@agentguard-run/spend 0.5.0 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +7 -0
- package/dist/index.d.ts +6 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +21 -3
- package/dist/index.js.map +1 -1
- package/dist/middleware/provenance.d.ts +11 -0
- package/dist/middleware/provenance.d.ts.map +1 -0
- package/dist/middleware/provenance.js +17 -0
- package/dist/middleware/provenance.js.map +1 -0
- package/dist/middleware/provider-registry.d.ts +34 -0
- package/dist/middleware/provider-registry.d.ts.map +1 -0
- package/dist/middleware/provider-registry.js +290 -0
- package/dist/middleware/provider-registry.js.map +1 -0
- package/dist/posture/enforce.d.ts +19 -0
- package/dist/posture/enforce.d.ts.map +1 -0
- package/dist/posture/enforce.js +109 -0
- package/dist/posture/enforce.js.map +1 -0
- package/dist/receipts/schema.d.ts +46 -0
- package/dist/receipts/schema.d.ts.map +1 -0
- package/dist/receipts/schema.js +23 -0
- package/dist/receipts/schema.js.map +1 -0
- package/dist/spend-guard.d.ts +20 -0
- package/dist/spend-guard.d.ts.map +1 -1
- package/dist/spend-guard.js +24 -2
- package/dist/spend-guard.js.map +1 -1
- package/dist/types.d.ts +10 -0
- package/dist/types.d.ts.map +1 -1
- package/dist/workflow/receipt.d.ts +20 -2
- package/dist/workflow/receipt.d.ts.map +1 -1
- package/dist/workflow/receipt.js +16 -0
- package/dist/workflow/receipt.js.map +1 -1
- package/dist/workflow/types.d.ts +5 -0
- package/dist/workflow/types.d.ts.map +1 -1
- package/package.json +5 -2
- package/src/middleware/provenance.ts +31 -0
- package/src/middleware/provider-registry.ts +289 -0
- package/src/posture/enforce.ts +87 -0
- package/src/receipts/schema.ts +81 -0
- package/src/workflow/receipt.ts +36 -2
- package/src/workflow/types.ts +7 -0
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,12 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.6.0
|
|
4
|
+
|
|
5
|
+
- Added receipt schema v3 provenance blocks for model identity, hosting route, jurisdiction, BAA status, retention, and foreign-origin model flagging.
|
|
6
|
+
- Added provider registry and local provenance enforcement: compliance posture blocks foreign-origin weights, standard posture requires a signed consent receipt.
|
|
7
|
+
- Added consent receipt validation hooks for `foreign_origin_consent_receipt_id`.
|
|
8
|
+
- Kept v1 and v2 receipt verification paths backward compatible.
|
|
9
|
+
|
|
3
10
|
## 0.5.0
|
|
4
11
|
|
|
5
12
|
- Added the workflow primitive: one budget envelope, one duration cap, resumable checkpoints, and signed receipt chains across multi-step agent runs.
|
package/dist/index.d.ts
CHANGED
|
@@ -14,6 +14,11 @@ export { InMemorySpendStore } from './store-memory';
|
|
|
14
14
|
export { AgentGuardLicenseRequiredError, validateLicenseKey, validateAndRegisterLicense, readConfiguredLicenseKey, writeConfiguredLicenseKey, clearConfiguredLicenseKey, licenseKeyFingerprint, type AgentGuardLicenseStatus, type AgentGuardLicenseFeatures, type AgentGuardTier, } from './license';
|
|
15
15
|
export { telemetryStatus, enableTelemetry, disableTelemetry, resetTelemetryInstallId, recordTelemetryEvent, type TelemetryStatus, } from './telemetry';
|
|
16
16
|
export { fetchCatalog, getCachedCatalog, syncPricingIntoCostTable, persistOverrides, modelCostFromOpenRouter, type OpenRouterCatalog, type OpenRouterModel, type SyncPricingResult, } from './openrouter-catalog';
|
|
17
|
+
export type { AnyReceipt, ComplianceProvenance, HostingProvenance, JurisdictionCountry, ModelIdentity, ProvenanceBlock, ProvenanceProvider, ReceiptV1, ReceiptV3, WeightsOriginCountry, } from './receipts/schema';
|
|
18
|
+
export { assertReceiptV3, isReceiptV3, receiptSchemaVersion } from './receipts/schema';
|
|
19
|
+
export { captureProvenance, type AgentGuardContext, type AgentRequest } from './middleware/provenance';
|
|
20
|
+
export { PROVIDER_REGISTRY, inferProviderRoute, inferModelIdentity, inferHosting, inferCompliance, isForeignOriginModel } from './middleware/provider-registry';
|
|
21
|
+
export { AgentGuardComplianceError, AgentGuardConsentRequiredError, enforceCompliance, verifyConsentReceipt, type GovernancePosture } from './posture/enforce';
|
|
17
22
|
export { workflow, WorkflowContext } from './workflow/context';
|
|
18
23
|
export { computeChainHash, validateReceiptChain } from './workflow/chain-validator';
|
|
19
24
|
export { AgentGuardBudgetCapError, AgentGuardChainCorruptError, AgentGuardDurationCapError, AgentGuardWorkflowStateError, } from './workflow/errors';
|
|
@@ -25,7 +30,7 @@ export { SpendGuard, withSpendGuard, AgentGuardBlockedError, type SpendGuardConf
|
|
|
25
30
|
export { withSpendGuardAnthropic, type AnthropicBindingOptions } from './bindings/anthropic';
|
|
26
31
|
export { withSpendGuardBedrock, type BedrockBindingOptions } from './bindings/bedrock';
|
|
27
32
|
export { DEFAULT_LOCALE, SUPPORTED_LOCALES, TRANSLATIONS, type SupportedLocale, resolveLocale, t, formatBlockedTrace, type BlockedTraceArgs, } from './i18n';
|
|
28
|
-
export declare const AGENTGUARD_SPEND_VERSION = "0.
|
|
33
|
+
export declare const AGENTGUARD_SPEND_VERSION = "0.6.0";
|
|
29
34
|
export declare const agentguard: {
|
|
30
35
|
workflow: typeof runWorkflow;
|
|
31
36
|
};
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,QAAQ,IAAI,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAG7D,YAAY,EACV,WAAW,EACX,WAAW,EACX,QAAQ,EACR,eAAe,EACf,cAAc,EACd,QAAQ,EACR,UAAU,EACV,WAAW,EACX,WAAW,EACX,aAAa,EACb,sBAAsB,EACtB,UAAU,EACV,gBAAgB,GACjB,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,YAAY,EACZ,eAAe,EACf,kBAAkB,EAClB,gBAAgB,EAChB,aAAa,EACb,iBAAiB,EACjB,0BAA0B,EAC1B,oBAAoB,EACpB,eAAe,EACf,KAAK,SAAS,GACf,MAAM,cAAc,CAAC;AAGtB,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,uBAAuB,EAAE,yBAAyB,EAAE,2BAA2B,EAAE,2BAA2B,EAAE,MAAM,UAAU,CAAC;AAGvK,OAAO,EACL,aAAa,EACb,SAAS,EACT,gBAAgB,EAChB,wBAAwB,EACxB,YAAY,EACZ,WAAW,EACX,WAAW,EACX,qBAAqB,EACrB,wBAAwB,GACzB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAGpD,OAAO,EACL,8BAA8B,EAC9B,kBAAkB,EAClB,0BAA0B,EAC1B,wBAAwB,EACxB,yBAAyB,EACzB,yBAAyB,EACzB,qBAAqB,EACrB,KAAK,uBAAuB,EAC5B,KAAK,yBAAyB,EAC9B,KAAK,cAAc,GACpB,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,eAAe,EACf,eAAe,EACf,gBAAgB,EAChB,uBAAuB,EACvB,oBAAoB,EACpB,KAAK,eAAe,GACrB,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,YAAY,EACZ,gBAAgB,EAChB,wBAAwB,EACxB,gBAAgB,EAChB,uBAAuB,EACvB,KAAK,iBAAiB,EACtB,KAAK,eAAe,EACpB,KAAK,iBAAiB,GACvB,MAAM,sBAAsB,CAAC;AAK9B,OAAO,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAC/D,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AACpF,OAAO,EACL,wBAAwB,EACxB,2BAA2B,EAC3B,0BAA0B,EAC1B,4BAA4B,GAC7B,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EACV,qBAAqB,EACrB,iBAAiB,EACjB,SAAS,EACT,uBAAuB,EACvB,cAAc,EACd,aAAa,EACb,cAAc,GACf,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EACL,mBAAmB,EACnB,oBAAoB,EACpB,sBAAsB,EACtB,gBAAgB,EAChB,KAAK,sBAAsB,EAC3B,KAAK,gBAAgB,GACtB