@aduek/ne-sy 0.1.0-alpha.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +92 -0
- package/dist/adapters.d.ts +13 -0
- package/dist/adapters.d.ts.map +1 -0
- package/dist/adapters.js +20 -0
- package/dist/audit.d.ts +14 -0
- package/dist/audit.d.ts.map +1 -0
- package/dist/audit.js +129 -0
- package/dist/capabilities.d.ts +10 -0
- package/dist/capabilities.d.ts.map +1 -0
- package/dist/capabilities.js +89 -0
- package/dist/evidence.d.ts +19 -0
- package/dist/evidence.d.ts.map +1 -0
- package/dist/evidence.js +48 -0
- package/dist/hubspot.d.ts +59 -0
- package/dist/hubspot.d.ts.map +1 -0
- package/dist/hubspot.js +175 -0
- package/dist/index.d.ts +17 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +11 -0
- package/dist/ir.d.ts +104 -0
- package/dist/ir.d.ts.map +1 -0
- package/dist/ir.js +859 -0
- package/dist/metering.d.ts +53 -0
- package/dist/metering.d.ts.map +1 -0
- package/dist/metering.js +224 -0
- package/dist/openaiAgents.d.ts +29 -0
- package/dist/openaiAgents.d.ts.map +1 -0
- package/dist/openaiAgents.js +81 -0
- package/dist/policy.d.ts +12 -0
- package/dist/policy.d.ts.map +1 -0
- package/dist/policy.js +362 -0
- package/dist/types.d.ts +112 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/types.js +71 -0
- package/dist/utils.d.ts +13 -0
- package/dist/utils.d.ts.map +1 -0
- package/dist/utils.js +51 -0
- package/dist/validation.d.ts +14 -0
- package/dist/validation.d.ts.map +1 -0
- package/dist/validation.js +226 -0
- package/dist/verifier.d.ts +13 -0
- package/dist/verifier.d.ts.map +1 -0
- package/dist/verifier.js +69 -0
- package/package.json +60 -0
|
@@ -0,0 +1,226 @@
|
|
|
1
|
+
import { Ajv2020 } from "ajv/dist/2020.js";
|
|
2
|
+
import * as addFormatsModule from "ajv-formats";
|
|
3
|
+
export const ACTION_SCHEMA = {
|
|
4
|
+
$schema: "https://json-schema.org/draft/2020-12/schema",
|
|
5
|
+
$id: "https://aduek.dev/schemas/action.schema.json",
|
|
6
|
+
title: "AduekAction",
|
|
7
|
+
type: "object",
|
|
8
|
+
required: ["id", "type", "actor", "target", "timestamp"],
|
|
9
|
+
additionalProperties: false,
|
|
10
|
+
properties: {
|
|
11
|
+
id: {
|
|
12
|
+
type: "string",
|
|
13
|
+
description: "Unique identifier for the proposed action.",
|
|
14
|
+
},
|
|
15
|
+
type: {
|
|
16
|
+
type: "string",
|
|
17
|
+
description: "Action type, such as http.request, tool.call, file.write, or message.send.",
|
|
18
|
+
},
|
|
19
|
+
actor: {
|
|
20
|
+
type: "object",
|
|
21
|
+
required: ["id", "kind"],
|
|
22
|
+
additionalProperties: true,
|
|
23
|
+
properties: {
|
|
24
|
+
id: { type: "string" },
|
|
25
|
+
kind: { type: "string", examples: ["agent", "workflow", "user"] },
|
|
26
|
+
},
|
|
27
|
+
},
|
|
28
|
+
target: {
|
|
29
|
+
type: "object",
|
|
30
|
+
required: ["id", "kind"],
|
|
31
|
+
additionalProperties: true,
|
|
32
|
+
properties: {
|
|
33
|
+
id: { type: "string" },
|
|
34
|
+
kind: { type: "string", examples: ["api", "file", "database", "human"] },
|
|
35
|
+
trustBoundary: { type: "string", examples: ["internal", "external"] },
|
|
36
|
+
},
|
|
37
|
+
},
|
|
38
|
+
input: {
|
|
39
|
+
description: "Action-specific input payload.",
