@astrasyncai/verification-gateway 2.0.0 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (91) hide show
  1. package/dist/adapter-interface/interface.d.mts +2 -2
  2. package/dist/adapter-interface/interface.d.ts +2 -2
  3. package/dist/adapters/express.d.mts +2 -2
  4. package/dist/adapters/express.d.ts +2 -2
  5. package/dist/adapters/express.js +118 -5
  6. package/dist/adapters/express.js.map +1 -1
  7. package/dist/adapters/express.mjs +118 -5
  8. package/dist/adapters/express.mjs.map +1 -1
  9. package/dist/adapters/nextjs.d.mts +2 -2
  10. package/dist/adapters/nextjs.d.ts +2 -2
  11. package/dist/adapters/nextjs.js +189 -9
  12. package/dist/adapters/nextjs.js.map +1 -1
  13. package/dist/adapters/nextjs.mjs +189 -9
  14. package/dist/adapters/nextjs.mjs.map +1 -1
  15. package/dist/adapters/sdk.d.mts +2 -2
  16. package/dist/adapters/sdk.d.ts +2 -2
  17. package/dist/adapters/sdk.js +1 -0
  18. package/dist/adapters/sdk.js.map +1 -1
  19. package/dist/adapters/sdk.mjs +1 -0
  20. package/dist/adapters/sdk.mjs.map +1 -1
  21. package/dist/agent/index.d.mts +2 -2
  22. package/dist/agent/index.d.ts +2 -2
  23. package/dist/browser/background.d.mts +2 -0
  24. package/dist/browser/background.d.ts +2 -0
  25. package/dist/browser/background.js +4090 -0
  26. package/dist/browser/background.js.map +1 -0
  27. package/dist/browser/background.mjs +4088 -0
  28. package/dist/browser/background.mjs.map +1 -0
  29. package/dist/browser/browser-adapter.d.mts +10 -6
  30. package/dist/browser/browser-adapter.d.ts +10 -6
  31. package/dist/browser/browser-adapter.js +16 -5
  32. package/dist/browser/browser-adapter.js.map +1 -1
  33. package/dist/browser/browser-adapter.mjs +14 -4
  34. package/dist/browser/browser-adapter.mjs.map +1 -1
  35. package/dist/cli/index.d.mts +2 -2
  36. package/dist/cli/index.d.ts +2 -2
  37. package/dist/cli/index.js +1 -1
  38. package/dist/cli/index.js.map +1 -1
  39. package/dist/cli/index.mjs +1 -1
  40. package/dist/cli/index.mjs.map +1 -1
  41. package/dist/cursor/cursor-adapter.d.mts +3 -4
  42. package/dist/cursor/cursor-adapter.d.ts +3 -4
  43. package/dist/cursor/cursor-adapter.js.map +1 -1
  44. package/dist/cursor/cursor-adapter.mjs.map +1 -1
  45. package/dist/cursor/extension.d.mts +27 -0
  46. package/dist/cursor/extension.d.ts +27 -0
  47. package/dist/cursor/extension.js +4057 -0
  48. package/dist/cursor/extension.js.map +1 -0
  49. package/dist/cursor/extension.mjs +4029 -0
  50. package/dist/cursor/extension.mjs.map +1 -0
  51. package/dist/{express-DIEyq1Tz.d.ts → express-Bcl-uBUE.d.ts} +1 -1
  52. package/dist/{express-Cp4eg77F.d.mts → express-CtwDIZyF.d.mts} +1 -1
  53. package/dist/gateway/gateway.d.mts +2 -2
  54. package/dist/gateway/gateway.d.ts +2 -2
  55. package/dist/gateway/gateway.js +17 -17
  56. package/dist/gateway/gateway.js.map +1 -1
  57. package/dist/gateway/gateway.mjs +11 -18
  58. package/dist/gateway/gateway.mjs.map +1 -1
  59. package/dist/git-trigger/git-hooks.d.mts +2 -2
  60. package/dist/git-trigger/git-hooks.d.ts +2 -2
  61. package/dist/git-trigger/git-hooks.js +1 -2
  62. package/dist/git-trigger/git-hooks.js.map +1 -1
  63. package/dist/git-trigger/git-hooks.mjs +1 -9
  64. package/dist/git-trigger/git-hooks.mjs.map +1 -1
  65. package/dist/{index-CoLebmwv.d.mts → index-B1ThcGZl.d.mts} +1 -1
  66. package/dist/{index-BhTbGU-o.d.mts → index-BY8yQ8N8.d.mts} +1 -1
  67. package/dist/{index-Bhfxq9xI.d.ts → index-CtYSYwn3.d.ts} +1 -1
  68. package/dist/{index-CNkmHmpi.d.ts → index-DnoXfdFd.d.ts} +1 -1
  69. package/dist/index.d.mts +7 -7
  70. package/dist/index.d.ts +7 -7
  71. package/dist/index.js +201 -14
  72. package/dist/index.js.map +1 -1
  73. package/dist/index.mjs +201 -14
  74. package/dist/index.mjs.map +1 -1
  75. package/dist/local-evaluator/evaluator.d.mts +2 -2
  76. package/dist/local-evaluator/evaluator.d.ts +2 -2
  77. package/dist/local-evaluator/evaluator.js.map +1 -1
  78. package/dist/local-evaluator/evaluator.mjs.map +1 -1
  79. package/dist/{nextjs-_C_FcJY5.d.mts → nextjs-BQyMCSx_.d.mts} +1 -1
  80. package/dist/{nextjs-Cag7libc.d.ts → nextjs-CEldnIJ9.d.ts} +1 -1
  81. package/dist/{sdk-DAJahT3p.d.mts → sdk-BhvuJSrH.d.mts} +1 -1
  82. package/dist/{sdk-CMPDFUjo.d.ts → sdk-BlyVSC_S.d.ts} +1 -1
  83. package/dist/transport/index.d.mts +2 -2
  84. package/dist/transport/index.d.ts +2 -2
  85. package/dist/{types-Ce2mFJkO.d.ts → types-79qS7aON.d.ts} +2 -2
  86. package/dist/{types-Bf8pML07.d.mts → types-CxQwJKbd.d.mts} +17 -2
  87. package/dist/{types-Bf8pML07.d.ts → types-CxQwJKbd.d.ts} +17 -2
  88. package/dist/{types-BvpGdsv1.d.mts → types-jJnPXStc.d.mts} +2 -2
  89. package/dist/ui/index.d.mts +1 -1
  90. package/dist/ui/index.d.ts +1 -1
  91. package/package.json +3 -2
package/dist/local-evaluator/evaluator.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/local-evaluator/evaluator.ts","../../src/gateway/types.ts"],"sourcesContent":["/**\n * Local PDLSS Evaluator\n *\n * Evaluates agent actions against a local PDLSS policy.\n * Same logic as the cloud evaluator but runs in-process with no I/O.\n *\n * Evaluation order:\n * 1. Purpose: find matching rule, check if allowed\n * 2. Purpose: check allowed targets (if specified)\n * 3. Purpose: check blocked patterns (if specified)\n * 4. Scope: check global blocked resources/domains\n * 5. Limits: check transaction/rate limits\n * 6. Risk thresholds + approval requirements\n */\n\nimport type { LocalPolicy, PDLSSContext, VerificationDecision, LocalPurposeRule } from '../gateway/types';\nimport { BASE_RISK_SCORES, HIGH_RISK_COMMANDS, SENSITIVE_PATHS } from '../gateway/types';\n\nexport class LocalEvaluator {\n private policy: LocalPolicy;\n private requestCounts: Map<string, { count: number; windowStart: number }> = new Map();\n\n constructor(policy: LocalPolicy) {\n this.policy = policy;\n }\n\n /**\n * Update the policy (e.g. after hot-reload or sync).\n */\n updatePolicy(policy: LocalPolicy): void {\n this.policy = policy;\n }\n\n /**\n * Evaluate an action context against the loaded policy.\n */\n evaluate(context: PDLSSContext): VerificationDecision {\n // 1. Purpose: find matching rule\n const purposeRule = this.policy.purposes.find((p) => p.id === context.purpose);\n if (!purposeRule) {\n return { recommendation: 'DENY', reason: 'Purpose not in policy' };\n }\n if (!purposeRule.allowed) {\n return { recommendation: 'DENY', reason: 'Purpose explicitly blocked' };\n }\n\n // 2. Purpose: check allowed targets\n if (purposeRule.targets && !this.matchesAnyPattern(context.target, purposeRule.targets)) {\n return { recommendation: 'DENY', reason: 'Target not in allowed list' };\n }\n\n // 3. Purpose: check blocked patterns\n if (purposeRule.blockedPatterns && this.matchesAnyPattern(context.target, purposeRule.blockedPatterns)) {\n return { recommendation: 'DENY', reason: 'Target matches blocked pattern' };\n }\n\n // 4. Scope: check global blocked resources/domains\n const scopeBlock = this.checkScopeBlock(context);\n if (scopeBlock) {\n return { recommendation: 'DENY', reason: scopeBlock };\n }\n\n // 5. Limits: check transaction and rate limits\n const limitViolation = this.checkLimits(context);\n if (limitViolation) {\n return { recommendation: 'DENY', reason: limitViolation };\n }\n\n // 6. Self-instantiation: check sub-agent spawning rules\n if (context.purpose === 'sub_agent.spawn' && this.policy.selfInstantiation) {\n if (!this.policy.selfInstantiation.allowed) {\n return { recommendation: 'DENY', reason: 'Sub-agent spawning is not allowed' };\n }\n const depth = (context.metadata?.subAgentDepth as number) || 0;\n if (this.policy.selfInstantiation.maxDepth !== undefined && depth >= this.policy.selfInstantiation.maxDepth) {\n return { recommendation: 'DENY', reason: `Sub-agent depth ${depth} exceeds max depth ${this.policy.selfInstantiation.maxDepth}` };\n }\n }\n\n // 7. Risk thresholds + approval requirements\n if (purposeRule.requiresApproval) {\n return { recommendation: 'MANUAL_REVIEW', reason: 'Purpose requires approval' };\n }\n\n const riskDecision = this.checkRiskThresholds(context);\n if (riskDecision) {\n return riskDecision;\n }\n\n return {\n recommendation: 'ALLOW',\n reason: 'All PDLSS checks passed',\n evaluatedDimensions: {\n purpose: true,\n scope: !!this.policy.scope,\n limits: !!this.policy.limits,\n riskThresholds: !!this.policy.riskThresholds,\n },\n };\n }\n\n private checkScopeBlock(context: PDLSSContext): string | null {\n const scope = this.policy.scope;\n if (!scope) return null;\n\n // Check blocked domains against target and network access\n if (scope.blockedDomains) {\n const targetDomain = this.extractDomain(context.target);\n if (this.matchesAnyPattern(targetDomain, scope.blockedDomains)) {\n return `Target blocked by scope: ${context.target}`;\n }\n if (context.networkAccess) {\n for (const domain of context.networkAccess) {\n if (this.matchesAnyPattern(this.extractDomain(domain), scope.blockedDomains)) {\n return `Domain blocked by scope: ${domain}`;\n }\n }\n }\n }\n\n // Check blocked resources against target\n if (scope.blockedResources && this.matchesAnyPattern(context.target, scope.blockedResources)) {\n return `Resource blocked by scope: ${context.target}`;\n }\n\n // Check allowed domains (if specified, target must match)\n if (scope.allowedDomains && context.networkAccess) {\n for (const domain of context.networkAccess) {\n if (!this.matchesAnyPattern(this.extractDomain(domain), scope.allowedDomains)) {\n return `Domain not in allowed list: ${domain}`;\n }\n }\n }\n\n return null;\n }\n\n private checkLimits(context: PDLSSContext): string | null {\n const limits = this.policy.limits;\n if (!limits) return null;\n\n // Transaction amount check\n if (limits.maxTransactionAmount !== undefined && context.transactionValue !== undefined) {\n if (context.transactionValue > limits.maxTransactionAmount) {\n return `Transaction value ${context.transactionValue} exceeds limit ${limits.maxTransactionAmount}`;\n }\n }\n\n // Rate limit check\n if (limits.maxRequestsPerHour !== undefined) {\n const key = context.purpose;\n const now = Date.now();\n const entry = this.requestCounts.get(key);\n const hourMs = 3600000;\n\n if (!entry || now - entry.windowStart > hourMs) {\n this.requestCounts.set(key, { count: 1, windowStart: now });\n } else {\n entry.count++;\n if (entry.count > limits.maxRequestsPerHour) {\n return `Rate limit exceeded: ${entry.count}/${limits.maxRequestsPerHour} requests per hour`;\n }\n }\n }\n\n return null;\n }\n\n private checkRiskThresholds(context: PDLSSContext): VerificationDecision | null {\n if (!this.policy.riskThresholds) return null;\n\n const riskScore = this.calculateRiskScore(context);\n const thresholds = this.policy.riskThresholds;\n\n if (riskScore >= thresholds.autoBlock.min) {\n return { recommendation: 'DENY', reason: `Risk score ${riskScore} exceeds block threshold` };\n }\n\n if (riskScore >= thresholds.requireApproval.min) {\n return { recommendation: 'MANUAL_REVIEW', reason: `Risk score ${riskScore} requires approval` };\n }\n\n return null;\n }\n\n private calculateRiskScore(context: PDLSSContext): number {\n let score = 0;\n\n // Explicit risk factors take priority (highest severity wins)\n if (context.riskFactors?.length) {\n const severityScores: Record<string, number> = {\n low: 10,\n medium: 40,\n high: 70,\n critical: 90,\n };\n\n for (const factor of context.riskFactors) {\n const factorScore = severityScores[factor.severity] || 0;\n if (factorScore > score) score = factorScore;\n }\n return score;\n }\n\n // Auto-detect risk from high-risk shell commands\n if (context.purpose === 'shell.exec' && context.target) {\n const targetLower = context.target.toLowerCase();\n for (const cmd of HIGH_RISK_COMMANDS) {\n if (targetLower.startsWith(cmd) || targetLower.includes(` ${cmd} `) || targetLower.includes(` ${cmd}`)) {\n score = Math.max(score, 80);\n break;\n }\n }\n }\n\n // Auto-detect risk from sensitive file paths (score 50 = review range)\n if ((context.purpose === 'file.read' || context.purpose === 'file.write' || context.purpose === 'file.delete') && context.target) {\n const targetLower = context.target.toLowerCase();\n for (const sensitivePath of SENSITIVE_PATHS) {\n if (targetLower.includes(sensitivePath.toLowerCase())) {\n score = Math.max(score, 50);\n break;\n }\n }\n }\n\n return score;\n }\n\n /**\n * Extract domain from a URL-like string (strips protocol and path).\n */\n private extractDomain(value: string): string {\n let domain = value;\n // Strip protocol\n const protoIndex = domain.indexOf('://');\n if (protoIndex !== -1) domain = domain.slice(protoIndex + 3);\n // Strip path\n const slashIndex = domain.indexOf('/');\n if (slashIndex !== -1) domain = domain.slice(0, slashIndex);\n // Strip port\n const colonIndex = domain.indexOf(':');\n if (colonIndex !== -1) domain = domain.slice(0, colonIndex);\n return domain;\n }\n\n /**\n * Check if a value matches any of the given glob patterns.\n */\n private matchesAnyPattern(value: string, patterns: string[]): boolean {\n return patterns.some((pattern) => this.matchGlob(value, pattern));\n }\n\n /**\n * Simple glob pattern matching.\n * Supports * (matches any characters including / and spaces) and ? (single char).\n * Uses the same approach as the backend's matchGlobPattern.\n */\n private matchGlob(value: string, pattern: string): boolean {\n // Exact match\n if (pattern === value) return true;\n\n // Convert glob to regex\n const regexStr = pattern\n .replace(/[.+^${}()|[\\]\\\\]/g, '\\\\$&') // Escape special regex chars (except * and ?)\n .replace(/\\*/g, '.