@agentguard-run/spend 0.1.10 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +5 -0
- package/PATENTS.md +37 -0
- package/dist/adapters/postgres-store.d.ts +8 -2
- package/dist/adapters/postgres-store.d.ts.map +1 -1
- package/dist/adapters/postgres-store.js +58 -6
- package/dist/adapters/postgres-store.js.map +1 -1
- package/dist/adapters/redis-store.d.ts +10 -2
- package/dist/adapters/redis-store.d.ts.map +1 -1
- package/dist/adapters/redis-store.js +90 -24
- package/dist/adapters/redis-store.js.map +1 -1
- package/dist/cli/demo.d.ts +2 -2
- package/dist/cli/demo.js +4 -4
- package/dist/cli/demo.js.map +1 -1
- package/dist/cli/doctor.d.ts +1 -1
- package/dist/cli/doctor.js +2 -2
- package/dist/cli/doctor.js.map +1 -1
- package/dist/cli/explain.d.ts +1 -1
- package/dist/cli/explain.js +1 -1
- package/dist/cli/init.d.ts +1 -1
- package/dist/cli/init.js +1 -1
- package/dist/cli/main.d.ts.map +1 -1
- package/dist/cli/main.js +7 -1
- package/dist/cli/main.js.map +1 -1
- package/dist/cli/serve.d.ts +1 -1
- package/dist/cli/serve.d.ts.map +1 -1
- package/dist/cli/serve.js +19 -14
- package/dist/cli/serve.js.map +1 -1
- package/dist/cli/telemetry.d.ts +2 -0
- package/dist/cli/telemetry.d.ts.map +1 -0
- package/dist/cli/telemetry.js +37 -0
- package/dist/cli/telemetry.js.map +1 -0
- package/dist/cli/verify.d.ts +2 -2
- package/dist/cli/verify.d.ts.map +1 -1
- package/dist/cli/verify.js +53 -36
- package/dist/cli/verify.js.map +1 -1
- package/dist/cost-table.d.ts +2 -2
- package/dist/cost-table.d.ts.map +1 -1
- package/dist/cost-table.js +23 -3
- package/dist/cost-table.js.map +1 -1
- package/dist/decision-log.d.ts +5 -4
- package/dist/decision-log.d.ts.map +1 -1
- package/dist/decision-log.js +40 -15
- package/dist/decision-log.js.map +1 -1
- package/dist/i18n.js +3 -3
- package/dist/i18n.js.map +1 -1
- package/dist/index.d.ts +5 -4
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +12 -4
- package/dist/index.js.map +1 -1
- package/dist/policy.d.ts +8 -21
- package/dist/policy.d.ts.map +1 -1
- package/dist/policy.js +226 -109
- package/dist/policy.js.map +1 -1
- package/dist/spend-guard.d.ts +5 -1
- package/dist/spend-guard.d.ts.map +1 -1
- package/dist/spend-guard.js +92 -24
- package/dist/spend-guard.js.map +1 -1
- package/dist/store-memory.d.ts +8 -2
- package/dist/store-memory.d.ts.map +1 -1
- package/dist/store-memory.js +34 -2
- package/dist/store-memory.js.map +1 -1
- package/dist/telemetry.d.ts +11 -0
- package/dist/telemetry.d.ts.map +1 -0
- package/dist/telemetry.js +149 -0
- package/dist/telemetry.js.map +1 -0
- package/dist/types.d.ts +23 -4
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +2 -2
- package/package.json +10 -9
package/dist/cli/serve.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* `agentguard serve
|
|
2
|
+
* `agentguard serve`: local dashboard at localhost:8787 (configurable).
|
|
3
3
|
*
|
|
4
4
|
* Aggregates per-tenant decision logs under ~/.agentguard/<tenant>/decisions.ndjson
|
|
5
5
|
* + ~/.agentguard/demo/decisions.ndjson and serves a single-page dashboard.
|
package/dist/cli/serve.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"serve.d.ts","sourceRoot":"","sources":["../../src/cli/serve.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAiLH,wBAAsB,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,
|
|
1
|
+
{"version":3,"file":"serve.d.ts","sourceRoot":"","sources":["../../src/cli/serve.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAiLH,wBAAsB,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAmH9D"}
|
package/dist/cli/serve.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
/**
|
|
3
|
-
* `agentguard serve
|
|
3
|
+
* `agentguard serve`: local dashboard at localhost:8787 (configurable).
|
|
4
4
|
*
|
|
5
5
|
* Aggregates per-tenant decision logs under ~/.agentguard/<tenant>/decisions.ndjson
|
|
6
6
|
* + ~/.agentguard/demo/decisions.ndjson and serves a single-page dashboard.
|
|
@@ -131,7 +131,7 @@ function computeStats(decisions) {
|
|
|
131
131
|
version: index_1.AGENTGUARD_SPEND_VERSION,
|
|
132
132
|
};
|
|
133
133
|
}
|
|
134
|
-
// Dashboard HTML
|
|
134
|
+
// Dashboard HTML: IDENTICAL to the Python version so users see the same UI
|
|
135
135
|
// whether they ran `pip install agentguard-spend` or `npm install -g`.
|
|
136
136
|
const DASHBOARD_HTML = `<!doctype html>
|
|
137
137
|
<html lang="en"><head><meta charset="utf-8" />
|
|
@@ -209,8 +209,8 @@ td .mono { color: var(--code); }
|
|
|
209
209
|
<script>
|
|
210
210
|
function formatCents(cents) { const sign = cents < 0 ? '-' : ''; const abs = Math.abs(Math.round(cents)); const dollars = Math.floor(abs / 100); const remainder = abs % 100; return sign + '$' + dollars.toLocaleString() + '.' + String(remainder).padStart(2, '0'); }
|
|
211
211
|
function renderBars(containerId, items, key) { const el = document.getElementById(containerId); if (!items.length) { el.innerHTML = '<div style="color:var(--muted);font-size:13px;padding:8px 0">no data yet</div>'; return; } const max = Math.max(...items.map(i => i.spent_cents)) || 1; el.innerHTML = items.slice(0, 8).map(i => '<div class="bar-row"><span class="name">' + i[key] + '</span><span class="bar"><span class="bar-fill" style="width:' + (i.spent_cents/max*100).toFixed(1) + '%"></span></span><span class="amount">' + formatCents(i.spent_cents) + '</span></div>').join(''); }
|
|
212
|
-
function renderRecent(items) { const tbody = document.getElementById('recent-rows'); if (!items.length) { tbody.innerHTML = '<tr><td colspan="5"><div class="empty">no decisions yet.<br>run <code>agentguard demo</code> to see a real signed receipt here.</div></td></tr>'; return; } tbody.innerHTML = items.map(d => { const dec = d.decision; const scope = dec.triggeredScopeKey || ''; const agentMatch = scope.match(/agentId=([^|]+)/); const agent = agentMatch ? agentMatch[1] : '<span style="color:var(--muted)"
|
|
213
|
-
async function verifyReceipt(hash) { try { const r = await fetch('/api/verify/' + hash); const d = await r.json(); alert(d.ok ? '✓ verified:
|
|
212
|
+