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,KAAK,aAAa,EAAE,KAAK,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAC3H,OAAO,EAAE,0BAA0B,EAAE,mBAAmB,EAAE,KAAK,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAGxG,OAAO,EACL,UAAU,EACV,cAAc,EACd,sBAAsB,EACtB,KAAK,gBAAgB,EACrB,KAAK,oBAAoB,EACzB,KAAK,uBAAuB,EAC5B,KAAK,sBAAsB,GAC5B,MAAM,eAAe,CAAC;AAEvB,OAAO,EAAE,uBAAuB,EAAE,KAAK,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AAC7F,OAAO,EAAE,qBAAqB,EAAE,KAAK,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAGvF,OAAO,EACL,cAAc,EACd,iBAAiB,EACjB,YAAY,EACZ,KAAK,eAAe,EACpB,aAAa,EACb,CAAC,EACD,kBAAkB,EAClB,KAAK,gBAAgB,GACtB,MAAM,QAAQ,CAAC;AAEhB,eAAO,MAAM,wBAAwB,UAAU,CAAC;AAGhD,eAAO,MAAM,UAAU;;CAEtB,CAAC;AAEF,2DAA2D;AAC3D,eAAO,MAAM,aAAa,QAG8B,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,QAAQ,IAAI,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAG7D,YAAY,EACV,WAAW,EACX,WAAW,EACX,QAAQ,EACR,eAAe,EACf,cAAc,EACd,QAAQ,EACR,UAAU,EACV,WAAW,EACX,WAAW,EACX,aAAa,EACb,sBAAsB,EACtB,UAAU,EACV,gBAAgB,GACjB,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,YAAY,EACZ,eAAe,EACf,kBAAkB,EAClB,gBAAgB,EAChB,aAAa,EACb,iBAAiB,EACjB,0BAA0B,EAC1B,oBAAoB,EACpB,eAAe,EACf,KAAK,SAAS,GACf,MAAM,cAAc,CAAC;AAGtB,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,uBAAuB,EAAE,yBAAyB,EAAE,2BAA2B,EAAE,2BAA2B,EAAE,MAAM,UAAU,CAAC;AAGvK,OAAO,EACL,aAAa,EACb,SAAS,EACT,gBAAgB,EAChB,wBAAwB,EACxB,YAAY,EACZ,WAAW,EACX,WAAW,EACX,qBAAqB,EACrB,wBAAwB,GACzB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAGpD,OAAO,EACL,8BAA8B,EAC9B,kBAAkB,EAClB,0BAA0B,EAC1B,wBAAwB,EACxB,yBAAyB,EACzB,yBAAyB,EACzB,qBAAqB,EACrB,KAAK,uBAAuB,EAC5B,KAAK,yBAAyB,EAC9B,KAAK,cAAc,GACpB,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,eAAe,EACf,eAAe,EACf,gBAAgB,EAChB,uBAAuB,EACvB,oBAAoB,EACpB,KAAK,eAAe,GACrB,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,YAAY,EACZ,gBAAgB,EAChB,wBAAwB,EACxB,gBAAgB,EAChB,uBAAuB,EACvB,KAAK,iBAAiB,EACtB,KAAK,eAAe,EACpB,KAAK,iBAAiB,GACvB,MAAM,sBAAsB,CAAC;AAK9B,YAAY,EACV,UAAU,EACV,oBAAoB,EACpB,iBAAiB,EACjB,mBAAmB,EACnB,aAAa,EACb,eAAe,EACf,kBAAkB,EAClB,SAAS,EACT,SAAS,EACT,oBAAoB,GACrB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AACvF,OAAO,EAAE,iBAAiB,EAAE,KAAK,iBAAiB,EAAE,KAAK,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvG,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,YAAY,EAAE,eAAe,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AAChK,OAAO,EAAE,yBAAyB,EAAE,8BAA8B,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,KAAK,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAG/J,OAAO,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAC/D,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AACpF,OAAO,EACL,wBAAwB,EACxB,2BAA2B,EAC3B,0BAA0B,EAC1B,4BAA4B,GAC7B,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EACV,qBAAqB,EACrB,iBAAiB,EACjB,SAAS,EACT,uBAAuB,EACvB,cAAc,EACd,aAAa,EACb,cAAc,GACf,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EACL,mBAAmB,EACnB,oBAAoB,EACpB,sBAAsB,EACtB,gBAAgB,EAChB,KAAK,sBAAsB,EAC3B,KAAK,gBAAgB,GACtB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,KAAK,aAAa,EAAE,KAAK,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAC3H,OAAO,EAAE,0BAA0B,EAAE,mBAAmB,EAAE,KAAK,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAGxG,OAAO,EACL,UAAU,EACV,cAAc,EACd,sBAAsB,EACtB,KAAK,gBAAgB,EACrB,KAAK,oBAAoB,EACzB,KAAK,uBAAuB,EAC5B,KAAK,sBAAsB,GAC5B,MAAM,eAAe,CAAC;AAEvB,OAAO,EAAE,uBAAuB,EAAE,KAAK,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AAC7F,OAAO,EAAE,qBAAqB,EAAE,KAAK,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAGvF,OAAO,EACL,cAAc,EACd,iBAAiB,EACjB,YAAY,EACZ,KAAK,eAAe,EACpB,aAAa,EACb,CAAC,EACD,kBAAkB,EAClB,KAAK,gBAAgB,GACtB,MAAM,QAAQ,CAAC;AAEhB,eAAO,MAAM,wBAAwB,UAAU,CAAC;AAGhD,eAAO,MAAM,UAAU;;CAEtB,CAAC;AAEF,2DAA2D;AAC3D,eAAO,MAAM,aAAa,QAG8B,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -7,8 +7,8 @@
|
|
|
7
7
|
* 64/071,781; 64/071,789).
|
|
8
8
|
*/
|
|
9
9
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
10
|
-
exports.
|
|
11
|
-
exports.PATENT_NOTICE = exports.agentguard = exports.AGENTGUARD_SPEND_VERSION = exports.formatBlockedTrace = exports.t = exports.resolveLocale = exports.TRANSLATIONS = exports.SUPPORTED_LOCALES = exports.DEFAULT_LOCALE = exports.withSpendGuardBedrock = exports.withSpendGuardAnthropic = exports.AgentGuardBlockedError = exports.withSpendGuard = exports.SpendGuard = exports.writeAdvisorOutputs = exports.createAdvisorSessionLogger = exports.resolveAdvisorApiKey = exports.createAdvisorClient = exports.projectedSavings = exports.buildPolicyFromProfile = exports.buildBusinessProfile = exports.AdvisorConversation = void 0;
|
|
10
|
+
exports.inferHosting = exports.inferModelIdentity = exports.inferProviderRoute = exports.PROVIDER_REGISTRY = exports.captureProvenance = exports.receiptSchemaVersion = exports.isReceiptV3 = exports.assertReceiptV3 = exports.modelCostFromOpenRouter = exports.persistOverrides = exports.syncPricingIntoCostTable = exports.getCachedCatalog = exports.fetchCatalog = exports.recordTelemetryEvent = exports.resetTelemetryInstallId = exports.disableTelemetry = exports.enableTelemetry = exports.telemetryStatus = exports.licenseKeyFingerprint = exports.clearConfiguredLicenseKey = exports.writeConfiguredLicenseKey = exports.readConfiguredLicenseKey = exports.validateAndRegisterLicense = exports.validateLicenseKey = exports.AgentGuardLicenseRequiredError = exports.InMemorySpendStore = exports.InMemoryDecisionLogStore = exports.GENESIS_PREVIOUS_HASH = exports.verifyChain = exports.verifyEntry = exports.signDecision = exports.computeSignerFingerprint = exports.computeEntryHash = exports.sha256Hex = exports.canonicalJson = exports.BUILT_IN_KEYWORD_WATCHLISTS = exports.findCustomKeywordWatchlists = exports.enforcePolicyLicenseGates = exports.adjustPolicyWindowSpend = exports.buildScopeKey = exports.evaluatePolicy = exports.knownModelCosts = exports.persistCostOverrides = exports.loadPersistedCostOverrides = exports.listCostOverrides = exports.inferProvider = exports.computeCallCents = exports.clearCostOverrides = exports.setCostOverride = exports.getModelCost = void 0;
|
|
11
|
+
exports.PATENT_NOTICE = exports.agentguard = exports.AGENTGUARD_SPEND_VERSION = exports.formatBlockedTrace = exports.t = exports.resolveLocale = exports.TRANSLATIONS = exports.SUPPORTED_LOCALES = exports.DEFAULT_LOCALE = exports.withSpendGuardBedrock = exports.withSpendGuardAnthropic = exports.AgentGuardBlockedError = exports.withSpendGuard = exports.SpendGuard = exports.writeAdvisorOutputs = exports.createAdvisorSessionLogger = exports.resolveAdvisorApiKey = exports.createAdvisorClient = exports.projectedSavings = exports.buildPolicyFromProfile = exports.buildBusinessProfile = exports.AdvisorConversation = exports.AgentGuardWorkflowStateError = exports.AgentGuardDurationCapError = exports.AgentGuardChainCorruptError = exports.AgentGuardBudgetCapError = exports.validateReceiptChain = exports.computeChainHash = exports.WorkflowContext = exports.workflow = exports.verifyConsentReceipt = exports.enforceCompliance = exports.AgentGuardConsentRequiredError = exports.AgentGuardComplianceError = exports.isForeignOriginModel = exports.inferCompliance = void 0;