*') // * matches anything\n .replace(/\\?/g, '.'); // ? matches single char\n\n try {\n return new RegExp(`^${regexStr}$`, 'i').test(value);\n } catch {\n return false;\n }\n }\n}\n\n/**\n * Convenience: find a matching purpose rule.\n */\nexport function findPurposeRule(policy: LocalPolicy, purposeId: string): LocalPurposeRule | undefined {\n return policy.purposes.find((p) => p.id === purposeId);\n}\n","/**\n * AstraSync Gateway - Types for gateway modes, local evaluation, and adapter interface.\n */\n\n// ========================================================================\n// Gateway Configuration\n// ========================================================================\n\nexport type GatewayMode = 'online' | 'local' | 'hybrid';\n\n/**\n * Posture controls whether the gateway actively blocks or just monitors.\n * - active: Evaluate and enforce decisions (block/allow/review)\n * - passive: Evaluate and log but never block (telemetry-only mode)\n */\nexport type GatewayPosture = 'active' | 'passive';\n\nexport interface AstraSyncGatewayConfig {\n mode: GatewayMode;\n /** Enforcement posture: 'active' blocks actions, 'passive' logs only (default: 'active') */\n posture?: GatewayPosture;\n /** AstraSync API base URL (required for online/hybrid modes) */\n apiBaseUrl?: string;\n /** API key for authenticating with AstraSync (required for online/hybrid modes) */\n apiKey?: string;\n /** Path to local PDLSS policy YAML file (required for local/hybrid modes) */\n policyFile?: string;\n /** Inline policy object (alternative to policyFile) */\n policy?: LocalPolicy;\n /** Sync interval in seconds for hybrid mode (default: 3600) */\n syncInterval?: number;\n /** Cache verification results TTL in seconds (default: 300) */\n cacheTtl?: number;\n /** Enable debug logging */\n debug?: boolean;\n /** Enable trace logging to .astrasync/traces/ (default: false) */\n traceEnabled?: boolean;\n /** Trace log directory (default: .astrasync/traces/) */\n tracePath?: string;\n /** Default access level for unverified requests */\n defaultAccessLevel?: import('../types').AccessLevel;\n /** Minimum trust score for standard access (online/hybrid) */\n minTrustScore?: number;\n /** Minimum trust score for full access (online/hybrid) */\n minTrustScoreForFull?: number;\n /** Custom headers to send with API requests */\n customHeaders?: Record<string, string>;\n /** Counterparty URL for analytics */\n counterpartyUrl?: string;\n /** Counterparty type for analytics */\n counterpartyType?: import('../types').CounterpartyType;\n}\n\n// ========================================================================\n// PDLSS Context (Agent-side action context)\n// ========================================================================\n\nexport interface PDLSSContext {\n /** Purpose category (e.g. email.send, shell.exec, file.read) */\n purpose: string;\n /** Specific action within purpose */\n action: string;\n /** Target resource, recipient, or counterparty */\n target: string;\n /** Types of data access (read, write, delete) */\n dataAccess?: string[];\n /** Network domains/IPs being accessed */\n networkAccess?: string[];\n /** Resource type (customer, order, file, directory, process) */\n resourceType?: string;\n /** Risk factors for this action */\n riskFactors?: RiskFactor[];\n /** Transaction value (if financial) */\n transactionValue?: number;\n /** Currency for transaction */\n currency?: string;\n /** Additional metadata */\n metadata?: Record<string, unknown>;\n}\n\nexport interface RiskFactor {\n type: 'financial' | 'data_sensitivity' | 'privilege_escalation' | 'network_scope' | 'destructive';\n severity: 'low' | 'medium' | 'high' | 'critical';\n detail: string;\n}\n\n// ========================================================================\n// Verification Decision\n// ========================================================================\n\nexport interface VerificationDecision {\n recommendation: 'ALLOW' | 'DENY' | 'MANUAL_REVIEW';\n reason: string;\n trustScore?: number;\n tokenGuidance?: import('../types').TokenGuidance;\n sessionId?: string;\n /** PDLSS dimensions that were evaluated */\n evaluatedDimensions?: {\n purpose: boolean;\n scope: boolean;\n limits: boolean;\n riskThresholds: boolean;\n };\n}\n\n// ========================================================================\n// Local Policy Types (YAML format)\n// ========================================================================\n\nexport interface LocalPolicy {\n version: string;\n name: string;\n description?: string;\n purposes: LocalPurposeRule[];\n scope?: LocalScope;\n limits?: LocalLimits;\n riskThresholds?: LocalRiskThresholds;\n selfInstantiation?: LocalSelfInstantiation;\n}\n\nexport interface LocalPurposeRule {\n id: string;\n allowed: boolean;\n targets?: string[];\n blockedPatterns?: string[];\n requiresApproval?: boolean;\n}\n\nexport interface LocalScope {\n allowedDomains?: string[];\n blockedDomains?: string[];\n blockedResources?: string[];\n}\n\nexport interface LocalLimits {\n maxTransactionAmount?: number;\n maxRequestsPerHour?: number;\n currency?: string;\n}\n\nexport interface LocalRiskThresholds {\n autoAllow: { min: number; max: number };\n requireApproval: { min: number; max: number };\n autoBlock: { min: number; max: number };\n}\n\nexport interface LocalSelfInstantiation {\n /** Whether sub-agent spawning is allowed */\n allowed: boolean;\n /** Maximum depth of sub-agent chain */\n maxDepth?: number;\n}\n\n// ========================================================================\n// Risk Scoring Defaults (cherry-picked from trust-harness-core)\n// ========================================================================\n\n/** Base risk scores per action category */\nexport const BASE_RISK_SCORES: Record<string, number> = {\n 'file.read': 10,\n 'file.write': 40,\n 'file.delete': 70,\n 'shell.exec': 50,\n 'network.fetch': 60,\n 'network.request': 60,\n 'email.send': 45,\n 'email.read': 15,\n 'calendar.create': 20,\n 'calendar.modify': 30,\n 'database.query': 25,\n 'database.write': 55,\n 'payment.execute': 80,\n 'sub_agent.spawn': 65,\n 'code.execute': 45,\n};\n\n/** Shell commands that significantly increase risk score */\nexport const HIGH_RISK_COMMANDS = [\n 'rm', 'rmdir', 'dd', 'mkfs', 'chmod', 'chown',\n 'sudo', 'su', 'curl', 'wget', 'nc', 'netcat',\n 'ssh', 'scp', 'rsync', 'git push', 'npm publish',\n 'docker', 'kubectl',\n];\n\n/** File paths that indicate sensitive data access */\nexport const SENSITIVE_PATHS = [\n '.ssh', '.aws', '.gnupg', '.env', 'credentials',\n 'secrets', 'password', '.git/config', '/etc', '/var', '/root',\n 'id_rsa', '.npmrc', '.pypirc',\n];\n\n// ========================================================================\n// Trace Event Types\n// ========================================================================\n\nexport interface TraceEvent {\n id: string;\n timestamp: Date;\n type: 'evaluation' | 'decision' | 'error' | 'mode_switch';\n context?: PDLSSContext;\n decision?: VerificationDecision;\n metadata?: Record<string, unknown>;\n}\n\n// ========================================================================\n// Adapter Interface Types\n// ========================================================================\n\nexport interface AdapterConfig {\n /** The gateway instance (handles mode routing) */\n gateway: unknown; // Typed as AstraSyncGateway at usage site to avoid circular deps\n /** Platform-specific configuration */\n adapterOptions: Record<string, unknown>;\n}\n\nexport interface AgentAction {\n /** Raw action data from the platform */\n raw: unknown;\n /** Platform identifier (e.g. 'openclaw-cli', 'cursor', 'browser') */\n platform: string;\n /** Timestamp of the action */\n timestamp: Date;\n}\n\nexport interface InterceptResult {\n /** Whether the action was intercepted */\n intercepted: boolean;\n /** Extracted PDLSS context (if intercepted) */\n context?: PDLSSContext;\n /** Reason for not intercepting (if not intercepted) */\n skipReason?: string;\n}\n\n// ========================================================================\n// Sync Queue Types (Hybrid mode)\n// ========================================================================\n\nexport interface SyncQueueEntry {\n id: string;\n context: PDLSSContext;\n decision: VerificationDecision;\n timestamp: Date;\n retryCount: number;\n status: 'pending' | 'synced' | 'failed';\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACiLO,IAAM,qBAAqB;AAAA,EAChC;AAAA,EAAM;AAAA,EAAS;AAAA,EAAM;AAAA,EAAQ;AAAA,EAAS;AAAA,EACtC;AAAA,EAAQ;AAAA,EAAM;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAM;AAAA,EACpC;AAAA,EAAO;AAAA,EAAO;AAAA,EAAS;AAAA,EAAY;AAAA,EACnC;AAAA,EAAU;AACZ;AAGO,IAAM,kBAAkB;AAAA,EAC7B;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAU;AAAA,EAAQ;AAAA,EAClC;AAAA,EAAW;AAAA,EAAY;AAAA,EAAe;AAAA,EAAQ;AAAA,EAAQ;AAAA,EACtD;AAAA,EAAU;AAAA,EAAU;AACtB;;;AD3KO,IAAM,iBAAN,MAAqB;AAAA,EAI1B,YAAY,QAAqB;AAFjC,SAAQ,gBAAqE,oBAAI,IAAI;AAGnF,SAAK,SAAS;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,QAA2B;AACtC,SAAK,SAAS;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA,EAKA,SAAS,SAA6C;AAEpD,UAAM,cAAc,KAAK,OAAO,SAAS,KAAK,CAAC,MAAM,EAAE,OAAO,QAAQ,OAAO;AAC7E,QAAI,CAAC,aAAa;AAChB,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,wBAAwB;AAAA,IACnE;AACA,QAAI,CAAC,YAAY,SAAS;AACxB,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,6BAA6B;AAAA,IACxE;AAGA,QAAI,YAAY,WAAW,CAAC,KAAK,kBAAkB,QAAQ,QAAQ,YAAY,OAAO,GAAG;AACvF,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,6BAA6B;AAAA,IACxE;AAGA,QAAI,YAAY,mBAAmB,KAAK,kBAAkB,QAAQ,QAAQ,YAAY,eAAe,GAAG;AACtG,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,iCAAiC;AAAA,IAC5E;AAGA,UAAM,aAAa,KAAK,gBAAgB,OAAO;AAC/C,QAAI,YAAY;AACd,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,WAAW;AAAA,IACtD;AAGA,UAAM,iBAAiB,KAAK,YAAY,OAAO;AAC/C,QAAI,gBAAgB;AAClB,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,eAAe;AAAA,IAC1D;AAGA,QAAI,QAAQ,YAAY,qBAAqB,KAAK,OAAO,mBAAmB;AAC1E,UAAI,CAAC,KAAK,OAAO,kBAAkB,SAAS;AAC1C,eAAO,EAAE,gBAAgB,QAAQ,QAAQ,oCAAoC;AAAA,MAC/E;AACA,YAAM,QAAS,QAAQ,UAAU,iBAA4B;AAC7D,UAAI,KAAK,OAAO,kBAAkB,aAAa,UAAa,SAAS,KAAK,OAAO,kBAAkB,UAAU;AAC3G,eAAO,EAAE,gBAAgB,QAAQ,QAAQ,mBAAmB,KAAK,sBAAsB,KAAK,OAAO,kBAAkB,QAAQ,GAAG;AAAA,MAClI;AAAA,IACF;AAGA,QAAI,YAAY,kBAAkB;AAChC,aAAO,EAAE,gBAAgB,iBAAiB,QAAQ,4BAA4B;AAAA,IAChF;AAEA,UAAM,eAAe,KAAK,oBAAoB,OAAO;AACrD,QAAI,cAAc;AAChB,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,MACL,gBAAgB;AAAA,MAChB,QAAQ;AAAA,MACR,qBAAqB;AAAA,QACnB,SAAS;AAAA,QACT,OAAO,CAAC,CAAC,KAAK,OAAO;AAAA,QACrB,QAAQ,CAAC,CAAC,KAAK,OAAO;AAAA,QACtB,gBAAgB,CAAC,CAAC,KAAK,OAAO;AAAA,MAChC;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,gBAAgB,SAAsC;AAC5D,UAAM,QAAQ,KAAK,OAAO;AAC1B,QAAI,CAAC,MAAO,QAAO;AAGnB,QAAI,MAAM,gBAAgB;AACxB,YAAM,eAAe,KAAK,cAAc,QAAQ,MAAM;AACtD,UAAI,KAAK,kBAAkB,cAAc,MAAM,cAAc,GAAG;AAC9D,eAAO,4BAA4B,QAAQ,MAAM;AAAA,MACnD;AACA,UAAI,QAAQ,eAAe;AACzB,mBAAW,UAAU,QAAQ,eAAe;AAC1C,cAAI,KAAK,kBAAkB,KAAK,cAAc,MAAM,GAAG,MAAM,cAAc,GAAG;AAC5E,mBAAO,4BAA4B,MAAM;AAAA,UAC3C;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,QAAI,MAAM,oBAAoB,KAAK,kBAAkB,QAAQ,QAAQ,MAAM,gBAAgB,GAAG;AAC5F,aAAO,8BAA8B,QAAQ,MAAM;AAAA,IACrD;AAGA,QAAI,MAAM,kBAAkB,QAAQ,eAAe;AACjD,iBAAW,UAAU,QAAQ,eAAe;AAC1C,YAAI,CAAC,KAAK,kBAAkB,KAAK,cAAc,MAAM,GAAG,MAAM,cAAc,GAAG;AAC7E,iBAAO,+BAA+B,MAAM;AAAA,QAC9C;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEQ,YAAY,SAAsC;AACxD,UAAM,SAAS,KAAK,OAAO;AAC3B,QAAI,CAAC,OAAQ,QAAO;AAGpB,QAAI,OAAO,yBAAyB,UAAa,QAAQ,qBAAqB,QAAW;AACvF,UAAI,QAAQ,mBAAmB,OAAO,sBAAsB;AAC1D,eAAO,qBAAqB,QAAQ,gBAAgB,kBAAkB,OAAO,oBAAoB;AAAA,MACnG;AAAA,IACF;AAGA,QAAI,OAAO,uBAAuB,QAAW;AAC3C,YAAM,MAAM,QAAQ;AACpB,YAAM,MAAM,KAAK,IAAI;AACrB,YAAM,QAAQ,KAAK,cAAc,IAAI,GAAG;AACxC,YAAM,SAAS;AAEf,UAAI,CAAC,SAAS,MAAM,MAAM,cAAc,QAAQ;AAC9C,aAAK,cAAc,IAAI,KAAK,EAAE,OAAO,GAAG,aAAa,IAAI,CAAC;AAAA,MAC5D,OAAO;AACL,cAAM;AACN,YAAI,MAAM,QAAQ,OAAO,oBAAoB;AAC3C,iBAAO,wBAAwB,MAAM,KAAK,IAAI,OAAO,kBAAkB;AAAA,QACzE;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEQ,oBAAoB,SAAoD;AAC9E,QAAI,CAAC,KAAK,OAAO,eAAgB,QAAO;AAExC,UAAM,YAAY,KAAK,mBAAmB,OAAO;AACjD,UAAM,aAAa,KAAK,OAAO;AAE/B,QAAI,aAAa,WAAW,UAAU,KAAK;AACzC,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,cAAc,SAAS,2BAA2B;AAAA,IAC7F;AAEA,QAAI,aAAa,WAAW,gBAAgB,KAAK;AAC/C,aAAO,EAAE,gBAAgB,iBAAiB,QAAQ,cAAc,SAAS,qBAAqB;AAAA,IAChG;AAEA,WAAO;AAAA,EACT;AAAA,EAEQ,mBAAmB,SAA+B;AACxD,QAAI,QAAQ;AAGZ,QAAI,QAAQ,aAAa,QAAQ;AAC/B,YAAM,iBAAyC;AAAA,QAC7C,KAAK;AAAA,QACL,QAAQ;AAAA,QACR,MAAM;AAAA,QACN,UAAU;AAAA,MACZ;AAEA,iBAAW,UAAU,QAAQ,aAAa;AACxC,cAAM,cAAc,eAAe,OAAO,QAAQ,KAAK;AACvD,YAAI,cAAc,MAAO,SAAQ;AAAA,MACnC;AACA,aAAO;AAAA,IACT;AAGA,QAAI,QAAQ,YAAY,gBAAgB,QAAQ,QAAQ;AACtD,YAAM,cAAc,QAAQ,OAAO,YAAY;AAC/C,iBAAW,OAAO,oBAAoB;AACpC,YAAI,YAAY,WAAW,GAAG,KAAK,YAAY,SAAS,IAAI,GAAG,GAAG,KAAK,YAAY,SAAS,IAAI,GAAG,EAAE,GAAG;AACtG,kBAAQ,KAAK,IAAI,OAAO,EAAE;AAC1B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,SAAK,QAAQ,YAAY,eAAe,QAAQ,YAAY,gBAAgB,QAAQ,YAAY,kBAAkB,QAAQ,QAAQ;AAChI,YAAM,cAAc,QAAQ,OAAO,YAAY;AAC/C,iBAAW,iBAAiB,iBAAiB;AAC3C,YAAI,YAAY,SAAS,cAAc,YAAY,CAAC,GAAG;AACrD,kBAAQ,KAAK,IAAI,OAAO,EAAE;AAC1B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKQ,cAAc,OAAuB;AAC3C,QAAI,SAAS;AAEb,UAAM,aAAa,OAAO,QAAQ,KAAK;AACvC,QAAI,eAAe,GAAI,UAAS,OAAO,MAAM,aAAa,CAAC;AAE3D,UAAM,aAAa,OAAO,QAAQ,GAAG;AACrC,QAAI,eAAe,GAAI,UAAS,OAAO,MAAM,GAAG,UAAU;AAE1D,UAAM,aAAa,OAAO,QAAQ,GAAG;AACrC,QAAI,eAAe,GAAI,UAAS,OAAO,MAAM,GAAG,UAAU;AAC1D,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKQ,kBAAkB,OAAe,UAA6B;AACpE,WAAO,SAAS,KAAK,CAAC,YAAY,KAAK,UAAU,OAAO,OAAO,CAAC;AAAA,EAClE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOQ,UAAU,OAAe,SAA0B;AAEzD,QAAI,YAAY,MAAO,QAAO;AAG9B,UAAM,WAAW,QACd,QAAQ,qBAAqB,MAAM,EACnC,QAAQ,OAAO,IAAI,EACnB,QAAQ,OAAO,GAAG;AAErB,QAAI;AACF,aAAO,IAAI,OAAO,IAAI,QAAQ,KAAK,GAAG,EAAE,KAAK,KAAK;AAAA,IACpD,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAKO,SAAS,gBAAgB,QAAqB,WAAiD;AACpG,SAAO,OAAO,SAAS,KAAK,CAAC,MAAM,EAAE,OAAO,SAAS;AACvD;","names":[]}
