@agent-assembly/sdk 0.0.1-beta.3 → 0.0.1-beta.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/core/gateway-resolver.js +73 -3
- package/dist/cjs/core/init-assembly.js +151 -33
- package/dist/cjs/gateway/client.js +63 -1
- package/dist/cjs/gateway/index.js +2 -1
- package/dist/cjs/hooks/ai-sdk.js +3 -5
- package/dist/cjs/hooks/langchain.js +12 -3
- package/dist/cjs/hooks/mastra.js +10 -6
- package/dist/cjs/hooks/openai-agents.js +1 -3
- package/dist/cjs/native/client.js +70 -25
- package/dist/cjs/op-control.js +55 -1
- package/dist/cjs/runtime.js +73 -7
- package/dist/esm/core/gateway-resolver.js +72 -3
- package/dist/esm/core/gateway-resolver.js.map +1 -1
- package/dist/esm/core/init-assembly.js +150 -32
- package/dist/esm/core/init-assembly.js.map +1 -1
- package/dist/esm/gateway/client.js +62 -1
- package/dist/esm/gateway/client.js.map +1 -1
- package/dist/esm/gateway/index.js +1 -1
- package/dist/esm/gateway/index.js.map +1 -1
- package/dist/esm/hooks/ai-sdk.js +3 -5
- package/dist/esm/hooks/ai-sdk.js.map +1 -1
- package/dist/esm/hooks/langchain.js +12 -3
- package/dist/esm/hooks/langchain.js.map +1 -1
- package/dist/esm/hooks/mastra.js +10 -6
- package/dist/esm/hooks/mastra.js.map +1 -1
- package/dist/esm/hooks/openai-agents.js +1 -3
- package/dist/esm/hooks/openai-agents.js.map +1 -1
- package/dist/esm/native/client.js +68 -24
- package/dist/esm/native/client.js.map +1 -1
- package/dist/esm/op-control.js +53 -1
- package/dist/esm/op-control.js.map +1 -1
- package/dist/esm/runtime.js +72 -7
- package/dist/esm/runtime.js.map +1 -1
- package/dist/types/core/gateway-resolver.d.ts +18 -1
- package/dist/types/core/gateway-resolver.d.ts.map +1 -1
- package/dist/types/core/init-assembly.d.ts +2 -1
- package/dist/types/core/init-assembly.d.ts.map +1 -1
- package/dist/types/gateway/client.d.ts +17 -0
- package/dist/types/gateway/client.d.ts.map +1 -1
- package/dist/types/gateway/index.d.ts +1 -1
- package/dist/types/gateway/index.d.ts.map +1 -1
- package/dist/types/hooks/ai-sdk.d.ts.map +1 -1
- package/dist/types/hooks/langchain.d.ts +11 -0
- package/dist/types/hooks/langchain.d.ts.map +1 -1
- package/dist/types/hooks/mastra.d.ts.map +1 -1
- package/dist/types/hooks/openai-agents.d.ts.map +1 -1
- package/dist/types/native/client.d.ts +33 -0
- package/dist/types/native/client.d.ts.map +1 -1
- package/dist/types/op-control.d.ts +29 -2
- package/dist/types/op-control.d.ts.map +1 -1
- package/dist/types/runtime.d.ts +27 -5
- package/dist/types/runtime.d.ts.map +1 -1
- package/dist/types/types/assembly-config.d.ts +6 -0
- package/dist/types/types/assembly-config.d.ts.map +1 -1
- package/native/aa-ffi-node/index.d.ts +74 -0
- package/package.json +5 -5
|
@@ -4,6 +4,7 @@ const NATIVE_BINDING_SINGLETON_KEY = Symbol.for("@agent-assembly/sdk/native-bind
|
|
|
4
4
|
const ERROR_CONNECT = "AA_ERR_CONNECT";
|
|
5
5
|
const ERROR_SEND_EVENT = "AA_ERR_SEND_EVENT";
|
|
6
6
|
const ERROR_QUERY_POLICY = "AA_ERR_QUERY_POLICY";
|
|
7
|
+
const ERROR_REGISTER = "AA_ERR_REGISTER";
|
|
7
8
|
const ERROR_DISCONNECT = "AA_ERR_DISCONNECT";
|
|
8
9
|
export class NativeConnectError extends Error {
|
|
9
10
|
code = ERROR_CONNECT;
|
|
@@ -14,9 +15,31 @@ export class NativeSendEventError extends Error {
|
|
|
14
15
|
export class NativeQueryPolicyError extends Error {
|
|
15
16
|
code = ERROR_QUERY_POLICY;
|
|
16
17
|
}
|
|
18
|
+
export class NativeRegisterError extends Error {
|
|
19
|
+
code = ERROR_REGISTER;
|
|
20
|
+
}
|
|
17
21
|
export class NativeDisconnectError extends Error {
|
|
18
22
|
code = ERROR_DISCONNECT;
|
|
19
23
|
}
|
|
24
|
+
/**
|
|
25
|
+
* Translate the native `{decision, reason}` verdict into the SDK's
|
|
26
|
+
* `PolicyResult`. Only `"deny"` blocks; `"pending"` routes to the approval
|
|
27
|
+
* path; `"allow"` / `"redact"` / any unrecognized value proceed. This mirrors
|
|
28
|
+
* the shared enforcement contract across the Python / Go / Node SDKs.
|
|
29
|
+
*
|
|
30
|
+
* The native primitive already fails open (returns `"allow"`) when the runtime
|
|
31
|
+
* is unreachable or too slow, so a missing or degraded runtime never blocks.
|
|
32
|
+
*/
|
|
33
|
+
function mapDecisionToPolicyResult(verdict) {
|
|
34
|
+
switch (verdict.decision) {
|
|
35
|
+
case "deny":
|
|
36
|
+
return { denied: true, pending: false, reason: verdict.reason };
|
|
37
|
+
case "pending":
|
|
38
|
+
return { denied: false, pending: true, reason: verdict.reason };
|
|
39
|
+
default:
|
|
40
|
+
return { denied: false, pending: false };
|
|
41
|
+
}
|
|
42
|
+
}
|
|
20
43
|
function mapNativeError(error) {
|
|
21
44
|
if (!(error instanceof Error)) {
|
|
22
45
|
return new Error(String(error));
|
|
@@ -32,6 +55,9 @@ function mapNativeError(error) {
|
|
|
32
55
|
if (code === ERROR_QUERY_POLICY) {
|
|
33
56
|
return new NativeQueryPolicyError(detail);
|
|
34
57
|
}
|
|
58
|
+
if (code === ERROR_REGISTER) {
|
|
59
|
+
return new NativeRegisterError(detail);
|
|
60
|
+
}
|
|
35
61
|
if (code === ERROR_DISCONNECT) {
|
|
36
62
|
return new NativeDisconnectError(detail);
|
|
37
63
|
}
|
|
@@ -40,9 +66,7 @@ function mapNativeError(error) {
|
|
|
40
66
|
function loadNativeBinding() {
|
|
41
67
|
const shouldUseCache = process.env.VITEST !== "true";
|
|
42
68
|
const globalObject = globalThis;
|
|
43
|
-
const cachedBinding = shouldUseCache
|
|
44
|
-
? globalObject[NATIVE_BINDING_SINGLETON_KEY]
|
|
45
|
-
: undefined;
|
|
69
|
+
const cachedBinding = shouldUseCache ? globalObject[NATIVE_BINDING_SINGLETON_KEY] : undefined;
|
|
46
70
|
if (cachedBinding) {
|
|
47
71
|
return cachedBinding;
|
|
48
72
|
}
|
|
@@ -74,7 +98,11 @@ export function createNativeClient(options) {
|
|
|
74
98
|
mode,
|
|
75
99
|
close: async () => undefined,
|
|
76
100
|
sendEvent: () => undefined,
|
|
77
|
-
queryPolicy: async () => ({ denied: false, pending: false })
|
|
101
|
+
queryPolicy: async () => ({ denied: false, pending: false }),
|
|
102
|
+
// No native session to register against off the in-process path; the
|
|
103
|
+
// gRPC sidecar registers the agent in its own process. Resolve neutrally
|
|
104
|
+
// so init never blocks on a transport that does not own a handle.