|
|
12
12
|
const telemetry_1 = require("./telemetry");
|
|
13
13
|
const context_1 = require("./workflow/context");
|
|
14
14
|
// Cost table
|
|
@@ -67,6 +67,24 @@ Object.defineProperty(exports, "getCachedCatalog", { enumerable: true, get: func
|
|
|
67
67
|
Object.defineProperty(exports, "syncPricingIntoCostTable", { enumerable: true, get: function () { return openrouter_catalog_1.syncPricingIntoCostTable; } });
|
|
68
68
|
Object.defineProperty(exports, "persistOverrides", { enumerable: true, get: function () { return openrouter_catalog_1.persistOverrides; } });
|
|
69
69
|
Object.defineProperty(exports, "modelCostFromOpenRouter", { enumerable: true, get: function () { return openrouter_catalog_1.modelCostFromOpenRouter; } });
|
|
70
|
+
var schema_1 = require("./receipts/schema");
|
|
71
|
+
Object.defineProperty(exports, "assertReceiptV3", { enumerable: true, get: function () { return schema_1.assertReceiptV3; } });
|
|
72
|
+
Object.defineProperty(exports, "isReceiptV3", { enumerable: true, get: function () { return schema_1.isReceiptV3; } });
|
|
73
|
+
Object.defineProperty(exports, "receiptSchemaVersion", { enumerable: true, get: function () { return schema_1.receiptSchemaVersion; } });
|
|
74
|
+
var provenance_1 = require("./middleware/provenance");
|
|
75
|
+
Object.defineProperty(exports, "captureProvenance", { enumerable: true, get: function () { return provenance_1.captureProvenance; } });
|
|
76
|
+
var provider_registry_1 = require("./middleware/provider-registry");
|
|
77
|
+
Object.defineProperty(exports, "PROVIDER_REGISTRY", { enumerable: true, get: function () { return provider_registry_1.PROVIDER_REGISTRY; } });
|
|
78
|
+
Object.defineProperty(exports, "inferProviderRoute", { enumerable: true, get: function () { return provider_registry_1.inferProviderRoute; } });
|
|
79
|
+
Object.defineProperty(exports, "inferModelIdentity", { enumerable: true, get: function () { return provider_registry_1.inferModelIdentity; } });
|
|
80
|
+
Object.defineProperty(exports, "inferHosting", { enumerable: true, get: function () { return provider_registry_1.inferHosting; } });
|
|
81
|
+
Object.defineProperty(exports, "inferCompliance", { enumerable: true, get: function () { return provider_registry_1.inferCompliance; } });
|
|
82
|
+
Object.defineProperty(exports, "isForeignOriginModel", { enumerable: true, get: function () { return provider_registry_1.isForeignOriginModel; } });
|
|
83
|
+
var enforce_1 = require("./posture/enforce");
|
|
84
|
+
Object.defineProperty(exports, "AgentGuardComplianceError", { enumerable: true, get: function () { return enforce_1.AgentGuardComplianceError; } });
|
|
85
|
+
Object.defineProperty(exports, "AgentGuardConsentRequiredError", { enumerable: true, get: function () { return enforce_1.AgentGuardConsentRequiredError; } });
|
|
86
|
+
Object.defineProperty(exports, "enforceCompliance", { enumerable: true, get: function () { return enforce_1.enforceCompliance; } });
|
|
87
|
+
Object.defineProperty(exports, "verifyConsentReceipt", { enumerable: true, get: function () { return enforce_1.verifyConsentReceipt; } });
|
|
70
88
|
// Workflow primitive
|
|
71
89
|
var context_2 = require("./workflow/context");
|
|
72
90
|
Object.defineProperty(exports, "workflow", { enumerable: true, get: function () { return context_2.workflow; } });
|
|
@@ -108,7 +126,7 @@ Object.defineProperty(exports, "TRANSLATIONS", { enumerable: true, get: function
|
|
|
108
126
|
Object.defineProperty(exports, "resolveLocale", { enumerable: true, get: function () { return i18n_1.resolveLocale; } });
|
|
109
127
|
Object.defineProperty(exports, "t", { enumerable: true, get: function () { return i18n_1.t; } });
|
|
110
128
|
Object.defineProperty(exports, "formatBlockedTrace", { enumerable: true, get: function () { return i18n_1.formatBlockedTrace; } });
|
|
111
|
-
exports.AGENTGUARD_SPEND_VERSION = '0.
|
|
129
|
+
exports.AGENTGUARD_SPEND_VERSION = '0.6.0';
|
|
112
130
|
exports.agentguard = {
|
|
113
131
|
workflow: context_1.workflow,
|
|
114
132
|
};
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;;AAEH,2CAA8E;AAC9E,gDAA6D;AAmB7D,aAAa;AACb,2CAWsB;AAVpB,0GAAA,YAAY,OAAA;AACZ,6GAAA,eAAe,OAAA;AACf,gHAAA,kBAAkB,OAAA;AAClB,8GAAA,gBAAgB,OAAA;AAChB,2GAAA,aAAa,OAAA;AACb,+GAAA,iBAAiB,OAAA;AACjB,wHAAA,0BAA0B,OAAA;AAC1B,kHAAA,oBAAoB,OAAA;AACpB,6GAAA,eAAe,OAAA;AAIjB,gBAAgB;AAChB,mCAAuK;AAA9J,wGAAA,cAAc,OAAA;AAAE,uGAAA,aAAa,OAAA;AAAE,iHAAA,uBAAuB,OAAA;AAAE,mHAAA,yBAAyB,OAAA;AAAE,qHAAA,2BAA2B,OAAA;AAAE,qHAAA,2BAA2B,OAAA;AAEpJ,eAAe;AACf,+CAUwB;AATtB,6GAAA,aAAa,OAAA;AACb,yGAAA,SAAS,OAAA;AACT,gHAAA,gBAAgB,OAAA;AAChB,wHAAA,wBAAwB,OAAA;AACxB,4GAAA,YAAY,OAAA;AACZ,2GAAA,WAAW,OAAA;AACX,2GAAA,WAAW,OAAA;AACX,qHAAA,qBAAqB,OAAA;AACrB,wHAAA,wBAAwB,OAAA;AAG1B,wBAAwB;AACxB,+CAAoD;AAA3C,kHAAA,kBAAkB,OAAA;AAE3B,mBAAmB;AACnB,qCAWmB;AAVjB,yHAAA,8BAA8B,OAAA;AAC9B,6GAAA,kBAAkB,OAAA;AAClB,qHAAA,0BAA0B,OAAA;AAC1B,mHAAA,wBAAwB,OAAA;AACxB,oHAAA,yBAAyB,OAAA;AACzB,oHAAA,yBAAyB,OAAA;AACzB,gHAAA,qBAAqB,OAAA;AAMvB,qBAAqB;AACrB,yCAOqB;AANnB,4GAAA,eAAe,OAAA;AACf,4GAAA,eAAe,OAAA;AACf,6GAAA,gBAAgB,OAAA;AAChB,oHAAA,uBAAuB,OAAA;AACvB,iHAAA,oBAAoB,OAAA;AAItB,qBAAqB;AACrB,2DAS8B;AAR5B,kHAAA,YAAY,OAAA;AACZ,sHAAA,gBAAgB,OAAA;AAChB,8HAAA,wBAAwB,OAAA;AACxB,sHAAA,gBAAgB,OAAA;AAChB,6HAAA,uBAAuB,OAAA;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;;AAEH,2CAA8E;AAC9E,gDAA6D;AAmB7D,aAAa;AACb,2CAWsB;AAVpB,0GAAA,YAAY,OAAA;AACZ,6GAAA,eAAe,OAAA;AACf,gHAAA,kBAAkB,OAAA;AAClB,8GAAA,gBAAgB,OAAA;AAChB,2GAAA,aAAa,OAAA;AACb,+GAAA,iBAAiB,OAAA;AACjB,wHAAA,0BAA0B,OAAA;AAC1B,kHAAA,oBAAoB,OAAA;AACpB,6GAAA,eAAe,OAAA;AAIjB,gBAAgB;AAChB,mCAAuK;AAA9J,wGAAA,cAAc,OAAA;AAAE,uGAAA,aAAa,OAAA;AAAE,iHAAA,uBAAuB,OAAA;AAAE,mHAAA,yBAAyB,OAAA;AAAE,qHAAA,2BAA2B,OAAA;AAAE,qHAAA,2BAA2B,OAAA;AAEpJ,eAAe;AACf,+CAUwB;AATtB,6GAAA,aAAa,OAAA;AACb,yGAAA,SAAS,OAAA;AACT,gHAAA,gBAAgB,OAAA;AAChB,wHAAA,wBAAwB,OAAA;AACxB,4GAAA,YAAY,OAAA;AACZ,2GAAA,WAAW,OAAA;AACX,2GAAA,WAAW,OAAA;AACX,qHAAA,qBAAqB,OAAA;AACrB,wHAAA,wBAAwB,OAAA;AAG1B,wBAAwB;AACxB,+CAAoD;AAA3C,kHAAA,kBAAkB,OAAA;AAE3B,mBAAmB;AACnB,qCAWmB;AAVjB,yHAAA,8BAA8B,OAAA;AAC9B,6GAAA,kBAAkB,OAAA;AAClB,qHAAA,0BAA0B,OAAA;AAC1B,mHAAA,wBAAwB,OAAA;AACxB,oHAAA,yBAAyB,OAAA;AACzB,oHAAA,yBAAyB,OAAA;AACzB,gHAAA,qBAAqB,OAAA;AAMvB,qBAAqB;AACrB,yCAOqB;AANnB,4GAAA,eAAe,OAAA;AACf,4GAAA,eAAe,OAAA;AACf,6GAAA,gBAAgB,OAAA;AAChB,oHAAA,uBAAuB,OAAA;AACvB,iHAAA,oBAAoB,OAAA;AAItB,qBAAqB;AACrB,2DAS8B;AAR5B,kHAAA,YAAY,OAAA;AACZ,sHAAA,gBAAgB,OAAA;AAChB,8HAAA,wBAAwB,OAAA;AACxB,sHAAA,gBAAgB,OAAA;AAChB,6HAAA,uBAAuB,OAAA;AAqBzB,4CAAuF;AAA9E,yGAAA,eAAe,OAAA;AAAE,qGAAA,WAAW,OAAA;AAAE,8GAAA,oBAAoB,OAAA;AAC3D,sDAAuG;AAA9F,+GAAA,iBAAiB,OAAA;AAC1B,oEAAgK;AAAvJ,sHAAA,iBAAiB,OAAA;AAAE,uHAAA,kBAAkB,OAAA;AAAE,uHAAA,kBAAkB,OAAA;AAAE,iHAAA,YAAY,OAAA;AAAE,oHAAA,eAAe,OAAA;AAAE,yHAAA,