1
+ {"version":3,"sources":["../../src/local-evaluator/evaluator.ts","../../src/gateway/types.ts"],"sourcesContent":["/**\n * Local PDLSS Evaluator\n *\n * Evaluates agent actions against a local PDLSS policy.\n * Same logic as the cloud evaluator but runs in-process with no I/O.\n *\n * Evaluation order:\n * 1. Purpose: find matching rule, check if allowed\n * 2. Purpose: check allowed targets (if specified)\n * 3. Purpose: check blocked patterns (if specified)\n * 4. Scope: check global blocked resources/domains\n * 5. Limits: check transaction/rate limits\n * 6. Risk thresholds + approval requirements\n */\n\nimport type { LocalPolicy, PDLSSContext, VerificationDecision, LocalPurposeRule } from '../gateway/types';\nimport { HIGH_RISK_COMMANDS, SENSITIVE_PATHS } from '../gateway/types';\n\nexport class LocalEvaluator {\n private policy: LocalPolicy;\n private requestCounts: Map<string, { count: number; windowStart: number }> = new Map();\n\n constructor(policy: LocalPolicy) {\n this.policy = policy;\n }\n\n /**\n * Update the policy (e.g. after hot-reload or sync).\n */\n updatePolicy(policy: LocalPolicy): void {\n this.policy = policy;\n }\n\n /**\n * Evaluate an action context against the loaded policy.\n */\n evaluate(context: PDLSSContext): VerificationDecision {\n // 1. Purpose: find matching rule\n const purposeRule = this.policy.purposes.find((p) => p.id === context.purpose);\n if (!purposeRule) {\n return { recommendation: 'DENY', reason: 'Purpose not in policy' };\n }\n if (!purposeRule.allowed) {\n return { recommendation: 'DENY', reason: 'Purpose explicitly blocked' };\n }\n\n // 2. Purpose: check allowed targets\n if (purposeRule.targets && !this.matchesAnyPattern(context.target, purposeRule.targets)) {\n return { recommendation: 'DENY', reason: 'Target not in allowed list' };\n }\n\n // 3. Purpose: check blocked patterns\n if (purposeRule.blockedPatterns && this.matchesAnyPattern(context.target, purposeRule.blockedPatterns)) {\n return { recommendation: 'DENY', reason: 'Target matches blocked pattern' };\n }\n\n // 4. Scope: check global blocked resources/domains\n const scopeBlock = this.checkScopeBlock(context);\n if (scopeBlock) {\n return { recommendation: 'DENY', reason: scopeBlock };\n }\n\n // 5. Limits: check transaction and rate limits\n const limitViolation = this.checkLimits(context);\n if (limitViolation) {\n return { recommendation: 'DENY', reason: limitViolation };\n }\n\n // 6. Self-instantiation: check sub-agent spawning rules\n if (context.purpose === 'sub_agent.spawn' && this.policy.selfInstantiation) {\n if (!this.policy.selfInstantiation.allowed) {\n return { recommendation: 'DENY', reason: 'Sub-agent spawning is not allowed' };\n }\n const depth = (context.metadata?.subAgentDepth as number) || 0;\n if (this.policy.selfInstantiation.maxDepth !== undefined && depth >= this.policy.selfInstantiation.maxDepth) {\n return { recommendation: 'DENY', reason: `Sub-agent depth ${depth} exceeds max depth ${this.policy.selfInstantiation.maxDepth}` };\n }\n }\n\n // 7. Risk thresholds + approval requirements\n if (purposeRule.requiresApproval) {\n return { recommendation: 'MANUAL_REVIEW', reason: 'Purpose requires approval' };\n }\n\n const riskDecision = this.checkRiskThresholds(context);\n if (riskDecision) {\n return riskDecision;\n }\n\n return {\n recommendation: 'ALLOW',\n reason: 'All PDLSS checks passed',\n evaluatedDimensions: {\n purpose: true,\n scope: !!this.policy.scope,\n limits: !!this.policy.limits,\n riskThresholds: !!this.policy.riskThresholds,\n },\n };\n }\n\n private checkScopeBlock(context: PDLSSContext): string | null {\n const scope = this.policy.scope;\n if (!scope) return null;\n\n // Check blocked domains against target and network access\n if (scope.blockedDomains) {\n const targetDomain = this.extractDomain(context.target);\n if (this.matchesAnyPattern(targetDomain, scope.blockedDomains)) {\n return `Target blocked by scope: ${context.target}`;\n }\n if (context.networkAccess) {\n for (const domain of context.networkAccess) {\n if (this.matchesAnyPattern(this.extractDomain(domain), scope.blockedDomains)) {\n return `Domain blocked by scope: ${domain}`;\n }\n }\n }\n }\n\n // Check blocked resources against target\n if (scope.blockedResources && this.matchesAnyPattern(context.target, scope.blockedResources)) {\n return `Resource blocked by scope: ${context.target}`;\n }\n\n // Check allowed domains (if specified, target must match)\n if (scope.allowedDomains && context.networkAccess) {\n for (const domain of context.networkAccess) {\n if (!this.matchesAnyPattern(this.extractDomain(domain), scope.allowedDomains)) {\n return `Domain not in allowed list: ${domain}`;\n }\n }\n }\n\n return null;\n }\n\n private checkLimits(context: PDLSSContext): string | null {\n const limits = this.policy.limits;\n if (!limits) return null;\n\n // Transaction amount check\n if (limits.maxTransactionAmount !== undefined && context.transactionValue !== undefined) {\n if (context.transactionValue > limits.maxTransactionAmount) {\n return `Transaction value ${context.transactionValue} exceeds limit ${limits.maxTransactionAmount}`;\n }\n }\n\n // Rate limit check\n if (limits.maxRequestsPerHour !== undefined) {\n const key = context.purpose;\n const now = Date.now();\n const entry = this.requestCounts.get(key);\n const hourMs = 3600000;\n\n if (!entry || now - entry.windowStart > hourMs) {\n this.requestCounts.set(key, { count: 1, windowStart: now });\n } else {\n entry.count++;\n if (entry.count > limits.maxRequestsPerHour) {\n return `Rate limit exceeded: ${entry.count}/${limits.maxRequestsPerHour} requests per hour`;\n }\n }\n }\n\n return null;\n }\n\n private checkRiskThresholds(context: PDLSSContext): VerificationDecision | null {\n if (!this.policy.riskThresholds) return null;\n\n const riskScore = this.calculateRiskScore(context);\n const thresholds = this.policy.riskThresholds;\n\n if (riskScore >= thresholds.autoBlock.min) {\n return { recommendation: 'DENY', reason: `Risk score ${riskScore} exceeds block threshold` };\n }\n\n if (riskScore >= thresholds.requireApproval.min) {\n return { recommendation: 'MANUAL_REVIEW', reason: `Risk score ${riskScore} requires approval` };\n }\n\n return null;\n }\n\n private calculateRiskScore(context: PDLSSContext): number {\n let score = 0;\n\n // Explicit risk factors take priority (highest severity wins)\n if (context.riskFactors?.length) {\n const severityScores: Record<string, number> = {\n low: 10,\n medium: 40,\n high: 70,\n critical: 90,\n };\n\n for (const factor of context.riskFactors) {\n const factorScore = severityScores[factor.severity] || 0;\n if (factorScore > score) score = factorScore;\n }\n return score;\n }\n\n // Auto-detect risk from high-risk shell commands\n if (context.purpose === 'shell.exec' && context.target) {\n const targetLower = context.target.toLowerCase();\n for (const cmd of HIGH_RISK_COMMANDS) {\n if (targetLower.startsWith(cmd) || targetLower.includes(` ${cmd} `) || targetLower.includes(` ${cmd}`)) {\n score = Math.max(score, 80);\n break;\n }\n }\n }\n\n // Auto-detect risk from sensitive file paths (score 50 = review range)\n if ((context.purpose === 'file.read' || context.purpose === 'file.write' || context.purpose === 'file.delete') && context.target) {\n const targetLower = context.target.toLowerCase();\n for (const sensitivePath of SENSITIVE_PATHS) {\n if (targetLower.includes(sensitivePath.toLowerCase())) {\n score = Math.max(score, 50);\n break;\n }\n }\n }\n\n return score;\n }\n\n /**\n * Extract domain from a URL-like string (strips protocol and path).\n */\n private extractDomain(value: string): string {\n let domain = value;\n // Strip protocol\n const protoIndex = domain.indexOf('://');\n if (protoIndex !== -1) domain = domain.slice(protoIndex + 3);\n // Strip path\n const slashIndex = domain.indexOf('/');\n if (slashIndex !== -1) domain = domain.slice(0, slashIndex);\n // Strip port\n const colonIndex = domain.indexOf(':');\n if (colonIndex !== -1) domain = domain.slice(0, colonIndex);\n return domain;\n }\n\n /**\n * Check if a value matches any of the given glob patterns.\n */\n private matchesAnyPattern(value: string, patterns: string[]): boolean {\n return patterns.some((pattern) => this.matchGlob(value, pattern));\n }\n\n /**\n * Simple glob pattern matching.\n * Supports * (matches any characters including / and spaces) and ? (single char).\n * Uses the same approach as the backend's matchGlobPattern.\n */\n private matchGlob(value: string, pattern: string): boolean {\n // Exact match\n if (pattern === value) return true;\n\n // Convert glob to regex\n const regexStr = pattern\n .replace(/[.+^${}()|[\\]\\\\]/g, '\\\\$&') // Escape special regex chars (except * and ?)\n .replace(/\\*/g, '.*') // * matches anything\n .replace(/\\?/g, '.'); // ? matches single char\n\n try {\n return new RegExp(`^${regexStr}$`, 'i').test(value);\n } catch {\n return false;\n }\n }\n}\n\n/**\n * Convenience: find a matching purpose rule.\n */\nexport function findPurposeRule(policy: LocalPolicy, purposeId: string): LocalPurposeRule | undefined {\n return policy.purposes.find((p) => p.id === purposeId);\n}\n","/**\n * AstraSync Gateway - Types for gateway modes, local evaluation, and adapter interface.\n */\n\n// ========================================================================\n// Gateway Configuration\n// ========================================================================\n\nexport type GatewayMode = 'online' | 'local' | 'hybrid';\n\n/**\n * Posture controls whether the gateway actively blocks or just monitors.\n * - active: Evaluate and enforce decisions (block/allow/review)\n * - passive: Evaluate and log but never block (telemetry-only mode)\n */\nexport type GatewayPosture = 'active' | 'passive';\n\nexport interface AstraSyncGatewayConfig {\n mode: GatewayMode;\n /** Enforcement posture: 'active' blocks actions, 'passive' logs only (default: 'active') */\n posture?: GatewayPosture;\n /** AstraSync API base URL (required for online/hybrid modes) */\n apiBaseUrl?: string;\n /** API key for authenticating with AstraSync (required for online/hybrid modes) */\n apiKey?: string;\n /** Path to local PDLSS policy YAML file (required for local/hybrid modes) */\n policyFile?: string;\n /** Inline policy object (alternative to policyFile) */\n policy?: LocalPolicy;\n /** Sync interval in seconds for hybrid mode (default: 3600) */\n syncInterval?: number;\n /** Cache verification results TTL in seconds (default: 300) */\n cacheTtl?: number;\n /** Enable debug logging */\n debug?: boolean;\n /** Enable trace logging to .astrasync/traces/ (default: false) */\n traceEnabled?: boolean;\n /** Trace log directory (default: .astrasync/traces/) */\n tracePath?: string;\n /** Default access level for unverified requests */\n defaultAccessLevel?: import('../types').AccessLevel;\n /** Minimum trust score for standard access (online/hybrid) */\n minTrustScore?: number;\n /** Minimum trust score for full access (online/hybrid) */\n minTrustScoreForFull?: number;\n /** Custom headers to send with API requests */\n customHeaders?: Record<string, string>;\n /** Counterparty URL for analytics */\n counterpartyUrl?: string;\n /** Counterparty type for analytics */\n counterpartyType?: import('../types').CounterpartyType;\n}\n\n// ========================================================================\n// PDLSS Context (Agent-side action context)\n// ========================================================================\n\nexport interface PDLSSContext {\n /** Purpose category (e.g. email.send, shell.exec, file.read) */\n purpose: string;\n /** Specific action within purpose */\n action: string;\n /** Target resource, recipient, or counterparty */\n target: string;\n /** Types of data access (read, write, delete) */\n dataAccess?: string[];\n /** Network domains/IPs being accessed */\n networkAccess?: string[];\n /** Resource type (customer, order, file, directory, process) */\n resourceType?: string;\n /** Risk factors for this action */\n riskFactors?: RiskFactor[];\n /** Transaction value (if financial) */\n transactionValue?: number;\n /** Currency for transaction */\n currency?: string;\n /** Additional metadata */\n metadata?: Record<string, unknown>;\n}\n\nexport interface RiskFactor {\n type: 'financial' | 'data_sensitivity' | 'privilege_escalation' | 'network_scope' | 'destructive';\n severity: 'low' | 'medium' | 'high' | 'critical';\n detail: string;\n}\n\n// ========================================================================\n// Verification Decision\n// ========================================================================\n\nexport interface VerificationDecision {\n recommendation: 'ALLOW' | 'DENY' | 'MANUAL_REVIEW';\n reason: string;\n trustScore?: number;\n tokenGuidance?: import('../types').TokenGuidance;\n sessionId?: string;\n /** PDLSS dimensions that were evaluated */\n evaluatedDimensions?: {\n purpose: boolean;\n scope: boolean;\n limits: boolean;\n riskThresholds: boolean;\n };\n}\n\n// ========================================================================\n// Local Policy Types (YAML format)\n// ========================================================================\n\nexport interface LocalPolicy {\n version: string;\n name: string;\n description?: string;\n purposes: LocalPurposeRule[];\n scope?: LocalScope;\n limits?: LocalLimits;\n riskThresholds?: LocalRiskThresholds;\n selfInstantiation?: LocalSelfInstantiation;\n}\n\nexport interface LocalPurposeRule {\n id: string;\n allowed: boolean;\n targets?: string[];\n blockedPatterns?: string[];\n requiresApproval?: boolean;\n}\n\nexport interface LocalScope {\n allowedDomains?: string[];\n blockedDomains?: string[];\n blockedResources?: string[];\n}\n\nexport interface LocalLimits {\n maxTransactionAmount?: number;\n maxRequestsPerHour?: number;\n currency?: string;\n}\n\nexport interface LocalRiskThresholds {\n autoAllow: { min: number; max: number };\n requireApproval: { min: number; max: number };\n autoBlock: { min: number; max: number };\n}\n\nexport interface LocalSelfInstantiation {\n /** Whether sub-agent spawning is allowed */\n allowed: boolean;\n /** Maximum depth of sub-agent chain */\n maxDepth?: number;\n}\n\n// ========================================================================\n// Risk Scoring Defaults (cherry-picked from trust-harness-core)\n// ========================================================================\n\n/** Base risk scores per action category */\nexport const BASE_RISK_SCORES: Record<string, number> = {\n 'file.read': 10,\n 'file.write': 40,\n 'file.delete': 70,\n 'shell.exec': 50,\n 'network.fetch': 60,\n 'network.request': 60,\n 'email.send': 45,\n 'email.read': 15,\n 'calendar.create': 20,\n 'calendar.modify': 30,\n 'database.query': 25,\n 'database.write': 55,\n 'payment.execute': 80,\n 'sub_agent.spawn': 65,\n 'code.execute': 45,\n};\n\n/** Shell commands that significantly increase risk score */\nexport const HIGH_RISK_COMMANDS = [\n 'rm', 'rmdir', 'dd', 'mkfs', 'chmod', 'chown',\n 'sudo', 'su', 'curl', 'wget', 'nc', 'netcat',\n 'ssh', 'scp', 'rsync', 'git push', 'npm publish',\n 'docker', 'kubectl',\n];\n\n/** File paths that indicate sensitive data access */\nexport const SENSITIVE_PATHS = [\n '.ssh', '.aws', '.gnupg', '.env', 'credentials',\n 'secrets', 'password', '.git/config', '/etc', '/var', '/root',\n 'id_rsa', '.npmrc', '.pypirc',\n];\n\n// ========================================================================\n// Trace Event Types\n// ========================================================================\n\nexport interface TraceEvent {\n id: string;\n timestamp: Date;\n type: 'evaluation' | 'decision' | 'error' | 'mode_switch';\n context?: PDLSSContext;\n decision?: VerificationDecision;\n metadata?: Record<string, unknown>;\n}\n\n// ========================================================================\n// Adapter Interface Types\n// ========================================================================\n\nexport interface AdapterConfig {\n /** The gateway instance (handles mode routing) */\n gateway: unknown; // Typed as AstraSyncGateway at usage site to avoid circular deps\n /** Platform-specific configuration */\n adapterOptions: Record<string, unknown>;\n}\n\nexport interface AgentAction {\n /** Raw action data from the platform */\n raw: unknown;\n /** Platform identifier (e.g. 'openclaw-cli', 'cursor', 'browser') */\n platform: string;\n /** Timestamp of the action */\n timestamp: Date;\n}\n\nexport interface InterceptResult {\n /** Whether the action was intercepted */\n intercepted: boolean;\n /** Extracted PDLSS context (if intercepted) */\n context?: PDLSSContext;\n /** Reason for not intercepting (if not intercepted) */\n skipReason?: string;\n}\n\n// ========================================================================\n// Sync Queue Types (Hybrid mode)\n// ========================================================================\n\nexport interface SyncQueueEntry {\n id: string;\n context: PDLSSContext;\n decision: VerificationDecision;\n timestamp: Date;\n retryCount: number;\n status: 'pending' | 'synced' | 'failed';\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACiLO,IAAM,qBAAqB;AAAA,EAChC;AAAA,EAAM;AAAA,EAAS;AAAA,EAAM;AAAA,EAAQ;AAAA,EAAS;AAAA,EACtC;AAAA,EAAQ;AAAA,EAAM;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAM;AAAA,EACpC;AAAA,EAAO;AAAA,EAAO;AAAA,EAAS;AAAA,EAAY;AAAA,EACnC;AAAA,EAAU;AACZ;AAGO,IAAM,kBAAkB;AAAA,EAC7B;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAU;AAAA,EAAQ;AAAA,EAClC;AAAA,EAAW;AAAA,EAAY;AAAA,EAAe;AAAA,EAAQ;AAAA,EAAQ;AAAA,EACtD;AAAA,EAAU;AAAA,EAAU;AACtB;;;AD3KO,IAAM,iBAAN,MAAqB;AAAA,EAI1B,YAAY,QAAqB;AAFjC,SAAQ,gBAAqE,oBAAI,IAAI;AAGnF,SAAK,SAAS;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,QAA2B;AACtC,SAAK,SAAS;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA,EAKA,SAAS,SAA6C;AAEpD,UAAM,cAAc,KAAK,OAAO,SAAS,KAAK,CAAC,MAAM,EAAE,OAAO,QAAQ,OAAO;AAC7E,QAAI,CAAC,aAAa;AAChB,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,wBAAwB;AAAA,IACnE;AACA,QAAI,CAAC,YAAY,SAAS;AACxB,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,6BAA6B;AAAA,IACxE;AAGA,QAAI,YAAY,WAAW,CAAC,KAAK,kBAAkB,QAAQ,QAAQ,YAAY,OAAO,GAAG;AACvF,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,6BAA6B;AAAA,IACxE;AAGA,QAAI,YAAY,mBAAmB,KAAK,kBAAkB,QAAQ,QAAQ,YAAY,eAAe,GAAG;AACtG,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,iCAAiC;AAAA,IAC5E;AAGA,UAAM,aAAa,KAAK,gBAAgB,OAAO;AAC/C,QAAI,YAAY;AACd,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,WAAW;AAAA,IACtD;AAGA,UAAM,iBAAiB,KAAK,YAAY,OAAO;AAC/C,QAAI,gBAAgB;AAClB,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,eAAe;AAAA,IAC1D;AAGA,QAAI,QAAQ,YAAY,qBAAqB,KAAK,OAAO,mBAAmB;AAC1E,UAAI,CAAC,KAAK,OAAO,kBAAkB,SAAS;AAC1C,eAAO,EAAE,gBAAgB,QAAQ,QAAQ,oCAAoC;AAAA,MAC/E;AACA,YAAM,QAAS,QAAQ,UAAU,iBAA4B;AAC7D,UAAI,KAAK,OAAO,kBAAkB,aAAa,UAAa,SAAS,KAAK,OAAO,kBAAkB,UAAU;AAC3G,eAAO,EAAE,gBAAgB,QAAQ,QAAQ,mBAAmB,KAAK,sBAAsB,KAAK,OAAO,kBAAkB,QAAQ,GAAG;AAAA,MAClI;AAAA,IACF;AAGA,QAAI,YAAY,kBAAkB;AAChC,aAAO,EAAE,gBAAgB,iBAAiB,QAAQ,4BAA4B;AAAA,IAChF;AAEA,UAAM,eAAe,KAAK,oBAAoB,OAAO;AACrD,QAAI,cAAc;AAChB,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,MACL,gBAAgB;AAAA,MAChB,QAAQ;AAAA,MACR,qBAAqB;AAAA,QACnB,SAAS;AAAA,QACT,OAAO,CAAC,CAAC,KAAK,OAAO;AAAA,QACrB,QAAQ,CAAC,CAAC,KAAK,OAAO;AAAA,QACtB,gBAAgB,CAAC,CAAC,KAAK,OAAO;AAAA,MAChC;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,gBAAgB,SAAsC;AAC5D,UAAM,QAAQ,KAAK,OAAO;AAC1B,QAAI,CAAC,MAAO,QAAO;AAGnB,QAAI,MAAM,gBAAgB;AACxB,YAAM,eAAe,KAAK,cAAc,QAAQ,MAAM;AACtD,UAAI,KAAK,kBAAkB,cAAc,MAAM,cAAc,GAAG;AAC9D,eAAO,4BAA4B,QAAQ,MAAM;AAAA,MACnD;AACA,UAAI,QAAQ,eAAe;AACzB,mBAAW,UAAU,QAAQ,eAAe;AAC1C,cAAI,KAAK,kBAAkB,KAAK,cAAc,MAAM,GAAG,MAAM,cAAc,GAAG;AAC5E,mBAAO,4BAA4B,MAAM;AAAA,UAC3C;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,QAAI,MAAM,oBAAoB,KAAK,kBAAkB,QAAQ,QAAQ,MAAM,gBAAgB,GAAG;AAC5F,aAAO,8BAA8B,QAAQ,MAAM;AAAA,IACrD;AAGA,QAAI,MAAM,kBAAkB,QAAQ,eAAe;AACjD,iBAAW,UAAU,QAAQ,eAAe;AAC1C,YAAI,CAAC,KAAK,kBAAkB,KAAK,cAAc,MAAM,GAAG,MAAM,cAAc,GAAG;AAC7E,iBAAO,+BAA+B,MAAM;AAAA,QAC9C;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEQ,YAAY,SAAsC;AACxD,UAAM,SAAS,KAAK,OAAO;AAC3B,QAAI,CAAC,OAAQ,QAAO;AAGpB,QAAI,OAAO,yBAAyB,UAAa,QAAQ,qBAAqB,QAAW;AACvF,UAAI,QAAQ,mBAAmB,OAAO,sBAAsB;AAC1D,eAAO,qBAAqB,QAAQ,gBAAgB,kBAAkB,OAAO,oBAAoB;AAAA,MACnG;AAAA,IACF;AAGA,QAAI,OAAO,uBAAuB,QAAW;AAC3C,YAAM,MAAM,QAAQ;AACpB,YAAM,MAAM,KAAK,IAAI;AACrB,YAAM,QAAQ,KAAK,cAAc,IAAI,GAAG;AACxC,YAAM,SAAS;AAEf,UAAI,CAAC,SAAS,MAAM,MAAM,cAAc,QAAQ;AAC9C,aAAK,cAAc,IAAI,KAAK,EAAE,OAAO,GAAG,aAAa,IAAI,CAAC;AAAA,MAC5D,OAAO;AACL,cAAM;AACN,YAAI,MAAM,QAAQ,OAAO,oBAAoB;AAC3C,iBAAO,wBAAwB,MAAM,KAAK,IAAI,OAAO,kBAAkB;AAAA,QACzE;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEQ,oBAAoB,SAAoD;AAC9E,QAAI,CAAC,KAAK,OAAO,eAAgB,QAAO;AAExC,UAAM,YAAY,KAAK,mBAAmB,OAAO;AACjD,UAAM,aAAa,KAAK,OAAO;AAE/B,QAAI,aAAa,WAAW,UAAU,KAAK;AACzC,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,cAAc,SAAS,2BAA2B;AAAA,IAC7F;AAEA,QAAI,aAAa,WAAW,gBAAgB,KAAK;AAC/C,aAAO,EAAE,gBAAgB,iBAAiB,QAAQ,cAAc,SAAS,qBAAqB;AAAA,IAChG;AAEA,WAAO;AAAA,EACT;AAAA,EAEQ,mBAAmB,SAA+B;AACxD,QAAI,QAAQ;AAGZ,QAAI,QAAQ,aAAa,QAAQ;AAC/B,YAAM,iBAAyC;AAAA,QAC7C,KAAK;AAAA,QACL,QAAQ;AAAA,QACR,MAAM;AAAA,QACN,UAAU;AAAA,MACZ;AAEA,iBAAW,UAAU,QAAQ,aAAa;AACxC,cAAM,cAAc,eAAe,OAAO,QAAQ,KAAK;AACvD,YAAI,cAAc,MAAO,SAAQ;AAAA,MACnC;AACA,aAAO;AAAA,IACT;AAGA,QAAI,QAAQ,YAAY,gBAAgB,QAAQ,QAAQ;AACtD,YAAM,cAAc,QAAQ,OAAO,YAAY;AAC/C,iBAAW,OAAO,oBAAoB;AACpC,YAAI,YAAY,WAAW,GAAG,KAAK,YAAY,SAAS,IAAI,GAAG,GAAG,KAAK,YAAY,SAAS,IAAI,GAAG,EAAE,GAAG;AACtG,kBAAQ,KAAK,IAAI,OAAO,EAAE;AAC1B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,SAAK,QAAQ,YAAY,eAAe,QAAQ,YAAY,gBAAgB,QAAQ,YAAY,kBAAkB,QAAQ,QAAQ;AAChI,YAAM,cAAc,QAAQ,OAAO,YAAY;AAC/C,iBAAW,iBAAiB,iBAAiB;AAC3C,YAAI,YAAY,SAAS,cAAc,YAAY,CAAC,GAAG;AACrD,kBAAQ,KAAK,IAAI,OAAO,EAAE;AAC1B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKQ,cAAc,OAAuB;AAC3C,QAAI,SAAS;AAEb,UAAM,aAAa,OAAO,QAAQ,KAAK;AACvC,QAAI,eAAe,GAAI,UAAS,OAAO,MAAM,aAAa,CAAC;AAE3D,UAAM,aAAa,OAAO,QAAQ,GAAG;AACrC,QAAI,eAAe,GAAI,UAAS,OAAO,MAAM,GAAG,UAAU;AAE1D,UAAM,aAAa,OAAO,QAAQ,GAAG;AACrC,QAAI,eAAe,GAAI,UAAS,OAAO,MAAM,GAAG,UAAU;AAC1D,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKQ,kBAAkB,OAAe,UAA6B;AACpE,WAAO,SAAS,KAAK,CAAC,YAAY,KAAK,UAAU,OAAO,OAAO,CAAC;AAAA,EAClE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOQ,UAAU,OAAe,SAA0B;AAEzD,QAAI,YAAY,MAAO,QAAO;AAG9B,UAAM,WAAW,QACd,QAAQ,qBAAqB,MAAM,EACnC,QAAQ,OAAO,IAAI,EACnB,QAAQ,OAAO,GAAG;AAErB,QAAI;AACF,aAAO,IAAI,OAAO,IAAI,QAAQ,KAAK,GAAG,EAAE,KAAK,KAAK;AAAA,IACpD,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAKO,SAAS,gBAAgB,QAAqB,WAAiD;AACpG,SAAO,OAAO,SAAS,KAAK,CAAC,MAAM,EAAE,OAAO,SAAS;AACvD;","names":[]}
package/dist/local-evaluator/evaluator.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/gateway/types.ts","../../src/local-evaluator/evaluator.ts"],"sourcesContent":["/**\n * AstraSync Gateway - Types for gateway modes, local evaluation, and adapter interface.\n */\n\n// ========================================================================\n// Gateway Configuration\n// ========================================================================\n\nexport type GatewayMode = 'online' | 'local' | 'hybrid';\n\n/**\n * Posture controls whether the gateway actively blocks or just monitors.\n * - active: Evaluate and enforce decisions (block/allow/review)\n * - passive: Evaluate and log but never block (telemetry-only mode)\n */\nexport type GatewayPosture = 'active' | 'passive';\n\nexport interface AstraSyncGatewayConfig {\n mode: GatewayMode;\n /** Enforcement posture: 'active' blocks actions, 'passive' logs only (default: 'active') */\n posture?: GatewayPosture;\n /** AstraSync API base URL (required for online/hybrid modes) */\n apiBaseUrl?: string;\n /** API key for authenticating with AstraSync (required for online/hybrid modes) */\n apiKey?: string;\n /** Path to local PDLSS policy YAML file (required for local/hybrid modes) */\n policyFile?: string;\n /** Inline policy object (alternative to policyFile) */\n policy?: LocalPolicy;\n /** Sync interval in seconds for hybrid mode (default: 3600) */\n syncInterval?: number;\n /** Cache verification results TTL in seconds (default: 300) */\n cacheTtl?: number;\n /** Enable debug logging */\n debug?: boolean;\n /** Enable trace logging to .astrasync/traces/ (default: false) */\n traceEnabled?: boolean;\n /** Trace log directory (default: .astrasync/traces/) */\n tracePath?: string;\n /** Default access level for unverified requests */\n defaultAccessLevel?: import('../types').AccessLevel;\n /** Minimum trust score for standard access (online/hybrid) */\n minTrustScore?: number;\n /** Minimum trust score for full access (online/hybrid) */\n minTrustScoreForFull?: number;\n /** Custom headers to send with API requests */\n customHeaders?: Record<string, string>;\n /** Counterparty URL for analytics */\n counterpartyUrl?: string;\n /** Counterparty type for analytics */\n counterpartyType?: import('../types').CounterpartyType;\n}\n\n// ========================================================================\n// PDLSS Context (Agent-side action context)\n// ========================================================================\n\nexport interface PDLSSContext {\n /** Purpose category (e.g. email.send, shell.exec, file.read) */\n purpose: string;\n /** Specific action within purpose */\n action: string;\n /** Target resource, recipient, or counterparty */\n target: string;\n /** Types of data access (read, write, delete) */\n dataAccess?: string[];\n /** Network domains/IPs being accessed */\n networkAccess?: string[];\n /** Resource type (customer, order, file, directory, process) */\n resourceType?: string;\n /** Risk factors for this action */\n riskFactors?: RiskFactor[];\n /** Transaction value (if financial) */\n transactionValue?: number;\n /** Currency for transaction */\n currency?: string;\n /** Additional metadata */\n metadata?: Record<string, unknown>;\n}\n\nexport interface RiskFactor {\n type: 'financial' | 'data_sensitivity' | 'privilege_escalation' | 'network_scope' | 'destructive';\n severity: 'low' | 'medium' | 'high' | 'critical';\n detail: string;\n}\n\n// ========================================================================\n// Verification Decision\n// ========================================================================\n\nexport interface VerificationDecision {\n recommendation: 'ALLOW' | 'DENY' | 'MANUAL_REVIEW';\n reason: string;\n trustScore?: number;\n tokenGuidance?: import('../types').TokenGuidance;\n sessionId?: string;\n /** PDLSS dimensions that were evaluated */\n evaluatedDimensions?: {\n purpose: boolean;\n scope: boolean;\n limits: boolean;\n riskThresholds: boolean;\n };\n}\n\n// ========================================================================\n// Local Policy Types (YAML