@axonflow/openclaw 1.2.4 → 1.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +68 -0
- package/README.md +26 -0
- package/dist/axonflow-client.d.ts +88 -0
- package/dist/axonflow-client.d.ts.map +1 -1
- package/dist/axonflow-client.js +163 -1
- package/dist/axonflow-client.js.map +1 -1
- package/dist/config.d.ts +19 -0
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +3 -0
- package/dist/config.js.map +1 -1
- package/dist/governance.d.ts +15 -1
- package/dist/governance.d.ts.map +1 -1
- package/dist/governance.js +49 -3
- package/dist/governance.js.map +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +1 -1
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,73 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## [1.3.1] - 2026-04-19
|
|
4
|
+
|
|
5
|
+
Patch release. Fixes a v1.3.0 gap surfaced by install-and-use E2E
|
|
6
|
+
testing: the override-lifecycle and explain methods needed
|
|
7
|
+
`X-User-Email` to reach the orchestrator, but the client never
|
|
8
|
+
forwarded any per-user identity. Paired with platform v7.1.1 which
|
|
9
|
+
closes six related server-side gaps.
|
|
10
|
+
|
|
11
|
+
### Added
|
|
12
|
+
|
|
13
|
+
- **`config.userEmail`** — per-user identity forwarded via `X-User-Email`
|
|
14
|
+
on every request. Required for `createOverride` / `revokeOverride` /
|
|
15
|
+
`listOverrides` (endpoints reject unauthenticated user identity with
|
|
16
|
+
HTTP 401) and for correct per-user scoping on `explainDecision`. If
|
|
17
|
+
unset the client continues to work for block-path features (richer
|
|
18
|
+
context, check_input / check_output) but the override lifecycle
|
|
19
|
+
methods will 401.
|
|
20
|
+
|
|
21
|
+
### Fixed
|
|
22
|
+
|
|
23
|
+
- `baseHeaders()` now emits `X-User-Email` when `config.userEmail` is
|
|
24
|
+
set. Before this release, calling `createOverride` always returned
|
|
25
|
+
HTTP 401 "Authenticated user identity required" and `listOverrides`
|
|
26
|
+
scoped to a synthetic client-wide user.
|
|
27
|
+
|
|
28
|
+
### Internal
|
|
29
|
+
|
|
30
|
+
- **Smoke E2E** at `tests/e2e/smoke-block-context.mjs` — exercises the
|
|
31
|
+
`AxonFlowClient.mcpCheckInput` path against a reachable platform and
|
|
32
|
+
asserts Plugin Batch 1 richer-context fields (`decision_id`,
|
|
33
|
+
`risk_level`, `policy_matches`) land on the response. Exits with
|
|
34
|
+
`SKIP:` when no stack is reachable so it's safe to run anywhere.
|
|
35
|
+
- **`.github/workflows/smoke-e2e.yml`** — `workflow_dispatch` triggered job running the smoke scenario.
|
|
36
|
+
Requires an operator-supplied endpoint (GitHub-hosted runners have no
|
|
37
|
+
local stack), so not wired to PR events — PR smoke gating needs a
|
|
38
|
+
self-hosted runner with a live stack. Full install-and-use matrix
|
|
39
|
+
lives in `axonflow-enterprise/tests/e2e/plugin-batch-1/openclaw-install/`.
|
|
40
|
+
|
|
41
|
+
## [1.3.0] - 2026-04-18
|
|
42
|
+
|
|
43
|
+
### Added
|
|
44
|
+
|
|
45
|
+
- **`client.explainDecision(decisionId)`** — programmatic access to the full
|
|
46
|
+
decision explanation (matched policies, risk level, reason, override
|
|
47
|
+
availability, rolling-24h session hit count). Shape is frozen.
|
|
48
|
+
Returns null on 404 / network failure so callers can fall back to a
|
|
49
|
+
terse block message without crashing.
|
|
50
|
+
- **`client.createOverride({ policyId, policyType, overrideReason, toolSignature?, ttlSeconds? })`** —
|
|
51
|
+
creates a session-scoped override with a mandatory free-text justification.
|
|
52
|
+
Client-side validates the reason is non-empty; server enforces TTL clamping
|
|
53
|
+
(default 60m, hard cap 24h), critical-risk rejection, and the
|
|
54
|
+
`allow_override=false` contract.
|
|
55
|
+
- **`client.revokeOverride(overrideId)`** and **`client.listOverrides()`** —
|
|
56
|
+
round out the override CRUD surface for the upcoming CLI.
|
|
57
|
+
- **New types exported:** `DecisionExplanation`, `ExplainPolicy`, `ExplainRule`,
|
|
58
|
+
`CreateOverrideOptions`, `CreateOverrideResult`.
|
|
59
|
+
- **Richer `MCPCheckInputResponse` / `MCPCheckOutputResponse`** — surface
|
|
60
|
+
optional `decision_id`, `policy_matches`, `risk_level`, `override_available`,
|
|
61
|
+
`override_existing_id` fields when the platform is v7.1.0+. Older platforms
|
|
62
|
+
return undefined for these fields; callers should treat absence as "context
|
|
63
|
+
not available" rather than an error.
|
|
64
|
+
|
|
65
|
+
### Compatibility
|
|
66
|
+
|
|
67
|
+
Companion to platform v7.1.0 and all 4 SDKs at v5.4.0 / v6.4.0 (parity on
|
|
68
|
+
`decisions.explain` naming). Back-compatible with pre-v7.1.0 platforms —
|
|
69
|
+
new methods silently return empty/null where endpoints don't exist.
