@ai-pip/core 0.3.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +40 -1
- package/README.md +50 -1038
- package/dist/AAL/index.d.ts +4 -4
- package/dist/AAL/index.d.ts.map +1 -1
- package/dist/AAL/index.js +2 -2
- package/dist/AAL/index.js.map +1 -1
- package/dist/AAL/process/applyRemovalPlan.d.ts +5 -3
- package/dist/AAL/process/applyRemovalPlan.d.ts.map +1 -1
- package/dist/AAL/process/applyRemovalPlan.js +10 -3
- package/dist/AAL/process/applyRemovalPlan.js.map +1 -1
- package/dist/AAL/process/buildDecisionReason.d.ts.map +1 -1
- package/dist/AAL/process/buildDecisionReason.js +2 -4
- package/dist/AAL/process/buildDecisionReason.js.map +1 -1
- package/dist/AAL/process/buildRemediationPlan.d.ts +22 -0
- package/dist/AAL/process/buildRemediationPlan.d.ts.map +1 -0
- package/dist/AAL/process/buildRemediationPlan.js +81 -0
- package/dist/AAL/process/buildRemediationPlan.js.map +1 -0
- package/dist/AAL/process/buildRemovalPlan.d.ts +13 -2
- package/dist/AAL/process/buildRemovalPlan.d.ts.map +1 -1
- package/dist/AAL/process/buildRemovalPlan.js +14 -2
- package/dist/AAL/process/buildRemovalPlan.js.map +1 -1
- package/dist/AAL/process/index.d.ts +2 -3
- package/dist/AAL/process/index.d.ts.map +1 -1
- package/dist/AAL/process/index.js +2 -2
- package/dist/AAL/process/index.js.map +1 -1
- package/dist/AAL/process/resolveAgentAction.d.ts.map +1 -1
- package/dist/AAL/process/resolveAgentAction.js +3 -14
- package/dist/AAL/process/resolveAgentAction.js.map +1 -1
- package/dist/AAL/process/validatePolicy.d.ts +20 -0
- package/dist/AAL/process/validatePolicy.d.ts.map +1 -0
- package/dist/AAL/process/validatePolicy.js +40 -0
- package/dist/AAL/process/validatePolicy.js.map +1 -0
- package/dist/AAL/types.d.ts +18 -35
- package/dist/AAL/types.d.ts.map +1 -1
- package/dist/index.d.ts +6 -6
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +4 -4
- package/dist/index.js.map +1 -1
- package/dist/isl/detect/detect.js +19 -19
- package/dist/isl/detect/detect.js.map +1 -1
- package/dist/isl/sanitize.js +2 -2
- package/dist/isl/sanitize.js.map +1 -1
- package/dist/shared/audit.d.ts +16 -18
- package/dist/shared/audit.d.ts.map +1 -1
- package/dist/shared/audit.js +27 -31
- package/dist/shared/audit.js.map +1 -1
- package/dist/shared/envelope/envelope.d.ts +23 -0
- package/dist/shared/envelope/envelope.d.ts.map +1 -0
- package/dist/shared/envelope/envelope.js +58 -0
- package/dist/shared/envelope/envelope.js.map +1 -0
- package/dist/shared/envelope/exceptions/EnvelopeError.d.ts +8 -0
- package/dist/shared/envelope/exceptions/EnvelopeError.d.ts.map +1 -0
- package/dist/shared/envelope/exceptions/EnvelopeError.js +13 -0
- package/dist/shared/envelope/exceptions/EnvelopeError.js.map +1 -0
- package/dist/shared/envelope/exceptions/index.d.ts +2 -0
- package/dist/shared/envelope/exceptions/index.d.ts.map +1 -0
- package/dist/shared/envelope/exceptions/index.js +2 -0
- package/dist/shared/envelope/exceptions/index.js.map +1 -0
- package/dist/shared/envelope/index.d.ts +18 -0
- package/dist/shared/envelope/index.d.ts.map +1 -0
- package/dist/shared/envelope/index.js +15 -0
- package/dist/shared/envelope/index.js.map +1 -0
- package/dist/shared/envelope/types.d.ts +45 -0
- package/dist/shared/envelope/types.d.ts.map +1 -0
- package/dist/shared/envelope/types.js +10 -0
- package/dist/shared/envelope/types.js.map +1 -0
- package/dist/shared/envelope/value-objects/Metadata.d.ts +27 -0
- package/dist/shared/envelope/value-objects/Metadata.d.ts.map +1 -0
- package/dist/shared/envelope/value-objects/Metadata.js +57 -0
- package/dist/shared/envelope/value-objects/Metadata.js.map +1 -0
- package/dist/shared/envelope/value-objects/Nonce.d.ts +26 -0
- package/dist/shared/envelope/value-objects/Nonce.d.ts.map +1 -0
- package/dist/shared/envelope/value-objects/Nonce.js +38 -0
- package/dist/shared/envelope/value-objects/Nonce.js.map +1 -0
- package/dist/shared/envelope/value-objects/Signature.d.ts +28 -0
- package/dist/shared/envelope/value-objects/Signature.d.ts.map +1 -0
- package/dist/shared/envelope/value-objects/Signature.js +50 -0
- package/dist/shared/envelope/value-objects/Signature.js.map +1 -0
- package/dist/shared/envelope/value-objects/index.d.ts +9 -0
- package/dist/shared/envelope/value-objects/index.d.ts.map +1 -0
- package/dist/shared/envelope/value-objects/index.js +7 -0
- package/dist/shared/envelope/value-objects/index.js.map +1 -0
- package/dist/shared/index.d.ts +1 -1
- package/dist/shared/index.d.ts.map +1 -1
- package/package.json +7 -6
package/dist/AAL/index.d.ts
CHANGED
|
@@ -11,7 +11,7 @@
|
|
|
11
11
|
* **Architecture:**
|
|
12
12
|
* - Consumes ISLSignal (not ISLResult) to maintain layer separation
|
|
13
13
|
* - Applies configurable policies (ALLOW/WARN/BLOCK)
|
|
14
|
-
* - Builds
|
|
14
|
+
* - Builds remediation plans (what to do, not how; SDK/AI agent performs cleanup)
|
|
15
15
|
* - Does not execute actions (that is SDK responsibility)
|
|
16
16
|
*
|
|
17
17
|
* **Does NOT contain:**
|
|
@@ -21,9 +21,9 @@
|
|
|
21
21
|
*/
|
|
22
22
|
export { createAnomalyScore, isHighRisk, isLowRisk, isWarnRisk, isRoleProtected, isContextLeakPreventionEnabled, isInstructionImmutable, isIntentBlocked, isScopeSensitive } from './value-objects/index.js';
|
|
23
23
|
export type { AnomalyScore, PolicyRule } from './value-objects/index.js';
|
|
24
|
-
export { resolveAgentAction, resolveAgentActionWithScore, buildDecisionReason,
|
|
25
|
-
export type { DecisionReason
|
|
24
|
+
export { resolveAgentAction, resolveAgentActionWithScore, buildDecisionReason, buildRemediationPlan, validateAgentPolicyThresholds } from './process/index.js';
|
|
25
|
+
export type { DecisionReason } from './process/index.js';
|
|
26
26
|
export { buildAALLineage } from './lineage/index.js';
|
|
27
27
|
export { ACTION_DISPLAY_COLORS, getActionDisplayColor } from './constants.js';
|
|
28
|
-
export type { AnomalyAction,
|
|
28
|
+
export type { AnomalyAction, RemediationPlan, BlockedIntent, SensitiveScope, ProtectedRole, ImmutableInstruction, AgentPolicy, } from './types.js';
|
|
29
29