oBAAoB,OAAA;AACvH,6CAA+J;AAAtJ,oHAAA,yBAAyB,OAAA;AAAE,yHAAA,8BAA8B,OAAA;AAAE,4GAAA,iBAAiB,OAAA;AAAE,+GAAA,oBAAoB,OAAA;AAE3G,qBAAqB;AACrB,8CAA+D;AAAtD,mGAAA,QAAQ,OAAA;AAAE,0GAAA,eAAe,OAAA;AAClC,8DAAoF;AAA3E,mHAAA,gBAAgB,OAAA;AAAE,uHAAA,oBAAoB,OAAA;AAC/C,4CAK2B;AAJzB,kHAAA,wBAAwB,OAAA;AACxB,qHAAA,2BAA2B,OAAA;AAC3B,oHAAA,0BAA0B,OAAA;AAC1B,sHAAA,4BAA4B,OAAA;AAY9B,sBAAsB;AACtB,uDAOgC;AAN9B,mHAAA,mBAAmB,OAAA;AACnB,oHAAA,oBAAoB,OAAA;AACpB,sHAAA,sBAAsB,OAAA;AACtB,gHAAA,gBAAgB,OAAA;AAIlB,mDAA2H;AAAlH,iHAAA,mBAAmB,OAAA;AAAE,kHAAA,oBAAoB,OAAA;AAClD,2CAAwG;AAA/F,oHAAA,0BAA0B,OAAA;AAAE,6GAAA,mBAAmB,OAAA;AAExD,eAAe;AACf,6CAQuB;AAPrB,yGAAA,UAAU,OAAA;AACV,6GAAA,cAAc,OAAA;AACd,qHAAA,sBAAsB,OAAA;AAOxB,kDAA6F;AAApF,oHAAA,uBAAuB,OAAA;AAChC,8CAAuF;AAA9E,gHAAA,qBAAqB,OAAA;AAE9B,sCAAsC;AACtC,+BASgB;AARd,sGAAA,cAAc,OAAA;AACd,yGAAA,iBAAiB,OAAA;AACjB,oGAAA,YAAY,OAAA;AAEZ,qGAAA,aAAa,OAAA;AACb,yFAAA,CAAC,OAAA;AACD,0GAAA,kBAAkB,OAAA;AAIP,QAAA,wBAAwB,GAAG,OAAO,CAAC;AAGnC,QAAA,UAAU,GAAG;IACxB,QAAQ,EAAE,kBAAW;CACtB,CAAC;AAEF,2DAA2D;AAC9C,QAAA,aAAa,GACxB,8CAA8C;IAC9C,6DAA6D;IAC7D,sDAAsD,CAAC;AACzD,IAAA,gCAAuB,EAAC,UAAU,CAAC,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import type { ProvenanceBlock } from '../receipts/schema';
|
|
2
|
+
import { type ProviderRegistryConfig, type ProviderRegistryRequest } from './provider-registry';
|
|
3
|
+
export interface AgentRequest extends ProviderRegistryRequest {
|
|
4
|
+
headers?: Record<string, string | undefined>;
|
|
5
|
+
}
|
|
6
|
+
export interface AgentGuardContext {
|
|
7
|
+
config?: ProviderRegistryConfig;
|
|
8
|
+
now?: () => Date;
|
|
9
|
+
}
|
|
10
|
+
export declare function captureProvenance(req: AgentRequest, ctx?: AgentGuardContext): ProvenanceBlock;
|
|
11
|
+
//# sourceMappingURL=provenance.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"provenance.d.ts","sourceRoot":"","sources":["../../src/middleware/provenance.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAC1D,OAAO,EAKL,KAAK,sBAAsB,EAC3B,KAAK,uBAAuB,EAC7B,MAAM,qBAAqB,CAAC;AAE7B,MAAM,WAAW,YAAa,SAAQ,uBAAuB;IAC3D,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC;CAC9C;AAED,MAAM,WAAW,iBAAiB;IAChC,MAAM,CAAC,EAAE,sBAAsB,CAAC;IAChC,GAAG,CAAC,EAAE,MAAM,IAAI,CAAC;CAClB;AAED,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,YAAY,EAAE,GAAG,GAAE,iBAAsB,GAAG,eAAe,CAWjG"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.captureProvenance = captureProvenance;
|
|
4
|
+
const provider_registry_1 = require("./provider-registry");
|
|
5
|
+
function captureProvenance(req, ctx = {}) {
|
|
6
|
+
const route = (0, provider_registry_1.inferProviderRoute)({ ...req, providerRoute: ctx.config?.providerRoute ?? req.providerRoute });
|
|
7
|
+
const model = (0, provider_registry_1.inferModelIdentity)(String(req.model || 'unknown'), route);
|
|
8
|
+
const hosting = (0, provider_registry_1.inferHosting)(route, ctx.config);
|
|
9
|
+
const compliance = (0, provider_registry_1.inferCompliance)(route, model, ctx.config);
|
|
10
|
+
return {
|
|
11
|
+
model_identity: model,
|
|
12
|
+
hosting,
|
|
13
|
+
compliance,
|
|
14
|
+
captured_at: (ctx.now ? ctx.now() : new Date()).toISOString(),
|
|
15
|
+
};
|
|
16
|
+
}
|
|
17
|
+
//# sourceMappingURL=provenance.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"provenance.js","sourceRoot":"","sources":["../../src/middleware/provenance.ts"],"names":[],"mappings":";;AAmBA,8CAWC;AA7BD,2DAO6B;AAW7B,SAAgB,iBAAiB,CAAC,GAAiB,EAAE,MAAyB,EAAE;IAC9E,MAAM,KAAK,GAAG,IAAA,sCAAkB,EAAC,EAAE,GAAG,GAAG,EAAE,aAAa,EAAE,GAAG,CAAC,MAAM,EAAE,aAAa,IAAI,GAAG,CAAC,aAAa,EAAE,CAAC,CAAC;IAC5G,MAAM,KAAK,GAAG,IAAA,sCAAkB,EAAC,MAAM,CAAC,GAAG,CAAC,KAAK,IAAI,SAAS,CAAC,EAAE,KAAK,CAAC,CAAC;IACxE,MAAM,OAAO,GAAG,IAAA,gCAAY,EAAC,KAAK,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAChD,MAAM,UAAU,GAAG,IAAA,mCAAe,EAAC,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC7D,OAAO;QACL,cAAc,EAAE,KAAK;QACrB,OAAO;QACP,UAAU;QACV,WAAW,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE;KAC9D,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
import type { ComplianceProvenance, HostingProvenance, JurisdictionCountry, ModelIdentity, ProvenanceProvider, WeightsOriginCountry } from '../receipts/schema';
|
|
2
|
+
export interface ProviderRouteInfo {
|
|
3
|
+
provider: ProvenanceProvider;
|
|
4
|
+
weights_origin_country: WeightsOriginCountry;
|
|
5
|
+
available_jurisdictions: string[];
|
|
6
|
+
baa_path: string | null;
|
|
7
|
+
hipaa_eligible: boolean;
|
|
8
|
+
zdr_available: boolean;
|
|
9
|
+
default_retention_days: number | null;
|
|
10
|
+
foreign_origin?: boolean;
|
|
11
|
+
}
|
|
12
|
+
export interface ProviderRegistryRequest {
|
|
13
|
+
url?: string;
|
|
14
|
+
provider?: string;
|
|
15
|
+
providerRoute?: string;
|
|
16
|
+
model?: string;
|
|
17
|
+
}
|
|
18
|
+
export interface ProviderRegistryConfig {
|
|
19
|
+
providerRoute?: string;
|
|
20
|
+
jurisdictionCountry?: JurisdictionCountry;
|
|
21
|
+
jurisdictionRegion?: string;
|
|
22
|
+
baaInForce?: boolean;
|
|
23
|
+
baaVendor?: string | null;
|
|
24
|
+
dataRetentionDays?: number | null;
|
|
25
|
+
dataResidencyAttested?: boolean;
|
|
26
|
+
foreignOriginConsentReceiptId?: string | null;
|
|
27
|
+
}
|
|
28
|
+
export declare const PROVIDER_REGISTRY: Record<string, ProviderRouteInfo>;
|
|
29
|
+
export declare function isForeignOriginModel(model: string): boolean;
|
|
30
|
+
export declare function inferProviderRoute(req: ProviderRegistryRequest): string;
|
|
31
|
+
export declare function inferModelIdentity(model: string, route: string): ModelIdentity;
|
|
32
|
+
export declare function inferHosting(route: string, config?: ProviderRegistryConfig): HostingProvenance;
|
|
33
|
+
export declare function inferCompliance(route: string, model: ModelIdentity, config?: ProviderRegistryConfig): ComplianceProvenance;
|
|
34
|
+
//# sourceMappingURL=provider-registry.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"provider-registry.d.ts","sourceRoot":"","sources":["../../src/middleware/provider-registry.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,oBAAoB,EACpB,iBAAiB,EACjB,mBAAmB,EACnB,aAAa,EACb,kBAAkB,EAClB,oBAAoB,EACrB,MAAM,oBAAoB,CAAC;AAE5B,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,sBAAsB,EAAE,oBAAoB,CAAC;IAC7C,uBAAuB,EAAE,MAAM,EAAE,CAAC;IAClC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,cAAc,EAAE,OAAO,CAAC;IACxB,aAAa,EAAE,OAAO,CAAC;IACvB,sBAAsB,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED,MAAM,WAAW,uBAAuB;IACtC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,sBAAsB;IACrC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,mBAAmB,CAAC,EAAE,mBAAmB,CAAC;IAC1C,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,iBAAiB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,6BAA6B,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC/C;AAED,eAAO,MAAM,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,iBAAiB,CA8I/D,CAAC;AAIF,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAE3D;AAED,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,uBAAuB,GAAG,MAAM,CAoBvE;AAED,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,aAAa,CAU9E;AAED,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,GAAE,sBAA2B,GAAG,iBAAiB,CAQlG;AAED,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,MAAM,GAAE,sBAA2B,GAAG,oBAAoB,CAY9H"}