function renderRecent(items) { const tbody = document.getElementById('recent-rows'); if (!items.length) { tbody.innerHTML = '<tr><td colspan="5"><div class="empty">no decisions yet.<br>run <code>agentguard demo</code> to see a real signed receipt here.</div></td></tr>'; return; } tbody.innerHTML = items.map(d => { const dec = d.decision; const scope = dec.triggeredScopeKey || ''; const agentMatch = scope.match(/agentId=([^|]+)/); const agent = agentMatch ? agentMatch[1] : '<span style="color:var(--muted)">-</span>'; const action = dec.action || 'allow'; return '<tr><td class="action-' + action + '">' + action.toUpperCase() + '</td><td class="mono">' + agent + '</td><td><span class="pill">' + (dec.provider || '?') + '</span> ' + (dec.modelRequested || '') + '</td><td style="text-align:right" class="mono">' + formatCents(dec.projectedCents || 0) + '</td><td class="mono"><a href="#" onclick="return verifyReceipt(\\'' + d.entryHash + '\\')">' + d.entryHash.slice(0, 12) + '...</a></td></tr>'; }).join(''); }
|
|
213
|
+
async function verifyReceipt(hash) { try { const r = await fetch('/api/verify/' + hash); const d = await r.json(); alert(d.ok ? '✓ verified: full chain valid' : '✗ verification failed: ' + (d.reason || 'unknown')); } catch (e) { alert('verify error: ' + e); } return false; }
|
|
214
214
|
async function loadStats() { try { const r = await fetch('/api/stats'); const s = await r.json(); document.getElementById('spent').textContent = formatCents(s.totals.spent_cents); document.getElementById('saved').textContent = '+' + formatCents(s.totals.saved_cents); document.getElementById('downgraded').textContent = s.totals.downgraded; document.getElementById('allowed').textContent = s.totals.allowed; document.getElementById('call-count').textContent = s.totals.calls; document.getElementById('blocked-count').textContent = s.totals.blocked; renderBars('by-agent', s.by_agent, 'agent'); renderBars('by-provider', s.by_provider, 'provider'); renderRecent(s.recent); } catch (e) { console.error('load failed:', e); } }
|
|
215
215
|
loadStats();
|
|
216
216
|
setInterval(loadStats, 5000);
|
|
@@ -282,16 +282,21 @@ async function runServe(argv) {
|
|
|
282
282
|
return;
|
|
283
283
|
}
|
|
284
284
|
const publicKey = Uint8Array.from(Buffer.from(publicKeyHex, 'hex'));
|
|
285
|
-
const
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
|
|
290
|
-
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
|
|
294
|
-
|
|
285
|
+
const signer = match.signerFingerprint;
|
|
286
|
+
const chain = decisions
|
|
287
|
+
.filter((d) => d.signerFingerprint === signer)
|
|
288
|
+
.sort((a, b) => (a.sequence || 0) - (b.sequence || 0))
|
|
289
|
+
.filter((d) => d.sequence <= match.sequence)
|
|
290
|
+
.map((d) => ({
|
|
291
|
+
sequence: d.sequence,
|
|
292
|
+
entryHash: d.entryHash,
|
|
293
|
+
previousHash: d.previousHash,
|
|
294
|
+
signature: d.signature,
|
|
295
|
+
signerFingerprint: d.signerFingerprint,
|
|
296
|
+
decision: d.decision,
|
|
297
|
+
}));
|
|
298
|
+
const result = await (0, decision_log_1.verifyChain)(chain, publicKey);
|
|
299
|
+
sendJSON(200, result.ok ? { ok: true } : { ok: false, reason: result.reason });
|
|
295
300
|
}
|
|
296
301
|
catch (e) {
|
|
297
302
|
sendJSON(500, { ok: false, reason: String(e?.message || e) });
|
package/dist/cli/serve.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"serve.js","sourceRoot":"","sources":["../../src/cli/serve.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiLH,
|
|
1
|
+
{"version":3,"file":"serve.js","sourceRoot":"","sources":["../../src/cli/serve.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiLH,4BAmHC;AAlSD,uCAAyB;AACzB,2CAA6B;AAC7B,uCAAyB;AACzB,2CAA6B;AAC7B,oCAAoD;AACpD,kDAA8C;AAE9C,qCAAmE;AAEnE,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,aAAa,CAAC,CAAC;AAE/D,SAAS,YAAY;IACnB,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC;QAAE,OAAO,EAAE,CAAC;IAC/C,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,KAAK,MAAM,KAAK,IAAI,EAAE,CAAC,WAAW,CAAC,eAAe,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;QAC7E,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACxB,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,KAAK,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC;YAC7E,IAAI,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC;gBAAE,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC,IAAI,EAAE,CAAC;AACpB,CAAC;AAED,SAAS,gBAAgB;IACvB,MAAM,GAAG,GAAU,EAAE,CAAC;IACtB,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,EAAE,CAAC;QACrC,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;QACpD,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAClD,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;oBAAE,SAAS;gBAC3B,IAAI,CAAC;oBACH,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAC3B,CAAC,CAAC,OAAO,GAAG,MAAM,CAAC;oBACnB,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBACd,CAAC;gBAAC,MAAM,CAAC;oBACP,sBAAsB;gBACxB,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,uBAAuB;QACzB,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,YAAY,CAAC,SAAgB;IACpC,MAAM,UAAU,GAAG,SAAS,CAAC,MAAM,CAAC;IACpC,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,CAAC,MAAM,CAAC;IACpF,MAAM,cAAc,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,MAAM,KAAK,WAAW,CAAC,CAAC,MAAM,CAAC;IAC1F,MAAM,UAAU,GAAG,UAAU,GAAG,YAAY,GAAG,cAAc,CAAC;IAE9D,MAAM,UAAU,GAAG,SAAS;SACzB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;SAClE,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,cAAc,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACjE,MAAM,UAAU,GAAG,SAAS;SACzB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC;SAC7C,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,cAAc,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAEjE,MAAM,OAAO,GAA2B,EAAE,CAAC;IAC3C,MAAM,UAAU,GAA2B,EAAE,CAAC;IAC9C,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;QAC1B,IAAI,CAAC,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,EAAE,MAAM,CAAC;YAAE,SAAS;QACnE,MAAM,QAAQ,GAAG,CAAC,CAAC,QAAQ,EAAE,iBAAiB,IAAI,EAAE,CAAC;QACrD,IAAI,OAAO,GAAG,SAAS,CAAC;QACxB,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;YACvC,IAAI,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBAAC,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBAAC,MAAM;YAAC,CAAC;QACtE,CAAC;QACD,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,cAAc,IAAI,CAAC,CAAC,CAAC;QAC9E,MAAM,IAAI,GAAG,CAAC,CAAC,QAAQ,CAAC,QAAQ,IAAI,SAAS,CAAC;QAC9C,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,cAAc,IAAI,CAAC,CAAC,CAAC;IAChF,CAAC;IAED,OAAO;QACL,MAAM,EAAE;YACN,WAAW,EAAE,UAAU;YACvB,WAAW,EAAE,UAAU;YACvB,KAAK,EAAE,UAAU;YACjB,OAAO,EAAE,YAAY;YACrB,UAAU,EAAE,cAAc;YAC1B,OAAO,EAAE,UAAU;SACpB;QACD,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,GAAG,CAAC,CAAC,WAAW,CAAC;QAC/H,WAAW,EAAE,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,GAAG,CAAC,CAAC,WAAW,CAAC;QACxI,MAAM,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,OAAO,EAAE;QACtC,OAAO,EAAE,gCAAwB;KAClC,CAAC;AACJ,CAAC;AAED,2EAA2E;AAC3E,uEAAuE;AACvE,MAAM,cAAc,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAkFtB,CAAC;AAEK,KAAK,UAAU,QAAQ,CAAC,IAAc;IAC3C,IAAI,IAAI,GAAG,IAAI,CAAC;IAChB,IAAI,IAAI,GAAG,WAAW,CAAC;IACvB,IAAI,MAAM,GAAG,KAAK,CAAC;IACnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,IAAI,CAAC,KAAK,QAAQ;YAAE,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,EAAE,EAAE,CAAC,CAAC;aACxD,IAAI,CAAC,KAAK,QAAQ;YAAE,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,WAAW,CAAC;aACpD,IAAI,CAAC,KAAK,WAAW;YAAE,MAAM,GAAG,IAAI,CAAC;aACrC,IAAI,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;YACtC,OAAO,CAAC,GAAG,CAAC,+DAA+D,CAAC,CAAC;YAC7E,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,IAAA,eAAM,EAAC,gCAAwB,CAAC,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,IAAA,iBAAQ,EAAC,kBAAkB,CAAC,GAAG,IAAA,YAAG,EAAC,sBAAsB,CAAC,CAAC,CAAC;IAC/E,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,MAAM,QAAQ,GAAG,YAAY,EAAE,CAAC;IAChC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,KAAK,IAAA,YAAG,EAAC,gEAAgE,CAAC,EAAE,CAAC,CAAC;QAC1F,OAAO,CAAC,GAAG,CAAC,KAAK,IAAA,YAAG,EAAC,KAAK,CAAC,IAAI,IAAA,kBAAS,EAAC,iBAAiB,CAAC,IAAI,IAAA,YAAG,EAAC,+BAA+B,CAAC,EAAE,CAAC,CAAC;QACvG,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAClD,MAAM,GAAG,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3C,MAAM,QAAQ,GAAG,CAAC,MAAc,EAAE,OAAY,EAAE,EAAE;YAChD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YACrC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE;gBACpB,cAAc,EAAE,kBAAkB;gBAClC,gBAAgB,EAAE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE;gBACpD,eAAe,EAAE,UAAU;aAC5B,CAAC,CAAC;YACH,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAChB,CAAC,CAAC;QACF,MAAM,QAAQ,GAAG,CAAC,IAAY,EAAE,EAAE;YAChC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,0BAA0B,EAAE,eAAe,EAAE,UAAU,EAAE,CAAC,CAAC;YAChG,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAChB,CAAC,CAAC;QAEF,IAAI,GAAG,KAAK,GAAG,IAAI,GAAG,KAAK,aAAa,EAAE,CAAC;YACzC,QAAQ,CAAC,cAAc,CAAC,OAAO,CAAC,aAAa,EAAE,gCAAwB,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC5G,OAAO;QACT,CAAC;QACD,IAAI,GAAG,KAAK,YAAY,EAAE,CAAC;YACzB,QAAQ,CAAC,GAAG,EAAE,YAAY,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC;YAChD,OAAO;QACT,CAAC;QACD,IAAI,GAAG,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;YACnC,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAG,CAAC;YACxC,MAAM,SAAS,GAAG,gBAAgB,EAAE,CAAC;YACrC,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC;YAC/D,IAAI,CAAC,KAAK,EAAE,CAAC;gBAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC,CAAC;gBAAC,OAAO;YAAC,CAAC;YAClF,IAAI,CAAC;gBACH,MAAM,YAAY,GAAG,KAAK,CAAC,YAAY,CAAC;gBACxC,IAAI,CAAC,YAAY,EAAE,CAAC;oBAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,iCAAiC,EAAE,CAAC,CAAC;oBAAC,OAAO;gBAAC,CAAC;gBACvG,MAAM,SAAS,GAAG,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC,CAAC;gBACpE,MAAM,MAAM,GAAG,KAAK,CAAC,iBAAiB,CAAC;gBACvC,MAAM,KAAK,GAAG,SAAS;qBACpB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,iBAAiB,KAAK,MAAM,CAAC;qBAC7C,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC;qBACrD,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,IAAI,KAAK,CAAC,QAAQ,CAAC;qBAC3C,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBACX,QAAQ,EAAE,CAAC,CAAC,QAAQ;oBACpB,SAAS,EAAE,CAAC,CAAC,SAAS;oBACtB,YAAY,EAAE,CAAC,CAAC,YAAY;oBAC5B,SAAS,EAAE,CAAC,CAAC,SAAS;oBACtB,iBAAiB,EAAE,CAAC,CAAC,iBAAiB;oBACtC,QAAQ,EAAE,CAAC,CAAC,QAAQ;iBACM,CAAA,CAAC,CAAC;gBAChC,MAAM,MAAM,GAAG,MAAM,IAAA,0BAAW,EAAC,KAAK,EAAE,SAAS,CAAC,CAAC;gBACnD,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;YACjF,CAAC;YAAC,OAAO,CAAM,EAAE,CAAC;gBAChB,QAAQ,CAAC,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,EAAE,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC;YAChE,CAAC;YACD,OAAO;QACT,CAAC;QACD,QAAQ,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,MAAM,GAAG,GAAG,UAAU,IAAI,IAAI,IAAI,EAAE,CAAC;IACrC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE;QAC7B,OAAO,CAAC,GAAG,CAAC,KAAK,IAAA,cAAK,EAAC,GAAG,CAAC,gBAAgB,IAAA,kBAAS,EAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC7D,OAAO,CAAC,GAAG,CAAC,KAAK,IAAA,YAAG,EAAC,gDAAgD,CAAC,EAAE,CAAC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,KAAK,IAAA,YAAG,EAAC,wBAAwB,CAAC,EAAE,CAAC,CAAC;QAClD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,UAAU,CAAC,GAAG,EAAE;gBACd,IAAI,CAAC;oBACH,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;oBAC1C,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,KAAK,QAAQ;wBACvC,CAAC,CAAC,SAAS,GAAG,GAAG;wBACjB,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,OAAO;4BAC5B,CAAC,CAAC,aAAa,GAAG,GAAG;4BACrB,CAAC,CAAC,aAAa,GAAG,GAAG,CAAC;oBAC1B,IAAI,CAAC,GAAG,CAAC,CAAC;gBACZ,CAAC;gBAAC,MAAM,CAAC,CAAC,iBAAiB,CAAC,CAAC;YAC/B,CAAC,EAAE,GAAG,CAAC,CAAC;QACV,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;QACxB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,KAAK,IAAA,cAAK,EAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,MAAM,CAAC,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;IAEH,aAAa;IACb,OAAO,IAAI,OAAO,CAAS,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;AACvC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"telemetry.d.ts","sourceRoot":"","sources":["../../src/cli/telemetry.ts"],"names":[],"mappings":"AAQA,wBAAsB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAiClE"}
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.runTelemetry = runTelemetry;
|
|
4
|
+
const telemetry_1 = require("../telemetry");
|
|
5
|
+
const colors_1 = require("./colors");
|
|
6
|
+
async function runTelemetry(argv) {
|
|
7
|
+
const command = argv[0] ?? 'status';
|
|
8
|
+
if (command === '--help' || command === '-h' || command === 'help') {
|
|
9
|
+
console.log('agentguard telemetry [status|enable|disable|reset-id]');
|
|
10
|
+
return 0;
|
|
11
|
+
}
|
|
12
|
+
const status = command === 'enable'
|
|
13
|
+
? (0, telemetry_1.enableTelemetry)()
|
|
14
|
+
: command === 'disable'
|
|
15
|
+
? (0, telemetry_1.disableTelemetry)()
|
|
16
|
+
: command === 'reset-id'
|
|
17
|
+
? (0, telemetry_1.resetTelemetryInstallId)()
|
|
18
|
+
: command === 'status'
|
|
19
|
+
? (0, telemetry_1.telemetryStatus)()
|
|
20
|
+
: null;
|
|
21
|
+
if (!status) {
|
|
22
|
+
console.log((0, colors_1.redBold)('error: ') + `unknown telemetry command '${command}'`);
|
|
23
|
+
return 2;
|
|
24
|
+
}
|
|
25
|
+
console.log('');
|
|
26
|
+
console.log(` telemetry ${status.enabled ? (0, colors_1.greenBold)('enabled') : (0, colors_1.dim)('disabled')}`);
|
|
27
|
+