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/AAL/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/AAL/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAGH,OAAO,EACH,kBAAkB,EAClB,UAAU,EACV,SAAS,EACT,UAAU,EACV,eAAe,EACf,8BAA8B,EAC9B,sBAAsB,EACtB,eAAe,EACf,gBAAgB,EACnB,MAAM,0BAA0B,CAAA;AAEjC,YAAY,EACR,YAAY,EACZ,UAAU,EACb,MAAM,0BAA0B,CAAA;AAGjC,OAAO,EACH,kBAAkB,EAClB,2BAA2B,EAC3B,mBAAmB,EACnB,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/AAL/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAGH,OAAO,EACH,kBAAkB,EAClB,UAAU,EACV,SAAS,EACT,UAAU,EACV,eAAe,EACf,8BAA8B,EAC9B,sBAAsB,EACtB,eAAe,EACf,gBAAgB,EACnB,MAAM,0BAA0B,CAAA;AAEjC,YAAY,EACR,YAAY,EACZ,UAAU,EACb,MAAM,0BAA0B,CAAA;AAGjC,OAAO,EACH,kBAAkB,EAClB,2BAA2B,EAC3B,mBAAmB,EACnB,oBAAoB,EACpB,6BAA6B,EAChC,MAAM,oBAAoB,CAAA;AAE3B,YAAY,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAA;AAGxD,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAA;AAGpD,OAAO,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,gBAAgB,CAAA;AAG7E,YAAY,EACR,aAAa,EACb,eAAe,EACf,aAAa,EACb,cAAc,EACd,aAAa,EACb,oBAAoB,EACpB,WAAW,GACd,MAAM,YAAY,CAAA"}
|
package/dist/AAL/index.js
CHANGED
|
@@ -11,7 +11,7 @@
|
|
|
11
11
|
* **Architecture:**
|
|
12
12
|
* - Consumes ISLSignal (not ISLResult) to maintain layer separation
|
|
13
13
|
* - Applies configurable policies (ALLOW/WARN/BLOCK)
|
|
14
|
-
* - Builds
|
|
14
|
+
* - Builds remediation plans (what to do, not how; SDK/AI agent performs cleanup)
|
|
15
15
|
* - Does not execute actions (that is SDK responsibility)
|
|
16
16
|
*
|
|
17
17
|
* **Does NOT contain:**
|
|
@@ -22,7 +22,7 @@
|
|
|
22
22
|
// Value objects
|
|
23
23
|
export { createAnomalyScore, isHighRisk, isLowRisk, isWarnRisk, isRoleProtected, isContextLeakPreventionEnabled, isInstructionImmutable, isIntentBlocked, isScopeSensitive } from './value-objects/index.js';
|
|
24
24
|
// Process functions
|
|
25
|
-
export { resolveAgentAction, resolveAgentActionWithScore, buildDecisionReason,
|
|
25
|
+
export { resolveAgentAction, resolveAgentActionWithScore, buildDecisionReason, buildRemediationPlan, validateAgentPolicyThresholds } from './process/index.js';
|
|
26
26
|
// Lineage
|
|
27
27
|
export { buildAALLineage } from './lineage/index.js';
|
|
28
28
|
// Display constants (for SDK/UI)
|
package/dist/AAL/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/AAL/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,gBAAgB;AAChB,OAAO,EACH,kBAAkB,EAClB,UAAU,EACV,SAAS,EACT,UAAU,EACV,eAAe,EACf,8BAA8B,EAC9B,sBAAsB,EACtB,eAAe,EACf,gBAAgB,EACnB,MAAM,0BAA0B,CAAA;AAOjC,oBAAoB;AACpB,OAAO,EACH,kBAAkB,EAClB,2BAA2B,EAC3B,mBAAmB,EACnB,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/AAL/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,gBAAgB;AAChB,OAAO,EACH,kBAAkB,EAClB,UAAU,EACV,SAAS,EACT,UAAU,EACV,eAAe,EACf,8BAA8B,EAC9B,sBAAsB,EACtB,eAAe,EACf,gBAAgB,EACnB,MAAM,0BAA0B,CAAA;AAOjC,oBAAoB;AACpB,OAAO,EACH,kBAAkB,EAClB,2BAA2B,EAC3B,mBAAmB,EACnB,oBAAoB,EACpB,6BAA6B,EAChC,MAAM,oBAAoB,CAAA;AAI3B,UAAU;AACV,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAA;AAEpD,iCAAiC;AACjC,OAAO,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,gBAAgB,CAAA"}
|
|
@@ -2,9 +2,11 @@
|
|
|
2
2
|
* applyRemovalPlan - Applies a removal plan to ISL result (pure, deterministic).
|
|
3
3
|
*
|
|
4
4
|
* @remarks
|
|
5
|
-
*
|
|
6
|
-
*
|
|
7
|
-
*
|
|
5
|
+
* For each segment, only instructions with segmentId === segment.id are applied.
|
|
6
|
+
* Each instruction's position is in segment-local coordinates (indices within that
|
|
7
|
+
* segment's sanitizedContent). We remove only those ranges from that segment's string,
|
|
8
|
+
* then return a new ISLResult. Do not mix positions from one segment with another or
|
|
9
|
+
* use document-level offsets; this avoids corrupting legitimate content.
|
|
8
10
|
*/
|
|
9
11
|
import type { RemovalPlan } from './buildRemovalPlan.js';
|
|
10
12
|
import type { ISLResult } from '../../isl/types.js';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"applyRemovalPlan.d.ts","sourceRoot":"","sources":["../../../src/AAL/process/applyRemovalPlan.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"applyRemovalPlan.d.ts","sourceRoot":"","sources":["../../../src/AAL/process/applyRemovalPlan.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAA;AACxD,OAAO,KAAK,EAAE,SAAS,EAAc,MAAM,oBAAoB,CAAA;AAwG/D;;;;;;;;GAQG;AACH,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,GAAG,SAAS,CAwCnF"}
|
|
@@ -2,9 +2,11 @@
|
|
|
2
2
|
* applyRemovalPlan - Applies a removal plan to ISL result (pure, deterministic).
|
|
3
3
|
*
|
|
4
4
|
* @remarks
|
|
5
|
-
*
|
|
6
|
-
*
|
|
7
|
-
*
|
|
5
|
+
* For each segment, only instructions with segmentId === segment.id are applied.
|
|
6
|
+
* Each instruction's position is in segment-local coordinates (indices within that
|
|
7
|
+
* segment's sanitizedContent). We remove only those ranges from that segment's string,
|
|
8
|
+
* then return a new ISLResult. Do not mix positions from one segment with another or
|
|
9
|
+
* use document-level offsets; this avoids corrupting legitimate content.
|
|
8
10
|
*/
|
|
9
11
|
/**
|
|
10
12
|
* Clamps position ranges to valid [0, contentLength) and drops empty or invalid ranges.
|
|
@@ -117,6 +119,9 @@ export function applyRemovalPlan(islResult, plan) {
|
|
|
117
119
|
if (!plan.shouldRemove || plan.instructionsToRemove.length === 0) {
|
|
118
120
|
return islResult;
|
|
119
121
|
}
|
|
122
|
+
// Group instructions by segmentId. Each instruction's position is segment-local
|
|
123
|
+
// (indices within that segment's sanitizedContent). We never use positions from
|
|
124
|
+
// one segment on another segment or any global document offset.
|
|
120
125
|
const bySegmentId = new Map();
|
|
121
126
|
for (const inst of plan.instructionsToRemove) {
|
|
122
127
|
if (inst.segmentId == null)
|
|
@@ -127,6 +132,8 @@ export function applyRemovalPlan(islResult, plan) {
|
|
|
127
132
|
}
|
|
128
133
|
if (bySegmentId.size === 0)
|
|
129
134
|
return islResult;
|
|
135
|
+
// For each segment, take only instructions with segmentId === segment.id,
|
|
136
|
+
// apply those ranges only to this segment's sanitizedContent, produce new segment.
