@atbash/cli 0.3.13 → 0.3.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -6
- package/dist/commands/policy.js +0 -28
- package/dist/commands/policy.js.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -210,7 +210,6 @@ Policy is the operator's contract with the agent — the exact set of actions th
|
|
|
210
210
|
|
|
211
211
|
```bash
|
|
212
212
|
atbash policy show # Active pack + version assigned to this agent
|
|
213
|
-
atbash policy presets # Reference policy shapes (authoring is dashboard-only)
|
|
214
213
|
```
|
|
215
214
|
|
|
216
215
|
### Red lines
|
|
@@ -272,15 +271,11 @@ A **policy pack** is a versioned, operator-signed bundle of red lines, selected
|
|
|
272
271
|
- Assignment is explicit: agent `billing-bot-03` runs `payments-prod@v14`.
|
|
273
272
|
- Every verdict record names the pack version that produced it, so the audit trail reconstructs exactly.
|
|
274
273
|
- Packs can be scoped to an org, a team, or a single agent; agents in the same org can run different packs.
|
|
275
|
-
- Reference shapes are shipped as presets (`atbash policy presets`), but a production policy is almost always a pack authored against the operator's own red lines.
|
|
276
|
-
|
|
277
274
|
`atbash policy show` reports the active pack name, version, and rule count for the signed-in agent. A pack version is immutable; reassigning is a signed operator action.
|
|
278
275
|
|
|
279
276
|
### Custom red lines
|
|
280
277
|
|
|
281
|
-
Operators
|
|
282
|
-
|
|
283
|
-
At runtime a custom red line is indistinguishable from a preset red line; the agent sees a signed pack, not a "preset vs. custom" distinction, and cannot reason about which rules are softer.
|
|
278
|
+
Operators author red lines in the dashboard's policy editor — category, trigger, threshold, verdict — and sign the pack before assigning it to an agent. The CLI is deliberately read-only: `atbash policy show` reveals the active rules, but authoring happens only where the operator's signing key is.
|
|
284
279
|
|
|
285
280
|
### Escalation
|
|
286
281
|
|
package/dist/commands/policy.js
CHANGED
|
@@ -7,7 +7,6 @@ exports.registerPolicyCommand = registerPolicyCommand;
|
|
|
7
7
|
const chalk_1 = __importDefault(require("chalk"));
|
|
8
8
|
const ora_1 = __importDefault(require("ora"));
|
|
9
9
|
const sdk_1 = require("@atbash/sdk");
|
|
10
|
-
const presets_1 = require("../presets");
|
|
11
10
|
function registerPolicyCommand(program) {
|
|
12
11
|
const policyCmd = program
|
|
13
12
|
.command("policy")
|
|
@@ -86,32 +85,5 @@ function registerPolicyCommand(program) {
|
|
|
86
85
|
process.exit(1);
|
|
87
86
|
}
|
|
88
87
|
});
|
|
89
|
-
// atbash policy presets (local only)
|
|
90
|
-
policyCmd
|
|
91
|
-
.command("presets")
|
|
92
|
-
.description("List available policy presets")
|
|
93
|
-
.option("--json", "Output as JSON")
|
|
94
|
-
.action((opts) => {
|
|
95
|
-
if (opts.json) {
|
|
96
|
-
console.log(JSON.stringify(Object.entries(presets_1.PRESETS).map(([key, p]) => ({
|
|
97
|
-
key,
|
|
98
|
-
name: p.name,
|
|
99
|
-
description: p.description,
|
|
100
|
-
ruleCount: (p.policy.match(/<!--/g) || []).length,
|
|
101
|
-
chars: p.policy.length,
|
|
102
|
-
})), null, 2));
|
|
103
|
-
return;
|
|
104
|
-
}
|
|
105
|
-
console.log(chalk_1.default.bold("Reference Policy Shapes"));
|
|
106
|
-
console.log();
|
|
107
|
-
for (const [key, preset] of Object.entries(presets_1.PRESETS)) {
|
|
108
|
-
const ruleCount = (preset.policy.match(/<!--/g) || []).length;
|
|
109
|
-
console.log(` ${chalk_1.default.cyan(key.padEnd(12))} ${preset.name} — ${preset.description}`);
|
|
110
|
-
console.log(` ${" ".repeat(12)} ${chalk_1.default.dim(`${ruleCount} rules, ${preset.policy.length} chars`)}`);
|
|
111
|
-
console.log();
|
|
112
|
-
}
|
|
113
|
-
console.log(chalk_1.default.dim(" Reference only. Production policies are authored, versioned, and"));
|
|
114
|
-
console.log(chalk_1.default.dim(" signed in the dashboard — the CLI cannot author or assign packs."));