console.log(` install id ${status.anonymousInstallId ?? (0, colors_1.dim)('(not created)')}`);
|
|
28
|
+
console.log(` state ${status.statePath}`);
|
|
29
|
+
console.log('');
|
|
30
|
+
if (status.enabled) {
|
|
31
|
+
console.log(` ${(0, colors_1.green)('✓')} only anonymous SDK/runtime activation metadata is sent`);
|
|
32
|
+
console.log((0, colors_1.dim)(' prompts, completions, keys, policies, scopes, models, and provider data are never sent'));
|
|
33
|
+
console.log('');
|
|
34
|
+
}
|
|
35
|
+
return 0;
|
|
36
|
+
}
|
|
37
|
+
//# sourceMappingURL=telemetry.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"telemetry.js","sourceRoot":"","sources":["../../src/cli/telemetry.ts"],"names":[],"mappings":";;AAQA,oCAiCC;AAzCD,4CAKsB;AACtB,qCAA0D;AAEnD,KAAK,UAAU,YAAY,CAAC,IAAc;IAC/C,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAC;IACpC,IAAI,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;QACnE,OAAO,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC;QACrE,OAAO,CAAC,CAAC;IACX,CAAC;IAED,MAAM,MAAM,GAAG,OAAO,KAAK,QAAQ;QACjC,CAAC,CAAC,IAAA,2BAAe,GAAE;QACnB,CAAC,CAAC,OAAO,KAAK,SAAS;YACrB,CAAC,CAAC,IAAA,4BAAgB,GAAE;YACpB,CAAC,CAAC,OAAO,KAAK,UAAU;gBACtB,CAAC,CAAC,IAAA,mCAAuB,GAAE;gBAC3B,CAAC,CAAC,OAAO,KAAK,QAAQ;oBACpB,CAAC,CAAC,IAAA,2BAAe,GAAE;oBACnB,CAAC,CAAC,IAAI,CAAC;IAEf,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,CAAC,GAAG,CAAC,IAAA,gBAAO,EAAC,SAAS,CAAC,GAAG,8BAA8B,OAAO,GAAG,CAAC,CAAC;QAC3E,OAAO,CAAC,CAAC;IACX,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,gBAAgB,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAA,kBAAS,EAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAA,YAAG,EAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IACvF,OAAO,CAAC,GAAG,CAAC,gBAAgB,MAAM,CAAC,kBAAkB,IAAI,IAAA,YAAG,EAAC,eAAe,CAAC,EAAE,CAAC,CAAC;IACjF,OAAO,CAAC,GAAG,CAAC,gBAAgB,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,OAAO,CAAC,GAAG,CAAC,KAAK,IAAA,cAAK,EAAC,GAAG,CAAC,yDAAyD,CAAC,CAAC;QACtF,OAAO,CAAC,GAAG,CAAC,IAAA,YAAG,EAAC,0FAA0F,CAAC,CAAC,CAAC;QAC7G,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC"}
|
package/dist/cli/verify.d.ts
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* `agentguard verify
|
|
2
|
+
* `agentguard verify`: verify a signed decision log entry or full chain.
|
|
3
3
|
*
|
|
4
4
|
* Default target: --trace latest reads ~/.agentguard/demo/latest-receipt.json
|
|
5
|
-
*
|
|
5
|
+
* produced by `agentguard demo`.
|
|
6
6
|
*/
|
|
7
7
|
export declare function runVerify(argv: string[]): Promise<number>;
|
|
8
8
|
//# sourceMappingURL=verify.d.ts.map
|
package/dist/cli/verify.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../../src/cli/verify.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAaH,wBAAsB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,
|
|
1
|
+
{"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../../src/cli/verify.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAaH,wBAAsB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CA+D/D"}
|
package/dist/cli/verify.js
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
/**
|
|
3
|
-
* `agentguard verify
|
|
3
|
+
* `agentguard verify`: verify a signed decision log entry or full chain.
|
|
4
4
|
*
|
|
5
5
|
* Default target: --trace latest reads ~/.agentguard/demo/latest-receipt.json
|
|
6
|
-
*
|
|
6
|
+
* produced by `agentguard demo`.
|
|
7
7
|
*/
|
|
8
8
|
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
9
9
|
if (k2 === undefined) k2 = k;
|
|
@@ -63,62 +63,79 @@ async function runVerify(argv) {
|
|
|
63
63
|
return 0;
|
|
64
64
|
}
|
|
65
65
|
}
|
|
66
|
-
|
|
67
|
-
if (
|
|
68
|
-
|
|
69
|
-
if (
|
|
70
|
-
console.log((0, colors_1.redBold)('error: ') + 'no demo receipt found.');
|
|
66
|
+
const source = resolveTracePath(trace);
|
|
67
|
+
if (!fs.existsSync(source)) {
|
|
68
|
+
console.log((0, colors_1.redBold)('error: ') + (trace === 'latest' ? 'no demo receipt found.' : `receipt file not found: ${source}`));
|
|
69
|
+
if (trace === 'latest') {
|
|
71
70
|
console.log('');
|
|
72
71
|
console.log(` run ${(0, colors_1.greenBold)('agentguard demo')} first to produce a receipt.`);
|
|
73
|
-
return 2;
|
|
74
|
-
}
|
|
75
|
-
}
|
|
76
|
-
else {
|
|
77
|
-
source = path.resolve(trace.replace(/^~/, os.homedir()));
|
|
78
|
-
if (!fs.existsSync(source)) {
|
|
79
|
-
console.log((0, colors_1.redBold)('error: ') + `receipt file not found: ${source}`);
|
|
80
|
-
return 2;
|
|
81
72
|
}
|
|
73
|
+
return 2;
|
|
82
74
|
}
|
|
83
|
-
const
|
|
84
|
-
const
|
|
85
|
-
sequence: raw.sequence,
|
|
86
|
-
entryHash: raw.entryHash,
|
|
87
|
-
previousHash: raw.previousHash,
|
|
88
|
-
signature: raw.signature,
|
|
89
|
-
signerFingerprint: raw.signerFingerprint,
|
|
90
|
-
decision: raw.decision,
|
|
91
|
-
};
|
|
92
|
-
const pubHex = publicKeyHex || raw.publicKeyHex;
|
|
75
|
+
const loaded = loadEntries(source);
|
|
76
|
+
const pubHex = publicKeyHex || loaded.publicKeyHex;
|
|
93
77
|
if (!pubHex) {
|
|
94
78
|
console.log((0, colors_1.redBold)('error: ') + 'no public key available for verification.');
|
|
95
79
|
return 2;
|
|
96
80
|
}
|
|
97
81
|
const publicKey = Uint8Array.from(Buffer.from(pubHex, 'hex'));
|
|
98
|
-
const
|
|
82
|
+
const result = await (0, decision_log_1.verifyChain)(loaded.entries, publicKey);
|
|
83
|
+
const head = loaded.entries[loaded.entries.length - 1];
|
|
99
84
|
console.log('');
|
|
100
85
|
console.log(' ' + (0, colors_1.banner)(index_1.AGENTGUARD_SPEND_VERSION));
|
|
101
86
|
console.log('');
|
|
102
87
|
console.log(' ' + (0, colors_1.cyanBold)(`agentguard verify --trace ${trace}`));
|
|
103
88
|
console.log('');
|
|
104
89
|
const label = (s) => (0, colors_1.dim)(` ${s.padEnd(14)}`);
|
|
105
|
-
console.log(label('
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
90
|
+
console.log(label('entries') + String(loaded.entries.length));
|
|
91
|
+
if (head) {
|
|
92
|
+
console.log(label('head') + head.entryHash.slice(0, 32) + (0, colors_1.dim)('...'));
|
|
93
|
+
console.log(label('signer') + head.signerFingerprint.slice(0, 32) + (0, colors_1.dim)('...'));
|
|
94
|
+
console.log(label('sequence') + String(head.sequence));
|
|
95
|
+
console.log(label('policy') + head.decision.policyId);
|
|
96
|
+
console.log(label('action') + head.decision.action);
|
|
97
|
+
}
|
|
110
98
|
console.log('');
|
|
111
|
-
if (ok) {
|
|
112
|
-
console.log(' ' + (0, colors_1.greenBold)('✓
|
|
113
|
-
console.log(' ' + (0, colors_1.green)('✓ entry
|
|
114
|
-
console.log(' ' + (0, colors_1.green)('✓