|
|
70
|
+
|
|
3
71
|
## [1.2.4] - 2026-04-14
|
|
4
72
|
|
|
5
73
|
### Documentation
|
package/README.md
CHANGED
|
@@ -192,6 +192,32 @@ The startup ping is enabled by default for local, self-hosted, and remote deploy
|
|
|
192
192
|
|
|
193
193
|
See [policies/README.md](./policies/README.md) for recommended policy setup for OpenClaw deployments, including protections against reverse shells, credential exfiltration, SSRF, path traversal, and agent config file poisoning.
|
|
194
194
|
|
|
195
|
+
## Testing
|
|
196
|
+
|
|
197
|
+
Unit tests (jest, mock fetch — no live stack needed):
|
|
198
|
+
|
|
199
|
+
```bash
|
|
200
|
+
npm test
|
|
201
|
+
```
|
|
202
|
+
|
|
203
|
+
Smoke E2E (requires a live AxonFlow stack at `localhost:8080`):
|
|
204
|
+
|
|
205
|
+
```bash
|
|
206
|
+
npm ci && npm run build
|
|
207
|
+
# Start a stack via axonflow-enterprise (see its setup-e2e-testing.sh)
|
|
208
|
+
node tests/e2e/smoke-block-context.mjs
|
|
209
|
+
```
|
|
210
|
+
|
|
211
|
+
The smoke scenario uses `AxonFlowClient.mcpCheckInput` to fire a
|
|
212
|
+
SQLi-bearing statement against a running platform and asserts the
|
|
213
|
+
response carries Plugin Batch 1 richer-context fields (`decision_id`,
|
|
214
|
+
`risk_level`, `policy_matches`). Exits 0 with a `SKIP:` message if no
|
|
215
|
+
stack is reachable. In CI, run manually via `workflow_dispatch` with a
|
|
216
|
+
reachable endpoint (GitHub-hosted runners have no local stack).
|
|
217
|
+
|
|
218
|
+
Full install-and-use matrix (explain, override lifecycle, audit filter
|
|
219
|
+
parity, cache invalidation) lives in `axonflow-enterprise/tests/e2e/plugin-batch-1/openclaw-install/`.
|
|
220
|
+
|
|
195
221
|
## Links
|
|
196
222
|
|
|
197
223
|
- [AxonFlow Documentation](https://docs.getaxonflow.com)
|
|
@@ -26,17 +26,71 @@ export interface MCPCheckInputResponse {
|
|
|
26
26
|
allowed: boolean;
|
|
27
27
|
block_reason?: string;
|
|
28
28
|
policies_evaluated: number;
|
|
29
|
+
decision_id?: string;
|
|
30
|
+
policy_matches?: ExplainPolicy[];
|
|
31
|
+
risk_level?: string;
|
|
32
|
+
override_available?: boolean;
|
|
33
|
+
override_existing_id?: string;
|
|
29
34
|
}
|
|
30
35
|
export interface MCPCheckOutputResponse {
|
|
31
36
|
allowed: boolean;
|
|
32
37
|
block_reason?: string;
|
|
33
38
|
redacted_data?: unknown;
|
|
34
39
|
policies_evaluated: number;
|
|
40
|
+
decision_id?: string;
|
|
41
|
+
policy_matches?: ExplainPolicy[];
|
|
42
|
+
}
|
|
43
|
+
export interface ExplainPolicy {
|
|
44
|
+
policy_id: string;
|
|
45
|
+
policy_name?: string;
|
|
46
|
+
action?: string;
|
|
47
|
+
risk_level?: string;
|
|
48
|
+
allow_override?: boolean;
|
|
49
|
+
policy_description?: string;
|
|
50
|
+
}
|
|
51
|
+
export interface ExplainRule {
|
|
52
|
+
policy_id: string;
|
|
53
|
+
rule_id?: string;
|
|
54
|
+
rule_text?: string;
|
|
55
|
+
matched_on?: string;
|
|
56
|
+
}
|
|
57
|
+
export interface DecisionExplanation {
|
|
58
|
+
decision_id: string;
|
|
59
|
+
timestamp: string;
|
|
60
|
+
policy_matches: ExplainPolicy[];
|
|
61
|
+
matched_rules?: ExplainRule[];
|
|
62
|
+
decision: string;
|
|
63
|
+
reason: string;
|
|
64
|
+
risk_level?: string;
|
|
65
|
+
override_available: boolean;
|
|
66
|
+
override_existing_id?: string;
|
|
67
|
+
historical_hit_count_session: number;
|
|
68
|
+
policy_source_link?: string;
|
|
69
|
+
tool_signature?: string;
|
|
70
|
+
}
|
|
71
|
+
export interface CreateOverrideOptions {
|
|
72
|
+
policyId: string;
|
|
73
|
+
policyType: "static" | "dynamic";
|
|
74
|
+
overrideReason: string;
|
|
75
|
+
toolSignature?: string;
|
|
76
|
+
ttlSeconds?: number;
|
|
77
|
+
}
|
|
78
|
+
export interface CreateOverrideResult {
|
|
79
|
+
id: string;
|
|
80
|
+
policy_id: string;
|
|
81
|
+
policy_type: string;
|
|
82
|
+
expires_at: string;
|
|
83
|
+
ttl_seconds: number;
|
|
84
|
+
requested_ttl?: number;
|
|
85
|
+
clamped?: boolean;
|
|
86
|
+
clamped_reason?: string;
|
|
87
|
+
created_at: string;
|
|
35
88
|
}
|
|
36
89
|
export declare class AxonFlowClient {
|
|
37
90
|
private readonly endpoint;
|
|
38
91
|
private readonly authHeader;
|
|
39
92
|
private readonly requestTimeoutMs;
|
|
93
|
+
private readonly userEmail;
|
|
40
94
|
constructor(config: AxonFlowPluginConfig);
|
|
41
95
|
private baseHeaders;
|
|
42
96
|
private fetchWithTimeout;
|
|
@@ -77,5 +131,39 @@ export declare class AxonFlowClient {
|
|
|
77
131
|
error?: string;
|
|
78
132
|
}>;
|
|
79
133
|
healthCheck(): Promise<boolean>;
|
|
134
|
+
/**
|
|
135
|
+
* Fetch the full explanation for a previously-made policy decision.