format)\n// ========================================================================\n\nexport interface LocalPolicy {\n version: string;\n name: string;\n description?: string;\n purposes: LocalPurposeRule[];\n scope?: LocalScope;\n limits?: LocalLimits;\n riskThresholds?: LocalRiskThresholds;\n selfInstantiation?: LocalSelfInstantiation;\n}\n\nexport interface LocalPurposeRule {\n id: string;\n allowed: boolean;\n targets?: string[];\n blockedPatterns?: string[];\n requiresApproval?: boolean;\n}\n\nexport interface LocalScope {\n allowedDomains?: string[];\n blockedDomains?: string[];\n blockedResources?: string[];\n}\n\nexport interface LocalLimits {\n maxTransactionAmount?: number;\n maxRequestsPerHour?: number;\n currency?: string;\n}\n\nexport interface LocalRiskThresholds {\n autoAllow: { min: number; max: number };\n requireApproval: { min: number; max: number };\n autoBlock: { min: number; max: number };\n}\n\nexport interface LocalSelfInstantiation {\n /** Whether sub-agent spawning is allowed */\n allowed: boolean;\n /** Maximum depth of sub-agent chain */\n maxDepth?: number;\n}\n\n// ========================================================================\n// Risk Scoring Defaults (cherry-picked from trust-harness-core)\n// ========================================================================\n\n/** Base risk scores per action category */\nexport const BASE_RISK_SCORES: Record<string, number> = {\n 'file.read': 10,\n 'file.write': 40,\n 'file.delete': 70,\n 'shell.exec': 50,\n 'network.fetch': 60,\n 'network.request': 60,\n 'email.send': 45,\n 'email.read': 15,\n 'calendar.create': 20,\n 'calendar.modify': 30,\n 'database.query': 25,\n 'database.write': 55,\n 'payment.execute': 80,\n 'sub_agent.spawn': 65,\n 'code.execute': 45,\n};\n\n/** Shell commands that significantly increase risk score */\nexport const HIGH_RISK_COMMANDS = [\n 'rm', 'rmdir', 'dd', 'mkfs', 'chmod', 'chown',\n 'sudo', 'su', 'curl', 'wget', 'nc', 'netcat',\n 'ssh', 'scp', 'rsync', 'git push', 'npm publish',\n 'docker', 'kubectl',\n];\n\n/** File paths that indicate sensitive data access */\nexport const SENSITIVE_PATHS = [\n '.ssh', '.aws', '.gnupg', '.env', 'credentials',\n 'secrets', 'password', '.git/config', '/etc', '/var', '/root',\n 'id_rsa', '.npmrc', '.pypirc',\n];\n\n// ========================================================================\n// Trace Event Types\n// ========================================================================\n\nexport interface TraceEvent {\n id: string;\n timestamp: Date;\n type: 'evaluation' | 'decision' | 'error' | 'mode_switch';\n context?: PDLSSContext;\n decision?: VerificationDecision;\n metadata?: Record<string, unknown>;\n}\n\n// ========================================================================\n// Adapter Interface Types\n// ========================================================================\n\nexport interface AdapterConfig {\n /** The gateway instance (handles mode routing) */\n gateway: unknown; // Typed as AstraSyncGateway at usage site to avoid circular deps\n /** Platform-specific configuration */\n adapterOptions: Record<string, unknown>;\n}\n\nexport interface AgentAction {\n /** Raw action data from the platform */\n raw: unknown;\n /** Platform identifier (e.g. 'openclaw-cli', 'cursor', 'browser') */\n platform: string;\n /** Timestamp of the action */\n timestamp: Date;\n}\n\nexport interface InterceptResult {\n /** Whether the action was intercepted */\n intercepted: boolean;\n /** Extracted PDLSS context (if intercepted) */\n context?: PDLSSContext;\n /** Reason for not intercepting (if not intercepted) */\n skipReason?: string;\n}\n\n// ========================================================================\n// Sync Queue Types (Hybrid mode)\n// ========================================================================\n\nexport interface SyncQueueEntry {\n id: string;\n context: PDLSSContext;\n decision: VerificationDecision;\n timestamp: Date;\n retryCount: number;\n status: 'pending' | 'synced' | 'failed';\n}\n","/**\n * Local PDLSS Evaluator\n *\n * Evaluates agent actions against a local PDLSS policy.\n * Same logic as the cloud evaluator but runs in-process with no I/O.\n *\n * Evaluation order:\n * 1. Purpose: find matching rule, check if allowed\n * 2. Purpose: check allowed targets (if specified)\n * 3. Purpose: check blocked patterns (if specified)\n * 4. Scope: check global blocked resources/domains\n * 5. Limits: check transaction/rate limits\n * 6. Risk thresholds + approval requirements\n */\n\nimport type { LocalPolicy, PDLSSContext, VerificationDecision, LocalPurposeRule } from '../gateway/types';\nimport { BASE_RISK_SCORES, HIGH_RISK_COMMANDS, SENSITIVE_PATHS } from '../gateway/types';\n\nexport class LocalEvaluator {\n private policy: LocalPolicy;\n private requestCounts: Map<string, { count: number; windowStart: number }> = new Map();\n\n constructor(policy: LocalPolicy) {\n this.policy = policy;\n }\n\n /**\n * Update the policy (e.g. after hot-reload or sync).\n */\n updatePolicy(policy: LocalPolicy): void {\n this.policy = policy;\n }\n\n /**\n * Evaluate an action context against the loaded policy.\n */\n evaluate(context: PDLSSContext): VerificationDecision {\n // 1. Purpose: find matching rule\n const purposeRule = this.policy.purposes.find((p) => p.id === context.purpose);\n if (!purposeRule) {\n return { recommendation: 'DENY', reason: 'Purpose not in policy' };\n }\n if (!purposeRule.allowed) {\n return { recommendation: 'DENY', reason: 'Purpose explicitly blocked' };\n }\n\n // 2. Purpose: check allowed targets\n if (purposeRule.targets && !this.matchesAnyPattern(context.target, purposeRule.targets)) {\n return { recommendation: 'DENY', reason: 'Target not in allowed list' };\n }\n\n // 3. Purpose: check blocked patterns\n if (purposeRule.blockedPatterns && this.matchesAnyPattern(context.target, purposeRule.blockedPatterns)) {\n return { recommendation: 'DENY', reason: 'Target matches blocked pattern' };\n }\n\n // 4. Scope: check global blocked resources/domains\n const scopeBlock = this.checkScopeBlock(context);\n if (scopeBlock) {\n return { recommendation: 'DENY', reason: scopeBlock };\n }\n\n // 5. Limits: check transaction and rate limits\n const limitViolation = this.checkLimits(context);\n if (limitViolation) {\n return { recommendation: 'DENY', reason: limitViolation };\n }\n\n // 6. Self-instantiation: check sub-agent spawning rules\n if (context.purpose === 'sub_agent.spawn' && this.policy.selfInstantiation) {\n if (!this.policy.selfInstantiation.allowed) {\n return { recommendation: 'DENY', reason: 'Sub-agent spawning is not allowed' };\n }\n const depth = (context.metadata?.subAgentDepth as number) || 0;\n if (this.policy.selfInstantiation.maxDepth !== undefined && depth >= this.policy.selfInstantiation.maxDepth) {\n return { recommendation: 'DENY', reason: `Sub-agent depth ${depth} exceeds max depth ${this.policy.selfInstantiation.maxDepth}` };\n }\n }\n\n // 7. Risk thresholds + approval requirements\n if (purposeRule.requiresApproval) {\n return { recommendation: 'MANUAL_REVIEW', reason: 'Purpose requires approval' };\n }\n\n const riskDecision = this.checkRiskThresholds(context);\n if (riskDecision) {\n return riskDecision;\n }\n\n return {\n recommendation: 'ALLOW',\n reason: 'All PDLSS checks passed',\n evaluatedDimensions: {\n purpose: true,\n scope: !!this.policy.scope,\n limits: !!this.policy.limits,\n riskThresholds: !!this.policy.riskThresholds,\n },\n };\n }\n\n private checkScopeBlock(context: PDLSSContext): string | null {\n const scope = this.policy.scope;\n if (!scope) return null;\n\n // Check blocked domains against target and network access\n if (scope.blockedDomains) {\n const targetDomain = this.extractDomain(context.target);\n if (this.matchesAnyPattern(targetDomain, scope.blockedDomains)) {\n return `Target blocked by scope: ${context.target}`;\n }\n if (context.networkAccess) {\n for (const domain of context.networkAccess) {\n if (this.matchesAnyPattern(this.extractDomain(domain), scope.blockedDomains)) {\n return `Domain blocked by scope: ${domain}`;\n }\n }\n }\n }\n\n // Check blocked resources against target\n if (scope.blockedResources && this.matchesAnyPattern(context.target, scope.blockedResources)) {\n return `Resource blocked by scope: ${context.target}`;\n }\n\n // Check allowed domains (if specified, target must match)\n if (scope.allowedDomains && context.networkAccess) {\n for (const domain of context.networkAccess) {\n if (!this.matchesAnyPattern(this.extractDomain(domain), scope.allowedDomains)) {\n return `Domain not in allowed list: ${domain}`;\n }\n }\n }\n\n return null;\n }\n\n private checkLimits(context: PDLSSContext): string | null {\n const limits = this.policy.limits;\n if (!limits) return null;\n\n // Transaction amount check\n if (limits.maxTransactionAmount !== undefined && context.transactionValue !== undefined) {\n if (context.transactionValue > limits.maxTransactionAmount) {\n return `Transaction value ${context.transactionValue} exceeds limit ${limits.maxTransactionAmount}`;\n }\n }\n\n // Rate limit check\n if (limits.maxRequestsPerHour !== undefined) {\n const key = context.purpose;\n const now = Date.now();\n const entry = this.requestCounts.get(key);\n const hourMs = 3600000;\n\n if (!entry || now - entry.windowStart > hourMs) {\n this.requestCounts.set(key, { count: 1, windowStart: now });\n } else {\n entry.count++;\n if (entry.count > limits.maxRequestsPerHour) {\n return `Rate limit exceeded: ${entry.count}/${limits.maxRequestsPerHour} requests per hour`;\n }\n }\n }\n\n return null;\n }\n\n private checkRiskThresholds(context: PDLSSContext): VerificationDecision | null {\n if (!this.policy.riskThresholds) return null;\n\n const riskScore = this.calculateRiskScore(context);\n const thresholds = this.policy.riskThresholds;\n\n if (riskScore >= thresholds.autoBlock.min) {\n return { recommendation: 'DENY', reason: `Risk score ${riskScore} exceeds block threshold` };\n }\n\n if (riskScore >= thresholds.requireApproval.min) {\n return { recommendation: 'MANUAL_REVIEW', reason: `Risk score ${riskScore} requires approval` };\n }\n\n return null;\n }\n\n private calculateRiskScore(context: PDLSSContext): number {\n let score = 0;\n\n // Explicit risk factors take priority (highest severity wins)\n if (context.riskFactors?.length) {\n const severityScores: Record<string, number> = {\n low: 10,\n medium: 40,\n high: 70,\n critical: 90,\n };\n\n for (const factor of context.riskFactors) {\n const factorScore = severityScores[factor.severity] || 0;\n if (factorScore > score) score = factorScore;\n }\n return score;\n }\n\n // Auto-detect risk from high-risk shell commands\n if (context.purpose === 'shell.exec' && context.target) {\n const targetLower = context.target.toLowerCase();\n for (const cmd of HIGH_RISK_COMMANDS) {\n if (targetLower.startsWith(cmd) || targetLower.includes(` ${cmd} `) || targetLower.includes(` ${cmd}`)) {\n score = Math.max(score, 80);\n break;\n }\n }\n }\n\n // Auto-detect risk from sensitive file paths (score 50 = review range)\n if ((context.purpose === 'file.read' || context.purpose === 'file.write' || context.purpose === 'file.delete') && context.target) {\n const targetLower = context.target.toLowerCase();\n for (const sensitivePath of SENSITIVE_PATHS) {\n if (targetLower.includes(sensitivePath.toLowerCase())) {\n score = Math.max(score, 50);\n break;\n }\n }\n }\n\n return score;\n }\n\n /**\n * Extract domain from a URL-like string (strips protocol and path).\n */\n private extractDomain(value: string): string {\n let domain = value;\n // Strip protocol\n const protoIndex = domain.indexOf('://');\n if (protoIndex !== -1) domain = domain.slice(protoIndex + 3);\n // Strip path\n const slashIndex = domain.indexOf('/');\n if (slashIndex !== -1) domain = domain.slice(0, slashIndex);\n // Strip port\n const colonIndex = domain.indexOf(':');\n if (colonIndex !== -1) domain = domain.slice(0, colonIndex);\n return domain;\n }\n\n /**\n * Check if a value matches any of the given glob patterns.\n */\n private matchesAnyPattern(value: string, patterns: string[]): boolean {\n return patterns.some((pattern) => this.matchGlob(value, pattern));\n }\n\n /**\n * Simple glob pattern matching.\n * Supports * (matches any characters including / and spaces) and ? (single char).\n * Uses the same approach as the backend's matchGlobPattern.\n */\n private matchGlob(value: string, pattern: string): boolean {\n // Exact match\n if (pattern === value) return true;\n\n // Convert glob to regex\n const regexStr = pattern\n .replace(/[.+^${}()|[\\]\\\\]/g, '\\\\$&') // Escape special regex chars (except * and ?)\n .replace(/\\*/g, '.*') // * matches anything\n .replace(/\\?/g, '.'); // ? matches single char\n\n try {\n return new RegExp(`^${regexStr}$`, 'i').test(value);\n } catch {\n return false;\n }\n }\n}\n\n/**\n * Convenience: find a matching purpose rule.