|
|
99
|
+
if (result.ok) {
|
|
100
|
+
console.log(' ' + (0, colors_1.greenBold)('✓ full chain valid'));
|
|
101
|
+
console.log(' ' + (0, colors_1.green)('✓ entry hashes match canonical JSON'));
|
|
102
|
+
console.log(' ' + (0, colors_1.green)('✓ signatures match supplied public key'));
|
|
115
103
|
console.log('');
|
|
116
104
|
return 0;
|
|
117
105
|
}
|
|
118
106
|
console.log(' ' + (0, colors_1.redBold)('✗ verification FAILED'));
|
|
119
107
|
console.log('');
|
|
120
|
-
console.log((0, colors_1.dim)(
|
|
108
|
+
console.log((0, colors_1.dim)(` sequence ${result.sequence}: ${result.reason}`));
|
|
121
109
|
console.log('');
|
|
122
110
|
return 1;
|
|
123
111
|
}
|
|
112
|
+
function resolveTracePath(trace) {
|
|
113
|
+
if (trace === 'latest')
|
|
114
|
+
return DEMO_RECEIPT;
|
|
115
|
+
return path.resolve(trace.replace(/^~/, os.homedir()));
|
|
116
|
+
}
|
|
117
|
+
function loadEntries(source) {
|
|
118
|
+
const raw = fs.readFileSync(source, 'utf-8');
|
|
119
|
+
try {
|
|
120
|
+
const parsed = JSON.parse(raw);
|
|
121
|
+
if (Array.isArray(parsed))
|
|
122
|
+
return { entries: parsed.map(toEntry), publicKeyHex: parsed[0]?.publicKeyHex };
|
|
123
|
+
return { entries: [toEntry(parsed)], publicKeyHex: parsed.publicKeyHex };
|
|
124
|
+
}
|
|
125
|
+
catch {
|
|
126
|
+
const lines = raw.split('\n').map((line) => line.trim()).filter(Boolean);
|
|
127
|
+
const entries = lines.map((line) => toEntry(JSON.parse(line)));
|
|
128
|
+
return { entries, publicKeyHex: lines.length ? JSON.parse(lines[0]).publicKeyHex : undefined };
|
|
129
|
+
}
|
|
130
|
+
}
|
|
131
|
+
function toEntry(raw) {
|
|
132
|
+
return {
|
|
133
|
+
sequence: raw.sequence,
|
|
134
|
+
entryHash: raw.entryHash,
|
|
135
|
+
previousHash: raw.previousHash,
|
|
136
|
+
signature: raw.signature,
|
|
137
|
+
signerFingerprint: raw.signerFingerprint,
|
|
138
|
+
decision: raw.decision,
|
|
139
|
+
};
|
|
140
|
+
}
|
|
124
141
|
//# sourceMappingURL=verify.js.map
|
package/dist/cli/verify.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verify.js","sourceRoot":"","sources":["../../src/cli/verify.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAaH,
|
|
1
|
+
{"version":3,"file":"verify.js","sourceRoot":"","sources":["../../src/cli/verify.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAaH,8BA+DC;AA1ED,uCAAyB;AACzB,uCAAyB;AACzB,2CAA6B;AAE7B,kDAA8C;AAE9C,oCAAoD;AACpD,qCAA4E;AAE5E,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,aAAa,EAAE,MAAM,EAAE,qBAAqB,CAAC,CAAC;AAEpF,KAAK,UAAU,SAAS,CAAC,IAAc;IAC5C,IAAI,KAAK,GAAG,QAAQ,CAAC;IACrB,IAAI,YAAgC,CAAC;IAErC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;YACpB,KAAK,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,QAAQ,CAAC;QAChC,CAAC;aAAM,IAAI,CAAC,KAAK,cAAc,EAAE,CAAC;YAChC,YAAY,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QAC3B,CAAC;aAAM,IAAI,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;YACxC,OAAO,CAAC,GAAG,CAAC,gEAAgE,CAAC,CAAC;YAC9E,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,IAAA,gBAAO,EAAC,SAAS,CAAC,GAAG,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC,CAAC,2BAA2B,MAAM,EAAE,CAAC,CAAC,CAAC;QACxH,IAAI,KAAK,KAAK,QAAQ,EAAE,CAAC;YACvB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,SAAS,IAAA,kBAAS,EAAC,iBAAiB,CAAC,8BAA8B,CAAC,CAAC;QACnF,CAAC;QACD,OAAO,CAAC,CAAC;IACX,CAAC;IAED,MAAM,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IACnC,MAAM,MAAM,GAAG,YAAY,IAAI,MAAM,CAAC,YAAY,CAAC;IACnD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,CAAC,GAAG,CAAC,IAAA,gBAAO,EAAC,SAAS,CAAC,GAAG,2CAA2C,CAAC,CAAC;QAC9E,OAAO,CAAC,CAAC;IACX,CAAC;IACD,MAAM,SAAS,GAAG,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;IAC9D,MAAM,MAAM,GAAG,MAAM,IAAA,0BAAW,EAAC,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAC5D,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAEvD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,IAAA,eAAM,EAAC,gCAAwB,CAAC,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,IAAA,iBAAQ,EAAC,6BAA6B,KAAK,EAAE,CAAC,CAAC,CAAC;IACnE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,MAAM,KAAK,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAA,YAAG,EAAC,KAAK,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;IACtD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;IAC9D,IAAI,IAAI,EAAE,CAAC;QACT,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,IAAA,YAAG,EAAC,KAAK,CAAC,CAAC,CAAC;QACtE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,IAAA,YAAG,EAAC,KAAK,CAAC,CAAC,CAAC;QAChF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QACvD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACtD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACtD,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,IAAI,MAAM,CAAC,EAAE,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,IAAA,kBAAS,EAAC,oBAAoB,CAAC,CAAC,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,IAAA,cAAK,EAAC,qCAAqC,CAAC,CAAC,CAAC;QACjE,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,IAAA,cAAK,EAAC,wCAAwC,CAAC,CAAC,CAAC;QACpE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,CAAC;IACX,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,IAAA,gBAAO,EAAC,uBAAuB,CAAC,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,IAAA,YAAG,EAAC,cAAc,MAAM,CAAC,QAAQ,KAAK,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACpE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAa;IACrC,IAAI,KAAK,KAAK,QAAQ;QAAE,OAAO,YAAY,CAAC;IAC5C,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;AACzD,CAAC;AAED,SAAS,WAAW,CAAC,MAAc;IACjC,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC7C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;YAAE,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,CAAC;QAC1G,OAAO,EAAE,OAAO,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,EAAE,YAAY,EAAE,MAAM,CAAC,YAAY,EAAE,CAAC;IAC3E,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACzE,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC/D,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC;IAClG,CAAC;AACH,CAAC;AAED,SAAS,OAAO,CAAC,GAAQ;IACvB,OAAO;QACL,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,YAAY,EAAE,GAAG,CAAC,YAAY;QAC9B,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,iBAAiB,EAAE,GAAG,CAAC,iBAAiB;QACxC,QAAQ,EAAE,GAAG,CAAC,QAAQ;KACvB,CAAC;AACJ,CAAC"}
|
package/dist/cost-table.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* AgentGuard(TM) Spend
|
|
2
|
+
* AgentGuard(TM) Spend: Per-model cost table
|
|
3
3
|
*
|
|
4
4
|
* Costs are USD cents per 1,000 tokens (integer math).