|
|
136
|
+
*
|
|
137
|
+
* Returns matched policies, risk level, override availability, rolling-24h
|
|
138
|
+
* session hit count, and policy source link. Shape is frozen per ADR-043.
|
|
139
|
+
*
|
|
140
|
+
* Used by the CLI `explain` command and by the plugin's own block-reason
|
|
141
|
+
* enrichment path. Errors are returned as null rather than thrown — the
|
|
142
|
+
* caller formats a user-friendly message.
|
|
143
|
+
*/
|
|
144
|
+
explainDecision(decisionId: string): Promise<DecisionExplanation | null>;
|
|
145
|
+
/**
|
|
146
|
+
* Create a session-scoped override for a policy the caller was blocked by.
|
|
147
|
+
*
|
|
148
|
+
* ADR-042 rules enforced server-side:
|
|
149
|
+
* - TTL clamped to [1min, 24h], default 60m.
|
|
150
|
+
* - Critical-risk policies rejected (403).
|
|
151
|
+
* - allow_override=false policies rejected (403).
|
|
152
|
+
* - Justification (overrideReason) is mandatory.
|
|
153
|
+
*
|
|
154
|
+
* Plugin does minimal client-side validation and lets the platform
|
|
155
|
+
* enforce invariants.
|
|
156
|
+
*/
|
|
157
|
+
createOverride(opts: CreateOverrideOptions): Promise<CreateOverrideResult>;
|
|
158
|
+
/** Revoke a previously-created override. */
|
|
159
|
+
revokeOverride(overrideId: string): Promise<void>;
|
|
160
|
+
/** List active overrides for the caller's tenant. */
|
|
161
|
+
listOverrides(options?: {
|
|
162
|
+
policyId?: string;
|
|
163
|
+
includeRevoked?: boolean;
|
|
164
|
+
}): Promise<{
|
|
165
|
+
overrides: Array<Record<string, unknown>>;
|
|
166
|
+
count: number;
|
|
167
|
+
}>;
|
|
80
168
|
}
|
|
81
169
|
//# sourceMappingURL=axonflow-client.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"axonflow-client.d.ts","sourceRoot":"","sources":["../src/axonflow-client.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAExD;;;;;;;;;;GAUG;AACH,qBAAa,iBAAkB,SAAQ,KAAK;IAC1C,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;gBAG7C,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,MAAM,EAClB,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACrC,OAAO,EAAE,MAAM;CAalB;AAED,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,kBAAkB,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"axonflow-client.d.ts","sourceRoot":"","sources":["../src/axonflow-client.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAExD;;;;;;;;;;GAUG;AACH,qBAAa,iBAAkB,SAAQ,KAAK;IAC1C,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;gBAG7C,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,MAAM,EAClB,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACrC,OAAO,EAAE,MAAM;CAalB;AAED,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,kBAAkB,EAAE,MAAM,CAAC;IAK3B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,aAAa,EAAE,CAAC;IACjC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED,MAAM,WAAW,sBAAsB;IACrC,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,aAAa,EAAE,CAAC;CAClC;AAGD,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,aAAa,EAAE,CAAC;IAChC,aAAa,CAAC,EAAE,WAAW,EAAE,CAAC;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,kBAAkB,EAAE,OAAO,CAAC;IAC5B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,4BAA4B,EAAE,MAAM,CAAC;IACrC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAGD,MAAM,WAAW,qBAAqB;IACpC,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,QAAQ,GAAG,SAAS,CAAC;IACjC,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,oBAAoB;IACnC,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;CACpB;AAqFD,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAS;IAC1C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAqB;gBACnC,MAAM,EAAE,oBAAoB;IAkBxC,OAAO,CAAC,WAAW;YAiBL,gBAAgB;IAiBxB,aAAa,CACjB,aAAa,EAAE,MAAM,EACrB,SAAS,EAAE,MAAM,EACjB,SAAS,GAAE,MAAkB,GAC5B,OAAO,CAAC,qBAAqB,CAAC;IAgD3B,cAAc,CAClB,aAAa,EAAE,MAAM,EACrB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,sBAAsB,CAAC;IAgDlC;;;OAGG;IACG,aAAa,CACjB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,MAAM,CAAC,EAAE,OAAO,EAChB,KAAK,CAAC,EAAE,MAAM,EACd,UAAU,CAAC,EAAE,MAAM,GAClB,OAAO,CAAC,IAAI,CAAC;IAqBhB;;;;;;;OAOG;IACG,YAAY,CAChB,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,MAAM,EACb,eAAe,EAAE,MAAM,EACvB,UAAU,EAAE;QAAE,aAAa,EAAE,MAAM,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAA;KAAE,EACtF,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,IAAI,CAAC;IAoBhB;;;;;OAKG;IACG,iBAAiB,CAAC,OAAO,CAAC,EAAE;QAChC,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,GAAG,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,EAAE,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IA2B5D,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC;IAarC;;;;;;;;;OASG;IACG,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC;IAmB9E;;;;;;;;;;;OAWG;IACG,cAAc,CAAC,IAAI,EAAE,qBAAqB,GAAG,OAAO,CAAC,oBAAoB,CAAC;IA8BhF,4CAA4C;IACtC,cAAc,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAkBvD,qDAAqD;IAC/C,aAAa,CAAC,OAAO,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,cAAc,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,OAAO,CAAC;QACtF,SAAS,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;QAC1C,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;CAmBH"}
|
package/dist/axonflow-client.js
CHANGED
|
@@ -32,6 +32,48 @@ export class AxonFlowHttpError extends Error {
|
|
|
32
32
|
Object.setPrototypeOf(this, AxonFlowHttpError.prototype);
|
|
33
33
|
}
|
|
34
34
|
}
|
|
35
|
+
/**
|
|
36
|
+
* Extract the Plugin Batch 1 (ADR-042 + ADR-043) richer governance context
|
|
37
|
+
* from a policy-check response. All fields are optional — older platforms
|
|
38
|
+
* (pre-v7.1.0) return undefined for every field, and callers treat absence
|
|
39
|
+
* as "context not available" rather than an error.