|
|
105
|
+
register: async () => ""
|
|
78
106
|
};
|
|
79
107
|
}
|
|
80
108
|
const binding = loadNativeBinding();
|
|
@@ -83,19 +111,17 @@ export function createNativeClient(options) {
|
|
|
83
111
|
let activeHandle;
|
|
84
112
|
let pendingSendError;
|
|
85
113
|
const getHandle = async () => {
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
});
|
|
98
|
-
}
|
|
114
|
+
handlePromise ??= binding
|
|
115
|
+
.connect(socketPath)
|
|
116
|
+
.then((handle) => {
|
|
117
|
+
activeHandle = handle;
|
|
118
|
+
return handle;
|
|
119
|
+
})
|
|
120
|
+
.catch((error) => {
|
|
121
|
+
handlePromise = undefined;
|
|
122
|
+
activeHandle = undefined;
|
|
123
|
+
throw mapNativeError(error);
|
|
124
|
+
});
|
|
99
125
|
return handlePromise;
|
|
100
126
|
};
|
|
101
127
|
return {
|
|
@@ -134,18 +160,36 @@ export function createNativeClient(options) {
|
|
|
134
160
|
pendingSendError = mapNativeError(error);
|
|
135
161
|
});
|
|
136
162
|
},
|
|
137
|
-
queryPolicy: async () => {
|
|
163
|
+
queryPolicy: async (action) => {
|
|
138
164
|
if (pendingSendError) {
|
|
139
165
|
const error = pendingSendError;
|
|
140
166
|
pendingSendError = undefined;
|
|
141
167
|
throw error;
|
|
142
168
|
}
|
|
143
|
-
//
|
|
144
|
-
//
|
|
145
|
-
//
|
|
146
|
-
//
|
|
147
|
-
|
|
148
|
-
|
|
169
|
+
// Connect (surfacing any connect error as a genuine local fault), then
|
|
170
|
+
// ask the runtime for an authoritative verdict via the native primitive.
|
|
171
|
+
// The native `queryPolicy` is async — it offloads its blocking wait to a
|
|
172
|
+
// worker thread, so awaiting it never blocks the Node event loop — and it
|
|
173
|
+
// already fails open (returns `"allow"`) when the runtime is unreachable
|
|
174
|
+
// or too slow, so a missing or degraded runtime never blocks the agent.
|
|
175
|
+
const handle = await getHandle();
|
|
176
|
+
const verdict = await binding.queryPolicy(handle, action);
|
|
177
|
+
return mapDecisionToPolicyResult(verdict);
|
|
178
|
+
},
|
|
179
|
+
register: async (options) => {
|
|
180
|
+
// Register on the same session the queryPolicy path uses, so the token
|
|
181
|
+
// the gateway issues is stored on this handle and attached to every
|
|
182
|
+
// subsequent query. This is the only direct SDK→gateway gRPC call
|
|
183
|
+
// (ADR 0004); CheckAction still flows through aa-runtime.
|
|
184
|
+
if (binding.register === undefined) {
|
|
185
|
+
// A binding without `register` predates AAASM-3400; the agent simply
|
|
186
|
+
// runs unregistered rather than failing init.
|
|
187
|
+
return "";
|
|
188
|
+
}
|
|
189
|
+
const handle = await getHandle();
|
|
190
|
+
return binding.register(handle, options).catch((error) => {
|
|
191
|
+
throw mapNativeError(error);
|
|
192
|
+
});
|
|
149
193
|
}
|
|
150
194
|
};
|
|
151
195
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../../src/native/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,IAAI,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../../src/native/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,IAAI,MAAM,WAAW,CAAC;AA+C7B,MAAM,4BAA4B,GAAG,MAAM,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;AAMtF,MAAM,aAAa,GAAG,gBAAgB,CAAC;AACvC,MAAM,gBAAgB,GAAG,mBAAmB,CAAC;AAC7C,MAAM,kBAAkB,GAAG,qBAAqB,CAAC;AACjD,MAAM,cAAc,GAAG,iBAAiB,CAAC;AACzC,MAAM,gBAAgB,GAAG,mBAAmB,CAAC;AAE7C,MAAM,OAAO,kBAAmB,SAAQ,KAAK;IAClC,IAAI,GAAG,aAAa,CAAC;CAC/B;AAED,MAAM,OAAO,oBAAqB,SAAQ,KAAK;IACpC,IAAI,GAAG,gBAAgB,CAAC;CAClC;AAED,MAAM,OAAO,sBAAuB,SAAQ,KAAK;IACtC,IAAI,GAAG,kBAAkB,CAAC;CACpC;AAED,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IACnC,IAAI,GAAG,cAAc,CAAC;CAChC;AAED,MAAM,OAAO,qBAAsB,SAAQ,KAAK;IACrC,IAAI,GAAG,gBAAgB,CAAC;CAClC;AAqBD;;;;;;;;GAQG;AACH,SAAS,yBAAyB,CAAC,OAA6B;IAC9D,QAAQ,OAAO,CAAC,QAAQ,EAAE,CAAC;QACzB,KAAK,MAAM;YACT,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC;QAClE,KAAK,SAAS;YACZ,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC;QAClE;YACE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAC7C,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,IAAI,CAAC,CAAC,KAAK,YAAY,KAAK,CAAC,EAAE,CAAC;QAC9B,OAAO,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;IAClC,CAAC;IAED,MAAM,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,IAAI,KAAK,CAAC,OAAO,CAAC;IAEtD,IAAI,IAAI,KAAK,aAAa,EAAE,CAAC;QAC3B,OAAO,IAAI,kBAAkB,CAAC,MAAM,CAAC,CAAC;IACxC,CAAC;IACD,IAAI,IAAI,KAAK,gBAAgB,EAAE,CAAC;QAC9B,OAAO,IAAI,oBAAoB,CAAC,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,IAAI,IAAI,KAAK,kBAAkB,EAAE,CAAC;QAChC,OAAO,IAAI,sBAAsB,CAAC,MAAM,CAAC,CAAC;IAC5C,CAAC;IACD,IAAI,IAAI,KAAK,cAAc,EAAE,CAAC;QAC5B,OAAO,IAAI,mBAAmB,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC;IACD,IAAI,IAAI,KAAK,gBAAgB,EAAE,CAAC;QAC9B,OAAO,IAAI,qBAAqB,CAAC,MAAM,CAAC,CAAC;IAC3C,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,iBAAiB;IACxB,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,KAAK,MAAM,CAAC;IACrD,MAAM,YAAY,GAAG,UAAqC,CAAC;IAC3D,MAAM,aAAa,GAAG,cAAc,CAAC,CAAC,CAAC,YAAY,CAAC,4BAA4B,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAE9F,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,MAAM,eAAe,GAAG,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,CAAC,CAAC,CAAC;IACnF,MAAM,UAAU,GAAG;QACjB,oCAAoC;QACpC,uCAAuC;QACvC,GAAG,OAAO,CAAC,GAAG,EAAE,+BAA+B;KAChD,CAAC;IAEF,IAAI,SAAkB,CAAC;IACvB,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,eAAe,CAAC,SAAS,CAAkB,CAAC;YAC5D,IAAI,cAAc,EAAE,CAAC;gBACnB,YAAY,CAAC,4BAA4B,CAAC,GAAG,OAAO,CAAC;YACvD,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,SAAS,GAAG,KAAK,CAAC;QACpB,CAAC;IACH,CAAC;IAED,MAAM,IAAI,kBAAkB,CAC1B,mDAAmD,MAAM,CAAC,SAAS,CAAC,EAAE,CACvE,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,OAA4B;IAC7D,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,cAAc,CAAC;IAE5C,IAAI,IAAI,KAAK,gBAAgB,EAAE,CAAC;QAC9B,OAAO;YACL,IAAI;YACJ,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC,SAAS;YAC5B,SAAS,EAAE,GAAG,EAAE,CAAC,SAAS;YAC1B,WAAW,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;YAC5D,qEAAqE;YACrE,yEAAyE;YACzE,kEAAkE;YAClE,QAAQ,EAAE,KAAK,IAAI,EAAE,CAAC,EAAE;SACzB,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,iBAAiB,EAAE,CAAC;IACpC,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC;IAEnC,IAAI,aAA0C,CAAC;IAC/C,IAAI,YAAgC,CAAC;IACrC,IAAI,gBAAmC,CAAC;IAExC,MAAM,SAAS,GAAG,KAAK,IAAqB,EAAE;QAC5C,aAAa,KAAK,OAAO;aACtB,OAAO,CAAC,UAAU,CAAC;aACnB,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;YACf,YAAY,GAAG,MAAM,CAAC;YACtB,OAAO,MAAM,CAAC;QAChB,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;YACxB,aAAa,GAAG,SAAS,CAAC;YAC1B,YAAY,GAAG,SAAS,CAAC;YACzB,MAAM,cAAc,CAAC,KAAK,CAAC,CAAC;QAC9B,CAAC,CAAC,CAAC;QACL,OAAO,aAAa,CAAC;IACvB,CAAC,CAAC;IAEF,OAAO;QACL,IAAI;QACJ,KAAK,EAAE,KAAK,IAAI,EAAE;YAChB,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,KAAK,GAAG,gBAAgB,CAAC;gBAC/B,gBAAgB,GAAG,SAAS,CAAC;gBAC7B,MAAM,KAAK,CAAC;YACd,CAAC;YAED,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,OAAO;YACT,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAC;YACjC,MAAM,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;gBACxD,MAAM,cAAc,CAAC,KAAK,CAAC,CAAC;YAC9B,CAAC,CAAC,CAAC;YACH,aAAa,GAAG,SAAS,CAAC;YAC1B,YAAY,GAAG,SAAS,CAAC;QAC3B,CAAC;QACD,SAAS,EAAE,CAAC,KAAc,EAAE,EAAE;YAC5B,IAAI,YAAY,EAAE,CAAC;gBACjB,IAAI,CAAC;oBACH,OAAO,CAAC,SAAS,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;gBACzC,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,gBAAgB,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;gBAC3C,CAAC;gBACD,OAAO;YACT,CAAC;YAED,KAAK,SAAS,EAAE;iBACb,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;gBACf,OAAO,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;YACnC,CAAC,CAAC;iBACD,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;gBACxB,gBAAgB,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;YAC3C,CAAC,CAAC,CAAC;QACP,CAAC;QACD,WAAW,EAAE,KAAK,EAAE,MAAe,EAAE,EAAE;YACrC,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,KAAK,GAAG,gBAAgB,CAAC;gBAC/B,gBAAgB,GAAG,SAAS,CAAC;gBAC7B,MAAM,KAAK,CAAC;YACd,CAAC;YAED,uEAAuE;YACvE,yEAAyE;YACzE,yEAAyE;YACzE,0EAA0E;YAC1E,yEAAyE;YACzE,wEAAwE;YACxE,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAC;YACjC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAC1D,OAAO,yBAAyB,CAAC,OAAO,CAAC,CAAC;QAC5C,CAAC;QACD,QAAQ,EAAE,KAAK,EAAE,OAAwB,EAAE,EAAE;YAC3C,uEAAuE;YACvE,oEAAoE;YACpE,kEAAkE;YAClE,0DAA0D;YAC1D,IAAI,OAAO,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;gBACnC,qEAAqE;gBACrE,8CAA8C;gBAC9C,OAAO,EAAE,CAAC;YACZ,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAC;YACjC,OAAO,OAAO,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;gBAChE,MAAM,cAAc,CAAC,KAAK,CAAC,CAAC;YAC9B,CAAC,CAAC,CAAC;QACL,CAAC;KACF,CAAC;AACJ,CAAC"}
|
package/dist/esm/op-control.js
CHANGED
|
@@ -22,6 +22,58 @@
|
|
|
22
22
|
import { credentials as grpcCredentials, } from "@grpc/grpc-js";
|
|
23
23
|
import { OpTerminatedError } from "./errors/op-terminated-error.js";
|
|
24
24
|
import { OpControlSignal, PolicyServiceClient, } from "./proto/generated/policy.js";
|
|
25
|
+
/**
|
|
26
|
+
* Hosts treated as loopback for the secure-by-default transport decision.
