecord(value) ? value : {};
197
+ return {
198
+ customerId: typeof record.customerId === "string" ? record.customerId : "",
199
+ workspaceId: typeof record.workspaceId === "string" ? record.workspaceId : "",
200
+ includedActionTypes: stringArray(record.includedActionTypes),
201
+ excludedMetadataFlags: stringArray(record.excludedMetadataFlags),
202
+ includeDemoEvents: record.includeDemoEvents === true,
203
+ hashValidationMode: hashValidationMode(record.hashValidationMode),
204
+ };
205
+ }
206
+ function count(records, keyFn) {
207
+ const counts = {};
208
+ for (const record of records) {
209
+ const key = keyFn(record) ?? "<none>";
210
+ counts[key] = (counts[key] ?? 0) + 1;
211
+ }
212
+ return Object.fromEntries(Object.entries(counts).sort(([left], [right]) => left.localeCompare(right)));
213
+ }
214
+ function stringArray(value) {
215
+ return Array.isArray(value) && value.every((item) => typeof item === "string") ? value : [];
216
+ }
217
+ function hashValidationMode(value) {
218
+ return value === "off" || value === "validate_when_present" || value === "require_hashes"
219
+ ? value
220
+ : "validate_when_present";
221
+ }
222
+ function stringOrNull(value) {
223
+ return typeof value === "string" ? value : null;
224
+ }
@@ -0,0 +1,29 @@
1
+ import type { AuditEvent, Decision, PolicyInput } from "./types.js";
2
+ export type OpenAiGuardrailBehavior = "allow" | "rejectContent";
3
+ export interface OpenAiToolActionInput {
4
+ agent: unknown;
5
+ toolName: string;
6
+ toolArguments?: Record<string, unknown> | string | null;
7
+ actionType?: string;
8
+ target?: unknown;
9
+ metadata?: Record<string, unknown>;
10
+ actionId?: string;
11
+ timestamp?: string;
12
+ }
13
+ export interface OpenAiToolInputGuardrailInput extends OpenAiToolActionInput {
14
+ policies?: PolicyInput;
15
+ context?: unknown;
16
+ auditPath?: string;
17
+ failClosed?: boolean;
18
+ }
19
+ export interface OpenAiToolInputGuardrailResult {
20
+ allowed: boolean;
21
+ decision: Decision;
22
+ auditEvent: AuditEvent;
23
+ action: Record<string, unknown>;
24
+ guardrailBehavior: OpenAiGuardrailBehavior;
25
+ message: string;
26
+ }
27
+ export declare function createOpenAiToolAction(input: OpenAiToolActionInput): Record<string, unknown>;
28
+ export declare function runOpenAiToolInputGuardrail(input: OpenAiToolInputGuardrailInput): Promise<OpenAiToolInputGuardrailResult>;
29
+ //# sourceMappingURL=openaiAgents.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"openaiAgents.d.ts","sourceRoot":"","sources":["../src/openaiAgents.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAKpE,MAAM,MAAM,uBAAuB,GAAG,OAAO,GAAG,eAAe,CAAC;AAEhE,MAAM,WAAW,qBAAqB;IACpC,KAAK,EAAE,OAAO,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,GAAG,IAAI,CAAC;IACxD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,6BAA8B,SAAQ,qBAAqB;IAC1E,QAAQ,CAAC,EAAE,WAAW,CAAC;IACvB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,8BAA8B;IAC7C,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,QAAQ,CAAC;IACnB,UAAU,EAAE,UAAU,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,iBAAiB,EAAE,uBAAuB,CAAC;IAC3C,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,qBAAqB,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAyB5F;AAED,wBAAsB,2BAA2B,CAC/C,KAAK,EAAE,6BAA6B,GACnC,OAAO,CAAC,8BAA8B,CAAC,CAsBzC"}
@@ -0,0 +1,81 @@
1
+ import { randomUUID } from "node:crypto";
2
+ import { PolicyEvaluationError } from "./types.js";
3
+ import { agentRef, isRecord } from "./utils.js";
4
+ import { verifyActionWithEvent } from "./verifier.js";
5
+ export function createOpenAiToolAction(input) {
6
+ const kwargs = parseToolArguments(input.toolArguments);
7
+ const metadata = {
8
+ ...(input.metadata ?? {}),
9
+ framework: "openai-agents",
10
+ guardrail: "tool_input",
11
+ toolName: input.toolName,
12
+ };
13
+ return {
14
+ id: input.actionId ?? randomUUID(),
15