|
|
40
|
+
*
|
|
41
|
+
* Reviewer-caught regression: without this, the extended MCPCheckInputResponse
|
|
42
|
+
* / MCPCheckOutputResponse fields were declared but never populated, so
|
|
43
|
+
* governance.ts couldn't surface the richer reasoning even when the platform
|
|
44
|
+
* returned it.
|
|
45
|
+
*/
|
|
46
|
+
function extractRicherContext(data) {
|
|
47
|
+
const ctx = {};
|
|
48
|
+
if (typeof data["decision_id"] === "string" && data["decision_id"]) {
|
|
49
|
+
ctx.decision_id = data["decision_id"];
|
|
50
|
+
}
|
|
51
|
+
if (typeof data["risk_level"] === "string" && data["risk_level"]) {
|
|
52
|
+
ctx.risk_level = data["risk_level"];
|
|
53
|
+
}
|
|
54
|
+
if (typeof data["override_available"] === "boolean") {
|
|
55
|
+
ctx.override_available = data["override_available"];
|
|
56
|
+
}
|
|
57
|
+
if (typeof data["override_existing_id"] === "string" && data["override_existing_id"]) {
|
|
58
|
+
ctx.override_existing_id = data["override_existing_id"];
|
|
59
|
+
}
|
|
60
|
+
const rawMatches = data["policy_matches"];
|
|
61
|
+
if (Array.isArray(rawMatches)) {
|
|
62
|
+
ctx.policy_matches = rawMatches
|
|
63
|
+
.filter((m) => typeof m === "object" && m !== null)
|
|
64
|
+
.map((m) => ({
|
|
65
|
+
policy_id: typeof m["policy_id"] === "string" ? m["policy_id"] : "",
|
|
66
|
+
policy_name: typeof m["policy_name"] === "string" ? m["policy_name"] : undefined,
|
|
67
|
+
action: typeof m["action"] === "string" ? m["action"] : undefined,
|
|
68
|
+
risk_level: typeof m["risk_level"] === "string" ? m["risk_level"] : undefined,
|
|
69
|
+
allow_override: typeof m["allow_override"] === "boolean" ? m["allow_override"] : undefined,
|
|
70
|
+
policy_description: typeof m["policy_description"] === "string"
|
|
71
|
+
? m["policy_description"]
|
|
72
|
+
: undefined,
|
|
73
|
+
}));
|
|
74
|
+
}
|
|
75
|
+
return ctx;
|
|
76
|
+
}
|
|
35
77
|
/**
|
|
36
78
|
* Extract policies_evaluated count from API response.
|
|
37
79
|
* The platform returns this as a top-level number on 403 responses,
|
|
@@ -58,6 +100,7 @@ export class AxonFlowClient {
|
|
|
58
100
|
endpoint;
|
|
59
101
|
authHeader;
|
|
60
102
|
requestTimeoutMs;
|
|
103
|
+
userEmail;
|
|
61
104
|
constructor(config) {
|
|
62
105
|
// Strip trailing slashes without regex (avoids ReDoS on polynomial patterns)
|
|
63
106
|
let ep = config.endpoint;
|
|
@@ -67,14 +110,28 @@ export class AxonFlowClient {
|
|
|
67
110
|
this.requestTimeoutMs = config.requestTimeoutMs ?? 8000;
|
|
68
111
|
const credentials = Buffer.from(`${config.clientId}:${config.clientSecret}`).toString("base64");
|
|
69
112
|
this.authHeader = `Basic ${credentials}`;
|
|
113
|
+
// Store per-user identity for Plugin Batch 1 endpoints — createOverride /
|
|
114
|
+
// revokeOverride / listOverrides all require it, and explain's
|
|
115
|
+
// historical_hit_count scope depends on it.
|
|
116
|
+
this.userEmail = config.userEmail && config.userEmail.trim()
|
|
117
|
+
? config.userEmail.trim()
|
|
118
|
+
: undefined;
|
|
70
119
|
}
|
|
71
120
|
baseHeaders() {
|
|
72
121
|
// Tenant is derived from Basic auth credentials on the server side (RFC 6749).
|
|
73
122
|
// X-Tenant-ID header is no longer sent — server knows tenant from auth.
|
|
74
|
-
|
|
123
|
+
//
|
|
124
|
+
// Plugin Batch 1 (ADR-044): forward X-User-Email when configured so the
|
|
125
|
+
// orchestrator can scope override ownership and explain access control
|
|
126
|
+
// by real caller rather than by a synthetic client-wide identity.