|
|
27
|
+
* A loopback gateway is the local dev-mode CP, where plaintext gRPC is the
|
|
28
|
+
* documented default; anything else is presumed remote and must be encrypted.
|
|
29
|
+
*/
|
|
30
|
+
const LOOPBACK_HOSTS = new Set(["localhost", "127.0.0.1", "::1", "[::1]"]);
|
|
31
|
+
/**
|
|
32
|
+
* Extract the bare host from a gRPC target (`host:port`, a bare host, or a
|
|
33
|
+
* URL-style `scheme://host:port`). Returns the lowercased host with any
|
|
34
|
+
* surrounding IPv6 brackets preserved so it can be matched against
|
|
35
|
+
* {@link LOOPBACK_HOSTS}.
|
|
36
|
+
*/
|
|
37
|
+
export function gatewayHostOf(gatewayUrl) {
|
|
38
|
+
let target = gatewayUrl.trim();
|
|
39
|
+
const schemeIdx = target.indexOf("://");
|
|
40
|
+
if (schemeIdx !== -1)
|
|
41
|
+
target = target.slice(schemeIdx + 3);
|
|
42
|
+
// Drop a path/query suffix if a URL form was passed.
|
|
43
|
+
const slashIdx = target.indexOf("/");
|
|
44
|
+
if (slashIdx !== -1)
|
|
45
|
+
target = target.slice(0, slashIdx);
|
|
46
|
+
if (target.startsWith("[")) {
|
|
47
|
+
// Bracketed IPv6: keep the bracketed form, strip only the trailing :port.
|
|
48
|
+
const close = target.indexOf("]");
|
|
49
|
+
return close === -1 ? target.toLowerCase() : target.slice(0, close + 1).toLowerCase();
|
|
50
|
+
}
|
|
51
|
+
const colonIdx = target.indexOf(":");
|
|
52
|
+
if (colonIdx !== -1)
|
|
53
|
+
target = target.slice(0, colonIdx);
|
|
54
|
+
return target.toLowerCase();
|
|
55
|
+
}
|
|
56
|
+
function isLoopbackTarget(gatewayUrl) {
|
|
57
|
+
return LOOPBACK_HOSTS.has(gatewayHostOf(gatewayUrl));
|
|
58
|
+
}
|
|
59
|
+
/**
|
|
60
|
+
* Pick channel credentials for the op-control stream, secure by default.
|
|
61
|
+
*
|
|
62
|
+
* Precedence: an explicit `credentials` override wins; otherwise a loopback
|
|
63
|
+
* target gets plaintext (local dev gateway), a remote target gets TLS, and a
|
|
64
|
+
* remote target is only allowed plaintext when the caller sets `allowInsecure`.
|
|
65
|
+
*
|
|
66
|
+
* @throws never — returns the chosen {@link ChannelCredentials}.
|
|
67
|
+
*/
|
|
68
|
+
export function resolveOpControlCredentials(gatewayUrl, opts) {
|
|
69
|
+
if (opts.credentials)
|
|
70
|
+
return opts.credentials;
|
|
71
|
+
if (isLoopbackTarget(gatewayUrl))
|
|
72
|
+
return grpcCredentials.createInsecure();
|
|
73
|
+
if (opts.allowInsecure)
|
|
74
|
+
return grpcCredentials.createInsecure();
|
|
75
|
+
return grpcCredentials.createSsl();
|
|
76
|
+
}
|
|
25
77
|
export class OpControlSubscriber {
|
|
26
78
|
client;
|
|
27
79
|
agent;
|
|
@@ -41,7 +93,7 @@ export class OpControlSubscriber {
|
|
|
41
93
|
};
|
|
42
94
|
const client = opts.clientFactory
|
|
43
95
|
? opts.clientFactory()
|
|
44
|
-
: new PolicyServiceClient(gatewayUrl, opts
|
|
96
|
+
: new PolicyServiceClient(gatewayUrl, resolveOpControlCredentials(gatewayUrl, opts));
|
|
45
97
|
const subscriber = new OpControlSubscriber(client, agent);
|
|
46
98
|
subscriber.start();
|
|
47
99
|
return subscriber;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"op-control.js","sourceRoot":"","sources":["../../src/op-control.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,EAGL,WAAW,IAAI,eAAe,GAC/B,MAAM,eAAe,CAAC;AAEvB,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAC;AAEpE,OAAO,EAEL,eAAe,EAEf,mBAAmB,GACpB,MAAM,6BAA6B,CAAC;
|
|
1
|
+
{"version":3,"file":"op-control.js","sourceRoot":"","sources":["../../src/op-control.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,EAGL,WAAW,IAAI,eAAe,GAC/B,MAAM,eAAe,CAAC;AAEvB,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAC;AAEpE,OAAO,EAEL,eAAe,EAEf,mBAAmB,GACpB,MAAM,6BAA6B,CAAC;AA6CrC;;;;GAIG;AACH,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,WAAW,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC;AAE3E;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,UAAkB;IAC9C,IAAI,MAAM,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC;IAC/B,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IACxC,IAAI,SAAS,KAAK,CAAC,CAAC;QAAE,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC;IAC3D,qDAAqD;IACrD,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACrC,IAAI,QAAQ,KAAK,CAAC,CAAC;QAAE,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IACxD,IAAI,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3B,0EAA0E;QAC1E,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAClC,OAAO,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IACxF,CAAC;IACD,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACrC,IAAI,QAAQ,KAAK,CAAC,CAAC;QAAE,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IACxD,OAAO,MAAM,CAAC,WAAW,EAAE,CAAC;AAC9B,CAAC;AAED,SAAS,gBAAgB,CAAC,UAAkB;IAC1C,OAAO,cAAc,CAAC,GAAG,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,CAAC;AACvD,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,2BAA2B,CACzC,UAAkB,EAClB,IAAuE;IAEvE,IAAI,IAAI,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC,WAAW,CAAC;IAC9C,IAAI,gBAAgB,CAAC,UAAU,CAAC;QAAE,OAAO,eAAe,CAAC,cAAc,EAAE,CAAC;IAC1E,IAAI,IAAI,CAAC,aAAa;QAAE,OAAO,eAAe,CAAC,cAAc,EAAE,CAAC;IAChE,OAAO,eAAe,CAAC,SAAS,EAAE,CAAC;AACrC,CAAC;AAED,MAAM,OAAO,mBAAmB;IACb,MAAM,CAAkB;IACxB,KAAK,CAAU;IACf,GAAG,GAAG,IAAI,GAAG,EAA0B,CAAC;IACjD,IAAI,GAAkD,IAAI,CAAC;IAC3D,KAAK,GAAG,IAAI,CAAC;IAErB,YAAoB,MAAuB,EAAE,KAAc;QACzD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAED,wEAAwE;IACjE,MAAM,CAAC,OAAO,CACnB,UAAkB,EAClB,IAAgC;QAEhC,MAAM,KAAK,GAAY;YACrB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC;QACF,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa;YAC/B,CAAC,CAAC,IAAI,CAAC,aAAa,EAAE;YACtB,CAAC,CAAE,IAAI,mBAAmB,CACtB,UAAU,EACV,2BAA2B,CAAC,UAAU,EAAE,IAAI,CAAC,CACW,CAAC;QAC/D,MAAM,UAAU,GAAG,IAAI,mBAAmB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC1D,UAAU,CAAC,KAAK,EAAE,CAAC;QACnB,OAAO,UAAU,CAAC;IACpB,CAAC;IAED;;OAEG;IACI,KAAK;QACV,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;QACjE,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,GAAqB,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;QACpE,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC;QACnD,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC;IACnD,CAAC;IAEO,QAAQ,CAAC,GAAqB;QACpC,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAClC,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAC;YACnB,KAAK,eAAe,CAAC,uBAAuB;gBAC1C,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC;gBACpB,MAAM;YACR,KAAK,eAAe,CAAC,wBAAwB;gBAC3C,KAAK,CAAC,MAAM,GAAG,KAAK,CAAC;gBACrB,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;gBAC3B,MAAM;YACR,KAAK,eAAe,CAAC,2BAA2B;gBAC9C,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC;gBACxB,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;gBAC3B,MAAM;YACR;gBACE,kDAAkD;gBAClD,MAAM;QACV,CAAC;IACH,CAAC;IAEO,IAAI,CAAC,IAAY;QACvB,IAAI,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC/B,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,KAAK,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;YAC5D,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAC5B,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,cAAc,CAAC,KAAqB;QAC1C,MAAM,OAAO,GAAG,KAAK,CAAC,SAAS,CAAC;QAChC,KAAK,CAAC,SAAS,GAAG,EAAE,CAAC;QACrB,KAAK,MAAM,OAAO,IAAI,OAAO;YAAE,OAAO,EAAE,CAAC;IAC3C,CAAC;IAEO,cAAc;QACpB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,uDAAuD;QACvD,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE;YAAE,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IACpE,CAAC;IAED;;;;;;;;;;OAUG;IACI,KAAK,CAAC,SAAS,CACpB,IAAY,EACZ,OAA+B,EAAE;QAEjC,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9B,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;YACrB,MAAM,IAAI,iBAAiB,CAAC,MAAM,IAAI,gCAAgC,EAAE,IAAI,CAAC,CAAC;QAChF,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,MAAM;YAAE,OAAO;QAE1B,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;YAClC,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC9B,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;gBACjC,UAAU,CAAC,GAAG,EAAE;oBACd,uEAAuE;oBACvE,MAAM,GAAG,GAAG,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;oBAC7C,IAAI,GAAG,KAAK,CAAC,CAAC;wBAAE,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;oBAC/C,OAAO,EAAE,CAAC;gBACZ,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;YACrB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;YACrB,MAAM,IAAI,iBAAiB,CAAC,MAAM,IAAI,gCAAgC,EAAE,IAAI,CAAC,CAAC;QAChF,CAAC;IACH,CAAC;IAEM,QAAQ,CAAC,IAAY;QAC1B,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,IAAI,KAAK,CAAC;IAC7C,CAAC;IAEM,YAAY,CAAC,IAAY;QAC9B,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,UAAU,IAAI,KAAK,CAAC;IACjD,CAAC;IAEM,WAAW;QAChB,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,sCAAsC;IAC/B,KAAK;QACV,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC;QACpB,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,CAAC;QACtB,IAAI,CAAC,cAAc,EAAE,CAAC;IACxB,CAAC;CACF"}
|
package/dist/esm/runtime.js
CHANGED
|
@@ -12,11 +12,18 @@ import { existsSync, openSync } from "node:fs";
|
|
|
12
12
|
import { createRequire } from "node:module";
|
|
13
13
|
import { createConnection } from "node:net";
|
|
14
14
|
import { arch, homedir, platform } from "node:os";
|
|
15
|
-
import { delimiter as PATH_DELIM, dirname, join } from "node:path";
|
|
15
|
+
import { delimiter as PATH_DELIM, dirname, isAbsolute, join, resolve as resolvePath } from "node:path";
|
|
16
16
|
import { cwd, env } from "node:process";
|
|
17
17
|
export const BINARY_NAME = "aasm";
|
|
18
18
|
export const DEFAULT_PORT = 7878;
|
|
19
19
|
export const DEFAULT_RUNTIME_HOST = "127.0.0.1";
|
|
20
|
+
/**
|
|
21
|
+
* Opt-in gate for spawning the `aasm` sidecar. Auto-start runs a binary
|
|
22
|
+
* discovered from `$PATH` / the filesystem, so it is a privileged side effect
|
|
23
|
+
* that must be explicitly enabled rather than triggered silently by every
|
|
24
|
+
* `initAssembly()` call. Set to `1`/`true`/`yes` to permit auto-start.
|
|
25
|
+
*/
|
|
26
|
+
export const ENV_AUTO_START = "AA_AUTO_START";
|
|
20
27
|
export const USER_LOCAL_BIN = join(homedir(), ".local", "bin");
|
|
21
28
|
export const DOCKER_BASE_BIN = "/usr/local/bin";
|
|
22
29
|
export const RUNTIME_LOG_FILENAME = ".aasm-runtime.log";
|
|
@@ -93,6 +100,51 @@ export function isRunning(port = DEFAULT_PORT, host = DEFAULT_RUNTIME_HOST) {
|
|
|
93
100
|
socket.once("error", () => settle(false));
|
|
94
101
|
});
|
|
95
102
|
}
|
|
103
|
+
/** Truthy values that enable {@link ENV_AUTO_START}. */
|
|
104
|
+
function autoStartEnabled() {
|
|
105
|
+
const raw = env[ENV_AUTO_START]?.trim().toLowerCase();
|
|
106
|
+
return raw === "1" || raw === "true" || raw === "yes";
|
|
107
|
+
}
|
|
108
|
+
/**
|
|
109
|
+
* Install roots an auto-started `aasm` binary is permitted to live in, in
|
|
110
|
+
* addition to the npm-bundled `node_modules/@agent-assembly/runtime-*` path
|
|
111
|
+
* (which is trusted because it ships with the SDK install). This blocks a
|
|
112
|
+
* `$PATH`-injected `./aasm` or a binary planted in an arbitrary writable
|
|
113
|
+
* directory from being spawned.
|
|
114
|
+
*/
|
|
115
|
+
function allowedInstallDirs() {
|
|
116
|
+
const home = homedir();
|
|
117
|
+
return [
|
|
118
|
+
"/usr/local/bin",
|
|
119
|
+
"/usr/bin",
|
|
120
|
+
"/opt/homebrew/bin",
|
|
121
|
+
USER_LOCAL_BIN,
|
|
122
|
+
join(home, ".cargo", "bin"),
|
|
123
|
+
"/usr/local/cargo/bin",
|
|
124
|
+
DOCKER_BASE_BIN,
|
|
125
|
+
];
|
|
126
|
+
}
|
|
127
|
+
/**
|
|
128
|
+
* Throw `Error` unless `binaryPath` is safe to spawn: it must be absolute and
|
|
129
|
+
* either resolve inside an allow-listed install dir (see
|
|
130
|
+
* {@link allowedInstallDirs}) or be the npm-bundled runtime binary. This is the
|
|
131
|
+
* integrity gate for the auto-start subprocess — without it the SDK would
|
|
132
|
+
* execute whatever `aasm` happened to be first on `$PATH`.
|
|
133
|
+
*/
|
|
134
|
+
export function assertSafeBinaryPath(binaryPath) {
|
|
135
|
+
if (!isAbsolute(binaryPath)) {
|
|
136
|
+
throw new Error(`Refusing to auto-start a non-absolute 'aasm' path: ${binaryPath}`);
|
|
137
|
+
}
|
|
138
|
+
const resolved = resolvePath(binaryPath);
|
|
139
|
+
const bundled = bundledRuntimeBinaryPath();
|
|
140
|
+
if (bundled !== null && resolvePath(bundled) === resolved)
|
|
141
|
+
return;
|
|
142
|
+
const ok = allowedInstallDirs().some((dir) => resolved.startsWith(resolvePath(dir) + "/"));
|
|
143
|
+
if (!ok) {
|
|
144
|
+
throw new Error(`Refusing to auto-start 'aasm' from an untrusted location: ${resolved}. ` +
|
|
145
|
+
`Install it under one of: ${allowedInstallDirs().join(", ")}.`);
|
|
146
|
+
}
|
|
147
|
+
}
|
|
96
148
|
/**
|
|
97
149
|
* Spawn `aasm serve --port <port>` as a detached background subprocess.