|
|
130
137
|
const newSegments = islResult.segments.map((seg) => {
|
|
131
138
|
const ranges = bySegmentId.get(seg.id);
|
|
132
139
|
if (ranges == null || ranges.length === 0)
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"applyRemovalPlan.js","sourceRoot":"","sources":["../../../src/AAL/process/applyRemovalPlan.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"applyRemovalPlan.js","sourceRoot":"","sources":["../../../src/AAL/process/applyRemovalPlan.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAMH;;;GAGG;AACH,SAAS,oBAAoB,CAC3B,MAA2B,EAC3B,aAAqB;IAErB,IAAI,aAAa,IAAI,CAAC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAA;IACxD,MAAM,MAAM,GAAe,EAAE,CAAA;IAC7B,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,aAAa,CAAC,CAAC,CAAA;QACnE,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,aAAa,CAAC,CAAC,CAAA;QAC/D,IAAI,KAAK,GAAG,GAAG;YAAE,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAA;IAC9C,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,MAA2B;IAC9C,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAA;IAClC,MAAM,MAAM,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAA;IAC5D,MAAM,MAAM,GAAe,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC,CAAE,CAAC,KAAK,EAAE,GAAG,EAAE,MAAM,CAAC,CAAC,CAAE,CAAC,GAAG,EAAE,CAAC,CAAA;IAC7E,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAE,CAAA;QACpB,MAAM,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAE,CAAA;QAC3B,IAAI,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;YACxB,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,GAAG,CAAC,EAAE,CAAA;QACnF,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,CAAA;QAC7C,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC;AAED,qGAAqG;AACrG,MAAM,mBAAmB,GAAG,EAAE,CAAA;AAE9B,qFAAqF;AACrF,SAAS,6BAA6B,CAAC,CAAS;IAC9C,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACnC,CAAC;AAED;;;GAGG;AACH,SAAS,0BAA0B,CACjC,MAA2B,EAC3B,OAAe;IAEf,IAAI,MAAM,CAAC,MAAM,IAAI,CAAC;QAAE,OAAO,CAAC,GAAG,MAAM,CAAC,CAAA;IAC1C,MAAM,MAAM,GAAe,CAAC,EAAE,GAAG,MAAM,CAAC,CAAC,CAAE,EAAE,CAAC,CAAA;IAC9C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAE,CAAA;QACpB,MAAM,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAE,CAAA;QAC3B,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAA;QACzB,MAAM,MAAM,GAAG,CAAC,CAAC,KAAK,CAAA;QACtB,IAAI,MAAM,GAAG,QAAQ,IAAI,MAAM,GAAG,QAAQ,IAAI,mBAAmB,EAAE,CAAC;YAClE,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAA;YAC3C,IAAI,6BAA6B,CAAC,GAAG,CAAC,EAAE,CAAC;gBACvC,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAA;gBAC7D,SAAQ;YACV,CAAC;QACH,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAA;IACvB,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,OAAe,EAAE,MAA2B;IAChE,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,OAAO,CAAA;IACvC,IAAI,MAAM,GAAG,EAAE,CAAA;IACf,IAAI,GAAG,GAAG,CAAC,CAAA;IACX,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,IAAI,CAAC,CAAC,KAAK,GAAG,GAAG;YAAE,MAAM,IAAI,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,KAAK,CAAC,CAAA;QACxD,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,GAAG,CAAC,CAAA;IAC5B,CAAC;IACD,IAAI,GAAG,GAAG,OAAO,CAAC,MAAM;QAAE,MAAM,IAAI,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACtD,OAAO,MAAM,CAAA;AACf,CAAC;AAED,SAAS,0BAA0B,CAAC,SAAoB,EAAE,IAAiB;IACzE,IAAI,SAAS,IAAI,IAAI,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;QACvD,MAAM,IAAI,SAAS,CAAC,2DAA2D,CAAC,CAAA;IAClF,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;QACvC,MAAM,IAAI,SAAS,CAAC,2DAA2D,CAAC,CAAA;IAClF,CAAC;IACD,IAAI,IAAI,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC7C,MAAM,IAAI,SAAS,CAAC,sDAAsD,CAAC,CAAA;IAC7E,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,oBAAoB,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,SAAS,CAAC,kEAAkE,CAAC,CAAA;IACzF,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,gBAAgB,CAAC,SAAoB,EAAE,IAAiB;IACtE,0BAA0B,CAAC,SAAS,EAAE,IAAI,CAAC,CAAA;IAE3C,IAAI,CAAC,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,oBAAoB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjE,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,gFAAgF;IAChF,gFAAgF;IAChF,gEAAgE;IAChE,MAAM,WAAW,GAAG,IAAI,GAAG,EAAsB,CAAA;IACjD,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAC7C,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI;YAAE,SAAQ;QACpC,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAA;QAClD,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACxB,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAA;IACvC,CAAC;IAED,IAAI,WAAW,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,SAAS,CAAA;IAE5C,0EAA0E;IAC1E,mFAAmF;IACnF,MAAM,WAAW,GAAiB,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QAC/D,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;QACtC,IAAI,MAAM,IAAI,IAAI,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,GAAG,CAAA;QACrD,MAAM,OAAO,GAAG,GAAG,CAAC,gBAAgB,IAAI,EAAE,CAAA;QAC1C,MAAM,GAAG,GAAG,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAA;QAC5D,MAAM,OAAO,GAAG,oBAAoB,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;QACjD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,GAAG,CAAA;QACpC,MAAM,MAAM,GAAG,WAAW,CAAC,OAAO,CAAC,CAAA;QACnC,MAAM,cAAc,GAAG,0BAA0B,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;QAClE,MAAM,UAAU,GAAG,YAAY,CAAC,OAAO,EAAE,cAAc,CAAC,CAAA;QACxD,OAAO,EAAE,GAAG,GAAG,EAAE,gBAAgB,EAAE,UAAU,EAAE,CAAA;IACjD,CAAC,CAAC,CAAA;IAEF,OAAO;QACL,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC;QACpC,OAAO,EAAE,SAAS,CAAC,OAAO;QAC1B,QAAQ,EAAE,SAAS,CAAC,QAAQ;KAC7B,CAAA;AACH,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"buildDecisionReason.d.ts","sourceRoot":"","sources":["../../../src/AAL/process/buildDecisionReason.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA;AAChD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAA;AACrD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;
|
|
1
|
+
{"version":3,"file":"buildDecisionReason.d.ts","sourceRoot":"","sources":["../../../src/AAL/process/buildDecisionReason.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA;AAChD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAA;AACrD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAG9C;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAA;IAC9B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAA;IAC5B,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAA;CAChC;AAwBD;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,aAAa,EACrB,SAAS,EAAE,SAAS,EACpB,MAAM,EAAE,WAAW,GAClB,cAAc,CAgChB"}
|
|
@@ -10,6 +10,7 @@
|
|
|
10
10
|
* - Include risk score and threshold information
|
|
11
11
|
* - Facilitate auditing and debugging
|
|
12
12
|
*/
|
|
13
|
+
import { validateAgentPolicyThresholds } from './validatePolicy.js';
|
|
13
14
|
const VALID_ACTIONS = new Set(['ALLOW', 'WARN', 'BLOCK']);
|
|
14
15
|
function assertBuildDecisionReasonArgs(action, islSignal, policy) {
|
|
15
16
|
if (action == null || !VALID_ACTIONS.has(action)) {
|
|
@@ -24,10 +25,7 @@ function assertBuildDecisionReasonArgs(action, islSignal, policy) {
|
|
|
24
25
|
if (policy == null || typeof policy !== 'object') {
|
|