|
|
127
|
+
const h = {
|
|
75
128
|
"Content-Type": "application/json",
|
|
76
129
|
Authorization: this.authHeader,
|
|
77
130
|
};
|
|
131
|
+
if (this.userEmail) {
|
|
132
|
+
h["X-User-Email"] = this.userEmail;
|
|
133
|
+
}
|
|
134
|
+
return h;
|
|
78
135
|
}
|
|
79
136
|
async fetchWithTimeout(url, init) {
|
|
80
137
|
const controller = new AbortController();
|
|
@@ -110,6 +167,7 @@ export class AxonFlowClient {
|
|
|
110
167
|
? data["error"]
|
|
111
168
|
: "Blocked by policy",
|
|
112
169
|
policies_evaluated: extractPoliciesEvaluated(data),
|
|
170
|
+
...extractRicherContext(data),
|
|
113
171
|
};
|
|
114
172
|
}
|
|
115
173
|
if (!response.ok) {
|
|
@@ -121,6 +179,7 @@ export class AxonFlowClient {
|
|
|
121
179
|
? data["block_reason"]
|
|
122
180
|
: undefined,
|
|
123
181
|
policies_evaluated: extractPoliciesEvaluated(data),
|
|
182
|
+
...extractRicherContext(data),
|
|
124
183
|
};
|
|
125
184
|
}
|
|
126
185
|
async mcpCheckOutput(connectorType, message) {
|
|
@@ -143,6 +202,7 @@ export class AxonFlowClient {
|
|
|
143
202
|
? data["error"]
|
|
144
203
|
: "Blocked by policy",
|
|
145
204
|
policies_evaluated: extractPoliciesEvaluated(data),
|
|
205
|
+
...extractRicherContext(data),
|
|
146
206
|
};
|
|
147
207
|
}
|
|
148
208
|
if (!response.ok) {
|
|
@@ -155,6 +215,7 @@ export class AxonFlowClient {
|
|
|
155
215
|
: undefined,
|
|
156
216
|
redacted_data: data["redacted_data"] ?? undefined,
|
|
157
217
|
policies_evaluated: extractPoliciesEvaluated(data),
|
|
218
|
+
...extractRicherContext(data),
|
|
158
219
|
};
|
|
159
220
|
}
|
|
160
221
|
/**
|
|
@@ -250,5 +311,106 @@ export class AxonFlowClient {
|
|
|
250
311
|
return false;
|
|
251
312
|
}
|
|
252
313
|
}
|
|
314
|
+
// ============================================================================
|
|
315
|
+
// Plugin Batch 1: ADR-042 session overrides + ADR-043 explain
|
|
316
|
+
// ============================================================================
|
|
317
|
+
/**
|
|
318
|
+
* Fetch the full explanation for a previously-made policy decision.
|
|
319
|
+
*
|
|
320
|
+
* Returns matched policies, risk level, override availability, rolling-24h
|
|
321
|
+
* session hit count, and policy source link. Shape is frozen per ADR-043.
|
|
322
|
+
*
|
|
323
|
+
* Used by the CLI `explain` command and by the plugin's own block-reason
|
|
324
|
+
* enrichment path. Errors are returned as null rather than thrown — the
|
|
325
|
+
* caller formats a user-friendly message.
|
|
326
|
+
*/
|
|
327
|
+
async explainDecision(decisionId) {
|
|
328
|
+
if (!decisionId)
|
|
329
|
+
return null;
|
|
330
|
+
const encoded = encodeURIComponent(decisionId);
|
|
331
|
+
const url = `${this.endpoint}/api/v1/decisions/${encoded}/explain`;
|
|
332
|
+
try {
|
|
333
|
+
const response = await this.fetchWithTimeout(url, {
|
|
334
|
+
method: "GET",
|
|
335
|
+
headers: this.baseHeaders(),
|
|
336
|
+
});
|
|
337
|
+
if (!response.ok) {
|
|
338
|
+
return null;
|
|
339
|
+
}
|
|
340
|
+
return (await response.json());
|
|
341
|
+
}
|
|
342
|
+
catch {
|
|
343
|
+
return null;
|
|
344
|
+
}
|
|
345
|
+
}
|
|
346
|
+
/**
|
|
347
|
+
* Create a session-scoped override for a policy the caller was blocked by.
|
|
348
|
+
*
|
|
349
|
+
* ADR-042 rules enforced server-side:
|
|
350
|
+
* - TTL clamped to [1min, 24h], default 60m.
|
|
351
|
+
* - Critical-risk policies rejected (403).
|
|
352
|
+
* - allow_override=false policies rejected (403).
|
|
353
|
+
* - Justification (overrideReason) is mandatory.
|
|
354
|
+
*
|
|
355
|
+
* Plugin does minimal client-side validation and lets the platform
|
|
356
|
+
* enforce invariants.