|
|
98
150
|
*
|
|
@@ -119,20 +171,33 @@ export function startRuntime(binaryPath, port = DEFAULT_PORT, logDir = cwd()) {
|
|
|
119
171
|
* 2. Resolve the binary via {@link findAasmBinary}.
|
|
120
172
|
* 3. Spawn the sidecar via {@link startRuntime}.
|
|
121
173
|
*
|
|
122
|
-
* `
|
|
123
|
-
*
|
|
124
|
-
* `@agent-assembly/sdk` `initAssembly`
|
|
174
|
+
* `_agentId` is accepted to keep the ticket-specified signature stable but is
|
|
175
|
+
* intentionally not consumed at this lifecycle layer; actual register-and-connect
|
|
176
|
+
* is performed by the existing gateway-aware `@agent-assembly/sdk` `initAssembly`
|
|
177
|
+
* once the sidecar is reachable.
|
|
178
|
+
*
|
|
179
|
+
* Auto-start is **opt-in**: when the sidecar is not already running, this
|
|
180
|
+
* throws unless `AA_AUTO_START` is enabled. When it does spawn, the resolved
|
|
181
|
+
* binary path is logged and integrity-checked via {@link assertSafeBinaryPath}.
|
|
125
182
|
*
|
|
126
|
-
* Throws `Error` with {@link INSTALL_HINT} when no binary is found
|
|
183
|
+
* Throws `Error` with {@link INSTALL_HINT} when no binary is found, and a
|
|
184
|
+
* descriptive `Error` when auto-start is not opted in or the resolved binary
|
|
185
|
+
* fails the integrity check.
|
|
127
186
|
*/
|
|
128
|
-
export async function initAssembly(
|
|
129
|
-
void agentId; // not consumed at the lifecycle layer; see jsdoc
|
|
187
|
+
export async function initAssembly(_agentId, port = DEFAULT_PORT) {
|
|
130
188
|
if (await isRunning(port))
|
|
131
189
|
return;
|
|
190
|
+
if (!autoStartEnabled()) {
|
|
191
|
+
throw new Error(`No aasm sidecar running on port ${port} and auto-start is disabled. ` +
|
|
192
|
+
`Start it with 'aasm serve --port ${port}', or set ${ENV_AUTO_START}=1 ` +
|
|
193
|
+
"to allow the SDK to auto-start it.");
|
|
194
|
+
}
|
|
132
195
|
const binary = findAasmBinary();
|
|
133
196
|
if (binary === null) {
|
|
134
197
|
throw new Error(INSTALL_HINT);
|
|
135
198
|
}
|
|
199
|
+
assertSafeBinaryPath(binary);
|
|
200
|
+
console.info(`[agent-assembly] auto-starting aasm sidecar from ${binary}`);
|
|
136
201
|
startRuntime(binary, port);
|
|
137
202
|
}
|
|
138
203
|
//# sourceMappingURL=runtime.js.map
|
package/dist/esm/runtime.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"runtime.js","sourceRoot":"","sources":["../../src/runtime.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAqB,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAClD,OAAO,EAAE,SAAS,IAAI,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"runtime.js","sourceRoot":"","sources":["../../src/runtime.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAqB,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAClD,OAAO,EAAE,SAAS,IAAI,UAAU,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,WAAW,CAAC;AACvG,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AAExC,MAAM,CAAC,MAAM,WAAW,GAAG,MAAM,CAAC;AAClC,MAAM,CAAC,MAAM,YAAY,GAAG,IAAI,CAAC;AACjC,MAAM,CAAC,MAAM,oBAAoB,GAAG,WAAW,CAAC;AAEhD;;;;;GAKG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,eAAe,CAAC;AAE9C,MAAM,CAAC,MAAM,cAAc,GAAW,IAAI,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;AACvE,MAAM,CAAC,MAAM,eAAe,GAAG,gBAAgB,CAAC;AAChD,MAAM,CAAC,MAAM,oBAAoB,GAAG,mBAAmB,CAAC;AAExD,8EAA8E;AAC9E,MAAM,CAAC,MAAM,kBAAkB,GAAW,WAAW,QAAQ,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC;AAE5E,MAAM,CAAC,MAAM,YAAY,GAAW;IAClC,mCAAmC;IACnC,yCAAyC;IACzC,sDAAsD;IACtD,8DAA8D;CAC/D,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEb;;;;;;;;;GASG;AACH,SAAS,wBAAwB;IAC/B,IAAI,CAAC;QACH,MAAM,cAAc,GAAG,aAAa,CAAC,GAAG,GAAG,EAAE,eAAe,CAAC,CAAC;QAC9D,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,CAAC,mBAAmB,kBAAkB,eAAe,CAAC,CAAC;QAC7F,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,WAAW,CAAC,CAAC;IACpD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,cAAc;IAC5B,KAAK,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC;QACrD,IAAI,CAAC,GAAG;YAAE,SAAS;QACnB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QACzC,IAAI,UAAU,CAAC,SAAS,CAAC;YAAE,OAAO,SAAS,CAAC;IAC9C,CAAC;IACD,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;IACpD,IAAI,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,SAAS,CAAC;IAC5C,MAAM,OAAO,GAAG,wBAAwB,EAAE,CAAC;IAC3C,IAAI,OAAO,KAAK,IAAI,IAAI,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,OAAO,CAAC;IAC5D,MAAM,MAAM,GAAG,IAAI,CAAC,eAAe,EAAE,WAAW,CAAC,CAAC;IAClD,IAAI,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,MAAM,CAAC;IACtC,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,SAAS,CACvB,OAAe,YAAY,EAC3B,OAAe,oBAAoB;IAEnC,OAAO,IAAI,OAAO,CAAC,CAAC,aAAa,EAAE,EAAE;QACnC,MAAM,MAAM,GAAG,gBAAgB,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;QAC9D,MAAM,MAAM,GAAG,CAAC,KAAc,EAAQ,EAAE;YACtC,MAAM,CAAC,kBAAkB,EAAE,CAAC;YAC5B,MAAM,CAAC,OAAO,EAAE,CAAC;YACjB,aAAa,CAAC,KAAK,CAAC,CAAC;QACvB,CAAC,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;QAC3C,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAC5C,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;AACL,CAAC;AAED,wDAAwD;AACxD,SAAS,gBAAgB;IACvB,MAAM,GAAG,GAAG,GAAG,CAAC,cAAc,CAAC,EAAE,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACtD,OAAO,GAAG,KAAK,GAAG,IAAI,GAAG,KAAK,MAAM,IAAI,GAAG,KAAK,KAAK,CAAC;AACxD,CAAC;AAED;;;;;;GAMG;AACH,SAAS,kBAAkB;IACzB,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;IACvB,OAAO;QACL,gBAAgB;QAChB,UAAU;QACV,mBAAmB;QACnB,cAAc;QACd,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,CAAC;QAC3B,sBAAsB;QACtB,eAAe;KAChB,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,oBAAoB,CAAC,UAAkB;IACrD,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,sDAAsD,UAAU,EAAE,CAAC,CAAC;IACtF,CAAC;IACD,MAAM,QAAQ,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC;IACzC,MAAM,OAAO,GAAG,wBAAwB,EAAE,CAAC;IAC3C,IAAI,OAAO,KAAK,IAAI,IAAI,WAAW,CAAC,OAAO,CAAC,KAAK,QAAQ;QAAE,OAAO;IAClE,MAAM,EAAE,GAAG,kBAAkB,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;IAC3F,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,MAAM,IAAI,KAAK,CACb,6DAA6D,QAAQ,IAAI;YACvE,4BAA4B,kBAAkB,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CACjE,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY,CAC1B,UAAkB,EAClB,OAAe,YAAY,EAC3B,SAAiB,GAAG,EAAE;IAEtB,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAC;IACnD,MAAM,EAAE,GAAG,QAAQ,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IAClC,MAAM,KAAK,GAAG,KAAK,CAAC,UAAU,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE;QACjE,QAAQ,EAAE,IAAI;QACd,KAAK,EAAE,CAAC,QAAQ,EAAE,EAAE,EAAE,EAAE,CAAC;KAC1B,CAAC,CAAC;IACH,KAAK,CAAC,KAAK,EAAE,CAAC;IACd,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,QAAiB,EACjB,OAAe,YAAY;IAE3B,IAAI,MAAM,SAAS,CAAC,IAAI,CAAC;QAAE,OAAO;IAClC,IAAI,CAAC,gBAAgB,EAAE,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CACb,mCAAmC,IAAI,+BAA+B;YACpE,oCAAoC,IAAI,aAAa,cAAc,KAAK;YACxE,oCAAoC,CACvC,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,cAAc,EAAE,CAAC;IAChC,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;IAChC,CAAC;IACD,oBAAoB,CAAC,MAAM,CAAC,CAAC;IAC7B,OAAO,CAAC,IAAI,CAAC,oDAAoD,MAAM,EAAE,CAAC,CAAC;IAC3E,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;AAC7B,CAAC"}
|
|
@@ -14,7 +14,9 @@
|
|
|
14
14
|
* as deprecated aliases (a one-time warning is logged when a legacy name
|
|
15
15
|
* supplies the value)
|
|
16
16
|
* 3. Config file (~/.aasm/config.yaml, optional js-yaml soft dep)
|
|
17
|
-
* 4. Local default: probe http://localhost:7391, auto-start
|
|
17
|
+
* 4. Local default: probe http://localhost:7391; when absent, auto-start the
|
|
18
|
+
* local `aasm` gateway ONLY if `AA_AUTO_START` is opted in and the binary
|
|
19
|
+
* resolves to an allow-listed install dir — otherwise raise an error.