|
|
40
|
+
},
|
|
41
|
+
metadata: {
|
|
42
|
+
type: "object",
|
|
43
|
+
additionalProperties: true,
|
|
44
|
+
},
|
|
45
|
+
timestamp: {
|
|
46
|
+
type: "string",
|
|
47
|
+
format: "date-time",
|
|
48
|
+
},
|
|
49
|
+
},
|
|
50
|
+
};
|
|
51
|
+
export const DECISION_SCHEMA = {
|
|
52
|
+
$schema: "https://json-schema.org/draft/2020-12/schema",
|
|
53
|
+
$id: "https://aduek.dev/schemas/decision.schema.json",
|
|
54
|
+
title: "AduekDecision",
|
|
55
|
+
type: "object",
|
|
56
|
+
required: ["decision", "reason"],
|
|
57
|
+
additionalProperties: false,
|
|
58
|
+
properties: {
|
|
59
|
+
decision: {
|
|
60
|
+
type: "string",
|
|
61
|
+
enum: ["allow", "deny", "review", "log"],
|
|
62
|
+
},
|
|
63
|
+
reason: {
|
|
64
|
+
type: "string",
|
|
65
|
+
},
|
|
66
|
+
matchedPolicyIds: {
|
|
67
|
+
type: "array",
|
|
68
|
+
items: {
|
|
69
|
+
type: "string",
|
|
70
|
+
},
|
|
71
|
+
default: [],
|
|
72
|
+
},
|
|
73
|
+
metadata: {
|
|
74
|
+
type: "object",
|
|
75
|
+
additionalProperties: true,
|
|
76
|
+
},
|
|
77
|
+
},
|
|
78
|
+
};
|
|
79
|
+
export const POLICY_SCHEMA = {
|
|
80
|
+
$schema: "https://json-schema.org/draft/2020-12/schema",
|
|
81
|
+
$id: "https://aduek.dev/schemas/policy.schema.json",
|
|
82
|
+
title: "AduekPolicyPack",
|
|
83
|
+
type: "object",
|
|
84
|
+
required: ["id", "version", "defaultDecision", "policies"],
|
|
85
|
+
additionalProperties: false,
|
|
86
|
+
properties: {
|
|
87
|
+
id: {
|
|
88
|
+
type: "string",
|
|
89
|
+
description: "Stable policy-pack identifier.",
|
|
90
|
+
},
|
|
91
|
+
version: {
|
|
92
|
+
type: "string",
|
|
93
|
+
description: "Policy-pack version used in audit evidence.",
|
|
94
|
+
},
|
|
95
|
+
defaultDecision: {
|
|
96
|
+
type: "string",
|
|
97
|
+
enum: ["allow", "deny", "review", "log"],
|
|
98
|
+
description: "Decision applied when no policy matches.",
|
|
99
|
+
},
|
|
100
|
+
defaultReason: {
|
|
101
|
+
type: "string",
|
|
102
|
+
description: "Human-readable reason used when the default decision applies.",
|
|
103
|
+
},
|
|
104
|
+
policies: {
|
|
105
|
+
type: "array",
|
|
106
|
+
items: {
|
|
107
|
+
$ref: "#/$defs/policy",
|
|
108
|
+
},
|
|
109
|
+
},
|
|
110
|
+
},
|
|
111
|
+
$defs: {
|
|
112
|
+
policy: {
|
|
113
|
+
type: "object",
|
|
114
|
+
required: ["id", "name", "effect", "conditions", "reason"],
|
|
115
|
+
additionalProperties: false,
|
|
116
|
+
properties: {
|
|
117
|
+
id: {
|
|
118
|
+
type: "string",
|
|
119
|
+
},
|
|
120
|
+
name: {
|
|
121
|
+
type: "string",
|
|
122
|
+
},
|
|
123
|
+
description: {
|
|
124
|
+
type: "string",
|
|
125
|
+
},
|
|
126
|
+
effect: {
|
|
127
|
+
type: "string",
|
|
128
|
+
enum: ["allow", "deny", "review", "log"],
|
|
129
|
+
},
|
|
130
|
+
conditions: {
|
|
131
|
+
type: "object",
|
|
132
|
+
additionalProperties: true,
|
|
133
|
+
description: "Portable condition tree evaluated by the verifier.",
|
|
134
|
+
},
|
|
135
|
+
reason: {
|
|
136
|
+
type: "string",
|
|
137
|
+
},
|
|
138
|
+
metadata: {
|
|
139
|
+
type: "object",
|
|
140
|
+
additionalProperties: true,
|
|
141
|
+
},
|
|
142
|
+
},
|
|
143
|
+
},
|
|
144
|
+
},
|
|
145
|
+
};