25
26
|
throw new TypeError('AAL buildDecisionReason: policy must be a non-null object');
|
|
26
27
|
}
|
|
27
|
-
|
|
28
|
-
if (t == null || typeof t !== 'object' || typeof t.warn !== 'number' || typeof t.block !== 'number') {
|
|
29
|
-
throw new TypeError('AAL buildDecisionReason: policy.thresholds.warn and block must be numbers');
|
|
30
|
-
}
|
|
28
|
+
validateAgentPolicyThresholds(policy);
|
|
31
29
|
}
|
|
32
30
|
/**
|
|
33
31
|
* Builds the reason for a decision
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"buildDecisionReason.js","sourceRoot":"","sources":["../../../src/AAL/process/buildDecisionReason.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;
|
|
1
|
+
{"version":3,"file":"buildDecisionReason.js","sourceRoot":"","sources":["../../../src/AAL/process/buildDecisionReason.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAKH,OAAO,EAAE,6BAA6B,EAAE,MAAM,qBAAqB,CAAA;AAcnE,MAAM,aAAa,GAAG,IAAI,GAAG,CAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,CAAA;AAExE,SAAS,6BAA6B,CACpC,MAAqB,EACrB,SAAoB,EACpB,MAAmB;IAEnB,IAAI,MAAM,IAAI,IAAI,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;QACjD,MAAM,IAAI,SAAS,CAAC,+DAA+D,CAAC,CAAA;IACtF,CAAC;IACD,IAAI,SAAS,IAAI,IAAI,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;QACvD,MAAM,IAAI,SAAS,CAAC,8DAA8D,CAAC,CAAA;IACrF,CAAC;IACD,IAAI,OAAO,SAAS,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;QAC5C,MAAM,IAAI,SAAS,CAAC,+DAA+D,CAAC,CAAA;IACtF,CAAC;IACD,IAAI,MAAM,IAAI,IAAI,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QACjD,MAAM,IAAI,SAAS,CAAC,2DAA2D,CAAC,CAAA;IAClF,CAAC;IACD,6BAA6B,CAAC,MAAM,CAAC,CAAA;AACvC,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,mBAAmB,CACjC,MAAqB,EACrB,SAAoB,EACpB,MAAmB;IAEnB,6BAA6B,CAAC,MAAM,EAAE,SAAS,EAAE,MAAM,CAAC,CAAA;IAExD,MAAM,cAAc,GAAG,SAAS,CAAC,WAAW,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC,CAAA;IACrE,MAAM,UAAU,GAAG,SAAS,CAAC,UAAU,KAAK,IAAI,IAAI,cAAc,GAAG,CAAC,CAAA;IAEtE,IAAI,SAAiB,CAAA;IACrB,IAAI,MAAc,CAAA;IAElB,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;QACvB,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,CAAA;QACnC,MAAM,GAAG,cAAc,SAAS,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,4BAA4B,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAA;IACzG,CAAC;SAAM,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QAC7B,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC,IAAI,CAAA;QAClC,MAAM,GAAG,cAAc,SAAS,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,2BAA2B,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,+BAA+B,CAAA;IACrI,CAAC;SAAM,CAAC;QACN,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC,IAAI,CAAA;QAClC,MAAM,GAAG,cAAc,SAAS,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,4BAA4B,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAA;IACzG,CAAC;IAED,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,cAAc,sBAAsB,CAAA;IACrD,CAAC;IAED,OAAO;QACL,MAAM;QACN,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,SAAS;QACT,MAAM;QACN,UAAU;QACV,cAAc;KACf,CAAA;AACH,CAAC"}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* buildRemediationPlan - Builds a remediation plan (what to do, not how).
|
|
3
|
+
*
|
|
4
|
+
* @remarks
|
|
5
|
+
* AAL describes *what* to do: strategy, goals, constraints, and which segments
|
|
6
|
+
* are affected. The SDK (or an AI agent) is responsible for *how* to perform
|
|
7
|
+
* cleanup (e.g. using an AI tool to remove malicious instructions without
|
|
8
|
+
* affecting legitimate content).
|
|
9
|
+
*/
|
|
10
|
+
import type { RemediationPlan } from '../types.js';
|
|
11
|
+
import type { AgentPolicy } from '../types.js';
|
|
12
|
+
import type { ISLResult } from '../../isl/types.js';
|
|
13
|
+
/**
|
|
14
|
+
* Builds a remediation plan from the ISL result and policy.
|
|
15
|
+
* Target segments are those with at least one detection; goals are derived from detection types.
|
|
16
|
+
*
|
|
17
|
+
* @param islResult - ISL result with segments and per-segment piDetection
|
|
18
|
+
* @param policy - Agent policy (remediation.enabled)
|
|
19
|
+
* @returns RemediationPlan for the SDK / AI agent to execute
|
|
20
|
+
*/
|
|
21
|
+
export declare function buildRemediationPlan(islResult: ISLResult, policy: AgentPolicy): RemediationPlan;
|
|
22
|
+
//# sourceMappingURL=buildRemediationPlan.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"buildRemediationPlan.d.ts","sourceRoot":"","sources":["../../../src/AAL/process/buildRemediationPlan.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;AAClD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAC9C,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAA;AA2CnD;;;;;;;GAOG;AACH,wBAAgB,oBAAoB,CAClC,SAAS,EAAE,SAAS,EACpB,MAAM,EAAE,WAAW,GAClB,eAAe,CA+BjB"}
|
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* buildRemediationPlan - Builds a remediation plan (what to do, not how).
|
|
3
|
+
*
|
|
4
|
+
* @remarks
|
|
5
|
+
* AAL describes *what* to do: strategy, goals, constraints, and which segments
|
|
6
|
+
* are affected. The SDK (or an AI agent) is responsible for *how* to perform
|
|
7
|
+
* cleanup (e.g. using an AI tool to remove malicious instructions without
|
|
8
|
+
* affecting legitimate content).
|
|
9
|
+
*/
|
|
10
|
+
import { validateAgentPolicyThresholds } from './validatePolicy.js';
|
|
11
|
+
const STRATEGY_AI_CLEANUP = 'AI_CLEANUP';
|
|
12
|
+
const DEFAULT_CONSTRAINTS = Object.freeze([
|
|
13
|
+
'preserve_user_intent',
|
|
14
|
+
'do_not_add_information',
|
|
15
|
+
'do_not_change_language'
|
|
16
|
+
]);
|
|
17
|
+
/** Maps ISL pattern_type to remediation goal (e.g. prompt-injection -> remove_prompt_injection). */
|
|
18
|
+
function patternTypeToGoal(type) {
|
|
19
|
+
const normalized = type.replaceAll('-', '_').toLowerCase();
|
|
20
|
+
return `remove_${normalized}`;
|
|
21
|
+
}
|
|
22
|
+
const EMPTY_PLAN = Object.freeze({
|
|
23
|
+
strategy: STRATEGY_AI_CLEANUP,
|
|
24
|
+
goals: Object.freeze([]),
|
|
25
|
+
constraints: DEFAULT_CONSTRAINTS,
|
|
26
|
+
targetSegments: Object.freeze([]),
|
|
27
|
+
needsRemediation: false
|
|
28
|
+
});
|
|
29
|
+
function assertBuildRemediationPlanArgs(islResult, policy) {
|
|
30
|
+
if (islResult == null || typeof islResult !== 'object') {
|
|
31
|
+
throw new TypeError('AAL buildRemediationPlan: islResult must be a non-null object');
|
|
32
|
+
}
|
|
33
|
+
if (!Array.isArray(islResult.segments)) {
|
|
34
|
+
throw new TypeError('AAL buildRemediationPlan: islResult.segments must be an array');
|
|
35
|
+
}
|
|
36
|
+
if (policy == null || typeof policy !== 'object') {
|
|
37
|
+
throw new TypeError('AAL buildRemediationPlan: policy must be a non-null object');
|
|
38
|
+
}
|
|
39
|
+
const r = policy.remediation;
|
|
40
|
+
if (r == null || typeof r !== 'object' || typeof r.enabled !== 'boolean') {
|
|
41
|
+
throw new TypeError('AAL buildRemediationPlan: policy.remediation.enabled must be a boolean');
|
|
42
|
+
}
|
|
43
|
+
validateAgentPolicyThresholds(policy);
|
|
44
|
+
}
|
|
45
|
+
/**
|
|
46
|
+
* Builds a remediation plan from the ISL result and policy.