|
|
18
20
|
*/
|
|
19
21
|
export declare const DEFAULT_GATEWAY_URL = "http://localhost:7391";
|
|
20
22
|
export declare const DEFAULT_HEALTHZ_PATH = "/healthz";
|
|
@@ -23,6 +25,21 @@ export declare const DEFAULT_AUTO_START_TIMEOUT_MS = 5000;
|
|
|
23
25
|
export declare const DEFAULT_CONFIG_FILE_PATH = "~/.aasm/config.yaml";
|
|
24
26
|
export declare const ENV_GATEWAY_URL = "AA_GATEWAY_URL";
|
|
25
27
|
export declare const ENV_API_KEY = "AA_API_KEY";
|
|
28
|
+
/**
|
|
29
|
+
* Opt-in gate for auto-starting a local gateway. Auto-start spawns the `aasm`
|
|
30
|
+
* binary resolved from `$PATH`, so it is gated behind an explicit opt-in rather
|
|
31
|
+
* than running silently: a `$PATH` entry an attacker can write to would
|
|
32
|
+
* otherwise be executed by any process that calls `initAssembly()`. Set to
|
|
33
|
+
* `1`/`true`/`yes` to permit auto-start.
|
|
34
|
+
*/
|
|
35
|
+
export declare const ENV_AUTO_START = "AA_AUTO_START";
|
|
36
|
+
/**
|
|
37
|
+
* Throw {@link ConfigurationError} unless `aasmPath` is an absolute path inside
|
|
38
|
+
* an allow-listed install directory (see {@link allowedInstallDirs}). This is
|
|
39
|
+
* the integrity gate for the auto-start subprocess — without it the SDK would
|
|
40
|
+
* execute whatever `aasm` happened to be first on `$PATH`.
|
|
41
|
+
*/
|
|
42
|
+
export declare function assertAllowedAasmPath(aasmPath: string): void;
|
|
26
43
|
/**
|
|
27
44
|
* Deprecated environment-variable names, kept as backwards-compatible aliases.
|
|
28
45
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"gateway-resolver.d.ts","sourceRoot":"","sources":["../../../src/core/gateway-resolver.ts"],"names":[],"mappings":"AAOA
|
|
1
|
+
{"version":3,"file":"gateway-resolver.d.ts","sourceRoot":"","sources":["../../../src/core/gateway-resolver.ts"],"names":[],"mappings":"AAOA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,eAAO,MAAM,mBAAmB,0BAA0B,CAAC;AAC3D,eAAO,MAAM,oBAAoB,aAAa,CAAC;AAC/C,eAAO,MAAM,wBAAwB,MAAM,CAAC;AAC5C,eAAO,MAAM,6BAA6B,OAAO,CAAC;AAClD,eAAO,MAAM,wBAAwB,wBAAwB,CAAC;AAE9D,eAAO,MAAM,eAAe,mBAAmB,CAAC;AAChD,eAAO,MAAM,WAAW,eAAe,CAAC;AAExC;;;;;;GAMG;AACH,eAAO,MAAM,cAAc,kBAAkB,CAAC;AA2B9C;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAgB5D;AAED;;;;;GAKG;AACH,eAAO,MAAM,sBAAsB,sBAAsB,CAAC;AAC1D,eAAO,MAAM,kBAAkB,kBAAkB,CAAC;AAoClD,eAAO,MAAM,oBAAoB,uDAAwD,CAAC;AAE1F;;;;;;;GAOG;AACH,wBAAsB,YAAY,CAChC,OAAO,EAAE,MAAM,EACf,SAAS,GAAE,MAAiC,GAC3C,OAAO,CAAC,OAAO,CAAC,CAgBlB;AAED;;;;;;;GAOG;AACH,wBAAsB,cAAc,CAClC,OAAO,EAAE,MAAM,EACf,SAAS,GAAE,MAAsC,EACjD,cAAc,GAAE,MAAY,GAC3B,OAAO,CAAC,OAAO,CAAC,CASlB;AAUD;;;;;;;GAOG;AACH,wBAAsB,cAAc,CAClC,UAAU,GAAE,MAAiC,GAC5C,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAwBlC;AAED,iBAAS,qBAAqB,IAAI,MAAM,GAAG,IAAI,CAY9C;AAED,iBAAS,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAMhD;AAeD,eAAO,MAAM,SAAS;;;;;;;;kCAEQ,IAAI;CAGjC,CAAC;AAEF;;;;;;;;;;GAUG;AACH,wBAAsB,gBAAgB,CACpC,OAAO,GAAE,MAA4B,EACrC,SAAS,GAAE,MAAsC,GAChD,OAAO,CAAC,IAAI,CAAC,CAuBf;AAED;;;;;;;GAOG;AACH,wBAAsB,iBAAiB,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CA8B1E;AAED;;;;;;GAMG;AACH,wBAAsB,aAAa,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CActE"}
|
|
@@ -1,12 +1,13 @@
|
|
|
1
1
|
import type { Adapter } from "../adapters/adapter.js";
|
|
2
2
|
import { type GatewayClient } from "../gateway/client.js";
|
|
3
|
+
import { type NativeClient } from "../native/client.js";
|
|
3
4
|
import type { AssemblyConfig } from "../types/assembly-config.js";
|
|
4
5
|
import type { AssemblyContext } from "../types/assembly-context.js";
|
|
5
6
|
/** Env-var fallback for ``gatewayUrl`` read at ``initAssembly`` entry. */
|
|
6
7
|
export declare const ENV_GATEWAY_URL = "AA_GATEWAY_URL";
|
|
7
8
|
/** Env-var fallback for ``controlPlaneUrl`` read at ``initAssembly`` entry. */
|
|
8
9
|
export declare const ENV_CONTROL_PLANE_URL = "AA_CONTROL_PLANE_URL";
|
|
9
|
-
export declare function createClient(config: AssemblyConfig): GatewayClient;
|
|
10
|
+
export declare function createClient(config: AssemblyConfig, nativeClientOverride?: NativeClient): GatewayClient;
|
|
10
11
|
export declare function detectFrameworks(): string[];
|
|
11
12
|
export declare function registerAdapters(frameworks: readonly string[]): Promise<Adapter[]>;
|
|
12
13
|
export declare function startNetworkLayerIfNeeded(client: GatewayClient, config: AssemblyConfig): Promise<void>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"init-assembly.d.ts","sourceRoot":"","sources":["../../../src/core/init-assembly.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,wBAAwB,CAAC;AAKtD,OAAO,
|
|
1
|
+
{"version":3,"file":"init-assembly.d.ts","sourceRoot":"","sources":["../../../src/core/init-assembly.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,wBAAwB,CAAC;AAKtD,OAAO,EAGL,KAAK,aAAa,EACnB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAEL,KAAK,YAAY,EAElB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAClE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAoBpE,0EAA0E;AAC1E,eAAO,MAAM,eAAe,mBAAmB,CAAC;AAChD,+EAA+E;AAC/E,eAAO,MAAM,qBAAqB,yBAAyB,CAAC;AAiD5D,wBAAgB,YAAY,CAC1B,MAAM,EAAE,cAAc,EACtB,oBAAoB,CAAC,EAAE,YAAY,GAClC,aAAa,CA+Cf;AAWD,wBAAgB,gBAAgB,IAAI,MAAM,EAAE,CAoB3C;AASD,wBAAsB,gBAAgB,CAAC,UAAU,EAAE,SAAS,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CAMxF;AAED,wBAAsB,yBAAyB,CAC7C,MAAM,EAAE,aAAa,EACrB,MAAM,EAAE,cAAc,GACrB,OAAO,CAAC,IAAI,CAAC,CAMf;AAsLD,wBAAsB,YAAY,CAAC,MAAM,GAAE,cAAmB,GAAG,OAAO,CAAC,eAAe,CAAC,CAkFxF"}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import type { GatewayApprovalResult, GatewayCheckRequest, GatewayDecision, GatewayPromptScan, GatewayRecordEvent, GatewayResultRecord } from "../types/gateway-governance.js";
|
|
2
2
|
import type { AssemblyMode } from "../types/assembly-mode.js";
|
|
3
|
+
import type { NativeClient } from "../native/client.js";
|
|
3
4
|
export interface GatewayClient {
|
|
4
5
|
readonly mode: AssemblyMode;
|
|
5
6
|
/**
|
|
@@ -17,4 +18,20 @@ export interface GatewayClient {
|
|
|
17
18
|
scanPrompts: (scan: GatewayPromptScan) => Promise<void>;
|
|
18
19
|
}
|
|
19
20
|
export declare function createNoopGatewayClient(mode: AssemblyMode, httpBaseUrl?: string): GatewayClient;
|
|
21
|
+
/**
|
|
22
|
+
* Gateway client backed by the in-process native runtime (AAASM-3050).