|
|
146
|
+
export const AUDIT_EVENT_SCHEMA = {
|
|
147
|
+
$schema: "https://json-schema.org/draft/2020-12/schema",
|
|
148
|
+
$id: "https://aduek.dev/schemas/audit-event.schema.json",
|
|
149
|
+
title: "AduekAuditEvent",
|
|
150
|
+
type: "object",
|
|
151
|
+
required: ["id", "action", "decision", "timestamp"],
|
|
152
|
+
additionalProperties: false,
|
|
153
|
+
properties: {
|
|
154
|
+
id: {
|
|
155
|
+
type: "string",
|
|
156
|
+
},
|
|
157
|
+
action: {
|
|
158
|
+
$ref: "action.schema.json",
|
|
159
|
+
},
|
|
160
|
+
decision: {
|
|
161
|
+
$ref: "decision.schema.json",
|
|
162
|
+
},
|
|
163
|
+
policyPackId: {
|
|
164
|
+
type: "string",
|
|
165
|
+
},
|
|
166
|
+
policyVersion: {
|
|
167
|
+
type: "string",
|
|
168
|
+
},
|
|
169
|
+
policyHash: {
|
|
170
|
+
type: "string",
|
|
171
|
+
},
|
|
172
|
+
actionHash: {
|
|
173
|
+
type: "string",
|
|
174
|
+
},
|
|
175
|
+
envelopeHash: {
|
|
176
|
+
type: "string",
|
|
177
|
+
},
|
|
178
|
+
evidenceHash: {
|
|
179
|
+
type: "string",
|
|
180
|
+
},
|
|
181
|
+
verifierVersion: {
|
|
182
|
+
type: "string",
|
|
183
|
+
},
|
|
184
|
+
runtime: {
|
|
185
|
+
type: "object",
|
|
186
|
+
additionalProperties: true,
|
|
187
|
+
},
|
|
188
|
+
timestamp: {
|
|
189
|
+
type: "string",
|
|
190
|
+
format: "date-time",
|
|
191
|
+
},
|
|
192
|
+
},
|
|
193
|
+
};
|
|
194
|
+
export const SDK_SCHEMAS = {
|
|
195
|
+
"action.schema.json": ACTION_SCHEMA,
|
|
196
|
+
"audit-event.schema.json": AUDIT_EVENT_SCHEMA,
|
|
197
|
+
"decision.schema.json": DECISION_SCHEMA,
|
|
198
|
+
"policy.schema.json": POLICY_SCHEMA,
|
|
199
|
+
};
|
|
200
|
+
const ajv = new Ajv2020({ allErrors: true, strict: false });
|
|
201
|
+
const addFormats = addFormatsModule.default;
|
|
202
|
+
addFormats(ajv);
|
|
203
|
+
ajv.addSchema(ACTION_SCHEMA);
|
|
204
|
+
ajv.addSchema(DECISION_SCHEMA);
|
|
205
|
+
ajv.addSchema(POLICY_SCHEMA);
|
|
206
|
+
ajv.addSchema(AUDIT_EVENT_SCHEMA);
|
|
207
|
+
const validatePolicyPack = ajv.getSchema("https://aduek.dev/schemas/policy.schema.json");
|
|
208
|
+
const validateAuditEvent = ajv.getSchema("https://aduek.dev/schemas/audit-event.schema.json");
|
|
209
|
+
export function validatePolicyPackSchema(policyInput) {
|
|
210
|
+
if (!validatePolicyPack)
|
|
211
|
+
return ["schema_validation_error: <root>: policy schema unavailable"];
|
|
212
|
+
validatePolicyPack(policyInput);
|
|
213
|
+
return formatSchemaErrors(validatePolicyPack.errors);
|
|
214
|
+
}
|
|
215
|
+
export function validateAuditEventSchema(event) {
|
|
216
|
+
if (!validateAuditEvent)
|
|
217
|
+
return ["schema_validation_error: <root>: audit-event schema unavailable"];
|
|
218
|
+
validateAuditEvent(event);
|
|
219
|
+
return formatSchemaErrors(validateAuditEvent.errors);
|
|
220
|
+
}
|
|
221
|
+
function formatSchemaErrors(errors) {
|
|
222
|
+
return (errors ?? []).map((error) => {
|
|
223
|
+
const path = error.instancePath ? error.instancePath.slice(1).replaceAll("/", ".") : "<root>";
|
|
224
|
+
return `schema_validation_error: ${path}: ${error.message ?? "schema validation failed"}`;
|
|
225
|
+
});
|
|
226
|
+