|
|
5
5
|
* Values reflect publicly-listed pricing as of May 2026 and are intentionally
|
|
@@ -11,7 +11,7 @@
|
|
|
11
11
|
* Licensed under the alpha evaluation license; see LICENSE in the package
|
|
12
12
|
* root. Patent notice: Protected by U.S. patent-pending technology
|
|
13
13
|
* (App. Nos. 63/983,615; 63/983,621; 63/983,843; 63/984,626;
|
|
14
|
-
*
|
|
14
|
+
* 64/071,781; 64/071,789).
|
|
15
15
|
*/
|
|
16
16
|
import type { Provider } from './types';
|
|
17
17
|
export interface ModelCost {
|
package/dist/cost-table.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cost-table.d.ts","sourceRoot":"","sources":["../src/cost-table.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAExC,MAAM,WAAW,SAAS;IACxB,mCAAmC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,oCAAoC;IACpC,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAmCD;;;GAGG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,GAAG,IAAI,
|
|
1
|
+
{"version":3,"file":"cost-table.d.ts","sourceRoot":"","sources":["../src/cost-table.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAExC,MAAM,WAAW,SAAS;IACxB,mCAAmC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,oCAAoC;IACpC,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAmCD;;;GAGG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,GAAG,IAAI,CAGpE;AAED;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,IAAI,CAEzC;AAED;;;;GAIG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,CAG5D;AAED;;;;;;;;GAQG;AACH,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,MAAM,EACb,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,GACnB,MAAM,GAAG,IAAI,CAcf;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,QAAQ,CAOrD"}
|
package/dist/cost-table.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
/**
|
|
3
|
-
* AgentGuard(TM) Spend
|
|
3
|
+
* AgentGuard(TM) Spend: Per-model cost table
|
|
4
4
|
*
|
|
5
5
|
* Costs are USD cents per 1,000 tokens (integer math).
|
|
6
6
|
* Values reflect publicly-listed pricing as of May 2026 and are intentionally
|
|
@@ -12,7 +12,7 @@
|
|
|
12
12
|
* Licensed under the alpha evaluation license; see LICENSE in the package
|
|
13
13
|
* root. Patent notice: Protected by U.S. patent-pending technology
|
|
14
14
|
* (App. Nos. 63/983,615; 63/983,621; 63/983,843; 63/984,626;
|
|
15
|
-
*
|
|
15
|
+
* 64/071,781; 64/071,789).
|
|
16
16
|
*/
|
|
17
17
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
18
18
|
exports.setCostOverride = setCostOverride;
|
|
@@ -53,6 +53,7 @@ const overrides = new Map();
|
|
|
53
53
|
* enterprise rates that differ from list pricing.
|
|
54
54
|
*/
|
|
55
55
|
function setCostOverride(model, cost) {
|
|
56
|
+
validateCost(cost);
|
|
56
57
|
overrides.set(model, cost);
|
|
57
58
|
}
|
|
58
59
|
/**
|
|
@@ -81,12 +82,19 @@ function getModelCost(model) {
|
|
|
81
82
|
* counts as 20c against the budget).
|
|
82
83
|
*/
|
|
83
84
|
function computeCallCents(model, inputTokens, outputTokens) {
|
|
85
|
+
validateTokenCount('inputTokens', inputTokens);
|
|
86
|
+
validateTokenCount('outputTokens', outputTokens);
|
|
84
87
|
const cost = getModelCost(model);
|
|
85
88
|
if (!cost)
|
|
86
89
|
return null;
|
|
90
|
+
validateCost(cost);
|
|
87
91
|
const inputCents = Math.ceil((cost.inputCentsPerKtok * inputTokens) / 1000);
|
|
88
92
|
const outputCents = Math.ceil((cost.outputCentsPerKtok * outputTokens) / 1000);
|
|
89
|
-
|
|
93
|
+
const total = inputCents + outputCents;
|
|
94
|
+
if (!Number.isSafeInteger(total) || total < 0) {
|
|
95
|
+
throw new Error('computeCallCents: computed cents must be a non-negative safe integer');
|
|
96
|
+
}
|
|
97
|
+
return total;
|
|
90
98
|
}
|
|
91
99
|
/**
|
|
92
100
|
* Infer the Provider enum from a model name. Used when callers do not pass
|
|
@@ -105,4 +113,16 @@ function inferProvider(model) {
|
|
|
105
113
|
return 'bedrock';
|
|
106
114
|
return 'unknown';
|
|
107
115
|
}
|
|
116
|
+
function validateTokenCount(name, value) {
|
|
117
|
+
if (!Number.isSafeInteger(value) || value < 0) {
|
|
118
|
+
throw new Error(`${name} must be a non-negative safe integer`);
|
|
119
|
+
}
|
|
120
|
+
}
|
|
121
|
+
function validateCost(cost) {
|
|
122
|
+
for (const [name, value] of Object.entries(cost)) {
|
|
123
|
+
if (typeof value !== 'number' || !Number.isFinite(value) || value < 0) {
|
|
124
|
+
throw new Error(`${name} must be a non-negative finite number`);
|
|
125
|
+
}
|
|
126
|
+
}
|
|
127
|
+
}
|
|
108
128
|
//# sourceMappingURL=cost-table.js.map
|
package/dist/cost-table.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cost-table.js","sourceRoot":"","sources":["../src/cost-table.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;AAgDH,
|
|
1
|
+
{"version":3,"file":"cost-table.js","sourceRoot":"","sources":["../src/cost-table.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;AAgDH,0CAGC;AAKD,gDAEC;AAOD,oCAGC;AAWD,4CAkBC;AAMD,sCAOC;AAnGD;;;GAGG;AACH,MAAM,aAAa,GAA8B;IAC/C,SAAS;IACT,OAAO,EAAY,EAAE,iBAAiB,EAAE,GAAG,EAAG,kBAAkB,EAAE,GAAG,EAAG;IACxE,YAAY,EAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,kBAAkB,EAAE,GAAG,EAAG;IACxE,QAAQ,EAAW,EAAE,iBAAiB,EAAE,IAAI,EAAE,kBAAkB,EAAE,GAAG,EAAG;IACxE,aAAa,EAAM,EAAE,iBAAiB,EAAE,KAAK,EAAE,kBAAkB,EAAE,IAAI,EAAE;IAEzE,YAAY;IACZ,iBAAiB,EAAQ,EAAE,iBAAiB,EAAE,GAAG,EAAG,kBAAkB,EAAE,IAAI,EAAE;IAC9E,iBAAiB,EAAQ,EAAE,iBAAiB,EAAE,GAAG,EAAG,kBAAkB,EAAE,GAAG,EAAG;IAC9E,mBAAmB,EAAM,EAAE,iBAAiB,EAAE,GAAG,EAAG,kBAAkB,EAAE,GAAG,EAAG;IAC9E,mBAAmB,EAAM,EAAE,iBAAiB,EAAE,GAAG,EAAG,kBAAkB,EAAE,GAAG,EAAG;IAC9E,kBAAkB,EAAO,EAAE,iBAAiB,EAAE,GAAG,EAAG,kBAAkB,EAAE,GAAG,EAAG;IAE9E,gBAAgB;IAChB,wBAAwB,EAAI,EAAE,iBAAiB,EAAE,GAAG,EAAG,kBAAkB,EAAE,GAAG,EAAG;IACjF,wBAAwB,EAAI,EAAE,iBAAiB,EAAE,IAAI,EAAE,kBAAkB,EAAE,GAAG,EAAG;IACjF,4BAA4B,EAAE,EAAE,iBAAiB,EAAE,GAAG,EAAE,kBAAkB,EAAE,GAAG,EAAE;IAEjF,mFAAmF;IACnF,8BAA8B,EAAI,EAAE,iBAAiB,EAAE,GAAG,EAAG,kBAAkB,EAAE,GAAG,EAAG;IACvF,gCAAgC,EAAE,EAAE,iBAAiB,EAAE,GAAG,EAAG,kBAAkB,EAAE,GAAG,EAAG;IACvF,sBAAsB,EAAY,EAAE,iBAAiB,EAAE,IAAI,EAAE,kBAAkB,EAAE,IAAI,EAAE;IACvF,uBAAuB,EAAW,EAAE,iBAAiB,EAAE,KAAK,EAAE,kBAAkB,EAAE,KAAK,EAAE;CAC1F,CAAC;AAEF,2DAA2D;AAC3D,MAAM,SAAS,GAAG,IAAI,GAAG,EAAqB,CAAC;AAE/C;;;GAGG;AACH,SAAgB,eAAe,CAAC,KAAa,EAAE,IAAe;IAC5D,YAAY,CAAC,IAAI,CAAC,CAAC;IACnB,SAAS,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;AAC7B,CAAC;AAED;;GAEG;AACH,SAAgB,kBAAkB;IAChC,SAAS,CAAC,KAAK,EAAE,CAAC;AACpB,CAAC;AAED;;;;GAIG;AACH,SAAgB,YAAY,CAAC,KAAa;IACxC,IAAI,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC;IAC