|
|
47
|
+
* Target segments are those with at least one detection; goals are derived from detection types.
|
|
48
|
+
*
|
|
49
|
+
* @param islResult - ISL result with segments and per-segment piDetection
|
|
50
|
+
* @param policy - Agent policy (remediation.enabled)
|
|
51
|
+
* @returns RemediationPlan for the SDK / AI agent to execute
|
|
52
|
+
*/
|
|
53
|
+
export function buildRemediationPlan(islResult, policy) {
|
|
54
|
+
assertBuildRemediationPlanArgs(islResult, policy);
|
|
55
|
+
if (!policy.remediation.enabled) {
|
|
56
|
+
return EMPTY_PLAN;
|
|
57
|
+
}
|
|
58
|
+
const targetSegments = [];
|
|
59
|
+
const goalsSet = new Set();
|
|
60
|
+
for (const segment of islResult.segments) {
|
|
61
|
+
const detections = segment.piDetection?.detections;
|
|
62
|
+
if (!Array.isArray(detections) || detections.length === 0)
|
|
63
|
+
continue;
|
|
64
|
+
targetSegments.push(segment.id);
|
|
65
|
+
for (const d of detections) {
|
|
66
|
+
const type = d.pattern_type ?? 'unknown';
|
|
67
|
+
goalsSet.add(patternTypeToGoal(type));
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
if (targetSegments.length === 0) {
|
|
71
|
+
return EMPTY_PLAN;
|
|
72
|
+
}
|
|
73
|
+
return Object.freeze({
|
|
74
|
+
strategy: STRATEGY_AI_CLEANUP,
|
|
75
|
+
goals: Object.freeze([...goalsSet].sort((a, b) => a.localeCompare(b))),
|
|
76
|
+
constraints: DEFAULT_CONSTRAINTS,
|
|
77
|
+
targetSegments: Object.freeze(targetSegments),
|
|
78
|
+
needsRemediation: true
|
|
79
|
+
});
|
|
80
|
+
}
|
|
81
|
+
//# sourceMappingURL=buildRemediationPlan.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"buildRemediationPlan.js","sourceRoot":"","sources":["../../../src/AAL/process/buildRemediationPlan.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAMH,OAAO,EAAE,6BAA6B,EAAE,MAAM,qBAAqB,CAAA;AAEnE,MAAM,mBAAmB,GAAG,YAAY,CAAA;AAExC,MAAM,mBAAmB,GAAG,MAAM,CAAC,MAAM,CAAC;IACxC,sBAAsB;IACtB,wBAAwB;IACxB,wBAAwB;CAChB,CAAC,CAAA;AAEX,oGAAoG;AACpG,SAAS,iBAAiB,CAAC,IAAY;IACrC,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE,CAAA;IAC1D,OAAO,UAAU,UAAU,EAAE,CAAA;AAC/B,CAAC;AAED,MAAM,UAAU,GAAoB,MAAM,CAAC,MAAM,CAAC;IAChD,QAAQ,EAAE,mBAAmB;IAC7B,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;IACxB,WAAW,EAAE,mBAAmB;IAChC,cAAc,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;IACjC,gBAAgB,EAAE,KAAK;CACxB,CAAC,CAAA;AAEF,SAAS,8BAA8B,CAAC,SAAoB,EAAE,MAAmB;IAC/E,IAAI,SAAS,IAAI,IAAI,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;QACvD,MAAM,IAAI,SAAS,CAAC,+DAA+D,CAAC,CAAA;IACtF,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;QACvC,MAAM,IAAI,SAAS,CAAC,+DAA+D,CAAC,CAAA;IACtF,CAAC;IACD,IAAI,MAAM,IAAI,IAAI,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QACjD,MAAM,IAAI,SAAS,CAAC,4DAA4D,CAAC,CAAA;IACnF,CAAC;IACD,MAAM,CAAC,GAAG,MAAM,CAAC,WAAW,CAAA;IAC5B,IAAI,CAAC,IAAI,IAAI,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QACzE,MAAM,IAAI,SAAS,CAAC,wEAAwE,CAAC,CAAA;IAC/F,CAAC;IACD,6BAA6B,CAAC,MAAM,CAAC,CAAA;AACvC,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,oBAAoB,CAClC,SAAoB,EACpB,MAAmB;IAEnB,8BAA8B,CAAC,SAAS,EAAE,MAAM,CAAC,CAAA;IAEjD,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;QAChC,OAAO,UAAU,CAAA;IACnB,CAAC;IAED,MAAM,cAAc,GAAa,EAAE,CAAA;IACnC,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAA;IAElC,KAAK,MAAM,OAAO,IAAI,SAAS,CAAC,QAAQ,EAAE,CAAC;QACzC,MAAM,UAAU,GAAG,OAAO,CAAC,WAAW,EAAE,UAAU,CAAA;QAClD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;YAAE,SAAQ;QACnE,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;QAC/B,KAAK,MAAM,CAAC,IAAI,UAAoC,EAAE,CAAC;YACrD,MAAM,IAAI,GAAW,CAAC,CAAC,YAAY,IAAI,SAAS,CAAA;YAChD,QAAQ,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAA;QACvC,CAAC;IACH,CAAC;IAED,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChC,OAAO,UAAU,CAAA;IACnB,CAAC;IAED,OAAO,MAAM,CAAC,MAAM,CAAC;QACnB,QAAQ,EAAE,mBAAmB;QAC7B,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;QACtE,WAAW,EAAE,mBAAmB;QAChC,cAAc,EAAE,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC;QAC7C,gBAAgB,EAAE,IAAI;KACvB,CAAC,CAAA;AACJ,CAAC"}
|
|
@@ -2,9 +2,14 @@
|
|
|
2
2
|
* buildRemovalPlan - Builds a plan for instruction removal
|
|
3
3
|
*
|
|
4
4
|
* @remarks
|
|
5
|
+
* Each instruction in the plan must be tied to one segment and one range in that segment:
|
|
6
|
+
* - segmentId: same as segment.id in ISLResult (so applyRemovalPlan knows which segment to cut).
|
|
7
|
+
* - position: { start, end } in segment-local coordinates (indices within segment.sanitizedContent).
|
|
8
|
+
* So "remove instruction X" means: in the segment with id segmentId, delete exactly [start, end) of that segment's sanitizedContent.
|
|
9
|
+
*
|
|
5
10
|
* Two entry points:
|
|
6
11
|
* - buildRemovalPlan(islSignal, policy): from signal only; no segmentId (descriptive).
|
|
7
|
-
* - buildRemovalPlanFromResult(islResult, policy): from result; includes segmentId for applyRemovalPlan.
|
|
12
|
+
* - buildRemovalPlanFromResult(islResult, policy): from result; includes segmentId and segment-local position for applyRemovalPlan.
|
|
8
13
|
*/
|
|
9
14
|
import type { RemovedInstruction } from '../types.js';
|
|
10
15
|
import type { AgentPolicy } from '../types.js';
|
|
@@ -31,9 +36,15 @@ export declare function buildRemovalPlan(islSignal: ISLSignal, policy: AgentPoli
|
|
|
31
36
|
* Builds a plan for instruction removal from ISL result (with segment ids).