}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import type { Decision, PolicyInput, VerificationResult, VerifyActionInput } from "./types.js";
|
|
2
|
+
export declare function verifyAction(input: VerifyActionInput): Promise<Decision>;
|
|
3
|
+
export declare function verifyActionWithEvent(input: VerifyActionInput): Promise<VerificationResult>;
|
|
4
|
+
export declare function withAduek<Args extends unknown[], ReturnValue>(input: {
|
|
5
|
+
agent: unknown;
|
|
6
|
+
tool: (...args: Args) => ReturnValue | Promise<ReturnValue>;
|
|
7
|
+
policies: PolicyInput;
|
|
8
|
+
context?: unknown;
|
|
9
|
+
auditPath?: string;
|
|
10
|
+
actionType?: string;
|
|
11
|
+
target?: unknown;
|
|
12
|
+
}): (...args: Args) => Promise<ReturnValue>;
|
|
13
|
+
//# sourceMappingURL=verifier.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"verifier.d.ts","sourceRoot":"","sources":["../src/verifier.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EACV,QAAQ,EACR,WAAW,EACX,kBAAkB,EAClB,iBAAiB,EAClB,MAAM,YAAY,CAAC;AAIpB,wBAAsB,YAAY,CAAC,KAAK,EAAE,iBAAiB,GAAG,OAAO,CAAC,QAAQ,CAAC,CAG9E;AAED,wBAAsB,qBAAqB,CACzC,KAAK,EAAE,iBAAiB,GACvB,OAAO,CAAC,kBAAkB,CAAC,CAuC7B;AAED,wBAAgB,SAAS,CAAC,IAAI,SAAS,OAAO,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE;IACpE,KAAK,EAAE,OAAO,CAAC;IACf,IAAI,EAAE,CAAC,GAAG,IAAI,EAAE,IAAI,KAAK,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;IAC5D,QAAQ,EAAE,WAAW,CAAC;IACtB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB,GAAG,CAAC,GAAG,IAAI,EAAE,IAAI,KAAK,OAAO,CAAC,WAAW,CAAC,CAuB1C"}
|
package/dist/verifier.js
ADDED
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
import { createAuditEvent, writeAuditEvent } from "./audit.js";
|
|
2
|
+
import { createToolAction } from "./adapters.js";
|
|
3
|
+
import { evaluatePolicies, policyHash, policyPackId, policyVersion, } from "./policy.js";
|
|
4
|
+
import { AduekError as AduekErrorClass } from "./types.js";
|
|
5
|
+
import { makeDecision } from "./utils.js";
|
|
6
|
+
export async function verifyAction(input) {
|
|
7
|
+
const result = await verifyActionWithEvent(input);
|
|
8
|
+
return result.decision;
|
|
9
|
+
}
|
|
10
|
+
export async function verifyActionWithEvent(input) {
|
|
11
|
+
const failClosed = input.failClosed ?? true;
|
|
12
|
+
let decision;
|
|
13
|
+
try {
|
|
14
|
+
decision = evaluatePolicies(input.agent, input.action, input.context ?? {}, input.policies);
|
|
15
|
+
}
|
|
16
|
+
catch (error) {
|
|
17
|
+
if (!failClosed)
|
|
18
|
+
throw error;
|
|
19
|
+
const message = error instanceof Error ? error.message : String(error);
|
|
20
|
+
decision = makeDecision({
|
|
21
|
+
decision: "review",
|
|
22
|
+
reason: `Verification failed closed: ${message}`,
|
|
23
|
+
matchedPolicyIds: [],
|
|
24
|
+
metadata: {
|
|
25
|
+
enforcementSource: "verification_error",
|
|
26
|
+
error: error instanceof Error ? error.name : "Error",
|
|
27
|
+
errorCategory: error instanceof AduekErrorClass ? error.category : "evaluation_error",
|
|
28
|
+
errorCode: error instanceof AduekErrorClass ? error.code : "unexpected_evaluation_error",
|
|
29
|
+
errorName: error instanceof Error ? error.name : "Error",
|
|
30
|
+
