@agentguard-run/spend 0.1.4 → 0.1.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/agentguard.js +9 -0
- package/dist/cli/colors.d.ts +22 -0
- package/dist/cli/colors.d.ts.map +1 -0
- package/dist/cli/colors.js +52 -0
- package/dist/cli/colors.js.map +1 -0
- package/dist/cli/demo.d.ts +13 -0
- package/dist/cli/demo.d.ts.map +1 -0
- package/dist/cli/demo.js +173 -0
- package/dist/cli/demo.js.map +1 -0
- package/dist/cli/doctor.d.ts +5 -0
- package/dist/cli/doctor.d.ts.map +1 -0
- package/dist/cli/doctor.js +208 -0
- package/dist/cli/doctor.js.map +1 -0
- package/dist/cli/explain.d.ts +5 -0
- package/dist/cli/explain.d.ts.map +1 -0
- package/dist/cli/explain.js +172 -0
- package/dist/cli/explain.js.map +1 -0
- package/dist/cli/init.d.ts +5 -0
- package/dist/cli/init.d.ts.map +1 -0
- package/dist/cli/init.js +208 -0
- package/dist/cli/init.js.map +1 -0
- package/dist/cli/main.d.ts +11 -0
- package/dist/cli/main.d.ts.map +1 -0
- package/dist/cli/main.js +113 -0
- package/dist/cli/main.js.map +1 -0
- package/dist/cli/verify.d.ts +8 -0
- package/dist/cli/verify.d.ts.map +1 -0
- package/dist/cli/verify.js +124 -0
- package/dist/cli/verify.js.map +1 -0
- package/dist/index.d.ts +1 -1
- package/dist/index.js +1 -1
- package/package.json +5 -1
|
@@ -0,0 +1,124 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* `agentguard verify` — verify a signed decision log entry.
|
|
4
|
+
*
|
|
5
|
+
* Default target: --trace latest reads ~/.agentguard/demo/latest-receipt.json
|
|
6
|
+
* (produced by `agentguard demo`) and verifies its Ed25519 signature.
|
|
7
|
+
*/
|
|
8
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
9
|
+
if (k2 === undefined) k2 = k;
|
|
10
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
11
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
12
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
13
|
+
}
|
|
14
|
+
Object.defineProperty(o, k2, desc);
|
|
15
|
+
}) : (function(o, m, k, k2) {
|
|
16
|
+
if (k2 === undefined) k2 = k;
|
|
17
|
+
o[k2] = m[k];
|
|
18
|
+
}));
|
|
19
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
20
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
21
|
+
}) : function(o, v) {
|
|
22
|
+
o["default"] = v;
|
|
23
|
+
});
|
|
24
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
25
|
+
var ownKeys = function(o) {
|
|
26
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
27
|
+
var ar = [];
|
|
28
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
29
|
+
return ar;
|
|
30
|
+
};
|
|
31
|
+
return ownKeys(o);
|
|
32
|
+
};
|
|
33
|
+
return function (mod) {
|
|
34
|
+
if (mod && mod.__esModule) return mod;
|
|
35
|
+
var result = {};
|
|
36
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
37
|
+
__setModuleDefault(result, mod);
|
|
38
|
+
return result;
|
|
39
|
+
};
|
|
40
|
+
})();
|
|
41
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
42
|
+
exports.runVerify = runVerify;
|
|
43
|
+
const fs = __importStar(require("fs"));
|
|
44
|
+
const os = __importStar(require("os"));
|
|
45
|
+
const path = __importStar(require("path"));
|
|
46
|
+
const decision_log_1 = require("../decision-log");
|
|
47