|
|
357
|
+
*/
|
|
358
|
+
async createOverride(opts) {
|
|
359
|
+
if (!opts.overrideReason || !opts.overrideReason.trim()) {
|
|
360
|
+
throw new Error("overrideReason is required (ADR-042: mandatory justification)");
|
|
361
|
+
}
|
|
362
|
+
const url = `${this.endpoint}/api/v1/overrides`;
|
|
363
|
+
const body = {
|
|
364
|
+
policy_id: opts.policyId,
|
|
365
|
+
policy_type: opts.policyType,
|
|
366
|
+
override_reason: opts.overrideReason,
|
|
367
|
+
};
|
|
368
|
+
if (opts.toolSignature)
|
|
369
|
+
body.tool_signature = opts.toolSignature;
|
|
370
|
+
if (opts.ttlSeconds !== undefined)
|
|
371
|
+
body.ttl_seconds = opts.ttlSeconds;
|
|
372
|
+
const response = await this.fetchWithTimeout(url, {
|
|
373
|
+
method: "POST",
|
|
374
|
+
headers: this.baseHeaders(),
|
|
375
|
+
body: JSON.stringify(body),
|
|
376
|
+
});
|
|
377
|
+
if (!response.ok) {
|
|
378
|
+
const text = await response.text();
|
|
379
|
+
throw new AxonFlowHttpError(response.status, response.statusText, { error: text }, "create override");
|
|
380
|
+
}
|
|
381
|
+
return (await response.json());
|
|
382
|
+
}
|
|
383
|
+
/** Revoke a previously-created override. */
|
|
384
|
+
async revokeOverride(overrideId) {
|
|
385
|
+
if (!overrideId)
|
|
386
|
+
throw new Error("overrideId is required");
|
|
387
|
+
const url = `${this.endpoint}/api/v1/overrides/${encodeURIComponent(overrideId)}`;
|
|
388
|
+
const response = await this.fetchWithTimeout(url, {
|
|
389
|
+
method: "DELETE",
|
|
390
|
+
headers: this.baseHeaders(),
|
|
391
|
+
});
|
|
392
|
+
if (!response.ok) {
|
|
393
|
+
const text = await response.text();
|
|
394
|
+
throw new AxonFlowHttpError(response.status, response.statusText, { error: text }, "revoke override");
|
|
395
|
+
}
|
|
396
|
+
}
|
|
397
|
+
/** List active overrides for the caller's tenant. */
|
|
398
|
+
async listOverrides(options) {
|
|
399
|
+
const params = new URLSearchParams();
|
|
400
|
+
if (options?.policyId)
|
|
401
|
+
params.set("policy_id", options.policyId);
|
|
402
|
+
if (options?.includeRevoked)
|
|
403
|
+
params.set("include_revoked", "true");
|
|
404
|
+
const qs = params.toString();
|
|
405
|
+
const url = `${this.endpoint}/api/v1/overrides${qs ? "?" + qs : ""}`;
|
|
406
|
+
const response = await this.fetchWithTimeout(url, {
|
|
407
|
+
method: "GET",
|
|
408
|
+
headers: this.baseHeaders(),
|
|
409
|
+
});
|
|
410
|
+
if (!response.ok) {
|
|
411
|
+
return { overrides: [], count: 0 };
|
|
412
|
+
}
|
|
413
|
+
return (await response.json());
|
|
414
|
+
}
|
|
253
415
|
}
|
|
254
416
|
//# sourceMappingURL=axonflow-client.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"axonflow-client.js","sourceRoot":"","sources":["../src/axonflow-client.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH;;;;;;;;;;GAUG;AACH,MAAM,OAAO,iBAAkB,SAAQ,KAAK;IACjC,MAAM,CAAS;IACf,UAAU,CAAS;IACnB,YAAY,CAA0B;IAE/C,YACE,MAAc,EACd,UAAkB,EAClB,YAAqC,EACrC,OAAe;QAEf,MAAM,WAAW,GAAG,OAAO,YAAY,CAAC,OAAO,CAAC,KAAK,QAAQ;YAC3D,CAAC,CAAC,YAAY,CAAC,OAAO,CAAC;YACvB,CAAC,CAAC,EAAE,CAAC;QACP,KAAK,CAAC,YAAY,OAAO,iBAAiB,MAAM,IAAI,UAAU,GAAG,WAAW,CAAC,CAAC,CAAC,KAAK,GAAG,WAAW,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC3G,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;QAChC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;QACjC,2EAA2E;QAC3E,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,iBAAiB,CAAC,SAAS,CAAC,CAAC;IAC3D,CAAC;CACF;AAeD;;;;;GAKG;AACH,SAAS,wBAAwB,CAAC,IAA6B;IAC7D,IAAI,OAAO,IAAI,CAAC,oBAAoB,CAAC,KAAK,QAAQ,EAAE,CAAC;QACnD,OAAO,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACpC,CAAC;IACD,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,CAAC;IACvC,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;QAC1D,MAAM,EAAE,GAAG,UAAqC,CAAC;QACjD,IAAI,OAAO,EAAE,CAAC,oBAAoB,CAAC,KAAK,QAAQ,EAAE,CAAC;YACjD,OAAO,EAAE,CAAC,oBAAoB,CAAC,CAAC;QAClC,CAAC;QACD,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,oBAAoB,CAAC,CAAC,EAAE,CAAC;YAC5C,OAAO,EAAE,CAAC,oBAAoB,CAAC,CAAC,MAAM,CAAC;QACzC,CAAC;IACH,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,MAAM,OAAO,cAAc;IACR,QAAQ,CAAS;IACjB,UAAU,CAAS;IACnB,gBAAgB,CAAS;IAC1C,YAAY,MAA4B;QACtC,6EAA6E;QAC7E,IAAI,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC;QACzB,OAAO,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC;YAAE,EAAE,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC9C,IAAI,CAAC,QAAQ,GAAG,EAAE,CAAC;QACnB,IAAI,CAAC,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,IAAI,IAAI,CAAC;QACxD,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAC7B,GAAG,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