|
|
@@ -0,0 +1,290 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.PROVIDER_REGISTRY = void 0;
|
|
4
|
+
exports.isForeignOriginModel = isForeignOriginModel;
|
|
5
|
+
exports.inferProviderRoute = inferProviderRoute;
|
|
6
|
+
exports.inferModelIdentity = inferModelIdentity;
|
|
7
|
+
exports.inferHosting = inferHosting;
|
|
8
|
+
exports.inferCompliance = inferCompliance;
|
|
9
|
+
exports.PROVIDER_REGISTRY = {
|
|
10
|
+
'anthropic-direct': {
|
|
11
|
+
provider: 'anthropic',
|
|
12
|
+
weights_origin_country: 'US',
|
|
13
|
+
available_jurisdictions: ['US'],
|
|
14
|
+
baa_path: 'Anthropic Enterprise Messages API with BAA eligible routing',
|
|
15
|
+
hipaa_eligible: true,
|
|
16
|
+
zdr_available: true,
|
|
17
|
+
default_retention_days: 0,
|
|
18
|
+
},
|
|
19
|
+
'aws-bedrock': {
|
|
20
|
+
provider: 'anthropic',
|
|
21
|
+
weights_origin_country: 'US',
|
|
22
|
+
available_jurisdictions: ['us-east-1', 'us-east-2', 'us-west-2', 'eu-west-1', 'eu-central-1', 'ap-northeast-1'],
|
|
23
|
+
baa_path: 'AWS BAA for Bedrock HIPAA eligible services',
|
|
24
|
+
hipaa_eligible: true,
|
|
25
|
+
zdr_available: true,
|
|
26
|
+
default_retention_days: 0,
|
|
27
|
+
},
|
|
28
|
+
'azure-openai': {
|
|
29
|
+
provider: 'openai',
|
|
30
|
+
weights_origin_country: 'US',
|
|
31
|
+
available_jurisdictions: ['eastus', 'westus', 'westeurope', 'francecentral', 'switzerlandnorth'],
|
|
32
|
+
baa_path: 'Microsoft Product Terms DPA',
|
|
33
|
+
hipaa_eligible: true,
|
|
34
|
+
zdr_available: true,
|
|
35
|
+
default_retention_days: 0,
|
|
36
|
+
},
|
|
37
|
+
'openai-direct': {
|
|
38
|
+
provider: 'openai',
|
|
39
|
+
weights_origin_country: 'US',
|
|
40
|
+
available_jurisdictions: ['US'],
|
|
41
|
+
baa_path: 'OpenAI Enterprise BAA with eligible API configuration',
|
|
42
|
+
hipaa_eligible: true,
|
|
43
|
+
zdr_available: true,
|
|
44
|
+
default_retention_days: 30,
|
|
45
|
+
},
|
|
46
|
+
'vertex-ai': {
|
|
47
|
+
provider: 'google',
|
|
48
|
+
weights_origin_country: 'US',
|
|
49
|
+
available_jurisdictions: ['us-central1', 'us-east4', 'europe-west4', 'europe-west1', 'asia-northeast1'],
|
|
50
|
+
baa_path: 'Google Cloud BAA',
|
|
51
|
+
hipaa_eligible: true,
|
|
52
|
+
zdr_available: true,
|
|
53
|
+
default_retention_days: 0,
|
|
54
|
+
},
|
|
55
|
+
fireworks: {
|
|
56
|
+
provider: 'fireworks',
|
|
57
|
+
weights_origin_country: 'unknown',
|
|
58
|
+
available_jurisdictions: ['US'],
|
|
59
|
+
baa_path: null,
|
|
60
|
+
hipaa_eligible: false,
|
|
61
|
+
zdr_available: false,
|
|
62
|
+
default_retention_days: 30,
|
|
63
|
+
},
|
|
64
|
+
baseten: {
|
|
65
|
+
provider: 'baseten',
|
|
66
|
+
weights_origin_country: 'unknown',
|
|
67
|
+
available_jurisdictions: ['US'],
|
|
68
|
+
baa_path: null,
|
|
69
|
+
hipaa_eligible: false,
|
|
70
|
+
zdr_available: false,
|
|
71
|
+
default_retention_days: 30,
|
|
72
|
+
},
|
|
73
|
+
together: {
|
|
74
|
+
provider: 'together',
|
|
75
|
+
weights_origin_country: 'unknown',
|
|
76
|
+
available_jurisdictions: ['US'],
|
|
77
|
+
baa_path: null,
|
|
78
|
+
hipaa_eligible: false,
|
|
79
|
+
zdr_available: false,
|
|
80
|
+
default_retention_days: 30,
|
|
81
|
+
},
|
|
82
|
+
'moonshot-direct': {
|
|
83
|
+
provider: 'moonshot',
|
|
84
|
+
weights_origin_country: 'CN',
|
|
85
|
+
available_jurisdictions: ['CN'],
|
|
86
|
+
baa_path: null,
|
|
87
|
+
hipaa_eligible: false,
|
|
88
|
+
zdr_available: false,
|
|
89
|
+
default_retention_days: 30,
|
|
90
|
+
foreign_origin: true,
|
|
91
|
+
},
|
|
92
|
+
'deepseek-direct': {
|
|
93
|
+
provider: 'deepseek',
|
|
94
|
+
weights_origin_country: 'CN',
|
|
95
|
+
available_jurisdictions: ['CN'],
|
|
96
|
+
baa_path: null,
|
|
97
|
+
hipaa_eligible: false,
|
|
98
|
+
zdr_available: false,
|
|
99
|
+
default_retention_days: 30,
|
|
100
|
+
foreign_origin: true,
|
|
101
|
+
},
|
|
102
|
+
'alibaba-direct': {
|
|
103
|
+
provider: 'alibaba',
|
|
104
|
+
weights_origin_country: 'CN',
|
|
105
|
+
available_jurisdictions: ['CN'],
|
|
106
|
+
baa_path: null,
|
|
107
|
+
hipaa_eligible: false,
|
|
108
|
+
zdr_available: false,
|
|
109
|
+
default_retention_days: 30,
|
|
110
|
+
foreign_origin: true,
|
|
111
|
+
},
|
|
112
|
+
'kimi-k2-on-baseten': {
|
|
113
|
+
provider: 'baseten',
|
|
114
|
+
weights_origin_country: 'CN',
|
|
115
|
+
available_jurisdictions: ['US'],
|
|
116
|
+
baa_path: null,
|
|
117
|
+
hipaa_eligible: false,
|
|
118
|
+
zdr_available: false,
|
|
119
|
+
default_retention_days: 30,
|
|
120
|
+
foreign_origin: true,
|
|
121
|
+
},
|
|
122
|
+
'deepseek-on-together': {
|
|
123
|
+
provider: 'together',
|
|
124
|
+
weights_origin_country: 'CN',
|
|
125
|
+
available_jurisdictions: ['US'],
|
|
126
|
+
baa_path: null,
|
|
127
|
+
hipaa_eligible: false,
|
|
128
|
+
zdr_available: false,
|
|
129
|
+
default_retention_days: 30,
|
|
130
|
+
foreign_origin: true,
|
|
131
|
+
},
|
|
132
|
+
'qwen-on-together': {
|
|
133
|
+
provider: 'together',
|
|
134
|
+
weights_origin_country: 'CN',
|
|
135
|
+
available_jurisdictions: ['US'],
|
|
136
|
+
baa_path: null,
|
|
137
|
+
hipaa_eligible: false,
|
|
138
|
+
zdr_available: false,
|
|
139
|
+
default_retention_days: 30,
|
|
140
|
+
foreign_origin: true,
|
|
141
|
+
},
|
|
142
|
+
'self-hosted': {
|
|
143
|
+
provider: 'self_hosted',
|
|
144
|
+
weights_origin_country: 'unknown',
|
|
145
|
+
available_jurisdictions: ['self-hosted'],
|
|
146
|
+
baa_path: null,
|
|
147
|
+
hipaa_eligible: false,
|
|
148
|
+
zdr_available: true,
|
|
149
|
+
default_retention_days: 0,
|
|
150
|
+
},
|
|
151
|
+
};
|
|
152
|
+
const FOREIGN_ORIGIN_PATTERNS = [/kimi/i, /deepseek/i, /qwen/i, /yi[-_ ]/i, /baichuan/i, /glm/i, /moonshot/i];
|
|
153
|
+
function isForeignOriginModel(model) {
|
|
154
|
+
return FOREIGN_ORIGIN_PATTERNS.some((pattern) => pattern.test(model));
|
|
155
|
+
}
|
|
156
|
+
function inferProviderRoute(req) {
|
|
157
|
+
const model = String(req.model || '').toLowerCase();
|
|
158
|
+
const url = String(req.url || '').toLowerCase();
|
|
159
|
+
if ((req.providerRoute === 'baseten' || url.includes('baseten')) && /kimi/.test(model))
|
|
160
|
+
return 'kimi-k2-on-baseten';
|
|
161
|
+
if ((req.providerRoute === 'together' || url.includes('together')) && /deepseek/.test(model))
|
|
162
|
+
return 'deepseek-on-together';
|
|
163
|
+
if ((req.providerRoute === 'together' || url.includes('together')) && /qwen/.test(model))
|
|
164
|
+
return 'qwen-on-together';
|
|
165
|
+
if (req.providerRoute && exports.PROVIDER_REGISTRY[req.providerRoute])
|
|
166
|
+
return req.providerRoute;
|
|
167
|
+
if (url.includes('bedrock') || req.provider === 'bedrock')
|
|
168
|
+
return 'aws-bedrock';
|
|