|
+
const index_1 = require("../index");
|
|
48
|
+
const colors_1 = require("./colors");
|
|
49
|
+
const DEMO_RECEIPT = path.join(os.homedir(), '.agentguard', 'demo', 'latest-receipt.json');
|
|
50
|
+
async function runVerify(argv) {
|
|
51
|
+
let trace = 'latest';
|
|
52
|
+
let publicKeyHex;
|
|
53
|
+
for (let i = 0; i < argv.length; i++) {
|
|
54
|
+
const a = argv[i];
|
|
55
|
+
if (a === '--trace') {
|
|
56
|
+
trace = argv[++i] ?? 'latest';
|
|
57
|
+
}
|
|
58
|
+
else if (a === '--public-key') {
|
|
59
|
+
publicKeyHex = argv[++i];
|
|
60
|
+
}
|
|
61
|
+
else if (a === '--help' || a === '-h') {
|
|
62
|
+
console.log('agentguard verify [--trace latest|<path>] [--public-key <hex>]');
|
|
63
|
+
return 0;
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
let source;
|
|
67
|
+
if (trace === 'latest') {
|
|
68
|
+
source = DEMO_RECEIPT;
|
|
69
|
+
if (!fs.existsSync(source)) {
|
|
70
|
+
console.log((0, colors_1.redBold)('error: ') + 'no demo receipt found.');
|
|
71
|
+
console.log('');
|
|
72
|
+
console.log(` run ${(0, colors_1.greenBold)('agentguard demo')} first to produce a receipt.`);
|
|
73
|
+
return 2;
|
|
74
|
+
}
|
|
75
|
+
}
|
|
76
|
+
else {
|
|
77
|
+
source = path.resolve(trace.replace(/^~/, os.homedir()));
|
|
78
|
+
if (!fs.existsSync(source)) {
|
|
79
|
+
console.log((0, colors_1.redBold)('error: ') + `receipt file not found: ${source}`);
|
|
80
|
+
return 2;
|
|
81
|
+
}
|
|
82
|
+
}
|
|
83
|
+
const raw = JSON.parse(fs.readFileSync(source, 'utf-8'));
|
|
84
|
+
const entry = {
|
|
85
|
+
sequence: raw.sequence,
|
|
86
|
+
entryHash: raw.entryHash,
|
|
87
|
+
previousHash: raw.previousHash,
|
|
88
|
+
signature: raw.signature,
|
|
89
|
+
signerFingerprint: raw.signerFingerprint,
|
|
90
|
+
decision: raw.decision,
|
|
91
|
+
};
|
|
92
|
+
const pubHex = publicKeyHex || raw.publicKeyHex;
|
|
93
|
+
if (!pubHex) {
|
|
94
|
+
console.log((0, colors_1.redBold)('error: ') + 'no public key available for verification.');
|
|
95
|
+
return 2;
|
|
96
|
+
}
|
|
97
|
+
const publicKey = Uint8Array.from(Buffer.from(pubHex, 'hex'));
|
|
98
|
+
const ok = await (0, decision_log_1.verifyEntry)(entry, publicKey);
|
|
99
|
+
console.log('');
|
|
100
|
+
console.log(' ' + (0, colors_1.banner)(index_1.AGENTGUARD_SPEND_VERSION));
|
|
101
|
+
console.log('');
|
|
102
|
+
console.log(' ' + (0, colors_1.cyanBold)(`agentguard verify --trace ${trace}`));
|
|
103
|
+
console.log('');
|
|
104
|
+
const label = (s) => (0, colors_1.dim)(` ${s.padEnd(14)}`);
|
|
105
|
+
console.log(label('receipt') + entry.entryHash.slice(0, 32) + (0, colors_1.dim)('...'));
|
|
106
|
+
console.log(label('signer') + entry.signerFingerprint.slice(0, 32) + (0, colors_1.dim)('...'));
|
|
107
|
+
console.log(label('sequence') + String(entry.sequence));
|
|
108
|
+
console.log(label('policy') + entry.decision.policyId);
|
|
109
|
+
console.log(label('action') + entry.decision.action);
|
|
110
|
+
console.log('');
|
|
111
|
+
if (ok) {
|
|
112
|
+
console.log(' ' + (0, colors_1.greenBold)('✓ signature valid'));
|
|
113
|
+
console.log(' ' + (0, colors_1.green)('✓ entry hash matches canonical JSON'));
