@ax0l0tl/agent-governance-opencode 4.0.4 → 4.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +2 -3
- package/src/index.mjs +12 -13
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@ax0l0tl/agent-governance-opencode",
|
|
3
|
-
"version": "4.0.
|
|
3
|
+
"version": "4.0.6",
|
|
4
4
|
"description": "Public Preview — OpenCode CLI governance plugin for Agent Governance Toolkit developer protection policies",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "src/index.mjs",
|
|
@@ -42,8 +42,7 @@
|
|
|
42
42
|
},
|
|
43
43
|
"homepage": "https://github.com/microsoft/agent-governance-toolkit/tree/main/agent-governance-opencode",
|
|
44
44
|
"dependencies": {
|
|
45
|
-
"@microsoft/agent-governance-sdk": "3.7.0"
|
|
46
|
-
"@opencode-ai/plugin": "1.17.1"
|
|
45
|
+
"@microsoft/agent-governance-sdk": "3.7.0"
|
|
47
46
|
},
|
|
48
47
|
"engines": {
|
|
49
48
|
"node": ">=22.0.0"
|
package/src/index.mjs
CHANGED
|
@@ -1,10 +1,8 @@
|
|
|
1
1
|
// Copyright (c) Microsoft Corporation.
|
|
2
2
|
// Licensed under the MIT License.
|
|
3
3
|
|
|
4
|
-
import { appendFileSync } from "
|
|
5
|
-
import {
|
|
6
|
-
import { join } from "node:path";
|
|
7
|
-
import { tool } from "@opencode-ai/plugin";
|
|
4
|
+
import { appendFileSync } from "fs";
|
|
5
|
+
import { dirname, join } from "path";
|
|
8
6
|
import {
|
|
9
7
|
checkArbitraryText,
|
|
10
8
|
evaluateOpenCodePrompt,
|
|
@@ -82,12 +80,6 @@ export const AgtGovernance = async (ctx) => {
|
|
|
82
80
|
// OpenCode emits a wide range of events. Only inspect prompt-bearing
|
|
83
81
|
// events; ignore the rest cheaply.
|
|
84
82
|
const prompt = extractPromptFromEvent(event);
|
|
85
|
-
// TODO(temporary): remove after verifying which event types reach this hook.
|
|
86
|
-
try {
|
|
87
|
-
const logPath = join(homedir(), ".config", "opencode", "agt", "event-debug.ndjson");
|
|
88
|
-
const entry = JSON.stringify({ ts: new Date().toISOString(), type: event?.type ?? null, covered: Boolean(prompt), event }) + "\n";
|
|
89
|
-
appendFileSync(logPath, entry, "utf8");
|
|
90
|
-
} catch { /* best-effort */ }
|
|
91
83
|
if (!prompt) {
|
|
92
84
|
return;
|
|
93
85
|
}
|
|
@@ -98,6 +90,13 @@ export const AgtGovernance = async (ctx) => {
|
|
|
98
90
|
sessionId: event?.properties?.sessionID ?? event?.properties?.sessionId,
|
|
99
91
|
});
|
|
100
92
|
if (result.effect === "deny") {
|
|
93
|
+
// TEMP: file log to verify event hook fires on user input
|
|
94
|
+
try {
|
|
95
|
+
const entry = `[AGT DENY] ${new Date().toISOString()} sessionId=${event?.properties?.sessionID ?? event?.properties?.sessionId ?? "unknown"} reason=${result.reason}\n`;
|
|
96
|
+
appendFileSync(join(dirname(state.auditPath), "agt-deny.log"), entry, "utf8");
|
|
97
|
+
} catch {
|
|
98
|
+
// best-effort — do not suppress the deny
|
|
99
|
+
}
|
|
101
100
|
throw new Error(result.reason || "AGT governance blocked the submitted prompt.");
|
|
102
101
|
}
|
|
103
102
|
},
|
|
@@ -159,9 +158,9 @@ export const AgtGovernance = async (ctx) => {
|
|
|
159
158
|
agt_policy_check_text: {
|
|
160
159
|
description:
|
|
161
160
|
"Check text against AGT prompt, context-poisoning, and MCP-style threat detectors.",
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
161
|
+
args: {
|
|
162
|
+
text: { type: "string", description: "Text to inspect." },
|
|
163
|
+
},
|
|
165
164
|
async execute(args) {
|
|
166
165
|
const state = await getState();
|
|
167
166
|
const text = typeof args?.text === "string" ? args.text : "";
|