169
|
+
if (url.includes('anthropic') || req.provider === 'anthropic')
|
|
170
|
+
return 'anthropic-direct';
|
|
171
|
+
if (url.includes('azure') || url.includes('openai.azure'))
|
|
172
|
+
return 'azure-openai';
|
|
173
|
+
if (url.includes('aiplatform.googleapis') || url.includes('vertex'))
|
|
174
|
+
return 'vertex-ai';
|
|
175
|
+
if (url.includes('fireworks') || req.providerRoute === 'fireworks')
|
|
176
|
+
return 'fireworks';
|
|
177
|
+
if (url.includes('baseten') || req.providerRoute === 'baseten')
|
|
178
|
+
return 'baseten';
|
|
179
|
+
if (url.includes('together') || req.providerRoute === 'together')
|
|
180
|
+
return 'together';
|
|
181
|
+
if (url.includes('moonshot') || /kimi/.test(model))
|
|
182
|
+
return 'moonshot-direct';
|
|
183
|
+
if (url.includes('deepseek') || /deepseek/.test(model))
|
|
184
|
+
return 'deepseek-direct';
|
|
185
|
+
if (url.includes('dashscope') || url.includes('alibaba') || /qwen/.test(model))
|
|
186
|
+
return 'alibaba-direct';
|
|
187
|
+
if (req.provider === 'openai')
|
|
188
|
+
return 'openai-direct';
|
|
189
|
+
if (req.provider === 'gemini')
|
|
190
|
+
return 'vertex-ai';
|
|
191
|
+
return 'self-hosted';
|
|
192
|
+
}
|
|
193
|
+
function inferModelIdentity(model, route) {
|
|
194
|
+
const info = exports.PROVIDER_REGISTRY[route] ?? exports.PROVIDER_REGISTRY['self-hosted'];
|
|
195
|
+
const modelId = model || 'unknown';
|
|
196
|
+
return {
|
|
197
|
+
provider: modelProvider(modelId, info.provider),
|
|
198
|
+
model_id: modelId,
|
|
199
|
+
model_version: modelVersion(modelId),
|
|
200
|
+
model_family: modelFamily(modelId),
|
|
201
|
+
weights_origin_country: isForeignOriginModel(modelId) || info.foreign_origin ? 'CN' : info.weights_origin_country,
|
|
202
|
+
};
|
|
203
|
+
}
|
|
204
|
+
function inferHosting(route, config = {}) {
|
|
205
|
+
const info = exports.PROVIDER_REGISTRY[route] ?? exports.PROVIDER_REGISTRY['self-hosted'];
|
|
206
|
+
const region = config.jurisdictionRegion || info.available_jurisdictions[0] || 'unknown';
|
|
207
|
+
return {
|
|
208
|
+
provider_route: route,
|
|
209
|
+
jurisdiction_country: config.jurisdictionCountry || countryFromRegion(region),
|
|
210
|
+
jurisdiction_region: region,
|
|
211
|
+
};
|
|
212
|
+
}
|
|
213
|
+
function inferCompliance(route, model, config = {}) {
|
|
214
|
+
const info = exports.PROVIDER_REGISTRY[route] ?? exports.PROVIDER_REGISTRY['self-hosted'];
|
|
215
|
+
const retention = config.dataRetentionDays !== undefined ? config.dataRetentionDays : info.default_retention_days;
|
|
216
|
+
return {
|
|
217
|
+
baa_in_force: config.baaInForce ?? false,
|
|
218
|
+
baa_vendor: config.baaVendor ?? info.baa_path,
|
|
219
|
+
hipaa_eligible: info.hipaa_eligible,
|
|
220
|
+
data_retention_days: retention,
|
|
221
|
+
data_residency_attested: config.dataResidencyAttested ?? false,
|
|
222
|
+
foreign_origin_weight_flag: model.weights_origin_country === 'CN' || info.foreign_origin === true,
|
|
223
|
+
foreign_origin_consent_receipt_id: config.foreignOriginConsentReceiptId ?? null,
|
|
224
|
+
};
|
|
225
|
+
}
|
|
226
|
+
function modelProvider(model, fallback) {
|
|
227
|
+
const lower = model.toLowerCase();
|
|
228
|
+
if (lower.includes('claude'))
|
|
229
|
+
return 'anthropic';
|
|
230
|
+
if (lower.includes('gpt') || lower.includes('openai'))
|
|
231
|
+
return 'openai';
|
|
232
|
+
if (lower.includes('gemini'))
|
|
233
|
+
return 'google';
|
|
234
|
+
if (lower.includes('mistral'))
|
|
235
|
+
return 'mistral';
|
|
236
|
+
if (lower.includes('llama'))
|
|
237
|
+
return 'meta';
|
|
238
|
+
if (lower.includes('command'))
|
|
239
|
+
return 'cohere';
|
|
240
|
+
if (lower.includes('deepseek'))
|
|
241
|
+
return 'deepseek';
|
|
242
|
+
if (lower.includes('kimi') || lower.includes('moonshot'))
|
|
243
|
+
return 'moonshot';
|
|
244
|
+
if (lower.includes('qwen') || lower.includes('yi') || lower.includes('baichuan') || lower.includes('glm'))
|
|
245
|
+
return 'alibaba';
|
|
246
|
+
return fallback;
|
|
247
|
+
}
|
|
248
|
+
function modelVersion(model) {
|
|
249
|
+
const match = model.match(/(?:^|[-_])(20\d{6}|\d{8})(?:$|[-_])/);
|
|
250
|
+
return match?.[1] ?? 'unknown';
|
|
251
|
+
}
|
|
252
|
+
function modelFamily(model) {
|
|
253
|
+
const lower = model.toLowerCase();
|
|
254
|
+
if (lower.includes('claude'))
|
|
255
|
+
return 'claude';
|
|
256
|
+
if (lower.includes('gpt'))
|
|
257
|
+
return 'gpt';
|
|
258
|
+
if (lower.includes('gemini'))
|
|
259
|
+
return 'gemini';
|
|
260
|
+
if (lower.includes('llama-4') || lower.includes('llama4'))
|
|
261
|
+
return 'llama-4';
|
|
262
|
+
if (lower.includes('mistral'))
|
|
263
|
+
return 'mistral';
|
|
264
|
+
if (lower.includes('kimi'))
|
|
265
|
+
return 'kimi';
|
|
266
|
+
if (lower.includes('deepseek'))
|
|
267
|
+
return 'deepseek';
|
|
268
|
+
if (lower.includes('qwen'))
|
|
269
|
+
return 'qwen';
|
|
270
|
+
return lower.split(/[/:_]/).pop()?.split('-').slice(0, 2).join('-') || 'unknown';
|
|
271
|
+
}
|
|
272
|
+
function countryFromRegion(region) {
|
|
273
|
+
const lower = region.toLowerCase();
|
|
274
|
+
if (lower.startsWith('us') || lower.includes('eastus') || lower.includes('westus'))
|
|
275
|
+
return 'US';
|
|
276
|
+
if (lower.startsWith('eu') || lower.includes('europe') || lower.includes('france') || lower.includes('switzerland'))
|
|
277
|
+
return 'EU';
|
|
278
|
+
if (lower.startsWith('uk'))
|
|
279
|
+
return 'UK';
|
|
280
|
+
if (lower.startsWith('ca'))
|
|
281
|
+
return 'CA';
|
|
282
|
+
if (lower.startsWith('cn'))
|
|
283
|
+
return 'CN';
|
|
284
|
+
if (lower.startsWith('ap-northeast') || lower.includes('tokyo') || lower.includes('japan'))
|
|
285
|
+
return 'JP';
|
|
286
|
+
if (lower.startsWith('ap-southeast-2') || lower.includes('australia'))
|
|
287
|
+
return 'AU';
|
|
288
|
+
return 'unknown';
|
|
289
|
+
}
|
|
290
|
+
//# sourceMappingURL=provider-registry.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"provider-registry.js","sourceRoot":"","sources":["../../src/middleware/provider-registry.ts"],"names":[],"mappings":";;;AAwLA,oDAEC;AAED,gDAoBC;AAED,gDAUC;AAED,oCAQC;AAED,0CAYC;AA9MY,QAAA,iBAAiB,GAAsC;IAClE,kBAAkB,EAAE;QAClB,QAAQ,EAAE,WAAW;QACrB,sBAAsB,EAAE,IAAI;QAC5B,uBAAuB,EAAE,CAAC,IAAI,CAAC;QAC/B,QAAQ,EAAE,6DAA6D;QACvE,cAAc,EAAE,IAAI;QACpB,aAAa,EAAE,IAAI;QACnB,sBAAsB,EAAE,CAAC;KAC1B;IACD,aAAa,EAAE;QACb,QAAQ,EAAE,WAAW;QACrB,sBAAsB,EAAE,IAAI;QAC5B,uBAAuB,EAAE,CAAC,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,cAAc,EAAE,gBAAgB,CAAC;QAC/G,QAAQ,EAAE,6CAA6C;QACvD,cAAc,EAAE,IAAI;QACpB,aAAa,EAAE,IAAI;QACnB,sBAAsB,EAAE,CAAC;KAC1B;IACD,cAAc,EAAE;QACd,QAAQ,EAAE,QAAQ;QAClB,sBAAsB,EAAE,IAAI;QAC5B,uBAAuB,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,eAAe,EAAE,kBAAkB,CAAC;QAChG,QAAQ,EAAE,6BAA6B;QACvC,cAAc,EAAE,IAAI;QACpB,aAAa,EAAE,IAAI;QACnB,sBAAsB,EAAE,CAAC;KAC1B;IACD,eAAe,EAAE;QACf,QAAQ,EAAE,QAAQ;QAClB,sBAAsB,EAAE,IAAI;QAC5B,uBAAuB,EAAE,CAAC,IAAI,CAAC;QAC/B,QAAQ,EAAE,uDAAuD;QACjE,cAAc,EAAE,IAAI;QACpB