failClosed: true,
|
|
31
|
+
},
|
|
32
|
+
});
|
|
33
|
+
}
|
|
34
|
+
const auditEvent = createAuditEvent({
|
|
35
|
+
agent: input.agent,
|
|
36
|
+
action: input.action,
|
|
37
|
+
context: input.context ?? {},
|
|
38
|
+
decision,
|
|
39
|
+
policyPackId: policyPackId(input.policies),
|
|
40
|
+
policyVersion: policyVersion(input.policies),
|
|
41
|
+
policyHash: policyHash(input.policies),
|
|
42
|
+
});
|
|
43
|
+
if (input.auditPath) {
|
|
44
|
+
await writeAuditEvent(input.auditPath, auditEvent);
|
|
45
|
+
}
|
|
46
|
+
return { decision, auditEvent };
|
|
47
|
+
}
|
|
48
|
+
export function withAduek(input) {
|
|
49
|
+
return async (...args) => {
|
|
50
|
+
const action = createToolAction({
|
|
51
|
+
agent: input.agent,
|
|
52
|
+
tool: input.tool,
|
|
53
|
+
args,
|
|
54
|
+
actionType: input.actionType,
|
|
55
|
+
target: input.target,
|
|
56
|
+
});
|
|
57
|
+
const decision = await verifyAction({
|
|
58
|
+
agent: input.agent,
|
|
59
|
+
action,
|
|
60
|
+
context: input.context,
|
|
61
|
+
policies: input.policies,
|
|
62
|
+
auditPath: input.auditPath,
|
|
63
|
+
});
|
|
64
|
+
if (decision.allowed) {
|
|
65
|
+
return input.tool(...args);
|
|
66
|
+
}
|
|
67
|
+
throw new Error(decision.reason);
|
|
68
|
+
};
|
|
69
|
+
}
|
package/package.json
ADDED
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@aduek/ne-sy",
|
|
3
|
+
"version": "0.1.0-alpha.0",
|
|
4
|
+
"description": "Pre-action policy verification for AI agents.",
|
|
5
|
+
"license": "Apache-2.0",
|
|
6
|
+
"type": "module",
|
|
7
|
+
"main": "./dist/index.js",
|
|
8
|
+
"types": "./dist/index.d.ts",
|
|
9
|
+
"exports": {
|
|
10
|
+
".": {
|
|
11
|
+
"types": "./dist/index.d.ts",
|
|
12
|
+
"import": "./dist/index.js"
|
|
13
|
+
}
|
|
14
|
+
},
|
|
15
|
+
"sideEffects": false,
|
|
16
|
+
"files": [
|
|
17
|
+
"dist",
|
|
18
|
+
"README.md"
|
|
19
|
+
],
|
|
20
|
+
"repository": {
|
|
21
|
+
"type": "git",
|
|
22
|
+
"url": "git+https://github.com/hi-aduek/aduek-ne-sy.git",
|
|
23
|
+
"directory": "packages/typescript"
|
|
24
|
+
},
|
|
25
|
+
"homepage": "https://github.com/hi-aduek/aduek-ne-sy#readme",
|
|
26
|
+
"bugs": {
|
|
27
|
+
"url": "https://github.com/hi-aduek/aduek-ne-sy/issues"
|
|
28
|
+
},
|
|
29
|
+
"engines": {
|
|
30
|
+
"node": ">=18"
|
|
31
|
+
},
|
|
32
|
+
"scripts": {
|
|
33
|
+
"build": "tsc -p tsconfig.json",
|
|
34
|
+
"test": "vitest run",
|
|
35
|
+
"coverage": "vitest run --coverage --coverage.reportsDirectory ../../tmp/coverage/typescript"
|
|
36
|
+
},
|
|
37
|
+
"keywords": [
|
|
38
|
+
"ai-agents",
|
|
39
|
+
"agent-governance",
|
|
40
|
+
"agent-security",
|
|
41
|
+
"ai-safety",
|
|
42
|
+
"audit-logs",
|
|
43
|
+
"compliance",
|
|
44
|
+
"policy-engine",
|
|
45
|
+
"typescript"
|
|
46
|
+
],
|
|
47
|
+
"dependencies": {
|
|
48
|
+
"ajv": "^8.17.1",
|
|
49
|
+
"ajv-formats": "^3.0.1"
|
|
50
|
+
},
|
|
51
|
+
"overrides": {
|
|
52
|
+
"fast-uri": "^3.1.2"
|
|
53
|
+
},
|
|
54
|
+
"devDependencies": {
|
|
55
|
+
"@types/node": "^20.12.0",
|
|
56
|
+
"@vitest/coverage-v8": "^4.1.5",
|
|
57
|
+
"typescript": "^5.4.0",
|
|
58
|
+
"vitest": "^4.1.5"
|
|
59
|
+
}
|
|
60
|
+
}
|