|
|
32
37
|
* Use with applyRemovalPlan to produce content with malicious ranges removed.
|
|
33
38
|
*
|
|
39
|
+
* Each instruction is built from one segment only:
|
|
40
|
+
* - segmentId = segment.id (so applyRemovalPlan knows which segment to cut).
|
|
41
|
+
* - position = detection.position as-is (already segment-local: indices within
|
|
42
|
+
* that segment's sanitizedContent, from detectThreats run on that segment).
|
|
43
|
+
* No document-concatenated or global offsets are used.
|
|
44
|
+
*
|
|
34
45
|
* @param islResult - ISL result with segments and per-segment piDetection
|
|
35
46
|
* @param policy - Agent policy
|
|
36
|
-
* @returns RemovalPlan with instructions to remove (segmentId
|
|
47
|
+
* @returns RemovalPlan with instructions to remove (segmentId + segment-local position per instruction)
|
|
37
48
|
*/
|
|
38
49
|
export declare function buildRemovalPlanFromResult(islResult: ISLResult, policy: AgentPolicy): RemovalPlan;
|
|
39
50
|
//# sourceMappingURL=buildRemovalPlan.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"buildRemovalPlan.d.ts","sourceRoot":"","sources":["../../../src/AAL/process/buildRemovalPlan.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"buildRemovalPlan.d.ts","sourceRoot":"","sources":["../../../src/AAL/process/buildRemovalPlan.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAA;AACrD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAC9C,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAA;AACrD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAA;AAGnD;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,oBAAoB,EAAE,SAAS,kBAAkB,EAAE,CAAA;IAC5D,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAA;IAC9B,QAAQ,CAAC,cAAc,EAAE,OAAO,CAAA;CACjC;AA0CD;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAC9B,SAAS,EAAE,SAAS,EACpB,MAAM,EAAE,WAAW,GAClB,WAAW,CAoBb;AAWD;;;;;;;;;;;;;GAaG;AACH,wBAAgB,0BAA0B,CACxC,SAAS,EAAE,SAAS,EACpB,MAAM,EAAE,WAAW,GAClB,WAAW,CAoBb"}
|
|
@@ -2,9 +2,14 @@
|
|
|
2
2
|
* buildRemovalPlan - Builds a plan for instruction removal
|
|
3
3
|
*
|
|
4
4
|
* @remarks
|
|
5
|
+
* Each instruction in the plan must be tied to one segment and one range in that segment:
|
|
6
|
+
* - segmentId: same as segment.id in ISLResult (so applyRemovalPlan knows which segment to cut).
|
|
7
|
+
* - position: { start, end } in segment-local coordinates (indices within segment.sanitizedContent).
|
|
8
|
+
* So "remove instruction X" means: in the segment with id segmentId, delete exactly [start, end) of that segment's sanitizedContent.
|
|
9
|
+
*
|
|
5
10
|
* Two entry points:
|
|
6
11
|
* - buildRemovalPlan(islSignal, policy): from signal only; no segmentId (descriptive).
|
|
7
|
-
* - buildRemovalPlanFromResult(islResult, policy): from result; includes segmentId for applyRemovalPlan.
|
|
12
|
+
* - buildRemovalPlanFromResult(islResult, policy): from result; includes segmentId and segment-local position for applyRemovalPlan.
|
|
8
13
|
*/
|
|
9
14
|
function mapDetectionToRemovedInstruction(detection, segmentId) {
|
|
10
15
|
return {
|
|
@@ -77,9 +82,15 @@ function assertISLResultForRemoval(islResult) {
|
|
|
77
82
|
* Builds a plan for instruction removal from ISL result (with segment ids).
|
|
78
83
|
* Use with applyRemovalPlan to produce content with malicious ranges removed.
|
|
79
84
|
*
|
|
85
|
+
* Each instruction is built from one segment only:
|
|
86
|
+
* - segmentId = segment.id (so applyRemovalPlan knows which segment to cut).
|
|
87
|
+
* - position = detection.position as-is (already segment-local: indices within
|
|
88
|
+
* that segment's sanitizedContent, from detectThreats run on that segment).
|
|
89
|
+
* No document-concatenated or global offsets are used.
|
|
90
|
+
*
|
|
80
91
|
* @param islResult - ISL result with segments and per-segment piDetection
|
|
81
92
|
* @param policy - Agent policy
|
|
82
|
-
* @returns RemovalPlan with instructions to remove (segmentId
|
|
93
|
+
* @returns RemovalPlan with instructions to remove (segmentId + segment-local position per instruction)
|
|
83
94
|
*/
|
|
84
95
|
export function buildRemovalPlanFromResult(islResult, policy) {
|
|
85
96
|
assertPolicyForRemoval(policy);
|
|
@@ -92,6 +103,7 @@ export function buildRemovalPlanFromResult(islResult, policy) {
|
|
|
92
103
|
if (!Array.isArray(detections) || detections.length === 0)
|
|
93
104
|
continue;
|
|
94
105
|
for (const d of detections) {
|
|
106
|
+
// position is segment-local (from detectThreats on this segment's sanitizedContent)
|
|
95
107
|
instructionsToRemove.push(mapDetectionToRemovedInstruction(d, segment.id));
|
|
96
108
|
}
|
|
97
109
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"buildRemovalPlan.js","sourceRoot":"","sources":["../../../src/AAL/process/buildRemovalPlan.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"buildRemovalPlan.js","sourceRoot":"","sources":["../../../src/AAL/process/buildRemovalPlan.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAiBH,SAAS,gCAAgC,CACvC,SAAsB,EACtB,SAAkB;IAElB,OAAO;QACL,IAAI,EAAE,SAAS,CAAC,YAAY;QAC5B,OAAO,EAAE,SAAS,CAAC,eAAe;QAClC,QAAQ,EAAE,SAAS,CAAC,QAAQ;QAC5B,WAAW,EAAE,YAAY,SAAS,CAAC,YAAY,4BAA4B,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;QAC5G,GAAG,CAAC,SAAS,IAAI,IAAI,IAAI,EAAE,SAAS,EAAE,CAAC;KACxC,CAAA;AACH,CAAC;AAED,MAAM,mBAAmB,GAAgB,MAAM,CAAC,MAAM,CAAC;IACrD,oBAAoB,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;IACvC,YAAY,EAAE,KAAK;IACnB,cAAc,EAAE,KAAK;CACtB,CAAC,CAAA;AACF,MAAM,qBAAqB,GAAgB,MAAM,CAAC,MAAM,CAAC;IACvD,oBAAoB,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;IACvC,YAAY,EAAE,KAAK;IACnB,cAAc,EAAE,IAAI;CACrB,CAAC,CAAA;AAEF,SAAS,sBAAsB,CAAC,MAAmB;IACjD,IAAI,MAAM,IAAI,IAAI,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QACjD,MAAM,IAAI,SAAS,CAAC,wDAAwD,CAAC,CAAA;IAC/E,CAAC;IACD,MAAM,CAAC,GAAG,MAAM,CAAC,OAAO,CAAA;IACxB,IAAI,CAAC,IAAI,IAAI,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QACzE,MAAM,IAAI,SAAS,CAAC,gEAAgE,CAAC,CAAA;IACvF,CAAC;AACH,CAAC;AAED,SAAS,yBAAyB,CAAC,MAAiB;IAClD,IAAI,MAAM,IAAI,IAAI,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QACjD,MAAM,IAAI,SAAS,CAAC,2DAA2D,CAAC,CAAA;IAClF,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,gBAAgB,CAC9B,SAAoB,EACpB,MAAmB;IAEnB,sBAAsB,CAAC,MAAM,CAAC,CAAA;IAC9B,yBAAyB,CAAC,SAAS,CAAC,CAAA;IAEpC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO;QAAE,OAAO,mBAAmB,CAAA;IACvD,IAAI,CAAC,SAAS,CAAC,UAAU;QAAE,OAAO,qBAAqB,CAAA;IAEvD,MAAM,UAAU,GAAuC,SAAS,CAAC,WAAW,EAAE,UAAU,CAAA;IACxF,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1D,OAAO,qBAAqB,CAAA;IAC9B,CAAC;IAED,MAAM,oBAAoB,GAAyB,UAAU,CAAC,GAAG,CAC/D,CAAC,CAAc,EAAE,EAAE,CAAC,gCAAgC,CAAC,CAAC,CAAC,CACxD,CAAA;IACD,OAAO;QACL,oBAAoB,EAAE,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC;QACzD,YAAY,EAAE,oBAAoB,CAAC,MAAM,GAAG,CAAC;QAC7C,cAAc,EAAE,IAAI;KACrB,CAAA;AACH,CAAC;AAED,SAAS,yBAAyB,CAAC,SAAoB;IACrD,IAAI,SAAS,IAAI,IAAI,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;QACvD,MAAM,IAAI,SAAS,CAAC,qEAAqE,CAAC,CAAA;IAC5F,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;QACvC,MAAM,IAAI,SAAS,CAAC,qEAAqE,CAAC,CAAA;IAC5F,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,0BAA0B,CACxC,SAAoB,EACpB,MAAmB;IAEnB,sBAAsB,CAAC,MAAM,CAAC,CAAA;IAC9B,yBAAyB,CAAC,SAAS,CAAC,CAAA;IAEpC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO;QAAE,OAAO,mBAAmB,CAAA;IAEvD,MAAM,oBAAoB,GAAyB,EAAE,CAAA;IACrD,KAAK,MAAM,OAAO,IAAI,SAAS,CAAC,QAAQ,EAAE,CAAC;QACzC,MAAM,UAAU,GAAuC,OAAO,CAAC,WAAW,EAAE,UAAU,CAAA;QACtF,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;YAAE,SAAQ;QACnE,KAAK,MAAM,CAAC,IAAI,UAA2B,EAAE,CAAC;YAC5C,oFAAoF;YACpF,oBAAoB,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC,CAAA;QAC5E,CAAC;IACH,CAAC;IACD,OAAO;QACL,oBAAoB,EAAE,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC;QACzD,YAAY,EAAE,oBAAoB,CAAC,MAAM,GAAG,CAAC;QAC7C,cAAc,EAAE,IAAI;KACrB,CAAA;AACH,CAAC"}