,aAAa,EAAE,IAAI;QACnB,sBAAsB,EAAE,EAAE;KAC3B;IACD,WAAW,EAAE;QACX,QAAQ,EAAE,QAAQ;QAClB,sBAAsB,EAAE,IAAI;QAC5B,uBAAuB,EAAE,CAAC,aAAa,EAAE,UAAU,EAAE,cAAc,EAAE,cAAc,EAAE,iBAAiB,CAAC;QACvG,QAAQ,EAAE,kBAAkB;QAC5B,cAAc,EAAE,IAAI;QACpB,aAAa,EAAE,IAAI;QACnB,sBAAsB,EAAE,CAAC;KAC1B;IACD,SAAS,EAAE;QACT,QAAQ,EAAE,WAAW;QACrB,sBAAsB,EAAE,SAAS;QACjC,uBAAuB,EAAE,CAAC,IAAI,CAAC;QAC/B,QAAQ,EAAE,IAAI;QACd,cAAc,EAAE,KAAK;QACrB,aAAa,EAAE,KAAK;QACpB,sBAAsB,EAAE,EAAE;KAC3B;IACD,OAAO,EAAE;QACP,QAAQ,EAAE,SAAS;QACnB,sBAAsB,EAAE,SAAS;QACjC,uBAAuB,EAAE,CAAC,IAAI,CAAC;QAC/B,QAAQ,EAAE,IAAI;QACd,cAAc,EAAE,KAAK;QACrB,aAAa,EAAE,KAAK;QACpB,sBAAsB,EAAE,EAAE;KAC3B;IACD,QAAQ,EAAE;QACR,QAAQ,EAAE,UAAU;QACpB,sBAAsB,EAAE,SAAS;QACjC,uBAAuB,EAAE,CAAC,IAAI,CAAC;QAC/B,QAAQ,EAAE,IAAI;QACd,cAAc,EAAE,KAAK;QACrB,aAAa,EAAE,KAAK;QACpB,sBAAsB,EAAE,EAAE;KAC3B;IACD,iBAAiB,EAAE;QACjB,QAAQ,EAAE,UAAU;QACpB,sBAAsB,EAAE,IAAI;QAC5B,uBAAuB,EAAE,CAAC,IAAI,CAAC;QAC/B,QAAQ,EAAE,IAAI;QACd,cAAc,EAAE,KAAK;QACrB,aAAa,EAAE,KAAK;QACpB,sBAAsB,EAAE,EAAE;QAC1B,cAAc,EAAE,IAAI;KACrB;IACD,iBAAiB,EAAE;QACjB,QAAQ,EAAE,UAAU;QACpB,sBAAsB,EAAE,IAAI;QAC5B,uBAAuB,EAAE,CAAC,IAAI,CAAC;QAC/B,QAAQ,EAAE,IAAI;QACd,cAAc,EAAE,KAAK;QACrB,aAAa,EAAE,KAAK;QACpB,sBAAsB,EAAE,EAAE;QAC1B,cAAc,EAAE,IAAI;KACrB;IACD,gBAAgB,EAAE;QAChB,QAAQ,EAAE,SAAS;QACnB,sBAAsB,EAAE,IAAI;QAC5B,uBAAuB,EAAE,CAAC,IAAI,CAAC;QAC/B,QAAQ,EAAE,IAAI;QACd,cAAc,EAAE,KAAK;QACrB,aAAa,EAAE,KAAK;QACpB,sBAAsB,EAAE,EAAE;QAC1B,cAAc,EAAE,IAAI;KACrB;IACD,oBAAoB,EAAE;QACpB,QAAQ,EAAE,SAAS;QACnB,sBAAsB,EAAE,IAAI;QAC5B,uBAAuB,EAAE,CAAC,IAAI,CAAC;QAC/B,QAAQ,EAAE,IAAI;QACd,cAAc,EAAE,KAAK;QACrB,aAAa,EAAE,KAAK;QACpB,sBAAsB,EAAE,EAAE;QAC1B,cAAc,EAAE,IAAI;KACrB;IACD,sBAAsB,EAAE;QACtB,QAAQ,EAAE,UAAU;QACpB,sBAAsB,EAAE,IAAI;QAC5B,uBAAuB,EAAE,CAAC,IAAI,CAAC;QAC/B,QAAQ,EAAE,IAAI;QACd,cAAc,EAAE,KAAK;QACrB,aAAa,EAAE,KAAK;QACpB,sBAAsB,EAAE,EAAE;QAC1B,cAAc,EAAE,IAAI;KACrB;IACD,kBAAkB,EAAE;QAClB,QAAQ,EAAE,UAAU;QACpB,sBAAsB,EAAE,IAAI;QAC5B,uBAAuB,EAAE,CAAC,IAAI,CAAC;QAC/B,QAAQ,EAAE,IAAI;QACd,cAAc,EAAE,KAAK;QACrB,aAAa,EAAE,KAAK;QACpB,sBAAsB,EAAE,EAAE;QAC1B,cAAc,EAAE,IAAI;KACrB;IACD,aAAa,EAAE;QACb,QAAQ,EAAE,aAAa;QACvB,sBAAsB,EAAE,SAAS;QACjC,uBAAuB,EAAE,CAAC,aAAa,CAAC;QACxC,QAAQ,EAAE,IAAI;QACd,cAAc,EAAE,KAAK;QACrB,aAAa,EAAE,IAAI;QACnB,sBAAsB,EAAE,CAAC;KAC1B;CACF,CAAC;AAEF,MAAM,uBAAuB,GAAG,CAAC,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;AAE9G,SAAgB,oBAAoB,CAAC,KAAa;IAChD,OAAO,uBAAuB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;AACxE,CAAC;AAED,SAAgB,kBAAkB,CAAC,GAA4B;IAC7D,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACpD,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IAChD,IAAI,CAAC,GAAG,CAAC,aAAa,KAAK,SAAS,IAAI,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,oBAAoB,CAAC;IACpH,IAAI,CAAC,GAAG,CAAC,aAAa,KAAK,UAAU,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,sBAAsB,CAAC;IAC5H,IAAI,CAAC,GAAG,CAAC,aAAa,KAAK,UAAU,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,kBAAkB,CAAC;IACpH,IAAI,GAAG,CAAC,aAAa,IAAI,yBAAiB,CAAC,GAAG,CAAC,aAAa,CAAC;QAAE,OAAO,GAAG,CAAC,aAAa,CAAC;IACxF,IAAI,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,GAAG,CAAC,QAAQ,KAAK,SAAS;QAAE,OAAO,aAAa,CAAC;IAChF,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW;QAAE,OAAO,kBAAkB,CAAC;IACzF,IAAI,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC;QAAE,OAAO,cAAc,CAAC;IACjF,IAAI,GAAG,CAAC,QAAQ,CAAC,uBAAuB,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,WAAW,CAAC;IACxF,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,aAAa,KAAK,WAAW;QAAE,OAAO,WAAW,CAAC;IACvF,IAAI,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,GAAG,CAAC,aAAa,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IACjF,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC,aAAa,KAAK,UAAU;QAAE,OAAO,UAAU,CAAC;IACpF,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,iBAAiB,CAAC;IAC7E,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,iBAAiB,CAAC;IACjF,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,gBAAgB,CAAC;IACxG,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ;QAAE,OAAO,eAAe,CAAC;IACtD,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ;QAAE,OAAO,WAAW,CAAC;IAClD,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,SAAgB,kBAAkB,CAAC,KAAa,EAAE,KAAa;IAC7D,MAAM,IAAI,GAAG,yBAAiB,CAAC,KAAK,CAAC,IAAI,yBAAiB,CAAC,aAAa,CAAC,CAAC;IAC1E,MAAM,OAAO,GAAG,KAAK,IAAI,SAAS,CAAC;IACnC,OAAO;QACL,QAAQ,EAAE,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC;QAC/C,QAAQ,EAAE,OAAO;QACjB,aAAa,EAAE,YAAY,CAAC,OAAO,CAAC;QACpC,YAAY,EAAE,WAAW,CAAC,OAAO,CAAC;QAClC,sBAAsB,EAAE,oBAAoB,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,sBAAsB;KAClH,CAAC;AACJ,CAAC;AAED,SAAgB,YAAY,CAAC,KAAa,EAAE,SAAiC,EAAE;IAC7E,MAAM,IAAI,GAAG,yBAAiB,CAAC,KAAK,CAAC,IAAI,yBAAiB,CAAC,aAAa,CAAC,CAAC;IAC1E,MAAM,MAAM,GAAG,MAAM,CAAC,kBAAkB,IAAI,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,IAAI,SAAS,CAAC;IACzF,OAAO;QACL,cAAc,EAAE,KAAK;QACrB,oBAAoB,EAAE,MAAM,CAAC,mBAAmB,IAAI,iBAAiB,CAAC,MAAM,CAAC;QAC7E,mBAAmB,EAAE,MAAM;KAC5B,CAAC;AACJ,CAAC;AAED,SAAgB,eAAe,CAAC,KAAa,EAAE,KAAoB,EAAE,SAAiC,EAAE;IACtG,MAAM,IAAI,GAAG,yBAAiB,CAAC,KAAK,CAAC,IAAI,yBAAiB,CAAC,aAAa,CAAC,CAAC;IAC1E,MAAM,SAAS,GAAG,MAAM,CAAC,iBAAiB,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC;IAClH,OAAO;QACL,YAAY,EAAE,MAAM,CAAC,UAAU,IAAI,KAAK;QACxC,UAAU,EAAE,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC,QAAQ;QAC7C,cAAc,EAAE,IAAI,CAAC,cAAc;QACnC,mBAAmB,EAAE,SAAS;QAC9B,uBAAuB,EAAE,MAAM,CAAC,qBAAqB,IAAI,KAAK;QAC9D,0BAA0B,EAAE,KAAK,CAAC,sBAAsB,KAAK,IAAI,IAAI,IAAI,CAAC,cAAc,KAAK,IAAI;QACjG,iCAAiC,EAAE,MAAM,CAAC,6BAA6B,IAAI,IAAI;KAChF,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,KAAa,EAAE,QAA4B;IAChE,MAAM,KAAK,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;IAClC,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,WAAW,CAAC;IACjD,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,QAAQ,CAAC;IACvE,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,QAAQ,CAAC;IAC9C,IAAI,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,OAAO,SAAS,CAAC;IAChD,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO,MAAM,CAAC;IAC3C,IAAI,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,OAAO,QAAQ,CAAC;IAC/C,IAAI,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC;QAAE,OAAO,UAAU,CAAC;IAClD,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC;QAAE,OAAO,UAAU,CAAC;IAC5E,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IAC5H,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,YAAY,CAAC,KAAa;IACjC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACjE,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,SAAS,CAAC;AACjC,CAAC;AAED,SAAS,WAAW,CAAC,KAAa;IAChC,MAAM,KAAK,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;IAClC,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,QAAQ,CAAC;IAC9C,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACxC,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,QAAQ,CAAC;IAC9C,IAAI,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,SAAS,CAAC;IAC5E,IAAI,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