,YAAY,EAAE,CAC5C,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACrB,IAAI,CAAC,UAAU,GAAG,SAAS,WAAW,EAAE,CAAC;IAC3C,CAAC;IAEO,WAAW;QACjB,+EAA+E;QAC/E,wEAAwE;QACxE,OAAO;YACL,cAAc,EAAE,kBAAkB;YAClC,aAAa,EAAE,IAAI,CAAC,UAAU;SAC/B,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAC5B,GAAW,EACX,IAAkB;QAElB,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAE9E,IAAI,CAAC;YACH,OAAO,MAAM,KAAK,CAAC,GAAG,EAAE;gBACtB,GAAG,IAAI;gBACP,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;QACL,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,SAAS,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,aAAqB,EACrB,SAAiB,EACjB,YAAoB,SAAS;QAE7B,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,QAAQ,yBAAyB,CAAC;QACtD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE;YAChD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,IAAI,CAAC,WAAW,EAAE;YAC3B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,cAAc,EAAE,aAAa;gBAC7B,SAAS;gBACT,SAAS;aACV,CAAC;SACH,CAAC,CAAC;QAEH,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAC;QAEhE,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,YAAY,EACV,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,QAAQ;oBACtC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC;oBACtB,CAAC,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,QAAQ;wBACjC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC;wBACf,CAAC,CAAC,mBAAmB;gBAC3B,kBAAkB,EAAE,wBAAwB,CAAC,IAAI,CAAC;aACnD,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,iBAAiB,CACzB,QAAQ,CAAC,MAAM,EACf,QAAQ,CAAC,UAAU,EACnB,IAAI,EACJ,aAAa,CACd,CAAC;QACJ,CAAC;QAED,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,IAAI;YACjC,YAAY,EACV,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,QAAQ;gBACtC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC;gBACtB,CAAC,CAAC,SAAS;YACf,kBAAkB,EAAE,wBAAwB,CAAC,IAAI,CAAC;SACnD,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,cAAc,CAClB,aAAqB,EACrB,OAAe;QAEf,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,QAAQ,0BAA0B,CAAC;QACvD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE;YAChD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,IAAI,CAAC,WAAW,EAAE;YAC3B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,cAAc,EAAE,aAAa;gBAC7B,OAAO;aACR,CAAC;SACH,CAAC,CAAC;QAEH,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAC;QAEhE,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,YAAY,EACV,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,QAAQ;oBACtC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC;oBACtB,CAAC,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,QAAQ;wBACjC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC;wBACf,CAAC,CAAC,mBAAmB;gBAC3B,kBAAkB,EAAE,wBAAwB,CAAC,IAAI,CAAC;aACnD,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,iBAAiB,CACzB,QAAQ,CAAC,MAAM,EACf,QAAQ,CAAC,UAAU,EACnB,IAAI,EACJ,cAAc,CACf,CAAC;QACJ,CAAC;QAED,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,IAAI;YACjC,YAAY,EACV,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,QAAQ;gBACtC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC;gBACtB,CAAC,CAAC,SAAS;YACf,aAAa,EAAE,IAAI,CAAC,eAAe,CAAC,IAAI,SAAS;YACjD,kBAAkB,EAAE,wBAAwB,CAAC,IAAI,CAAC;SACnD,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,aAAa,CACjB,QAAgB,EAChB,MAA+B,EAC/B,MAAgB,EAChB,KAAc,EACd,UAAmB;QAEnB,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,QAAQ,yBAAyB,CAAC;QACtD,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE;gBAC/B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,IAAI,CAAC,WAAW,EAAE;gBAC3B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,SAAS,EAAE,QAAQ;oBACnB,SAAS,EAAE,UAAU;oBACrB,KAAK,EAAE,MAAM;oBACb,MAAM,EAAE,MAAM,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS;oBACrF,OAAO,EAAE,KAAK,IAAI,IAAI;oBACtB,aAAa,EAAE,KAAK;oBACpB,WAAW,EAAE,UAAU;iBACxB,CAAC;aACH,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,+BAA+B;QACjC,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,YAAY,CAChB,QAAgB,EAChB,KAAa,EACb,KAAa,EACb,eAAuB,EACvB,UAAsF,EACtF,SAAiB;QAEjB,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,QAAQ,yBAAyB,CAAC;QACtD,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE;gBAC/B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,IAAI,CAAC,WAAW,EAAE;gBAC3B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,SAAS,EAAE,GAAG,QAAQ,IAAI,KAAK,EAAE;oBACjC,SAAS,EAAE,UAAU;oBACrB,KAAK,EAAE,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;oBACrC,MAAM,EAAE,EAAE,gBAAgB,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,WAAW,EAAE,UAAU,EAAE;oBACpF,OAAO,EAAE,IAAI;oBACb,WAAW,EAAE,SAAS;iBACvB,CAAC;aACH,