|
|
23
|
+
*
|
|
24
|
+
* `check()` asks a reachable `aa-runtime` for an authoritative verdict via the
|
|
25
|
+
* native `queryPolicy` primitive and maps it onto a `GatewayDecision`:
|
|
26
|
+
* - `deny` → `{ denied: true }` (the wrapper throws `PolicyViolationError`)
|
|
27
|
+
* - `pending` → `{ pending: true }` (routes to the approval path)
|
|
28
|
+
* - allow / redact / unspecified → `{ denied: false }`
|
|
29
|
+
*
|
|
30
|
+
* **Fail-open (security-critical):** the SDK is advisory, not a security
|
|
31
|
+
* boundary. The native primitive already returns `allow` when the runtime is
|
|
32
|
+
* unreachable or too slow; on top of that, any local fault while querying is
|
|
33
|
+
* swallowed here and resolves neutral, so a missing or degraded runtime never
|
|
34
|
+
* blocks the agent. The proxy / eBPF layers remain authoritative.
|
|
35
|
+
*/
|
|
36
|
+
export declare function createNativeGatewayClient(mode: AssemblyMode, nativeClient: NativeClient, agentId?: string, httpBaseUrl?: string): GatewayClient;
|
|
20
37
|
//# sourceMappingURL=client.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../../src/gateway/client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,qBAAqB,EACrB,mBAAmB,EACnB,eAAe,EACf,iBAAiB,EACjB,kBAAkB,EAClB,mBAAmB,EACpB,MAAM,gCAAgC,CAAC;AACxC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;
|
|
1
|
+
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../../src/gateway/client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,qBAAqB,EACrB,mBAAmB,EACnB,eAAe,EACf,iBAAiB,EACjB,kBAAkB,EAClB,mBAAmB,EACpB,MAAM,gCAAgC,CAAC;AACxC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAExD,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC;IAC5B;;;;OAIG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3B,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3B,KAAK,EAAE,CAAC,OAAO,EAAE,mBAAmB,KAAK,OAAO,CAAC,eAAe,CAAC,CAAC;IAClE,eAAe,EAAE,CACf,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,KACd,OAAO,CAAC,qBAAqB,CAAC,CAAC;IACpC,MAAM,EAAE,CAAC,KAAK,EAAE,kBAAkB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACrD,YAAY,EAAE,CAAC,MAAM,EAAE,mBAAmB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7D,WAAW,EAAE,CAAC,IAAI,EAAE,iBAAiB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CACzD;AAED,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,YAAY,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,aAAa,CAY/F;AAwBD;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,yBAAyB,CACvC,IAAI,EAAE,YAAY,EAClB,YAAY,EAAE,YAAY,EAC1B,OAAO,CAAC,EAAE,MAAM,EAChB,WAAW,CAAC,EAAE,MAAM,GACnB,aAAa,CA0Bf"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/gateway/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/gateway/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,yBAAyB,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAC;AACjF,YAAY,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ai-sdk.d.ts","sourceRoot":"","sources":["../../../src/hooks/ai-sdk.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAEV,4BAA4B,EAC5B,mBAAmB,EACpB,MAAM,+BAA+B,CAAC;AACvC,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAI1D,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,mBAAmB,CAAC;CAC3B;AAED,MAAM,WAAW,qBAAqB;IACpC,SAAS,EAAE,OAAO,CAAC;IACnB,mBAAmB,EAAE,mBAAmB,GAAG,SAAS,CAAC;IACrD,aAAa,EAAE,iBAAiB,GAAG,SAAS,CAAC;CAC9C;AAED,eAAO,MAAM,qBAAqB,EAAE,qBAInC,CAAC;AAEF,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,iBAAiB,GACxB,mBAAmB,GAAG,SAAS,
|
|
1
|
+
{"version":3,"file":"ai-sdk.d.ts","sourceRoot":"","sources":["../../../src/hooks/ai-sdk.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAEV,4BAA4B,EAC5B,mBAAmB,EACpB,MAAM,+BAA+B,CAAC;AACvC,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAI1D,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,mBAAmB,CAAC;CAC3B;AAED,MAAM,WAAW,qBAAqB;IACpC,SAAS,EAAE,OAAO,CAAC;IACnB,mBAAmB,EAAE,mBAAmB,GAAG,SAAS,CAAC;IACrD,aAAa,EAAE,iBAAiB,GAAG,SAAS,CAAC;CAC9C;AAED,eAAO,MAAM,qBAAqB,EAAE,qBAInC,CAAC;AAEF,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,iBAAiB,GACxB,mBAAmB,GAAG,SAAS,CASjC;AAED,MAAM,WAAW,2BAA2B;IAC1C,iBAAiB,EAAE,MAAM,CAAC;IAC1B,aAAa,EAAE,MAAM,CAAC;IACtB,6GAA6G;IAC7G,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,wBAAgB,2BAA2B,CACzC,aAAa,EAAE,aAAa,EAC5B,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,OAAO,GACd,IAAI,CAEN;AAED,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,OAAO,EACjD,eAAe,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,4BAA4B,KAAK,OAAO,CAAC,OAAO,CAAC,EACzF,WAAW,EAAE,MAAM,EACnB,aAAa,EAAE,aAAa,EAC5B,OAAO,EAAE,2BAA2B,GACnC,CAAC,IAAI,EAAE,KAAK,EAAE,gBAAgB,EAAE,4BAA4B,KAAK,OAAO,CAAC,OAAO,CAAC,CAsDnF;AAED,MAAM,WAAW,+BAA+B;IAC9C,iBAAiB,EAAE,MAAM,CAAC;IAC1B,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,wBAAgB,wBAAwB,CACtC,mBAAmB,EAAE,mBAAmB,EACxC,aAAa,EAAE,aAAa,EAC5B,OAAO,EAAE,+BAA+B,GACvC,mBAAmB,CAsBrB;AAED,MAAM,WAAW,uBAAuB;IACtC,aAAa,EAAE,aAAa,CAAC;IAC7B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,OAAO,CAAC,iBAAiB,GAAG,SAAS,CAAC,CAAC;CAC3D;AAYD,wBAAsB,gBAAgB,CACpC,OAAO,EAAE,uBAAuB,GAC/B,OAAO,CAAC,OAAO,CAAC,CA4BlB;AAED,wBAAgB,kBAAkB,IAAI,OAAO,CAgB5C"}
|
|
@@ -1,3 +1,14 @@
|
|
|
1
1
|
import type { NativeClient } from "../native/client.js";
|
|
2
|
+
/**
|
|
3
|
+
* Intentional no-op stub: native-transport LangChain patching is not
|
|
4
|
+
* implemented. LangChain enforcement is performed in the SDK's callback layer
|
|
5
|
+
* (post-execution redaction) and wrapper layer (pre-execution deny) wired by
|
|
6
|
+
* `initAssembly`, not through this native hook — so there is nothing to patch
|
|
7
|
+
* here yet. Returns `false` (nothing patched) for every mode.
|
|
8
|
+
*
|
|
9
|
+
* The `client` parameter is retained to keep the adapter-registry hook
|
|
10
|
+
* signature (and the public `patchLangChain` export) uniform with the other
|
|
11
|
+
* `patch*` hooks; it is deliberately unused until native patching lands.