9D,OAAO,aAAa,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC;AACtC,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,gBAAgB,CAC9B,KAAa,EACb,WAAmB,EACnB,YAAoB;IAEpB,kBAAkB,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;IAC/C,kBAAkB,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;IACjD,MAAM,IAAI,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;IACjC,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IACvB,YAAY,CAAC,IAAI,CAAC,CAAC;IAEnB,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,iBAAiB,GAAG,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC;IAC5E,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,kBAAkB,GAAG,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC;IAC/E,MAAM,KAAK,GAAG,UAAU,GAAG,WAAW,CAAC;IACvC,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,sEAAsE,CAAC,CAAC;IAC1F,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,SAAgB,aAAa,CAAC,KAAa;IACzC,IAAI,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,QAAQ,CAAC;IAClG,IAAI,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,WAAW,CAAC;IACpD,IAAI,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,QAAQ,CAAC;IACjD,IAAI,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,SAAS,CAAC;IACxE,IAAI,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,SAAS,CAAC;IACjH,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAY,EAAE,KAAa;IACrD,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,sCAAsC,CAAC,CAAC;IACjE,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CAAC,IAAe;IACnC,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QACjD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;YACtE,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,uCAAuC,CAAC,CAAC;QAClE,CAAC;IACH,CAAC;AACH,CAAC"}
|
package/dist/decision-log.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* AgentGuard(TM) Spend
|
|
2
|
+
* AgentGuard(TM) Spend: Signed hash-chained decision log
|
|
3
3
|
*
|
|
4
4
|
* Each policy decision is appended to a tamper-evident log:
|
|
5
5
|
* entry_n.previousHash = SHA-256(canonical_json(entry_{n-1} minus signature))
|
|
@@ -20,7 +20,7 @@
|
|
|
20
20
|
*
|
|
21
21
|
* Patent notice: Protected by U.S. patent-pending technology
|
|
22
22
|
* (App. Nos. 63/983,615; 63/983,621; 63/983,843; 63/984,626;
|
|
23
|
-
*
|
|
23
|
+
* 64/071,781; 64/071,789).
|
|
24
24
|
*/
|
|
25
25
|
import type { SignedDecisionLogEntry, SpendDecision, DecisionLogStore } from './types';
|
|
26
26
|
/** All-zero hex string used as the previousHash of the genesis entry. */
|
|
@@ -40,6 +40,7 @@ export declare function computeEntryHash(args: {
|
|
|
40
40
|
sequence: number;
|
|
41
41
|
decision: SpendDecision;
|
|
42
42
|
previousHash: string;
|
|
43
|
+
signerFingerprint?: string;
|
|
43
44
|
}): string;
|
|
44
45
|
/**
|
|
45
46
|
* Compute the public key fingerprint: first 8 bytes of SHA-256(pubkey), hex.
|
|
@@ -90,8 +91,8 @@ export declare function verifyChain(entries: SignedDecisionLogEntry[], publicKey
|
|
|
90
91
|
export declare class InMemoryDecisionLogStore implements DecisionLogStore {
|
|
91
92
|
private entries;
|
|
92
93
|
append(entry: SignedDecisionLogEntry): Promise<void>;
|
|
93
|
-
getLatest(): Promise<SignedDecisionLogEntry | null>;
|
|
94
|
-
read(fromSequence: number, limit: number): Promise<SignedDecisionLogEntry[]>;
|
|
94
|
+
getLatest(signerFingerprint?: string): Promise<SignedDecisionLogEntry | null>;
|
|
95
|
+
read(fromSequence: number, limit: number, signerFingerprint?: string): Promise<SignedDecisionLogEntry[]>;
|
|
95
96
|
/** Returns a defensive copy of all entries. Mainly for testing. */
|
|
96
97
|
snapshot(): SignedDecisionLogEntry[];
|
|
97
98
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"decision-log.d.ts","sourceRoot":"","sources":["../src/decision-log.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAIH,OAAO,KAAK,EACV,sBAAsB,EACtB,aAAa,EACb,gBAAgB,EACjB,MAAM,SAAS,CAAC;AAKjB,yEAAyE;AACzE,eAAO,MAAM,qBAAqB,QAAiB,CAAC;AAEpD;;;GAGG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAcpD;AAED,sDAAsD;AACtD,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAE/C;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE;IACrC,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,aAAa,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"decision-log.d.ts","sourceRoot":"","sources":["../src/decision-log.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAIH,OAAO,KAAK,EACV,sBAAsB,EACtB,aAAa,EACb,gBAAgB,EACjB,MAAM,SAAS,CAAC;AAKjB,yEAAyE;AACzE,eAAO,MAAM,qBAAqB,QAAiB,CAAC;AAEpD;;;GAGG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAcpD;AAED,sDAAsD;AACtD,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAE/C;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE;IACrC,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,aAAa,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;IACrB,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B,GAAG,MAAM,CAQT;AAED;;;GAGG;AACH,wBAAgB,wBAAwB,CAAC,SAAS,EAAE,UAAU,GAAG,MAAM,CAGtE;AAED;;;;;GAKG;AACH,wBAAsB,YAAY,CAAC,IAAI,EAAE;IACvC,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,aAAa,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,UAAU,CAAC;IACvB,SAAS,EAAE,UAAU,CAAC;CACvB,GAAG,OAAO,CAAC,sBAAsB,CAAC,CAkBlC;AAED;;;;;GAKG;AACH,wBAAsB,WAAW,CAC/B,KAAK,EAAE,sBAAsB,EAC7B,SAAS,EAAE,UAAU,GACpB,OAAO,CAAC,OAAO,CAAC,CAoBlB;AAED;;;;;;;;GAQG;AACH,wBAAsB,WAAW,CAC/B,OAAO,EAAE,sBAAsB,EAAE,EACjC,SAAS,EAAE,UAAU,GACpB,OAAO,CAAC;IAAE,EAAE,EAAE,IAAI,CAAA;CAAE,GAAG;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC,CA2CzE;AAED;;;;GAIG;AACH,qBAAa,wBAAyB,YAAW,gBAAgB;IAC/D,OAAO,CAAC,OAAO,CAAgC;IAEzC,MAAM,CAAC,KAAK,EAAE,sBAAsB,GAAG,OAAO,CAAC,IAAI,CAAC;IAIpD,SAAS,CAAC,iBAAiB,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,GAAG,IAAI,CAAC;IAQ7E,IAAI,CAAC,YAAY,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,EAAE,CAAC;IAS9G,mEAAmE;IACnE,QAAQ,IAAI,sBAAsB,EAAE;CAGrC"}
|
package/dist/decision-log.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
/**
|
|
3
|
-
* AgentGuard(TM) Spend
|
|
3
|
+
* AgentGuard(TM) Spend: Signed hash-chained decision log
|
|
4
4
|
*
|
|
5
5
|
* Each policy decision is appended to a tamper-evident log:
|
|
6
6
|
* entry_n.previousHash = SHA-256(canonical_json(entry_{n-1} minus signature))
|
|
@@ -21,7 +21,7 @@
|
|
|
21
21
|
*
|
|
22
22
|
* Patent notice: Protected by U.S. patent-pending technology
|
|
23
23
|
* (App. Nos. 63/983,615; 63/983,621; 63/983,843; 63/984,626;
|
|
24
|
-
*
|
|
24
|
+
* 64/071,781; 64/071,789).