|
|
@@ -4,7 +4,6 @@
|
|
|
4
4
|
export { resolveAgentAction, resolveAgentActionWithScore } from './resolveAgentAction.js';
|
|
5
5
|
export { buildDecisionReason } from './buildDecisionReason.js';
|
|
6
6
|
export type { DecisionReason } from './buildDecisionReason.js';
|
|
7
|
-
export {
|
|
8
|
-
export
|
|
9
|
-
export { applyRemovalPlan } from './applyRemovalPlan.js';
|
|
7
|
+
export { buildRemediationPlan } from './buildRemediationPlan.js';
|
|
8
|
+
export { validateAgentPolicyThresholds } from './validatePolicy.js';
|
|
10
9
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/AAL/process/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,kBAAkB,EAAE,2BAA2B,EAAE,MAAM,yBAAyB,CAAA;AACzF,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAA;AAC9D,YAAY,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAA;AAC9D,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/AAL/process/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,kBAAkB,EAAE,2BAA2B,EAAE,MAAM,yBAAyB,CAAA;AACzF,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAA;AAC9D,YAAY,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAA;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAA;AAChE,OAAO,EAAE,6BAA6B,EAAE,MAAM,qBAAqB,CAAA"}
|
|
@@ -3,6 +3,6 @@
|
|
|
3
3
|
*/
|
|
4
4
|
export { resolveAgentAction, resolveAgentActionWithScore } from './resolveAgentAction.js';
|
|
5
5
|
export { buildDecisionReason } from './buildDecisionReason.js';
|
|
6
|
-
export {
|
|
7
|
-
export {
|
|
6
|
+
export { buildRemediationPlan } from './buildRemediationPlan.js';
|
|
7
|
+
export { validateAgentPolicyThresholds } from './validatePolicy.js';
|
|
8
8
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/AAL/process/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,kBAAkB,EAAE,2BAA2B,EAAE,MAAM,yBAAyB,CAAA;AACzF,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAA;AAE9D,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/AAL/process/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,kBAAkB,EAAE,2BAA2B,EAAE,MAAM,yBAAyB,CAAA;AACzF,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAA;AAE9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAA;AAChE,OAAO,EAAE,6BAA6B,EAAE,MAAM,qBAAqB,CAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"resolveAgentAction.d.ts","sourceRoot":"","sources":["../../../src/AAL/process/resolveAgentAction.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAA;AACrD,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA;
|
|
1
|
+
{"version":3,"file":"resolveAgentAction.d.ts","sourceRoot":"","sources":["../../../src/AAL/process/resolveAgentAction.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAA;AACrD,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA;AAa7D;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAChC,SAAS,EAAE,SAAS,EACpB,MAAM,EAAE,WAAW,GAClB,aAAa,CAef;AAED;;;;;;GAMG;AACH,wBAAgB,2BAA2B,CACzC,SAAS,EAAE,SAAS,EACpB,MAAM,EAAE,WAAW,2DAMpB"}
|
|
@@ -11,18 +11,7 @@
|
|
|
11
11
|
* - Return decision based on risk score and thresholds
|
|
12
12
|
*/
|
|
13
13
|
import { createAnomalyScore } from '../value-objects/AnomalyScore.js';
|
|
14
|
-
|
|
15
|
-
if (policy == null || typeof policy !== 'object') {
|
|
16
|
-
throw new TypeError('AAL resolveAgentAction: policy must be a non-null object');
|
|
17
|
-
}
|
|
18
|
-
const t = policy.thresholds;
|
|
19
|
-
if (t == null || typeof t !== 'object') {
|
|
20
|
-
throw new TypeError('AAL resolveAgentAction: policy.thresholds must be defined');
|
|
21
|
-
}
|
|
22
|
-
if (typeof t.warn !== 'number' || typeof t.block !== 'number') {
|
|
23
|
-
throw new TypeError('AAL resolveAgentAction: policy.thresholds.warn and block must be numbers');
|
|
24
|
-
}
|
|
25
|
-
}
|
|
14
|
+
import { validateAgentPolicyThresholds } from './validatePolicy.js';
|
|
26
15
|
function assertISLSignal(signal) {
|
|
27
16
|
if (signal == null || typeof signal !== 'object') {
|
|
28
17
|
throw new TypeError('AAL resolveAgentAction: islSignal must be a non-null object');
|
|
@@ -40,7 +29,7 @@ function assertISLSignal(signal) {
|
|
|
40
29
|
*/
|
|
41
30
|
export function resolveAgentAction(islSignal, policy) {
|
|
42
31
|
assertISLSignal(islSignal);
|
|
43
|
-
|
|
32
|
+
validateAgentPolicyThresholds(policy);
|
|
44
33
|
const riskScore = islSignal.riskScore;
|
|
45
34
|
// Evaluate policy thresholds
|
|
46
35
|
if (riskScore >= policy.thresholds.block) {
|
|
@@ -60,7 +49,7 @@ export function resolveAgentAction(islSignal, policy) {
|
|
|
60
49
|
*/
|
|
61
50
|
export function resolveAgentActionWithScore(islSignal, policy) {
|
|
62
51
|
assertISLSignal(islSignal);
|
|
63
|
-
|
|
52
|
+
validateAgentPolicyThresholds(policy);
|
|
64
53
|
const action = resolveAgentAction(islSignal, policy);
|
|
65
54
|
return createAnomalyScore(islSignal.riskScore, action);
|
|
66
55
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"resolveAgentAction.js","sourceRoot":"","sources":["../../../src/AAL/process/resolveAgentAction.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAA;
|
|
1
|
+
{"version":3,"file":"resolveAgentAction.js","sourceRoot":"","sources":["../../../src/AAL/process/resolveAgentAction.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAA;AACrE,OAAO,EAAE,6BAA6B,EAAE,MAAM,qBAAqB,CAAA;AAEnE,SAAS,eAAe,CAAC,MAAiB;IACxC,IAAI,MAAM,IAAI,IAAI,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QACjD,MAAM,IAAI,SAAS,CAAC,6DAA6D,CAAC,CAAA;IACpF,CAAC;IACD,IAAI,OAAO,MAAM,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;QACzC,MAAM,IAAI,SAAS,CAAC,8DAA8D,CAAC,CAAA;IACrF,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CAChC,SAAoB,EACpB,MAAmB;IAEnB,eAAe,CAAC,SAAS,CAAC,CAAA;IAC1B,6BAA6B,CAAC,MAAM,CAAC,CAAA;IACrC,MAAM,SAAS,GAAG,SAAS,CAAC,SAAS,CAAA;IAErC,6BAA6B;IAC7B,IAAI,SAAS,IAAI,MAAM,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;QACzC,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,IAAI,SAAS,IAAI,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;QACxC,OAAO,MAAM,CAAA;IACf,CAAC;IAED,OAAO,OAAO,CAAA;AAChB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,2BAA2B,CACzC,SAAoB,EACpB,MAAmB;IAEnB,eAAe,CAAC,SAAS,CAAC,CAAA;IAC1B,6BAA6B,CAAC,MAAM,CAAC,CAAA;IACrC,MAAM,MAAM,GAAG,kBAAkB,CAAC,SAAS,EAAE,MAAM,CAAC,CAAA;IACpD,OAAO,kBAAkB,CAAC,SAAS,CAAC,SAAS,EAAE,MAAM,CAAC,CAAA;AACxD,CAAC"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* validateAgentPolicyThresholds - Validates AAL policy thresholds.