|
|
12
|
+
*/
|
|
2
13
|
export declare function patchLangChain(client: NativeClient): Promise<boolean>;
|
|
3
14
|
//# sourceMappingURL=langchain.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"langchain.d.ts","sourceRoot":"","sources":["../../../src/hooks/langchain.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAExD,wBAAsB,cAAc,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,
|
|
1
|
+
{"version":3,"file":"langchain.d.ts","sourceRoot":"","sources":["../../../src/hooks/langchain.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAExD;;;;;;;;;;GAUG;AAEH,wBAAsB,cAAc,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,CAE3E"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mastra.d.ts","sourceRoot":"","sources":["../../../src/hooks/mastra.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE;QACT,QAAQ,CAAC,EAAE,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;KACrD,CAAC;CACH;AAED,MAAM,WAAW,mBAAmB;IAClC,SAAS,EAAE;QACT,OAAO,CAAC,EAAE,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;KACpD,CAAC;CACH;AAED,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,gBAAgB,CAAC;IACxB,QAAQ,CAAC,EAAE,mBAAmB,CAAC;CAChC;AAED,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,OAAO,CAAC;IACnB,gBAAgB,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,SAAS,CAAC;IACzE,eAAe,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,SAAS,CAAC;IACxE,iBAAiB,EAAE,gBAAgB,GAAG,SAAS,CAAC;IAChD,oBAAoB,EAAE,mBAAmB,GAAG,SAAS,CAAC;CACvD;AAED,eAAO,MAAM,gBAAgB,EAAE,gBAM9B,CAAC;AAEF,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC,CAAC;CACtD;AAYD,wBAAsB,WAAW,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,OAAO,CAAC,
|
|
1
|
+
{"version":3,"file":"mastra.d.ts","sourceRoot":"","sources":["../../../src/hooks/mastra.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE;QACT,QAAQ,CAAC,EAAE,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;KACrD,CAAC;CACH;AAED,MAAM,WAAW,mBAAmB;IAClC,SAAS,EAAE;QACT,OAAO,CAAC,EAAE,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;KACpD,CAAC;CACH;AAED,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,gBAAgB,CAAC;IACxB,QAAQ,CAAC,EAAE,mBAAmB,CAAC;CAChC;AAED,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,OAAO,CAAC;IACnB,gBAAgB,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,SAAS,CAAC;IACzE,eAAe,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,SAAS,CAAC;IACxE,iBAAiB,EAAE,gBAAgB,GAAG,SAAS,CAAC;IAChD,oBAAoB,EAAE,mBAAmB,GAAG,SAAS,CAAC;CACvD;AAED,eAAO,MAAM,gBAAgB,EAAE,gBAM9B,CAAC;AAEF,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC,CAAC;CACtD;AAYD,wBAAsB,WAAW,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,OAAO,CAAC,CA+D/E;AAED,wBAAgB,aAAa,IAAI,OAAO,CAkBvC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"openai-agents.d.ts","sourceRoot":"","sources":["../../../src/hooks/openai-agents.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,sBAAsB,EACtB,mBAAmB,EACnB,oBAAoB,EACpB,0BAA0B,EAC3B,MAAM,mCAAmC,CAAC;AAC3C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAG1D,MAAM,WAAW,sBAAsB;IACrC,SAAS,EAAE;QACT,QAAQ,CAAC,EAAE,mBAAmB,CAAC;KAChC,CAAC;CACH;AAED,MAAM,WAAW,sBAAsB;IACrC,SAAS,EAAE,OAAO,CAAC;IACnB,eAAe,EAAE,mBAAmB,GAAG,SAAS,CAAC;IACjD,iBAAiB,EAAE,sBAAsB,GAAG,SAAS,CAAC;CACvD;AAED,eAAO,MAAM,sBAAsB,EAAE,sBAIpC,CAAC;AAEF,wBAAgB,sBAAsB,CACpC,UAAU,EAAE,sBAAsB,GACjC,mBAAmB,GAAG,SAAS,
|
|
1
|
+
{"version":3,"file":"openai-agents.d.ts","sourceRoot":"","sources":["../../../src/hooks/openai-agents.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,sBAAsB,EACtB,mBAAmB,EACnB,oBAAoB,EACpB,0BAA0B,EAC3B,MAAM,mCAAmC,CAAC;AAC3C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAG1D,MAAM,WAAW,sBAAsB;IACrC,SAAS,EAAE;QACT,QAAQ,CAAC,EAAE,mBAAmB,CAAC;KAChC,CAAC;CACH;AAED,MAAM,WAAW,sBAAsB;IACrC,SAAS,EAAE,OAAO,CAAC;IACnB,eAAe,EAAE,mBAAmB,GAAG,SAAS,CAAC;IACjD,iBAAiB,EAAE,sBAAsB,GAAG,SAAS,CAAC;CACvD;AAED,eAAO,MAAM,sBAAsB,EAAE,sBAIpC,CAAC;AAEF,wBAAgB,sBAAsB,CACpC,UAAU,EAAE,sBAAsB,GACjC,mBAAmB,GAAG,SAAS,CASjC;AAED,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,oBAAoB,GAAG,OAAO,CAM9E;AAED,MAAM,WAAW,mCAAmC;IAClD,OAAO,EAAE,MAAM,GAAG,SAAS,CAAC;IAC5B,KAAK,EAAE,MAAM,GAAG,SAAS,CAAC;CAC3B;AAED,wBAAgB,8BAA8B,CAC5C,OAAO,EAAE,sBAAsB,GAAG,SAAS,GAC1C,mCAAmC,CAKrC;AAED,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,MAAM,GAAG,SAAS,EAC1B,MAAM,EAAE,MAAM,GACb,0BAA0B,CAG5B;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,wBAAsB,qBAAqB,CACzC,aAAa,EAAE,aAAa,EAC5B,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC,0BAA0B,GAAG,SAAS,CAAC,CAYjD;AAED,wBAAgB,2BAA2B,CACzC,aAAa,EAAE,aAAa,EAC5B,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,OAAO,GACd,IAAI,CAEN;AAED,MAAM,WAAW,2BAA2B;IAC1C,aAAa,EAAE,MAAM,CAAC;IACtB,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAED,wBAAgB,oBAAoB,CAClC,eAAe,EAAE,mBAAmB,EACpC,aAAa,EAAE,aAAa,EAC5B,OAAO,EAAE,2BAA2B,GACnC,mBAAmB,CA2DrB;AAED,MAAM,WAAW,wBAAwB;IACvC,aAAa,EAAE,aAAa,CAAC;IAC7B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,OAAO,CAAC,sBAAsB,GAAG,SAAS,CAAC,CAAC;CACpE;AAgBD,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,wBAAwB,GAChC,OAAO,CAAC,OAAO,CAAC,CA2BlB;AAED,wBAAgB,mBAAmB,IAAI,OAAO,CAgB7C"}
|
|
@@ -4,6 +4,24 @@ export interface PolicyResult {
|
|
|
4
4
|
pending?: boolean;
|
|
5
5
|
reason?: string;
|
|
6
6
|
}
|
|
7
|
+
/**
|
|
8
|
+
* Options for the native `register` primitive (AAASM-3400). `agentId` is the
|
|
9
|
+
* identity the gateway registers; `name` / `framework` are descriptive
|
|
10
|
+
* metadata; `gatewayEndpoint` overrides the gateway gRPC endpoint.
|
|
11
|
+
*
|
|
12
|
+
* `teamId` and `parentAgentId` carry the agent's lineage/team scoping to the
|
|
13
|
+
* gateway on register (AAASM-3415): `teamId` drives team-budget attribution and
|
|
14
|
+
* `parentAgentId` the topology graph. Both optional — omit for a team-unscoped
|
|
15
|
+
* / root agent.
|
|
16
|
+
*/
|
|
17
|
+
export interface RegisterOptions {
|
|
18
|
+
agentId: string;
|
|
19
|
+
name: string;
|
|
20
|
+
framework: string;
|
|
21
|
+
gatewayEndpoint?: string;
|
|
22
|
+
teamId?: string;
|
|
23
|
+
parentAgentId?: string;
|
|
24
|
+
}
|
|
7
25
|
export declare class NativeConnectError extends Error {
|
|
8
26
|
readonly code = "AA_ERR_CONNECT";
|
|
9
27
|
}
|
|
@@ -13,6 +31,9 @@ export declare class NativeSendEventError extends Error {
|
|
|
13
31
|
export declare class NativeQueryPolicyError extends Error {
|
|
14
32
|
readonly code = "AA_ERR_QUERY_POLICY";
|
|
15
33
|
}
|
|
34
|
+
export declare class NativeRegisterError extends Error {
|
|
35
|
+
readonly code = "AA_ERR_REGISTER";
|
|
36
|
+
}
|
|
16
37
|
export declare class NativeDisconnectError extends Error {
|
|
17
38
|
readonly code = "AA_ERR_DISCONNECT";
|
|
18
39
|
}
|
|
@@ -21,6 +42,18 @@ export interface NativeClient {
|
|
|
21
42
|
close: () => Promise<void>;
|
|
22
43
|
sendEvent: (event: unknown) => void;
|
|
23
44
|
queryPolicy: (action: unknown) => Promise<PolicyResult>;
|
|
45
|
+
/**
|
|
46
|
+
* Register this agent with the governance gateway over the native
|
|
47
|
+
* SDK→gateway gRPC call (AAASM-3400). The token the gateway issues is stored
|
|
48
|
+
* on the underlying session and attached to every subsequent
|
|
49
|
+
* {@link queryPolicy} request, so the gateway does not deny a registered
|
|
50
|
+
* agent. Returns the assigned policy id.
|
|
51
|
+
*
|
|
52
|
+
* **Advisory:** like the rest of the SDK this is not a security boundary. A
|
|
53
|
+
* failed registration surfaces as a typed error; callers may proceed
|
|
54
|
+
* unregistered (the proxy / eBPF layers remain authoritative).
|
|
55
|
+
*/
|
|
56
|
+
register: (options: RegisterOptions) => Promise<string>;
|
|
24
57
|
}
|
|
25
58
|
export declare function createNativeClient(options: InitAssemblyOptions): NativeClient;
|
|
26
59
|
//# sourceMappingURL=client.d.ts.map
|