+ type: input.actionType ?? "tool.call",
16
+ actor: agentRef(input.agent),
17
+ target: input.target ?? {
18
+ id: input.toolName,
19
+ kind: "function",
20
+ trustBoundary: "internal",
21
+ },
22
+ input: {
23
+ args: [],
24
+ kwargs,
25
+ },
26
+ metadata,
27
+ timestamp: input.timestamp ?? new Date().toISOString(),
28
+ };
29
+ }
30
+ export async function runOpenAiToolInputGuardrail(input) {
31
+ const action = createOpenAiToolAction(input);
32
+ const verification = await verifyActionWithEvent({
33
+ agent: input.agent,
34
+ action,
35
+ context: input.context ?? {},
36
+ policies: input.policies,
37
+ auditPath: input.auditPath,
38
+ failClosed: input.failClosed,
39
+ });
40
+ const guardrailBehavior = verification.decision.allowed
41
+ ? "allow"
42
+ : "rejectContent";
43
+ return {
44
+ allowed: verification.decision.allowed,
45
+ decision: verification.decision,
46
+ auditEvent: verification.auditEvent,
47
+ action,
48
+ guardrailBehavior,
49
+ message: verification.decision.reason,
50
+ };
51
+ }
52
+ function parseToolArguments(toolArguments) {
53
+ if (toolArguments === undefined || toolArguments === null)
54
+ return {};
55
+ if (typeof toolArguments === "string") {
56
+ let parsed;
57
+ try {
58
+ parsed = JSON.parse(toolArguments);
59
+ }
60
+ catch (error) {
61
+ throw new PolicyEvaluationError("toolArguments must be a JSON object string", {
62
+ category: "adapter_input_error",
63
+ code: "adapter_invalid_json_arguments",
64
+ });
65
+ }
66
+ if (!isRecord(parsed)) {
67
+ throw new PolicyEvaluationError("toolArguments must be a JSON object string", {
68
+ category: "adapter_input_error",
69
+ code: "adapter_arguments_not_object",
70
+ });
71
+ }
72
+ return parsed;
73
+ }
74
+ if (!isRecord(toolArguments)) {
75
+ throw new PolicyEvaluationError("toolArguments must be an object, JSON object string, or null", {
76
+ category: "adapter_input_error",
77
+ code: "adapter_invalid_arguments",
78
+ });
79
+ }
80
+ return { ...toolArguments };
81
+ }
@@ -0,0 +1,12 @@
1
+ import type { Decision, PolicyAnalysis, PolicyInput } from "./types.js";
2
+ export declare const POLICY_HASH_ALGORITHM = "sha256";
3
+ export declare function analyzePolicies(policyInput?: PolicyInput): PolicyAnalysis;
4
+ export declare function validatePolicyPack(policyInput?: PolicyInput): string[];
5
+ export declare function assertValidPolicyPack(policyInput?: PolicyInput): void;
6
+ export declare function evaluatePolicies(agent: unknown, action: unknown, context: unknown, policyInput?: PolicyInput): Decision;
7
+ export declare function policyVersion(policyInput?: PolicyInput): string | undefined;
8
+ export declare function policyPackId(policyInput?: PolicyInput): string | undefined;
9
+ export declare function policyHash(policyInput?: PolicyInput): string | undefined;
10
+ export declare function canonicalPolicyJson(policyInput: PolicyInput): string;
11
+ export declare function hashPolicyPack(policyInput: PolicyInput): string;
12
+ //# sourceMappingURL=policy.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"policy.d.ts","sourceRoot":"","sources":["../src/policy.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAEV,QAAQ,EAER,cAAc,EAEd,WAAW,EAEZ,MAAM,YAAY,CAAC;AAiBpB,eAAO,MAAM,qBAAqB,WAAW,CAAC;AAY9C,wBAAgB,eAAe,CAAC,WAAW,CAAC,EAAE,WAAW,GAAG,cAAc,CAyFzE;AAED,wBAAgB,kBAAkB,CAAC,WAAW,CAAC,EAAE,WAAW,GAAG,MAAM,EAAE,CAMtE;AAED,wBAAgB,qBAAqB,CAAC,WAAW,CAAC,EAAE,WAAW,GAAG,IAAI,CAMrE;AAED,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,OAAO,EACd,MAAM,EAAE,OAAO,EACf,OAAO,EAAE,OAAO,EAChB,WAAW,CAAC,EAAE,WAAW,GACxB,QAAQ,CAqCV;AAED,wBAAgB,aAAa,CAAC,WAAW,CAAC,EAAE,WAAW,GAAG,MAAM,GAAG,SAAS,CAK3E;AAED,wBAAgB,YAAY,CAAC,WAAW,CAAC,EAAE,WAAW,GAAG,MAAM,GAAG,SAAS,CAK1E;AAED,wBAAgB,UAAU,CAAC,WAAW,CAAC,EAAE,WAAW,GAAG,MAAM,GAAG,SAAS,CAGxE;AAED,wBAAgB,mBAAmB,CAAC,WAAW,EAAE,WAAW,GAAG,MAAM,CAEpE;AAED,wBAAgB,cAAc,CAAC,WAAW,EAAE,WAAW,GAAG,MAAM,CAI/D"}