|
|
115
|
-
});
|
|
116
88
|
}
|
|
117
89
|
//# sourceMappingURL=policy.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../src/commands/policy.ts"],"names":[],"mappings":";;;;;
|
|
1
|
+
{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../src/commands/policy.ts"],"names":[],"mappings":";;;;;AAKA,sDAuGC;AA3GD,kDAA0B;AAC1B,8CAAsB;AACtB,qCAA0F;AAE1F,SAAgB,qBAAqB,CAAC,OAAgB;IACpD,MAAM,SAAS,GAAG,OAAO;SACtB,OAAO,CAAC,QAAQ,CAAC;SACjB,WAAW,CAAC,iCAAiC,CAAC,CAAC;IAElD,qBAAqB;IACrB,SAAS;SACN,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,kCAAkC,CAAC;SAC/C,MAAM,CAAC,uBAAuB,EAAE,kCAAkC,CAAC;SACnE,MAAM,CAAC,kBAAkB,EAAE,kBAAkB,CAAC;SAC9C,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QACrB,MAAM,QAAQ,GAAG,IAAA,aAAO,EAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QACpD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,CAAC,KAAK,CACX,eAAK,CAAC,GAAG,CAAC,8BAA8B,CAAC;gBACvC,4DAA4D;gBAC5D,eAAK,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAC3C,CAAC;YACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAClE,IAAI,CAAC,IAAA,uBAAiB,EAAC,QAAQ,CAAC,EAAE,CAAC;YACjC,OAAO,CAAC,KAAK,CACX,eAAK,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAC7E,CAAC;YACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,QAAQ,GAAG,IAAA,qBAAe,EAAC,QAAQ,CAAC,CAAC;QAC3C,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAA,aAAG,EAAC,oBAAoB,CAAC,CAAC,KAAK,EAAE,CAAC;QAErE,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAA,oBAAc,EAAC,QAAQ,EAAE;gBAC5C,QAAQ,EAAE,IAAA,aAAO,EAAC,eAAe,EAAE,IAAI,CAAC,QAAQ,CAAC;aAClD,CAAC,CAAC;YAEH,OAAO,EAAE,IAAI,EAAE,CAAC;YAEhB,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBACd,OAAO,CAAC,GAAG,CACT,IAAI,CAAC,SAAS,CAAC,EAAE,WAAW,EAAE,QAAQ,EAAE,GAAG,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAC9D,CAAC;gBACF,OAAO;YACT,CAAC;YAED,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC;YACxC,OAAO,CAAC,GAAG,CACT,eAAK,CAAC,GAAG,CAAC,UAAU,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CACpE,CAAC;YACF,OAAO,CAAC,GAAG,EAAE,CAAC;YAEd,MAAM,aAAa,GAAG,CAAC,IAAY,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;YAE7E,IAAI,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gBACtC,OAAO,CAAC,GAAG,CACT,eAAK,CAAC,KAAK,CAAC,wBAAwB,CAAC;oBACnC,eAAK,CAAC,GAAG,CAAC,KAAK,MAAM,CAAC,MAAM,CAAC,MAAM,SAAS,CAAC,CAChD,CAAC;gBACF,OAAO,CAAC,GAAG,EAAE,CAAC;gBACd,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC7C,OAAO,CAAC,GAAG,CAAC,KAAK,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAC1C,CAAC;YACH,CAAC;iBAAM,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;gBACjC,OAAO,CAAC,GAAG,CACT,eAAK,CAAC,MAAM,CAAC,4CAA4C,CAAC,CAC3D,CAAC;gBACF,OAAO,CAAC,GAAG,EAAE,CAAC;gBACd,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,cAAc,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;oBAClE,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,GAAG,CAAC,KAAK,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;gBACrD,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,MAAM,CAAC,yBAAyB,CAAC,CAAC,CAAC;YACvD,CAAC;YAED,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;gBACrB,OAAO,CAAC,GAAG,EAAE,CAAC;gBACd,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,GAAG,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,CAAC;YACnD,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,EAAE,IAAI,EAAE,CAAC;YAChB,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC7D,IACE,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC;gBACnB,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC;gBAC5B,GAAG,CAAC,QAAQ,CAAC,oBAAoB,CAAC;gBAClC,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,EACzB,CAAC;gBACD,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,MAAM,CAAC,oCAAoC,CAAC,CAAC,CAAC;gBAChE,OAAO,CAAC,GAAG,CACT,eAAK,CAAC,GAAG,CACP,8EAA8E,CAC/E,CACF,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,CAAC,eAAK,CAAC,GAAG,CAAC,YAAY,GAAG,EAAE,CAAC,CAAC,CAAC;YAC9C,CAAC;YACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;AAEP,CAAC"}
|
package/package.json
CHANGED