\n */\nexport function findPurposeRule(policy: LocalPolicy, purposeId: string): LocalPurposeRule | undefined {\n return policy.purposes.find((p) => p.id === purposeId);\n}\n"],"mappings":";AAiLO,IAAM,qBAAqB;AAAA,EAChC;AAAA,EAAM;AAAA,EAAS;AAAA,EAAM;AAAA,EAAQ;AAAA,EAAS;AAAA,EACtC;AAAA,EAAQ;AAAA,EAAM;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAM;AAAA,EACpC;AAAA,EAAO;AAAA,EAAO;AAAA,EAAS;AAAA,EAAY;AAAA,EACnC;AAAA,EAAU;AACZ;AAGO,IAAM,kBAAkB;AAAA,EAC7B;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAU;AAAA,EAAQ;AAAA,EAClC;AAAA,EAAW;AAAA,EAAY;AAAA,EAAe;AAAA,EAAQ;AAAA,EAAQ;AAAA,EACtD;AAAA,EAAU;AAAA,EAAU;AACtB;;;AC3KO,IAAM,iBAAN,MAAqB;AAAA,EAI1B,YAAY,QAAqB;AAFjC,SAAQ,gBAAqE,oBAAI,IAAI;AAGnF,SAAK,SAAS;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,QAA2B;AACtC,SAAK,SAAS;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA,EAKA,SAAS,SAA6C;AAEpD,UAAM,cAAc,KAAK,OAAO,SAAS,KAAK,CAAC,MAAM,EAAE,OAAO,QAAQ,OAAO;AAC7E,QAAI,CAAC,aAAa;AAChB,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,wBAAwB;AAAA,IACnE;AACA,QAAI,CAAC,YAAY,SAAS;AACxB,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,6BAA6B;AAAA,IACxE;AAGA,QAAI,YAAY,WAAW,CAAC,KAAK,kBAAkB,QAAQ,QAAQ,YAAY,OAAO,GAAG;AACvF,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,6BAA6B;AAAA,IACxE;AAGA,QAAI,YAAY,mBAAmB,KAAK,kBAAkB,QAAQ,QAAQ,YAAY,eAAe,GAAG;AACtG,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,iCAAiC;AAAA,IAC5E;AAGA,UAAM,aAAa,KAAK,gBAAgB,OAAO;AAC/C,QAAI,YAAY;AACd,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,WAAW;AAAA,IACtD;AAGA,UAAM,iBAAiB,KAAK,YAAY,OAAO;AAC/C,QAAI,gBAAgB;AAClB,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,eAAe;AAAA,IAC1D;AAGA,QAAI,QAAQ,YAAY,qBAAqB,KAAK,OAAO,mBAAmB;AAC1E,UAAI,CAAC,KAAK,OAAO,kBAAkB,SAAS;AAC1C,eAAO,EAAE,gBAAgB,QAAQ,QAAQ,oCAAoC;AAAA,MAC/E;AACA,YAAM,QAAS,QAAQ,UAAU,iBAA4B;AAC7D,UAAI,KAAK,OAAO,kBAAkB,aAAa,UAAa,SAAS,KAAK,OAAO,kBAAkB,UAAU;AAC3G,eAAO,EAAE,gBAAgB,QAAQ,QAAQ,mBAAmB,KAAK,sBAAsB,KAAK,OAAO,kBAAkB,QAAQ,GAAG;AAAA,MAClI;AAAA,IACF;AAGA,QAAI,YAAY,kBAAkB;AAChC,aAAO,EAAE,gBAAgB,iBAAiB,QAAQ,4BAA4B;AAAA,IAChF;AAEA,UAAM,eAAe,KAAK,oBAAoB,OAAO;AACrD,QAAI,cAAc;AAChB,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,MACL,gBAAgB;AAAA,MAChB,QAAQ;AAAA,MACR,qBAAqB;AAAA,QACnB,SAAS;AAAA,QACT,OAAO,CAAC,CAAC,KAAK,OAAO;AAAA,QACrB,QAAQ,CAAC,CAAC,KAAK,OAAO;AAAA,QACtB,gBAAgB,CAAC,CAAC,KAAK,OAAO;AAAA,MAChC;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,gBAAgB,SAAsC;AAC5D,UAAM,QAAQ,KAAK,OAAO;AAC1B,QAAI,CAAC,MAAO,QAAO;AAGnB,QAAI,MAAM,gBAAgB;AACxB,YAAM,eAAe,KAAK,cAAc,QAAQ,MAAM;AACtD,UAAI,KAAK,kBAAkB,cAAc,MAAM,cAAc,GAAG;AAC9D,eAAO,4BAA4B,QAAQ,MAAM;AAAA,MACnD;AACA,UAAI,QAAQ,eAAe;AACzB,mBAAW,UAAU,QAAQ,eAAe;AAC1C,cAAI,KAAK,kBAAkB,KAAK,cAAc,MAAM,GAAG,MAAM,cAAc,GAAG;AAC5E,mBAAO,4BAA4B,MAAM;AAAA,UAC3C;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,QAAI,MAAM,oBAAoB,KAAK,kBAAkB,QAAQ,QAAQ,MAAM,gBAAgB,GAAG;AAC5F,aAAO,8BAA8B,QAAQ,MAAM;AAAA,IACrD;AAGA,QAAI,MAAM,kBAAkB,QAAQ,eAAe;AACjD,iBAAW,UAAU,QAAQ,eAAe;AAC1C,YAAI,CAAC,KAAK,kBAAkB,KAAK,cAAc,MAAM,GAAG,MAAM,cAAc,GAAG;AAC7E,iBAAO,+BAA+B,MAAM;AAAA,QAC9C;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEQ,YAAY,SAAsC;AACxD,UAAM,SAAS,KAAK,OAAO;AAC3B,QAAI,CAAC,OAAQ,QAAO;AAGpB,QAAI,OAAO,yBAAyB,UAAa,QAAQ,qBAAqB,QAAW;AACvF,UAAI,QAAQ,mBAAmB,OAAO,sBAAsB;AAC1D,eAAO,qBAAqB,QAAQ,gBAAgB,kBAAkB,OAAO,oBAAoB;AAAA,MACnG;AAAA,IACF;AAGA,QAAI,OAAO,uBAAuB,QAAW;AAC3C,YAAM,MAAM,QAAQ;AACpB,YAAM,MAAM,KAAK,IAAI;AACrB,YAAM,QAAQ,KAAK,cAAc,IAAI,GAAG;AACxC,YAAM,SAAS;AAEf,UAAI,CAAC,SAAS,MAAM,MAAM,cAAc,QAAQ;AAC9C,aAAK,cAAc,IAAI,KAAK,EAAE,OAAO,GAAG,aAAa,IAAI,CAAC;AAAA,MAC5D,OAAO;AACL,cAAM;AACN,YAAI,MAAM,QAAQ,OAAO,oBAAoB;AAC3C,iBAAO,wBAAwB,MAAM,KAAK,IAAI,OAAO,kBAAkB;AAAA,QACzE;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEQ,oBAAoB,SAAoD;AAC9E,QAAI,CAAC,KAAK,OAAO,eAAgB,QAAO;AAExC,UAAM,YAAY,KAAK,mBAAmB,OAAO;AACjD,UAAM,aAAa,KAAK,OAAO;AAE/B,QAAI,aAAa,WAAW,UAAU,KAAK;AACzC,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,cAAc,SAAS,2BAA2B;AAAA,IAC7F;AAEA,QAAI,aAAa,WAAW,gBAAgB,KAAK;AAC/C,aAAO,EAAE,gBAAgB,iBAAiB,QAAQ,cAAc,SAAS,qBAAqB;AAAA,IAChG;AAEA,WAAO;AAAA,EACT;AAAA,EAEQ,mBAAmB,SAA+B;AACxD,QAAI,QAAQ;AAGZ,QAAI,QAAQ,aAAa,QAAQ;AAC/B,YAAM,iBAAyC;AAAA,QAC7C,KAAK;AAAA,QACL,QAAQ;AAAA,QACR,MAAM;AAAA,QACN,UAAU;AAAA,MACZ;AAEA,iBAAW,UAAU,QAAQ,aAAa;AACxC,cAAM,cAAc,eAAe,OAAO,QAAQ,KAAK;AACvD,YAAI,cAAc,MAAO,SAAQ;AAAA,MACnC;AACA,aAAO;AAAA,IACT;AAGA,QAAI,QAAQ,YAAY,gBAAgB,QAAQ,QAAQ;AACtD,YAAM,cAAc,QAAQ,OAAO,YAAY;AAC/C,iBAAW,OAAO,oBAAoB;AACpC,YAAI,YAAY,WAAW,GAAG,KAAK,YAAY,SAAS,IAAI,GAAG,GAAG,KAAK,YAAY,SAAS,IAAI,GAAG,EAAE,GAAG;AACtG,kBAAQ,KAAK,IAAI,OAAO,EAAE;AAC1B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,SAAK,QAAQ,YAAY,eAAe,QAAQ,YAAY,gBAAgB,QAAQ,YAAY,kBAAkB,QAAQ,QAAQ;AAChI,YAAM,cAAc,QAAQ,OAAO,YAAY;AAC/C,iBAAW,iBAAiB,iBAAiB;AAC3C,YAAI,YAAY,SAAS,cAAc,YAAY,CAAC,GAAG;AACrD,kBAAQ,KAAK,IAAI,OAAO,EAAE;AAC1B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKQ,cAAc,OAAuB;AAC3C,QAAI,SAAS;AAEb,UAAM,aAAa,OAAO,QAAQ,KAAK;AACvC,QAAI,eAAe,GAAI,UAAS,OAAO,MAAM,aAAa,CAAC;AAE3D,UAAM,aAAa,OAAO,QAAQ,GAAG;AACrC,QAAI,eAAe,GAAI,UAAS,OAAO,MAAM,GAAG,UAAU;AAE1D,UAAM,aAAa,OAAO,QAAQ,GAAG;AACrC,QAAI,eAAe,GAAI,UAAS,OAAO,MAAM,GAAG,UAAU;AAC1D,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKQ,kBAAkB,OAAe,UAA6B;AACpE,WAAO,SAAS,KAAK,CAAC,YAAY,KAAK,UAAU,OAAO,OAAO,CAAC;AAAA,EAClE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOQ,UAAU,OAAe,SAA0B;AAEzD,QAAI,YAAY,MAAO,QAAO;AAG9B,UAAM,WAAW,QACd,QAAQ,qBAAqB,MAAM,EACnC,QAAQ,OAAO,IAAI,EACnB,QAAQ,OAAO,GAAG;AAErB,QAAI;AACF,aAAO,IAAI,OAAO,IAAI,QAAQ,KAAK,GAAG,EAAE,KAAK,KAAK;AAAA,IACpD,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAKO,SAAS,gBAAgB,QAAqB,WAAiD;AACpG,SAAO,OAAO,SAAS,KAAK,CAAC,MAAM,EAAE,OAAO,SAAS;AACvD;","names":[]}
1
+ {"version":3,"sources":["../../src/gateway/types.ts","../../src/local-evaluator/evaluator.ts"],"sourcesContent":["/**\n * AstraSync Gateway - Types for gateway modes, local evaluation, and adapter interface.\n */\n\n// ========================================================================\n// Gateway Configuration\n// ========================================================================\n\nexport type GatewayMode = 'online' | 'local' | 'hybrid';\n\n/**\n * Posture controls whether the gateway actively blocks or just monitors.\n * - active: Evaluate and enforce decisions (block/allow/review)\n * - passive: Evaluate and log but never block (telemetry-only mode)\n */\nexport type GatewayPosture = 'active' | 'passive';\n\nexport interface AstraSyncGatewayConfig {\n mode: GatewayMode;\n /** Enforcement posture: 'active' blocks actions, 'passive' logs only (default: 'active') */\n posture?: GatewayPosture;\n /** AstraSync API base URL (required for online/hybrid modes) */\n apiBaseUrl?: string;\n /** API key for authenticating with AstraSync (required for online/hybrid modes) */\n apiKey?: string;\n /** Path to local PDLSS policy YAML file (required for local/hybrid modes) */\n policyFile?: string;\n /** Inline policy object (alternative to policyFile) */\n policy?: LocalPolicy;\n /** Sync interval in seconds for hybrid mode (default: 3600) */\n syncInterval?: number;\n /** Cache verification results TTL in seconds (default: 300) */\n cacheTtl?: number;\n /** Enable debug logging */\n debug?: boolean;\n /** Enable trace logging to .astrasync/traces/ (default: false) */\n traceEnabled?: boolean;\n /** Trace log directory (default: .astrasync/traces/) */\n tracePath?: string;\n /** Default access level for unverified requests */\n defaultAccessLevel?: import('../types').AccessLevel;\n /** Minimum trust score for standard access (online/hybrid) */\n minTrustScore?: number;\n /** Minimum trust score for full access (online/hybrid) */\n minTrustScoreForFull?: number;\n /** Custom headers to send with API requests */\n customHeaders?: Record<string, string>;\n /** Counterparty URL for analytics */\n counterpartyUrl?: string;\n /** Counterparty type for analytics */\n counterpartyType?: import('../types').CounterpartyType;\n}\n\n// ========================================================================\n// PDLSS Context (Agent-side action context)\n// ========================================================================\n\nexport interface PDLSSContext {\n /** Purpose category (e.g. email.send, shell.exec, file.read) */\n purpose: string;\n /** Specific action within purpose */\n action: string;\n /** Target resource, recipient, or counterparty */\n target: string;\n /** Types of data access (read, write, delete) */\n dataAccess?: string[];\n /** Network domains/IPs being accessed */\n networkAccess?: string[];\n /** Resource type (customer, order, file, directory, process) */\n resourceType?: string;\n /** Risk factors for this action */\n riskFactors?: RiskFactor[];\n /** Transaction value (if financial) */\n transactionValue?: number;\n /** Currency for transaction */\n currency?: string;\n /** Additional metadata */\n metadata?: Record<string, unknown>;\n}\n\nexport interface RiskFactor {\n type: 'financial' | 'data_sensitivity' | 'privilege_escalation' | 'network_scope' | 'destructive';\n severity: 'low' | 'medium' | 'high' | 'critical';\n detail: string;\n}\n\n// ========================================================================\n// Verification Decision\n// ========================================================================\n\nexport interface VerificationDecision {\n recommendation: 'ALLOW' | 'DENY' | 'MANUAL_REVIEW';\n reason: string;\n trustScore?: number;\n tokenGuidance?: import('../types').TokenGuidance;\n sessionId?: string;\n /** PDLSS dimensions that were evaluated */\n evaluatedDimensions?: {\n purpose: boolean;\n scope: boolean;\n limits: boolean;\n riskThresholds: boolean;\n };\n}\n\n// ========================================================================\n// Local Policy Types (YAML format)\n// ========================================================================\n\nexport interface LocalPolicy {\n version: string;\n name: string;\n description?: string;\n purposes: LocalPurposeRule[];\n scope?: LocalScope;\n limits?: LocalLimits;\n riskThresholds?: LocalRiskThresholds;\n selfInstantiation?: LocalSelfInstantiation;\n}\n\nexport interface LocalPurposeRule {\n id: string;\n allowed: boolean;\n targets?: string[];\n blockedPatterns?: string[];\n requiresApproval?: boolean;\n}\n\nexport interface LocalScope {\n allowedDomains?: string[];\n blockedDomains?: string[];\n blockedResources?: string[];\n}\n\nexport interface LocalLimits {\n maxTransactionAmount?: number;\n maxRequestsPerHour?: number;\n currency?: string;\n}\n\nexport interface LocalRiskThresholds {\n autoAllow: { min: number; max: number };\n requireApproval: { min: number; max: number };\n autoBlock: { min: number; max: number };\n}\n\nexport interface LocalSelfInstantiation {\n /** Whether sub-agent spawning is allowed */\n allowed: boolean;\n /** Maximum depth of sub-agent chain */\n maxDepth?: number;\n}\n\n// ========================================================================\n// Risk Scoring Defaults (cherry-picked from trust-harness-core)\n// ========================================================================\n\n/** Base risk scores per action category */\nexport const BASE_RISK_SCORES: Record<string, number> = {\n 'file.read': 10,\n 'file.write': 40,\n 'file.delete': 70,\n 'shell.exec': 50,\n 'network.fetch': 60,\n 'network.request': 60,\n 'email.send': 45,\n 'email.read': 15,\n 'calendar.create': 20,\n 'calendar.modify': 30,\n 'database.query': 25,\n 'database.write': 55,\n 'payment.execute': 80,\n 'sub_agent.spawn': 65,\n 'code.execute': 45,\n};\n\n/** Shell commands that significantly increase risk score */\nexport const HIGH_RISK_COMMANDS = [\n 'rm', 'rmdir', 'dd', 'mkfs', 'chmod', 'chown',\n 'sudo', 'su', 'curl', 'wget', 'nc', 'netcat',\n 'ssh', 'scp', 'rsync', 'git push', 'npm publish',\n 'docker', 'kubectl',\n];\n\n/** File paths that indicate sensitive data access */\nexport const SENSITIVE_PATHS = [\n '.ssh', '.aws', '.gnupg', '.env', 'credentials',\n 'secrets', 'password', '.git/config', '/etc', '/var', '/root',\n 'id_rsa', '.npmrc', '.pypirc',\n];\n\n// ========================================================================\n// Trace Event Types\n// ========================================================================\n\nexport interface TraceEvent {\n id: string;\n timestamp: Date;\n type: 'evaluation' | 'decision' | 'error' | 'mode_switch';\n context?: PDLSSContext;\n decision?: VerificationDecision;\n metadata?: Record<string, unknown>;\n}\n\n// ========================================================================\n// Adapter Interface Types\n// ========================================================================\n\nexport interface AdapterConfig {\n /** The gateway instance (handles mode routing) */\n gateway: unknown; // Typed as AstraSyncGateway at usage site to avoid circular deps\n /** Platform-specific configuration */\n adapterOptions: Record<string, unknown>;\n}\n\nexport interface AgentAction {\n /** Raw action data from the platform */\n raw: unknown;\n /** Platform identifier (e.g. 'openclaw-cli', 'cursor', 'browser') */\n platform: string;\n /** Timestamp of the action */\n timestamp: Date;\n}\n\nexport interface InterceptResult {\n /** Whether the action was intercepted */\n intercepted: boolean;\n /** Extracted PDLSS context (if intercepted) */\n context?: PDLSSContext;\n /** Reason for not intercepting (if not intercepted) */\n skipReason?: string;\n}\n\n// ========================================================================\n// Sync Queue Types (Hybrid mode)\n// ========================================================================\n\nexport interface SyncQueueEntry {\n id: string;\n context: PDLSSContext;\n decision: VerificationDecision;\n timestamp: Date;\n retryCount: number;\n status: 'pending' | 'synced' | 'failed';\n}\n","/**\n * Local PDLSS Evaluator\n *\n * Evaluates agent actions against a local PDLSS policy.\n * Same logic as the cloud evaluator but runs in-process with no I/O.