|
|
25
25
|
*/
|
|
26
26
|
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
27
27
|
if (k2 === undefined) k2 = k;
|
|
@@ -99,12 +99,14 @@ function sha256Hex(input) {
|
|
|
99
99
|
* This is the value that gets signed.
|
|
100
100
|
*/
|
|
101
101
|
function computeEntryHash(args) {
|
|
102
|
-
const payload =
|
|
102
|
+
const payload = {
|
|
103
103
|
sequence: args.sequence,
|
|
104
104
|
decision: args.decision,
|
|
105
105
|
previousHash: args.previousHash,
|
|
106
|
-
}
|
|
107
|
-
|
|
106
|
+
};
|
|
107
|
+
if (args.signerFingerprint)
|
|
108
|
+
payload.signerFingerprint = args.signerFingerprint;
|
|
109
|
+
return sha256Hex(canonicalJson(payload));
|
|
108
110
|
}
|
|
109
111
|
/**
|
|
110
112
|
* Compute the public key fingerprint: first 8 bytes of SHA-256(pubkey), hex.
|
|
@@ -121,10 +123,12 @@ function computeSignerFingerprint(publicKey) {
|
|
|
121
123
|
* stored by the customer; AgentGuard Spend never sees or transmits it.
|
|
122
124
|
*/
|
|
123
125
|
async function signDecision(args) {
|
|
126
|
+
const signerFingerprint = computeSignerFingerprint(args.publicKey);
|
|
124
127
|
const entryHash = computeEntryHash({
|
|
125
128
|
sequence: args.sequence,
|
|
126
129
|
decision: args.decision,
|
|
127
130
|
previousHash: args.previousHash,
|
|
131
|
+
signerFingerprint,
|
|
128
132
|
});
|
|
129
133
|
const sigBytes = await ed.signAsync(Buffer.from(entryHash, 'hex'), args.privateKey);
|
|
130
134
|
const signature = Buffer.from(sigBytes).toString('hex');
|
|
@@ -134,7 +138,7 @@ async function signDecision(args) {
|
|
|
134
138
|
previousHash: args.previousHash,
|
|
135
139
|
entryHash,
|
|
136
140
|
signature,
|
|
137
|
-
signerFingerprint
|
|
141
|
+
signerFingerprint,
|
|
138
142
|
};
|
|
139
143
|
}
|
|
140
144
|
/**
|
|
@@ -144,12 +148,20 @@ async function signDecision(args) {
|
|
|
144
148
|
* Does NOT verify chain linkage (that's verifyChain's job).
|
|
145
149
|
*/
|
|
146
150
|
async function verifyEntry(entry, publicKey) {
|
|
151
|
+
if (computeSignerFingerprint(publicKey) !== entry.signerFingerprint)
|
|
152
|
+
return false;
|
|
147
153
|
const expectedHash = computeEntryHash({
|
|
148
154
|
sequence: entry.sequence,
|
|
149
155
|
decision: entry.decision,
|
|
150
156
|
previousHash: entry.previousHash,
|
|
157
|
+
signerFingerprint: entry.signerFingerprint,
|
|
158
|
+
});
|
|
159
|
+
const legacyHash = computeEntryHash({
|
|
160
|
+
sequence: entry.sequence,
|
|
161
|
+
decision: entry.decision,
|
|
162
|
+
previousHash: entry.previousHash,
|
|
151
163
|
});
|
|
152
|
-
if (expectedHash !== entry.entryHash)
|
|
164
|
+
if (expectedHash !== entry.entryHash && legacyHash !== entry.entryHash)
|
|
153
165
|
return false;
|
|
154
166
|
const sigBytes = Buffer.from(entry.signature, 'hex');
|
|
155
167
|
try {
|
|
@@ -171,12 +183,19 @@ async function verifyEntry(entry, publicKey) {
|
|
|
171
183
|
async function verifyChain(entries, publicKey) {
|
|
172
184
|
if (entries.length === 0)
|
|
173
185
|
return { ok: true };
|
|
186
|
+
if (entries[0]?.sequence !== 0) {
|
|
187
|
+
return {
|
|
188
|
+
ok: false,
|
|
189
|
+
sequence: entries[0]?.sequence ?? -1,
|
|
190
|
+
reason: `Chain must start at sequence 0, got ${entries[0]?.sequence ?? 'missing'}`,
|
|
191
|
+
};
|
|
192
|
+
}
|
|
174
193
|
for (let i = 0; i < entries.length; i++) {
|
|
175
194
|
const entry = entries[i];
|
|
176
195
|
if (!entry) {
|
|
177
196
|
return { ok: false, sequence: i, reason: 'Missing entry at index ' + i };
|
|
178
197
|
}
|
|
179
|
-
const expectedSeq = i === 0 ?
|
|
198
|
+
const expectedSeq = i === 0 ? 0 : (entries[i - 1].sequence + 1);
|
|
180
199
|
if (entry.sequence !== expectedSeq) {
|
|
181
200
|
return {
|
|
182
201
|
ok: false,
|
|
@@ -213,16 +232,22 @@ class InMemoryDecisionLogStore {
|
|
|
213
232
|
async append(entry) {
|
|
214
233
|
this.entries.push(entry);
|
|
215
234
|
}
|
|
216
|
-
async getLatest() {
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
235
|
+
async getLatest(signerFingerprint) {
|
|
236
|
+
for (let i = this.entries.length - 1; i >= 0; i--) {
|
|
237
|
+
const entry = this.entries[i];
|
|
238
|
+
if (entry && (!signerFingerprint || entry.signerFingerprint === signerFingerprint))
|
|
239
|
+
return entry;
|
|
240
|
+
}
|
|
241
|
+
return null;
|
|
220
242
|
}
|
|
221
|
-
async read(fromSequence, limit) {
|
|
222
|
-
const
|
|
243
|
+
async read(fromSequence, limit, signerFingerprint) {
|
|
244
|
+
const filtered = signerFingerprint
|
|
245
|
+
? this.entries.filter((e) => e.signerFingerprint === signerFingerprint)
|
|
246
|
+
: this.entries;
|
|
247
|
+
const start = filtered.findIndex((e) => e.sequence >= fromSequence);
|
|
223
248
|
if (start === -1)
|
|
224
249
|
return [];
|
|
225
|
-
return
|
|
250
|
+
return filtered.slice(start, start + limit);
|
|
226
251
|
}
|
|
227
252
|
/** Returns a defensive copy of all entries. Mainly for testing. */
|
|
228
253
|
snapshot() {
|