|
|
3
|
+
*
|
|
4
|
+
* @remarks
|
|
5
|
+
* Ensures policy is coherent: warn and block must be in [0, 1] and warn < block.
|
|
6
|
+
* Invalid configuration (e.g. block < warn) would lead to inconsistent decisions
|
|
7
|
+
* (e.g. WARN range empty or unreachable). Call this before using the policy
|
|
8
|
+
* in resolveAgentAction, buildDecisionReason, or buildRemediationPlan.
|
|
9
|
+
*/
|
|
10
|
+
import type { AgentPolicy } from '../types.js';
|
|
11
|
+
/**
|
|
12
|
+
* Validates that policy.thresholds.warn and block are numbers in [0, 1]
|
|
13
|
+
* and that warn < block.
|
|
14
|
+
*
|
|
15
|
+
* @param policy - Agent policy to validate
|
|
16
|
+
* @throws {TypeError} If policy is null/undefined or thresholds are missing/invalid
|
|
17
|
+
* @throws {RangeError} If warn or block are outside [0, 1] or if warn >= block
|
|
18
|
+
*/
|
|
19
|
+
export declare function validateAgentPolicyThresholds(policy: AgentPolicy): void;
|
|
20
|
+
//# sourceMappingURL=validatePolicy.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"validatePolicy.d.ts","sourceRoot":"","sources":["../../../src/AAL/process/validatePolicy.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAE9C;;;;;;;GAOG;AACH,wBAAgB,6BAA6B,CAAC,MAAM,EAAE,WAAW,GAAG,IAAI,CA2BvE"}
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* validateAgentPolicyThresholds - Validates AAL policy thresholds.
|
|
3
|
+
*
|
|
4
|
+
* @remarks
|
|
5
|
+
* Ensures policy is coherent: warn and block must be in [0, 1] and warn < block.
|
|
6
|
+
* Invalid configuration (e.g. block < warn) would lead to inconsistent decisions
|
|
7
|
+
* (e.g. WARN range empty or unreachable). Call this before using the policy
|
|
8
|
+
* in resolveAgentAction, buildDecisionReason, or buildRemediationPlan.
|
|
9
|
+
*/
|
|
10
|
+
/**
|
|
11
|
+
* Validates that policy.thresholds.warn and block are numbers in [0, 1]
|
|
12
|
+
* and that warn < block.
|
|
13
|
+
*
|
|
14
|
+
* @param policy - Agent policy to validate
|
|
15
|
+
* @throws {TypeError} If policy is null/undefined or thresholds are missing/invalid
|
|
16
|
+
* @throws {RangeError} If warn or block are outside [0, 1] or if warn >= block
|
|
17
|
+
*/
|
|
18
|
+
export function validateAgentPolicyThresholds(policy) {
|
|
19
|
+
if (policy == null || typeof policy !== 'object') {
|
|
20
|
+
throw new TypeError('AAL policy must be a non-null object');
|
|
21
|
+
}
|
|
22
|
+
const t = policy.thresholds;
|
|
23
|
+
if (t == null || typeof t !== 'object') {
|
|
24
|
+
throw new TypeError('AAL policy.thresholds must be defined');
|
|
25
|
+
}
|
|
26
|
+
if (typeof t.warn !== 'number' || typeof t.block !== 'number') {
|
|
27
|
+
throw new TypeError('AAL policy.thresholds.warn and block must be numbers');
|
|
28
|
+
}
|
|
29
|
+
const { warn, block } = t;
|
|
30
|
+
if (warn < 0 || warn > 1) {
|
|
31
|
+
throw new RangeError(`AAL policy.thresholds.warn must be in [0, 1], got ${warn}`);
|
|
32
|
+
}
|
|
33
|
+
if (block < 0 || block > 1) {
|
|
34
|
+
throw new RangeError(`AAL policy.thresholds.block must be in [0, 1], got ${block}`);
|
|
35
|
+
}
|
|
36
|
+
if (warn >= block) {
|
|
37
|
+
throw new RangeError(`AAL policy.thresholds must satisfy warn < block (got warn=${warn}, block=${block})`);
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
//# sourceMappingURL=validatePolicy.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"validatePolicy.js","sourceRoot":"","sources":["../../../src/AAL/process/validatePolicy.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH;;;;;;;GAOG;AACH,MAAM,UAAU,6BAA6B,CAAC,MAAmB;IAC/D,IAAI,MAAM,IAAI,IAAI,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QACjD,MAAM,IAAI,SAAS,CAAC,sCAAsC,CAAC,CAAA;IAC7D,CAAC;IACD,MAAM,CAAC,GAAG,MAAM,CAAC,UAAU,CAAA;IAC3B,IAAI,CAAC,IAAI,IAAI,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;QACvC,MAAM,IAAI,SAAS,CAAC,uCAAuC,CAAC,CAAA;IAC9D,CAAC;IACD,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,IAAI,OAAO,CAAC,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9D,MAAM,IAAI,SAAS,CAAC,sDAAsD,CAAC,CAAA;IAC7E,CAAC;IACD,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,CAAC,CAAA;IACzB,IAAI,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,UAAU,CAClB,qDAAqD,IAAI,EAAE,CAC5D,CAAA;IACH,CAAC;IACD,IAAI,KAAK,GAAG,CAAC,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,UAAU,CAClB,sDAAsD,KAAK,EAAE,CAC9D,CAAA;IACH,CAAC;IACD,IAAI,IAAI,IAAI,KAAK,EAAE,CAAC;QAClB,MAAM,IAAI,UAAU,CAClB,6DAA6D,IAAI,WAAW,KAAK,GAAG,CACrF,CAAA;IACH,CAAC;AACH,CAAC"}
|