,OAAO,SAAS,CAAC;IAChD,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,MAAM,CAAC;IAC1C,IAAI,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC;QAAE,OAAO,UAAU,CAAC;IAClD,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,MAAM,CAAC;IAC1C,OAAO,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,SAAS,CAAC;AACnF,CAAC;AAED,SAAS,iBAAiB,CAAC,MAAc;IACvC,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;IACnC,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IAChG,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC;QAAE,OAAO,IAAI,CAAC;IACjI,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IACxC,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IACxC,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IACxC,IAAI,KAAK,CAAC,UAAU,CAAC,cAAc,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IACxG,IAAI,KAAK,CAAC,UAAU,CAAC,gBAAgB,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC;QAAE,OAAO,IAAI,CAAC;IACnF,OAAO,SAAS,CAAC;AACnB,CAAC"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import type { ProvenanceBlock } from '../receipts/schema';
|
|
2
|
+
export type GovernancePosture = 'velocity' | 'standard' | 'compliance';
|
|
3
|
+
export interface ComplianceEnforcementConfig {
|
|
4
|
+
posture?: GovernancePosture;
|
|
5
|
+
foreignOriginConsentReceiptId?: string | null;
|
|
6
|
+
consentEndpointBaseUrl?: string;
|
|
7
|
+
consentGetJson?: (url: string) => Promise<unknown>;
|
|
8
|
+
}
|
|
9
|
+
export declare class AgentGuardComplianceError extends Error {
|
|
10
|
+
code: string;
|
|
11
|
+
constructor(message: string);
|
|
12
|
+
}
|
|
13
|
+
export declare class AgentGuardConsentRequiredError extends Error {
|
|
14
|
+
code: string;
|
|
15
|
+
constructor(message: string);
|
|
16
|
+
}
|
|
17
|
+
export declare function enforceCompliance(provenance: ProvenanceBlock, config?: ComplianceEnforcementConfig): Promise<void>;
|
|
18
|
+
export declare function verifyConsentReceipt(consentId: string, config?: ComplianceEnforcementConfig): Promise<boolean>;
|
|
19
|
+
//# sourceMappingURL=enforce.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"enforce.d.ts","sourceRoot":"","sources":["../../src/posture/enforce.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAE1D,MAAM,MAAM,iBAAiB,GAAG,UAAU,GAAG,UAAU,GAAG,YAAY,CAAC;AAEvE,MAAM,WAAW,2BAA2B;IAC1C,OAAO,CAAC,EAAE,iBAAiB,CAAC;IAC5B,6BAA6B,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9C,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,cAAc,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;CACpD;AAED,qBAAa,yBAA0B,SAAQ,KAAK;IAClD,IAAI,SAAiC;gBACzB,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,8BAA+B,SAAQ,KAAK;IACvD,IAAI,SAAiC;gBACzB,OAAO,EAAE,MAAM;CAI5B;AAID,wBAAsB,iBAAiB,CACrC,UAAU,EAAE,eAAe,EAC3B,MAAM,GAAE,2BAAgC,GACvC,OAAO,CAAC,IAAI,CAAC,CAmBf;AAED,wBAAsB,oBAAoB,CACxC,SAAS,EAAE,MAAM,EACjB,MAAM,GAAE,2BAAgC,GACvC,OAAO,CAAC,OAAO,CAAC,CAKlB"}
|
|
@@ -0,0 +1,109 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
35
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
+
exports.AgentGuardConsentRequiredError = exports.AgentGuardComplianceError = void 0;
|
|
37
|
+
exports.enforceCompliance = enforceCompliance;
|
|
38
|
+
exports.verifyConsentReceipt = verifyConsentReceipt;
|
|
39
|
+
const http = __importStar(require("http"));
|
|
40
|
+
const https = __importStar(require("https"));
|
|
41
|
+
class AgentGuardComplianceError extends Error {
|
|
42
|
+
code = 'AGENTGUARD_COMPLIANCE_BLOCK';
|
|
43
|
+
constructor(message) {
|
|
44
|
+
super(message);
|
|
45
|
+
this.name = 'AgentGuardComplianceError';
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
exports.AgentGuardComplianceError = AgentGuardComplianceError;
|
|
49
|
+
class AgentGuardConsentRequiredError extends Error {
|
|
50
|
+
code = 'AGENTGUARD_CONSENT_REQUIRED';
|
|
51
|
+
constructor(message) {
|
|
52
|
+
super(message);
|
|
53
|
+
this.name = 'AgentGuardConsentRequiredError';
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
exports.AgentGuardConsentRequiredError = AgentGuardConsentRequiredError;
|
|
57
|
+
const DEFAULT_CONSENT_BASE_URL = 'https://agentguard.run';
|
|
58
|
+
async function enforceCompliance(provenance, config = {}) {
|
|
59
|
+
if (!provenance.compliance.foreign_origin_weight_flag)
|
|
60
|
+
return;
|
|
61
|
+
const posture = config.posture ?? 'standard';
|
|
62
|
+
if (posture === 'compliance') {
|
|
63
|
+
throw new AgentGuardComplianceError('Foreign origin weights are blocked in compliance posture. Set posture to standard and provide foreign_origin_consent_receipt_id to use this model.');
|
|
64
|
+
}
|
|
65
|
+
if (posture !== 'standard')
|
|
66
|
+
return;
|
|
67
|
+
const consentId = config.foreignOriginConsentReceiptId || provenance.compliance.foreign_origin_consent_receipt_id;
|
|
68
|
+
if (!consentId) {
|
|
69
|
+
throw new AgentGuardConsentRequiredError('This call uses foreign origin weights. Generate a consent receipt at https://agentguard.run/dashboard/consent/foreign-origin-weights before using this model.');
|
|
70
|
+
}
|
|
71
|
+
const verified = await verifyConsentReceipt(consentId, config);
|
|
72
|
+
if (!verified) {
|
|
73
|
+
throw new AgentGuardConsentRequiredError(`Foreign origin consent receipt ${consentId} is invalid or expired.`);
|
|
74
|
+
}
|
|
75
|
+
}
|
|
76
|
+
async function verifyConsentReceipt(consentId, config = {}) {
|
|
77
|
+
if (!/^ag_consent_[A-Za-z0-9_-]+$/.test(consentId))
|
|
78
|
+
return false;
|
|
79
|
+
const base = (config.consentEndpointBaseUrl || DEFAULT_CONSENT_BASE_URL).replace(/\/$/, '');
|
|
80
|
+
const raw = await (config.consentGetJson ?? getJson)(`${base}/api/consent/verify/${encodeURIComponent(consentId)}`);
|
|
81
|
+
return Boolean(raw && typeof raw === 'object' && raw.valid === true);
|
|
82
|
+
}
|
|
83
|
+
function getJson(url) {
|
|
84
|
+
if (url.startsWith('mock://'))
|
|
85
|
+
return Promise.resolve({ valid: true });
|
|
86
|
+
return new Promise((resolve, reject) => {
|
|
87
|
+
const parsed = new URL(url);
|
|
88
|
+
const client = parsed.protocol === 'http:' ? http : https;
|
|
89
|
+
const req = client.request({ method: 'GET', hostname: parsed.hostname, port: parsed.port, path: parsed.pathname + parsed.search, timeout: 5000 }, (res) => {
|
|
90
|
+
const chunks = [];
|
|
91
|
+
res.on('data', (chunk) => chunks.push(chunk));
|
|
92
|
+
res.on('end', () => {
|
|
93
|
+
const text = Buffer.concat(chunks).toString('utf8');
|
|
94
|
+
if ((res.statusCode ?? 0) >= 400)
|
|
95
|
+
return reject(new Error(`consent endpoint failed: ${res.statusCode}`));
|
|
96
|
+
try {
|
|
97
|
+
resolve(text ? JSON.parse(text) : {});
|
|
98
|
+
}
|
|
99
|
+
catch {
|
|
100
|
+
resolve({});
|
|
101
|
+
}
|
|
102
|
+
});
|
|
103
|
+
});
|
|
104
|
+
req.on('error', reject);
|
|
105
|
+
req.on('timeout', () => req.destroy(new Error('consent endpoint timed out')));
|
|
106
|
+
req.end();
|
|
107
|
+
});
|
|
108
|
+
}
|
|
109
|
+
//# sourceMappingURL=enforce.js.map
|