\n *\n * Evaluation order:\n * 1. Purpose: find matching rule, check if allowed\n * 2. Purpose: check allowed targets (if specified)\n * 3. Purpose: check blocked patterns (if specified)\n * 4. Scope: check global blocked resources/domains\n * 5. Limits: check transaction/rate limits\n * 6. Risk thresholds + approval requirements\n */\n\nimport type { LocalPolicy, PDLSSContext, VerificationDecision, LocalPurposeRule } from '../gateway/types';\nimport { HIGH_RISK_COMMANDS, SENSITIVE_PATHS } from '../gateway/types';\n\nexport class LocalEvaluator {\n private policy: LocalPolicy;\n private requestCounts: Map<string, { count: number; windowStart: number }> = new Map();\n\n constructor(policy: LocalPolicy) {\n this.policy = policy;\n }\n\n /**\n * Update the policy (e.g. after hot-reload or sync).\n */\n updatePolicy(policy: LocalPolicy): void {\n this.policy = policy;\n }\n\n /**\n * Evaluate an action context against the loaded policy.\n */\n evaluate(context: PDLSSContext): VerificationDecision {\n // 1. Purpose: find matching rule\n const purposeRule = this.policy.purposes.find((p) => p.id === context.purpose);\n if (!purposeRule) {\n return { recommendation: 'DENY', reason: 'Purpose not in policy' };\n }\n if (!purposeRule.allowed) {\n return { recommendation: 'DENY', reason: 'Purpose explicitly blocked' };\n }\n\n // 2. Purpose: check allowed targets\n if (purposeRule.targets && !this.matchesAnyPattern(context.target, purposeRule.targets)) {\n return { recommendation: 'DENY', reason: 'Target not in allowed list' };\n }\n\n // 3. Purpose: check blocked patterns\n if (purposeRule.blockedPatterns && this.matchesAnyPattern(context.target, purposeRule.blockedPatterns)) {\n return { recommendation: 'DENY', reason: 'Target matches blocked pattern' };\n }\n\n // 4. Scope: check global blocked resources/domains\n const scopeBlock = this.checkScopeBlock(context);\n if (scopeBlock) {\n return { recommendation: 'DENY', reason: scopeBlock };\n }\n\n // 5. Limits: check transaction and rate limits\n const limitViolation = this.checkLimits(context);\n if (limitViolation) {\n return { recommendation: 'DENY', reason: limitViolation };\n }\n\n // 6. Self-instantiation: check sub-agent spawning rules\n if (context.purpose === 'sub_agent.spawn' && this.policy.selfInstantiation) {\n if (!this.policy.selfInstantiation.allowed) {\n return { recommendation: 'DENY', reason: 'Sub-agent spawning is not allowed' };\n }\n const depth = (context.metadata?.subAgentDepth as number) || 0;\n if (this.policy.selfInstantiation.maxDepth !== undefined && depth >= this.policy.selfInstantiation.maxDepth) {\n return { recommendation: 'DENY', reason: `Sub-agent depth ${depth} exceeds max depth ${this.policy.selfInstantiation.maxDepth}` };\n }\n }\n\n // 7. Risk thresholds + approval requirements\n if (purposeRule.requiresApproval) {\n return { recommendation: 'MANUAL_REVIEW', reason: 'Purpose requires approval' };\n }\n\n const riskDecision = this.checkRiskThresholds(context);\n if (riskDecision) {\n return riskDecision;\n }\n\n return {\n recommendation: 'ALLOW',\n reason: 'All PDLSS checks passed',\n evaluatedDimensions: {\n purpose: true,\n scope: !!this.policy.scope,\n limits: !!this.policy.limits,\n riskThresholds: !!this.policy.riskThresholds,\n },\n };\n }\n\n private checkScopeBlock(context: PDLSSContext): string | null {\n const scope = this.policy.scope;\n if (!scope) return null;\n\n // Check blocked domains against target and network access\n if (scope.blockedDomains) {\n const targetDomain = this.extractDomain(context.target);\n if (this.matchesAnyPattern(targetDomain, scope.blockedDomains)) {\n return `Target blocked by scope: ${context.target}`;\n }\n if (context.networkAccess) {\n for (const domain of context.networkAccess) {\n if (this.matchesAnyPattern(this.extractDomain(domain), scope.blockedDomains)) {\n return `Domain blocked by scope: ${domain}`;\n }\n }\n }\n }\n\n // Check blocked resources against target\n if (scope.blockedResources && this.matchesAnyPattern(context.target, scope.blockedResources)) {\n return `Resource blocked by scope: ${context.target}`;\n }\n\n // Check allowed domains (if specified, target must match)\n if (scope.allowedDomains && context.networkAccess) {\n for (const domain of context.networkAccess) {\n if (!this.matchesAnyPattern(this.extractDomain(domain), scope.allowedDomains)) {\n return `Domain not in allowed list: ${domain}`;\n }\n }\n }\n\n return null;\n }\n\n private checkLimits(context: PDLSSContext): string | null {\n const limits = this.policy.limits;\n if (!limits) return null;\n\n // Transaction amount check\n if (limits.maxTransactionAmount !== undefined && context.transactionValue !== undefined) {\n if (context.transactionValue > limits.maxTransactionAmount) {\n return `Transaction value ${context.transactionValue} exceeds limit ${limits.maxTransactionAmount}`;\n }\n }\n\n // Rate limit check\n if (limits.maxRequestsPerHour !== undefined) {\n const key = context.purpose;\n const now = Date.now();\n const entry = this.requestCounts.get(key);\n const hourMs = 3600000;\n\n if (!entry || now - entry.windowStart > hourMs) {\n this.requestCounts.set(key, { count: 1, windowStart: now });\n } else {\n entry.count++;\n if (entry.count > limits.maxRequestsPerHour) {\n return `Rate limit exceeded: ${entry.count}/${limits.maxRequestsPerHour} requests per hour`;\n }\n }\n }\n\n return null;\n }\n\n private checkRiskThresholds(context: PDLSSContext): VerificationDecision | null {\n if (!this.policy.riskThresholds) return null;\n\n const riskScore = this.calculateRiskScore(context);\n const thresholds = this.policy.riskThresholds;\n\n if (riskScore >= thresholds.autoBlock.min) {\n return { recommendation: 'DENY', reason: `Risk score ${riskScore} exceeds block threshold` };\n }\n\n if (riskScore >= thresholds.requireApproval.min) {\n return { recommendation: 'MANUAL_REVIEW', reason: `Risk score ${riskScore} requires approval` };\n }\n\n return null;\n }\n\n private calculateRiskScore(context: PDLSSContext): number {\n let score = 0;\n\n // Explicit risk factors take priority (highest severity wins)\n if (context.riskFactors?.length) {\n const severityScores: Record<string, number> = {\n low: 10,\n medium: 40,\n high: 70,\n critical: 90,\n };\n\n for (const factor of context.riskFactors) {\n const factorScore = severityScores[factor.severity] || 0;\n if (factorScore > score) score = factorScore;\n }\n return score;\n }\n\n // Auto-detect risk from high-risk shell commands\n if (context.purpose === 'shell.exec' && context.target) {\n const targetLower = context.target.toLowerCase();\n for (const cmd of HIGH_RISK_COMMANDS) {\n if (targetLower.startsWith(cmd) || targetLower.includes(` ${cmd} `) || targetLower.includes(` ${cmd}`)) {\n score = Math.max(score, 80);\n break;\n }\n }\n }\n\n // Auto-detect risk from sensitive file paths (score 50 = review range)\n if ((context.purpose === 'file.read' || context.purpose === 'file.write' || context.purpose === 'file.delete') && context.target) {\n const targetLower = context.target.toLowerCase();\n for (const sensitivePath of SENSITIVE_PATHS) {\n if (targetLower.includes(sensitivePath.toLowerCase())) {\n score = Math.max(score, 50);\n break;\n }\n }\n }\n\n return score;\n }\n\n /**\n * Extract domain from a URL-like string (strips protocol and path).\n */\n private extractDomain(value: string): string {\n let domain = value;\n // Strip protocol\n const protoIndex = domain.indexOf('://');\n if (protoIndex !== -1) domain = domain.slice(protoIndex + 3);\n // Strip path\n const slashIndex = domain.indexOf('/');\n if (slashIndex !== -1) domain = domain.slice(0, slashIndex);\n // Strip port\n const colonIndex = domain.indexOf(':');\n if (colonIndex !== -1) domain = domain.slice(0, colonIndex);\n return domain;\n }\n\n /**\n * Check if a value matches any of the given glob patterns.\n */\n private matchesAnyPattern(value: string, patterns: string[]): boolean {\n return patterns.some((pattern) => this.matchGlob(value, pattern));\n }\n\n /**\n * Simple glob pattern matching.\n * Supports * (matches any characters including / and spaces) and ? (single char).\n * Uses the same approach as the backend's matchGlobPattern.\n */\n private matchGlob(value: string, pattern: string): boolean {\n // Exact match\n if (pattern === value) return true;\n\n // Convert glob to regex\n const regexStr = pattern\n .replace(/[.+^${}()|[\\]\\\\]/g, '\\\\$&') // Escape special regex chars (except * and ?)\n .replace(/\\*/g, '.*') // * matches anything\n .replace(/\\?/g, '.'); // ? matches single char\n\n try {\n return new RegExp(`^${regexStr}$`, 'i').test(value);\n } catch {\n return false;\n }\n }\n}\n\n/**\n * Convenience: find a matching purpose rule.\n */\nexport function findPurposeRule(policy: LocalPolicy, purposeId: string): LocalPurposeRule | undefined {\n return policy.purposes.find((p) => p.id === purposeId);\n}\n"],"mappings":";AAiLO,IAAM,qBAAqB;AAAA,EAChC;AAAA,EAAM;AAAA,EAAS;AAAA,EAAM;AAAA,EAAQ;AAAA,EAAS;AAAA,EACtC;AAAA,EAAQ;AAAA,EAAM;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAM;AAAA,EACpC;AAAA,EAAO;AAAA,EAAO;AAAA,EAAS;AAAA,EAAY;AAAA,EACnC;AAAA,EAAU;AACZ;AAGO,IAAM,kBAAkB;AAAA,EAC7B;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAU;AAAA,EAAQ;AAAA,EAClC;AAAA,EAAW;AAAA,EAAY;AAAA,EAAe;AAAA,EAAQ;AAAA,EAAQ;AAAA,EACtD;AAAA,EAAU;AAAA,EAAU;AACtB;;;AC3KO,IAAM,iBAAN,MAAqB;AAAA,EAI1B,YAAY,QAAqB;AAFjC,SAAQ,gBAAqE,oBAAI,IAAI;AAGnF,SAAK,SAAS;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,QAA2B;AACtC,SAAK,SAAS;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA,EAKA,SAAS,SAA6C;AAEpD,UAAM,cAAc,KAAK,OAAO,SAAS,KAAK,CAAC,MAAM,EAAE,OAAO,QAAQ,OAAO;AAC7E,QAAI,CAAC,aAAa;AAChB,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,wBAAwB;AAAA,IACnE;AACA,QAAI,CAAC,YAAY,SAAS;AACxB,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,6BAA6B;AAAA,IACxE;AAGA,QAAI,YAAY,WAAW,CAAC,KAAK,kBAAkB,QAAQ,QAAQ,YAAY,OAAO,GAAG;AACvF,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,6BAA6B;AAAA,IACxE;AAGA,QAAI,YAAY,mBAAmB,KAAK,kBAAkB,QAAQ,QAAQ,YAAY,eAAe,GAAG;AACtG,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,iCAAiC;AAAA,IAC5E;AAGA,UAAM,aAAa,KAAK,gBAAgB,OAAO;AAC/C,QAAI,YAAY;AACd,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,WAAW;AAAA,IACtD;AAGA,UAAM,iBAAiB,KAAK,YAAY,OAAO;AAC/C,QAAI,gBAAgB;AAClB,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,eAAe;AAAA,IAC1D;AAGA,QAAI,QAAQ,YAAY,qBAAqB,KAAK,OAAO,mBAAmB;AAC1E,UAAI,CAAC,KAAK,OAAO,kBAAkB,SAAS;AAC1C,eAAO,EAAE,gBAAgB,QAAQ,QAAQ,oCAAoC;AAAA,MAC/E;AACA,YAAM,QAAS,QAAQ,UAAU,iBAA4B;AAC7D,UAAI,KAAK,OAAO,kBAAkB,aAAa,UAAa,SAAS,KAAK,OAAO,kBAAkB,UAAU;AAC3G,eAAO,EAAE,gBAAgB,QAAQ,QAAQ,mBAAmB,KAAK,sBAAsB,KAAK,OAAO,kBAAkB,QAAQ,GAAG;AAAA,MAClI;AAAA,IACF;AAGA,QAAI,YAAY,kBAAkB;AAChC,aAAO,EAAE,gBAAgB,iBAAiB,QAAQ,4BAA4B;AAAA,IAChF;AAEA,UAAM,eAAe,KAAK,oBAAoB,OAAO;AACrD,QAAI,cAAc;AAChB,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,MACL,gBAAgB;AAAA,MAChB,QAAQ;AAAA,MACR,qBAAqB;AAAA,QACnB,SAAS;AAAA,QACT,OAAO,CAAC,CAAC,KAAK,OAAO;AAAA,QACrB,QAAQ,CAAC,CAAC,KAAK,OAAO;AAAA,QACtB,gBAAgB,CAAC,CAAC,KAAK,OAAO;AAAA,MAChC;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,gBAAgB,SAAsC;AAC5D,UAAM,QAAQ,KAAK,OAAO;AAC1B,QAAI,CAAC,MAAO,QAAO;AAGnB,QAAI,MAAM,gBAAgB;AACxB,YAAM,eAAe,KAAK,cAAc,QAAQ,MAAM;AACtD,UAAI,KAAK,kBAAkB,cAAc,MAAM,cAAc,GAAG;AAC9D,eAAO,4BAA4B,QAAQ,MAAM;AAAA,MACnD;AACA,UAAI,QAAQ,eAAe;AACzB,mBAAW,UAAU,QAAQ,eAAe;AAC1C,cAAI,KAAK,kBAAkB,KAAK,cAAc,MAAM,GAAG,MAAM,cAAc,GAAG;AAC5E,mBAAO,4BAA4B,MAAM;AAAA,UAC3C;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,QAAI,MAAM,oBAAoB,KAAK,kBAAkB,QAAQ,QAAQ,MAAM,gBAAgB,GAAG;AAC5F,aAAO,8BAA8B,QAAQ,MAAM;AAAA,IACrD;AAGA,QAAI,MAAM,kBAAkB,QAAQ,eAAe;AACjD,iBAAW,UAAU,QAAQ,eAAe;AAC1C,YAAI,CAAC,KAAK,kBAAkB,KAAK,cAAc,MAAM,GAAG,MAAM,cAAc,GAAG;AAC7E,iBAAO,+BAA+B,MAAM;AAAA,QAC9C;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEQ,YAAY,SAAsC;AACxD,UAAM,SAAS,KAAK,OAAO;AAC3B,QAAI,CAAC,OAAQ,QAAO;AAGpB,QAAI,OAAO,yBAAyB,UAAa,QAAQ,qBAAqB,QAAW;AACvF,UAAI,QAAQ,mBAAmB,OAAO,sBAAsB;AAC1D,eAAO,qBAAqB,QAAQ,gBAAgB,kBAAkB,OAAO,oBAAoB;AAAA,MACnG;AAAA,IACF;AAGA,QAAI,OAAO,uBAAuB,QAAW;AAC3C,YAAM,MAAM,QAAQ;AACpB,YAAM,MAAM,KAAK,IAAI;AACrB,YAAM,QAAQ,KAAK,cAAc,IAAI,GAAG;AACxC,YAAM,SAAS;AAEf,UAAI,CAAC,SAAS,MAAM,MAAM,cAAc,QAAQ;AAC9C,aAAK,cAAc,IAAI,KAAK,EAAE,OAAO,GAAG,aAAa,IAAI,CAAC;AAAA,MAC5D,OAAO;AACL,cAAM;AACN,YAAI,MAAM,QAAQ,OAAO,oBAAoB;AAC3C,iBAAO,wBAAwB,MAAM,KAAK,IAAI,OAAO,kBAAkB;AAAA,QACzE;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEQ,oBAAoB,SAAoD;AAC9E,QAAI,CAAC,KAAK,OAAO,eAAgB,QAAO;AAExC,UAAM,YAAY,KAAK,mBAAmB,OAAO;AACjD,UAAM,aAAa,KAAK,OAAO;AAE/B,QAAI,aAAa,WAAW,UAAU,KAAK;AACzC,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,cAAc,SAAS,2BAA2B;AAAA,IAC7F;AAEA,QAAI,aAAa,WAAW,gBAAgB,KAAK;AAC/C,aAAO,EAAE,gBAAgB,iBAAiB,QAAQ,cAAc,SAAS,qBAAqB;AAAA,IAChG;AAEA,WAAO;AAAA,EACT;AAAA,EAEQ,mBAAmB,SAA+B;AACxD,QAAI,QAAQ;AAGZ,QAAI,QAAQ,aAAa,QAAQ;AAC/B,YAAM,iBAAyC;AAAA,QAC7C,KAAK;AAAA,QACL,QAAQ;AAAA,QACR,MAAM;AAAA,QACN,UAAU;AAAA,MACZ;AAEA,iBAAW,UAAU,QAAQ,aAAa;AACxC,cAAM,cAAc,eAAe,OAAO,QAAQ,KAAK;AACvD,YAAI,cAAc,MAAO,SAAQ;AAAA,MACnC;AACA,aAAO;AAAA,IACT;AAGA,QAAI,QAAQ,YAAY,gBAAgB,QAAQ,QAAQ;AACtD,YAAM,cAAc,QAAQ,OAAO,YAAY;AAC/C,iBAAW,OAAO,oBAAoB;AACpC,YAAI,YAAY,WAAW,GAAG,KAAK,YAAY,SAAS,IAAI,GAAG,GAAG,KAAK,YAAY,SAAS,IAAI,GAAG,EAAE,GAAG;AACtG,kBAAQ,KAAK,IAAI,OAAO,EAAE;AAC1B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,SAAK,QAAQ,YAAY,eAAe,QAAQ,YAAY,gBAAgB,QAAQ,YAAY,kBAAkB,QAAQ,QAAQ;AAChI,YAAM,cAAc,QAAQ,OAAO,YAAY;AAC/C,iBAAW,iBAAiB,iBAAiB;AAC3C,YAAI,YAAY,SAAS,cAAc,YAAY,CAAC,GAAG;AACrD,kBAAQ,KAAK,IAAI,OAAO,EAAE;AAC1B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKQ,cAAc,OAAuB;AAC3C,QAAI,SAAS;AAEb,UAAM,aAAa,OAAO,QAAQ,KAAK;AACvC,QAAI,eAAe,GAAI,UAAS,OAAO,MAAM,aAAa,CAAC;AAE3D,UAAM,aAAa,OAAO,QAAQ,GAAG;AACrC,QAAI,eAAe,GAAI,UAAS,OAAO,MAAM,GAAG,UAAU;AAE1D,UAAM,aAAa,OAAO,QAAQ,GAAG;AACrC,QAAI,eAAe,GAAI,UAAS,OAAO,MAAM,GAAG,UAAU;AAC1D,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKQ,kBAAkB,OAAe,UAA6B;AACpE,WAAO,SAAS,KAAK,CAAC,YAAY,KAAK,UAAU,OAAO,OAAO,CAAC;AAAA,EAClE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOQ,UAAU,OAAe,SAA0B;AAEzD,QAAI,YAAY,MAAO,QAAO;AAG9B,UAAM,WAAW,QACd,QAAQ,qBAAqB,MAAM,EACnC,QAAQ,OAAO,IAAI,EACnB,QAAQ,OAAO,GAAG;AAErB,QAAI;AACF,aAAO,IAAI,OAAO,IAAI,QAAQ,KAAK,GAAG,EAAE,KAAK,KAAK;AAAA,IACpD,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAKO,SAAS,gBAAgB,QAAqB,WAAiD;AACpG,SAAO,OAAO,SAAS,KAAK,CAAC,MAAM,EAAE,OAAO,SAAS;AACvD;","names":[]}