|
|
114
|
+
console.log(' ' + (0, colors_1.green)('✓ chain link to previous entry intact'));
|
|
115
|
+
console.log('');
|
|
116
|
+
return 0;
|
|
117
|
+
}
|
|
118
|
+
console.log(' ' + (0, colors_1.redBold)('✗ verification FAILED'));
|
|
119
|
+
console.log('');
|
|
120
|
+
console.log((0, colors_1.dim)(' one or more of: signature mismatch, entryHash mismatch, chain broken.'));
|
|
121
|
+
console.log('');
|
|
122
|
+
return 1;
|
|
123
|
+
}
|
|
124
|
+
//# sourceMappingURL=verify.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"verify.js","sourceRoot":"","sources":["../../src/cli/verify.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAaH,8BA2EC;AAtFD,uCAAyB;AACzB,uCAAyB;AACzB,2CAA6B;AAE7B,kDAA8C;AAE9C,oCAAoD;AACpD,qCAA4E;AAE5E,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,aAAa,EAAE,MAAM,EAAE,qBAAqB,CAAC,CAAC;AAEpF,KAAK,UAAU,SAAS,CAAC,IAAc;IAC5C,IAAI,KAAK,GAAG,QAAQ,CAAC;IACrB,IAAI,YAAgC,CAAC;IAErC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;YACpB,KAAK,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,QAAQ,CAAC;QAChC,CAAC;aAAM,IAAI,CAAC,KAAK,cAAc,EAAE,CAAC;YAChC,YAAY,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QAC3B,CAAC;aAAM,IAAI,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;YACxC,OAAO,CAAC,GAAG,CAAC,gEAAgE,CAAC,CAAC;YAC9E,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IAED,IAAI,MAAc,CAAC;IACnB,IAAI,KAAK,KAAK,QAAQ,EAAE,CAAC;QACvB,MAAM,GAAG,YAAY,CAAC;QACtB,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3B,OAAO,CAAC,GAAG,CAAC,IAAA,gBAAO,EAAC,SAAS,CAAC,GAAG,wBAAwB,CAAC,CAAC;YAC3D,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,SAAS,IAAA,kBAAS,EAAC,iBAAiB,CAAC,8BAA8B,CAAC,CAAC;YACjF,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QACzD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3B,OAAO,CAAC,GAAG,CAAC,IAAA,gBAAO,EAAC,SAAS,CAAC,GAAG,2BAA2B,MAAM,EAAE,CAAC,CAAC;YACtE,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IACzD,MAAM,KAAK,GAA2B;QACpC,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,YAAY,EAAE,GAAG,CAAC,YAAY;QAC9B,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,iBAAiB,EAAE,GAAG,CAAC,iBAAiB;QACxC,QAAQ,EAAE,GAAG,CAAC,QAAQ;KACvB,CAAC;IACF,MAAM,MAAM,GAAG,YAAY,IAAI,GAAG,CAAC,YAAY,CAAC;IAChD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,CAAC,GAAG,CAAC,IAAA,gBAAO,EAAC,SAAS,CAAC,GAAG,2CAA2C,CAAC,CAAC;QAC9E,OAAO,CAAC,CAAC;IACX,CAAC;IACD,MAAM,SAAS,GAAG,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;IAE9D,MAAM,EAAE,GAAG,MAAM,IAAA,0BAAW,EAAC,KAAK,EAAE,SAAS,CAAC,CAAC;IAE/C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,IAAA,eAAM,EAAC,gCAAwB,CAAC,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,IAAA,iBAAQ,EAAC,6BAA6B,KAAK,EAAE,CAAC,CAAC,CAAC;IACnE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,MAAM,KAAK,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAA,YAAG,EAAC,KAAK,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;IACtD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,IAAA,YAAG,EAAC,KAAK,CAAC,CAAC,CAAC;IAC1E,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,IAAA,YAAG,EAAC,KAAK,CAAC,CAAC,CAAC;IACjF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC;IACxD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACvD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,IAAI,EAAE,EAAE,CAAC;QACP,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,IAAA,kBAAS,EAAC,mBAAmB,CAAC,CAAC,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,IAAA,cAAK,EAAC,qCAAqC,CAAC,CAAC,CAAC;QACjE,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,IAAA,cAAK,EAAC,uCAAuC,CAAC,CAAC,CAAC;QACnE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,CAAC;IACX,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,IAAA,gBAAO,EAAC,uBAAuB,CAAC,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,IAAA,YAAG,EAAC,yEAAyE,CAAC,CAAC,CAAC;IAC5F,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,CAAC;AACX,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -12,7 +12,7 @@ export { canonicalJson, sha256Hex, computeEntryHash, computeSignerFingerprint, s
|
|
|
12
12
|
export { InMemorySpendStore } from './store-memory';
|
|
13
13
|
export { SpendGuard, withSpendGuard, AgentGuardBlockedError, type SpendGuardConfig, type OpenAIBindingOptions, } from './spend-guard';
|
|
14
14
|
export { DEFAULT_LOCALE, SUPPORTED_LOCALES, TRANSLATIONS, type SupportedLocale, resolveLocale, t, formatBlockedTrace, type BlockedTraceArgs, } from './i18n';
|
|
15
|
-
export declare const AGENTGUARD_SPEND_VERSION = "0.1.
|
|
15
|
+
export declare const AGENTGUARD_SPEND_VERSION = "0.1.7";
|
|
16
16
|
/** Patent marking. 35 U.S.C. § 287 constructive notice. */
|
|
17
17
|
export declare const PATENT_NOTICE: string;
|
|
18
18
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.js
CHANGED
|
@@ -46,7 +46,7 @@ Object.defineProperty(exports, "TRANSLATIONS", { enumerable: true, get: function
|
|
|
46
46
|
Object.defineProperty(exports, "resolveLocale", { enumerable: true, get: function () { return i18n_1.resolveLocale; } });
|
|
47
47
|
Object.defineProperty(exports, "t", { enumerable: true, get: function () { return i18n_1.t; } });
|
|
48
48
|
Object.defineProperty(exports, "formatBlockedTrace", { enumerable: true, get: function () { return i18n_1.formatBlockedTrace; } });
|
|
49
|
-
exports.AGENTGUARD_SPEND_VERSION = '0.1.
|
|
49
|
+
exports.AGENTGUARD_SPEND_VERSION = '0.1.7';
|
|
50
50
|
/** Patent marking. 35 U.S.C. § 287 constructive notice. */
|
|
51
51
|
exports.PATENT_NOTICE = 'Protected by U.S. patent-pending technology ' +
|
|
52
52
|
'(App. Nos. 63/983,615; 63/983,621; 63/983,843; 63/984,626; ' +
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@agentguard-run/spend",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.7",
|
|
4
4
|
"description": "Local-runtime spend caps and capability-gated model routing for AI agents. Prompts, API keys, and signing keys stay inside the customer runtime. Zero data plane involvement.",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -21,8 +21,12 @@
|
|
|
21
21
|
"default": "./dist/decision-log.js"
|
|
22
22
|
}
|
|
23
23
|
},
|
|
24
|
+
"bin": {
|
|
25
|
+
"agentguard": "./bin/agentguard.js"
|
|
26
|
+
},
|
|
24
27
|
"files": [
|
|
25
28
|
"dist",
|
|
29
|
+
"bin",
|
|
26
30
|
"README.md",
|
|
27
31
|
"LICENSE",
|
|
28
32
|
"PATENTS.md"
|