package/dist/{nextjs-_C_FcJY5.d.mts → nextjs-BQyMCSx_.d.mts} RENAMED
@@ -1,6 +1,6 @@
1
1
  import * as next_server from 'next/server';
2
2
  import { NextRequest } from 'next/server';
3
- import { N as NextJsMiddlewareOptions } from './types-Bf8pML07.mjs';
3
+ import { N as NextJsMiddlewareOptions } from './types-CxQwJKbd.mjs';
4
4
 
5
5
  /**
6
6
  * Create Next.js middleware for agent verification
package/dist/{nextjs-Cag7libc.d.ts → nextjs-CEldnIJ9.d.ts} RENAMED
@@ -1,6 +1,6 @@
1
1
  import * as next_server from 'next/server';
2
2
  import { NextRequest } from 'next/server';
3
- import { N as NextJsMiddlewareOptions } from './types-Bf8pML07.js';
3
+ import { N as NextJsMiddlewareOptions } from './types-CxQwJKbd.js';
4
4
 
5
5
  /**
6
6
  * Create Next.js middleware for agent verification
package/dist/{sdk-DAJahT3p.d.mts → sdk-BhvuJSrH.d.mts} RENAMED
@@ -1,4 +1,4 @@
1
- import { a as AccessLevel, i as TrustLevel, S as SDKOptions, b as VerificationResult } from './types-Bf8pML07.mjs';
1
+ import { a as AccessLevel, i as TrustLevel, S as SDKOptions, V as VerificationResult } from './types-CxQwJKbd.mjs';
2
2
 
3
3
  /**
4
4
  * AstraSync Universal Verification Gateway - Access Level Definitions
package/dist/{sdk-CMPDFUjo.d.ts → sdk-BlyVSC_S.d.ts} RENAMED
@@ -1,4 +1,4 @@
1
- import { a as AccessLevel, i as TrustLevel, S as SDKOptions, b as VerificationResult } from './types-Bf8pML07.js';
1
+ import { a as AccessLevel, i as TrustLevel, S as SDKOptions, V as VerificationResult } from './types-CxQwJKbd.js';
2
2
 
3
3
  /**
4
4
  * AstraSync Universal Verification Gateway - Access Level Definitions
package/dist/transport/index.d.mts CHANGED
@@ -1,2 +1,2 @@
1
- import '../types-Bf8pML07.mjs';
2
- export { a as applyCredentials, d as detectProtocol, e as extractA2ACredentials, b as extractCredentialsFromProtocol, c as extractHttpCredentials, f as extractMcpCredentials, s as setA2AMetadata, g as setHttpHeaders, h as setMcpMeta } from '../index-CoLebmwv.mjs';
1
+ import '../types-CxQwJKbd.mjs';
2
+ export { a as applyCredentials, d as detectProtocol, e as extractA2ACredentials, b as extractCredentialsFromProtocol, c as extractHttpCredentials, f as extractMcpCredentials, s as setA2AMetadata, g as setHttpHeaders, h as setMcpMeta } from '../index-B1ThcGZl.mjs';
package/dist/transport/index.d.ts CHANGED
@@ -1,2 +1,2 @@
1
- import '../types-Bf8pML07.js';
2
- export { a as applyCredentials, d as detectProtocol, e as extractA2ACredentials, b as extractCredentialsFromProtocol, c as extractHttpCredentials, f as extractMcpCredentials, s as setA2AMetadata, g as setHttpHeaders, h as setMcpMeta } from '../index-CNkmHmpi.js';
1
+ import '../types-CxQwJKbd.js';
2
+ export { a as applyCredentials, d as detectProtocol, e as extractA2ACredentials, b as extractCredentialsFromProtocol, c as extractHttpCredentials, f as extractMcpCredentials, s as setA2AMetadata, g as setHttpHeaders, h as setMcpMeta } from '../index-DnoXfdFd.js';
package/dist/{types-Ce2mFJkO.d.ts → types-79qS7aON.d.ts} RENAMED
@@ -1,4 +1,4 @@
1
- import { a as AccessLevel, d as CounterpartyType, T as TokenGuidance } from './types-Bf8pML07.js';
1
+ import { a as AccessLevel, C as CounterpartyType, T as TokenGuidance } from './types-CxQwJKbd.js';
2
2
 
3
3
  /**
4
4
  * AstraSync Gateway - Types for gateway modes, local evaluation, and adapter interface.
@@ -150,4 +150,4 @@ interface InterceptResult {
150
150
  skipReason?: string;
151
151
  }
152
152
 
153
- export type { AgentAction as A, InterceptResult as I, LocalPolicy as L, PDLSSContext as P, VerificationDecision as V, LocalPurposeRule as a, LocalScope as b, LocalRiskThresholds as c, AstraSyncGatewayConfig as d };
153
+ export type { AgentAction as A, InterceptResult as I, LocalPolicy as L, PDLSSContext as P, VerificationDecision as V, LocalPurposeRule as a, AstraSyncGatewayConfig as b, LocalScope as c, LocalRiskThresholds as d };
package/dist/{types-Bf8pML07.d.mts → types-CxQwJKbd.d.mts} RENAMED
@@ -208,6 +208,8 @@ interface VerificationRequest {
208
208
  counterpartyType?: CounterpartyType;
209
209
  /** Counterparty URL */
210
210
  counterpartyUrl?: string;
211
+ /** Requested session duration in seconds (from agent's X-Astra-Duration header) */
212
+ durationRequired?: number;
211
213
  /** Runtime challenge options */
212
214
  runtimeChallengeOptions?: {
213
215
  timeoutOverride?: number;
@@ -225,8 +227,17 @@ interface RouteAccessConfig {
225
227
  minAccessLevel: AccessLevel;
226
228
  /** Minimum trust score required (optional) */
227
229
  minTrustScore?: number;
228
- /** Required purposes (optional) */
230
+ /** Required purposes (optional, agent must declare one of these) */
229
231
  requiredPurposes?: string[];
232
+ /** Counterparty-defined PDLSS maximums — agent requests exceeding these are rejected before calling AstraSync */
233
+ /** Maximum session duration in seconds the counterparty will allow */
234
+ maxDuration?: number;
235
+ /** Whitelist of allowed purposes — agent's declared purpose must be in this list */
236
+ allowedPurposes?: string[];
237
+ /** Whitelist of allowed jurisdictions */
238
+ allowedJurisdictions?: string[];
239
+ /** Maximum transaction value for this route */
240
+ maxTransactionValue?: number;
230
241
  }
231
242
  /**
232
243
  * Express middleware options
@@ -244,6 +255,8 @@ interface ExpressMiddlewareOptions extends GatewayConfig {
244
255
  onDenied?: (result: VerificationResult, req: unknown, res: unknown) => void;
245
256
  /** Automatically create sessions and record grant/deny decisions (default: true) */
246
257
  recordDecisions?: boolean;
258
+ /** Enable runtime challenge for all verify-access calls (default: true) */
259
+ enableRuntimeChallenge?: boolean;
247
260
  }
248
261
  /**
249
262
  * Next.js middleware options
@@ -262,6 +275,8 @@ interface NextJsMiddlewareOptions extends GatewayConfig {
262
275
  allowGuestAccess?: boolean;
263
276
  guestAccessLevel?: AccessLevel;
264
277
  };
278
+ /** Enable runtime challenge for all verify-access calls (default: true) */
279
+ enableRuntimeChallenge?: boolean;
265
280
  }
266
281
  /**
267
282
  * SDK function options
@@ -364,4 +379,4 @@ interface CommerceShieldProps {
364
379
  className?: string;
365
380
  }
366
381
 
367
- export type { AgentCredentials as A, CommerceShieldProps as C, EnhancedVerificationResult as E, GatewayConfig as G, NextJsMiddlewareOptions as N, PDLSSInfo as P, RouteAccessConfig as R, SDKOptions as S, TokenGuidance as T, VerificationRequest as V, AccessLevel as a, VerificationResult as b, AstraSyncCredentials as c, CounterpartyType as d, ExpressMiddlewareOptions as e, GuidanceInfo as f, ProtocolTransport as g, RuntimeChallengeResult as h, TrustLevel as i, VerifiedAgent as j, VerifiedDeveloper as k, VerifiedOrganization as l };
382
+ export type { AstraSyncCredentials as A, CounterpartyType as C, ExpressMiddlewareOptions as E, GatewayConfig as G, NextJsMiddlewareOptions as N, PDLSSInfo as P, RouteAccessConfig as R, SDKOptions as S, TokenGuidance as T, VerificationResult as V, AccessLevel as a, AgentCredentials as b, VerificationRequest as c, CommerceShieldProps as d, EnhancedVerificationResult as e, GuidanceInfo as f, ProtocolTransport as g, RuntimeChallengeResult as h, TrustLevel as i, VerifiedAgent as j, VerifiedDeveloper as k, VerifiedOrganization as l };
package/dist/{types-Bf8pML07.d.ts → types-CxQwJKbd.d.ts} RENAMED
@@ -208,6 +208,8 @@ interface VerificationRequest {
208
208
  counterpartyType?: CounterpartyType;
209
209
  /** Counterparty URL */
210
210
  counterpartyUrl?: string;
211
+ /** Requested session duration in seconds (from agent's X-Astra-Duration header) */
212
+ durationRequired?: number;
211
213
  /** Runtime challenge options */
212
214
  runtimeChallengeOptions?: {
213
215
  timeoutOverride?: number;
@@ -225,8 +227,17 @@ interface RouteAccessConfig {
225
227
  minAccessLevel: AccessLevel;
226
228
  /** Minimum trust score required (optional) */
227
229
  minTrustScore?: number;
228
- /** Required purposes (optional) */
230
+ /** Required purposes (optional, agent must declare one of these) */
229
231
  requiredPurposes?: string[];
232
+ /** Counterparty-defined PDLSS maximums — agent requests exceeding these are rejected before calling AstraSync */
233
+ /** Maximum session duration in seconds the counterparty will allow */
234
+ maxDuration?: number;
235
+ /** Whitelist of allowed purposes — agent's declared purpose must be in this list */
236
+ allowedPurposes?: string[];
237
+ /** Whitelist of allowed jurisdictions */
238
+ allowedJurisdictions?: string[];
239
+ /** Maximum transaction value for this route */
240
+ maxTransactionValue?: number;
230
241
  }
231
242
  /**
232
243
  * Express middleware options
@@ -244,6 +255,8 @@ interface ExpressMiddlewareOptions extends GatewayConfig {
244
255
  onDenied?: (result: VerificationResult, req: unknown, res: unknown) => void;
245
256
  /** Automatically create sessions and record grant/deny decisions (default: true) */
246
257
  recordDecisions?: boolean;
258
+ /** Enable runtime challenge for all verify-access calls (default: true) */
259
+ enableRuntimeChallenge?: boolean;
247
260
  }
248
261
  /**
249
262
  * Next.js middleware options
@@ -262,6 +275,8 @@ interface NextJsMiddlewareOptions extends GatewayConfig {
262
275
  allowGuestAccess?: boolean;
263
276
  guestAccessLevel?: AccessLevel;
264
277
  };
278
+ /** Enable runtime challenge for all verify-access calls (default: true) */
279
+ enableRuntimeChallenge?: boolean;
265
280
  }
266
281
  /**
267
282
  * SDK function options
@@ -364,4 +379,4 @@ interface CommerceShieldProps {
364
379
  className?: string;
365
380
  }
366
381
 
367
- export type { AgentCredentials as A, CommerceShieldProps as C, EnhancedVerificationResult as E, GatewayConfig as G, NextJsMiddlewareOptions as N, PDLSSInfo as P, RouteAccessConfig as R, SDKOptions as S, TokenGuidance as T, VerificationRequest as V, AccessLevel as a, VerificationResult as b, AstraSyncCredentials as c, CounterpartyType as d, ExpressMiddlewareOptions as e, GuidanceInfo as f, ProtocolTransport as g, RuntimeChallengeResult as h, TrustLevel as i, VerifiedAgent as j, VerifiedDeveloper as k, VerifiedOrganization as l };
382
+ export type { AstraSyncCredentials as A, CounterpartyType as C, ExpressMiddlewareOptions as E, GatewayConfig as G, NextJsMiddlewareOptions as N, PDLSSInfo as P, RouteAccessConfig as R, SDKOptions as S, TokenGuidance as T, VerificationResult as V, AccessLevel as a, AgentCredentials as b, VerificationRequest as c, CommerceShieldProps as d, EnhancedVerificationResult as e, GuidanceInfo as f, ProtocolTransport as g, RuntimeChallengeResult as h, TrustLevel as i, VerifiedAgent as j, VerifiedDeveloper as k, VerifiedOrganization as l };
package/dist/{types-BvpGdsv1.d.mts → types-jJnPXStc.d.mts} RENAMED
@@ -1,4 +1,4 @@
1
- import { a as AccessLevel, d as CounterpartyType, T as TokenGuidance } from './types-Bf8pML07.mjs';
1
+ import { a as AccessLevel, C as CounterpartyType, T as TokenGuidance } from './types-CxQwJKbd.mjs';
2
2
 
3
3
  /**
4
4
  * AstraSync Gateway - Types for gateway modes, local evaluation, and adapter interface.
@@ -150,4 +150,4 @@ interface InterceptResult {
150
150
  skipReason?: string;
151
151
  }
152
152
 
153
- export type { AgentAction as A, InterceptResult as I, LocalPolicy as L, PDLSSContext as P, VerificationDecision as V, LocalPurposeRule as a, LocalScope as b, LocalRiskThresholds as c, AstraSyncGatewayConfig as d };
153
+ export type { AgentAction as A, InterceptResult as I, LocalPolicy as L, PDLSSContext as P, VerificationDecision as V, LocalPurposeRule as a, AstraSyncGatewayConfig as b, LocalScope as c, LocalRiskThresholds as d };
package/dist/ui/index.d.mts CHANGED
@@ -1,4 +1,4 @@
1
- import { C as CommerceShieldProps, b as VerificationResult, A as AgentCredentials, f as GuidanceInfo, i as TrustLevel } from '../types-Bf8pML07.mjs';
1
+ import { d as CommerceShieldProps, V as VerificationResult, b as AgentCredentials, f as GuidanceInfo, i as TrustLevel } from '../types-CxQwJKbd.mjs';
2
2
 
3
3
  /**
4
4
  * AstraSync Commerce Shield Component
package/dist/ui/index.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import { C as CommerceShieldProps, b as VerificationResult, A as AgentCredentials, f as GuidanceInfo, i as TrustLevel } from '../types-Bf8pML07.js';
1
+ import { d as CommerceShieldProps, V as VerificationResult, b as AgentCredentials, f as GuidanceInfo, i as TrustLevel } from '../types-CxQwJKbd.js';
2
2
 
3
3
  /**
4
4
  * AstraSync Commerce Shield Component
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@astrasyncai/verification-gateway",
3
- "version": "2.0.0",
3
+ "version": "2.0.1",
4
4
  "description": "Universal Verification Gateway for AstraSync KYA Platform - verify AI agents across any counterparty type",
5
5
  "main": "./dist/index.js",
6
6
  "module": "./dist/index.mjs",
@@ -88,7 +88,8 @@
88
88
  "typecheck": "tsc --noEmit",
89
89
  "test": "vitest run",
90
90
  "test:watch": "vitest watch",
91
- "clean": "rm -rf dist"
91
+ "clean": "rm -rf dist extensions",
92
+ "package:extensions": "bash scripts/package-extensions.sh"
92
93
  },
93
94
  "keywords": [
94
95
  "astrasync",