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,+BAA+B;QACjC,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,iBAAiB,CAAC,OAKvB;QACC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,QAAQ,sBAAsB,CAAC;QACnD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,UAAU,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAE5D,MAAM,IAAI,GAAG;YACX,UAAU,EAAE,OAAO,EAAE,SAAS,IAAI,UAAU,CAAC,WAAW,EAAE;YAC1D,QAAQ,EAAE,OAAO,EAAE,OAAO,IAAI,GAAG,CAAC,WAAW,EAAE;YAC/C,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,IAAI,EAAE,EAAE,GAAG,CAAC;YAC1C,GAAG,CAAC,OAAO,EAAE,WAAW,IAAI,EAAE,YAAY,EAAE,OAAO,CAAC,WAAW,EAAE,CAAC;SACnE,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE;gBAChD,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,IAAI,CAAC,WAAW,EAAE;gBAC3B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;aAC3B,CAAC,CAAC;YACH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,QAAQ,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC;YACrE,CAAC;YACD,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA0C,CAAC;QAC1E,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC;QAC5F,CAAC;IACH,CAAC;IAED,KAAK,CAAC,WAAW;QACf,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC,QAAQ,SAAS,CAAC,CAAC;YACxE,OAAO,QAAQ,CAAC,EAAE,CAAC;QACrB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF"}
|
|
1
|
+
{"version":3,"file":"axonflow-client.js","sourceRoot":"","sources":["../src/axonflow-client.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH;;;;;;;;;;GAUG;AACH,MAAM,OAAO,iBAAkB,SAAQ,KAAK;IACjC,MAAM,CAAS;IACf,UAAU,CAAS;IACnB,YAAY,CAA0B;IAE/C,YACE,MAAc,EACd,UAAkB,EAClB,YAAqC,EACrC,OAAe;QAEf,MAAM,WAAW,GAAG,OAAO,YAAY,CAAC,OAAO,CAAC,KAAK,QAAQ;YAC3D,CAAC,CAAC,YAAY,CAAC,OAAO,CAAC;YACvB,CAAC,CAAC,EAAE,CAAC;QACP,KAAK,CAAC,YAAY,OAAO,iBAAiB,MAAM,IAAI,UAAU,GAAG,WAAW,CAAC,CAAC,CAAC,KAAK,GAAG,WAAW,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC3G,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;QAChC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;QACjC,2EAA2E;QAC3E,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,iBAAiB,CAAC,SAAS,CAAC,CAAC;IAC3D,CAAC;CACF;AA+ED;;;;;;;;;;GAUG;AACH,SAAS,oBAAoB,CAAC,IAA6B;IAOzD,MAAM,GAAG,GAML,EAAE,CAAC;IAEP,IAAI,OAAO,IAAI,CAAC,aAAa,CAAC,KAAK,QAAQ,IAAI,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC;QACnE,GAAG,CAAC,WAAW,GAAG,IAAI,CAAC,aAAa,CAAW,CAAC;IAClD,CAAC;IACD,IAAI,OAAO,IAAI,CAAC,YAAY,CAAC,KAAK,QAAQ,IAAI,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;QACjE,GAAG,CAAC,UAAU,GAAG,IAAI,CAAC,YAAY,CAAW,CAAC;IAChD,CAAC;IACD,IAAI,OAAO,IAAI,CAAC,oBAAoB,CAAC,KAAK,SAAS,EAAE,CAAC;QACpD,GAAG,CAAC,kBAAkB,GAAG,IAAI,CAAC,oBAAoB,CAAY,CAAC;IACjE,CAAC;IACD,IAAI,OAAO,IAAI,CAAC,sBAAsB,CAAC,KAAK,QAAQ,IAAI,IAAI,CAAC,sBAAsB,CAAC,EAAE,CAAC;QACrF,GAAG,CAAC,oBAAoB,GAAG,IAAI,CAAC,sBAAsB,CAAW,CAAC;IACpE,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,CAAC,gBAAgB,CAAC,CAAC;IAC1C,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9B,GAAG,CAAC,cAAc,GAAG,UAAU;aAC5B,MAAM,CAAC,CAAC,CAAC,EAAgC,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,IAAI,CAAC;aAChF,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACX,SAAS,EAAE,OAAO,CAAC,CAAC,WAAW,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAE,CAAC,CAAC,WAAW,CAAY,CAAC,CAAC,CAAC,EAAE;YAC/E,WAAW,EAAE,OAAO,CAAC,CAAC,aAAa,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAE,CAAC,CAAC,aAAa,CAAY,CAAC,CAAC,CAAC,SAAS;YAC5F,MAAM,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAE,CAAC,CAAC,QAAQ,CAAY,CAAC,CAAC,CAAC,SAAS;YAC7E,UAAU,EAAE,OAAO,CAAC,CAAC,YAAY,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAE,CAAC,CAAC,YAAY,CAAY,CAAC,CAAC,CAAC,SAAS;YACzF,cAAc,EACZ,OAAO,CAAC,CAAC,gBAAgB,CAAC,KAAK,SAAS,CAAC,CAAC,CAAE,CAAC,CAAC,gBAAgB,CAAa,CAAC,CAAC,CAAC,SAAS;YACzF,kBAAkB,EAChB,OAAO,CAAC,CAAC,oBAAoB,CAAC,KAAK,QAAQ;gBACzC,CAAC,CAAE,CAAC,CAAC,oBAAoB,CAAY;gBACrC,CAAC,CAAC,SAAS;SAChB,CAAC,CAAC,CAAC;IACR,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;GAKG;AACH,SAAS,wBAAwB,CAAC,IAA6B;IAC7D,IAAI,OAAO,IAAI,CAAC,oBAAoB,CAAC,KAAK,QAAQ,EAAE,CAAC;QACnD,OAAO,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACpC,CAAC;IACD,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,CAAC;IACvC,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;QAC1D,MAAM,EAAE,GAAG,UAAqC,CAAC;QACjD,IAAI,OAAO,EAAE,CAAC,oBAAoB,CAAC,KAAK,QAAQ,EAAE,CAAC;YACjD,OAAO,EAAE,CAAC,oBAAoB,CAAC,CAAC;QAClC,CAAC;QACD,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,oBAAoB,CAAC,CAAC,EAAE,CAAC;YAC5C,OAAO,EAAE,CAAC,oBAAoB,CAAC,CAAC,MAAM,CAAC;QACzC,CAAC;IACH,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,MAAM,OAAO,cAAc;IACR,QAAQ,CAAS;IACjB,UAAU,CAAS;IACnB,gBAAgB,CAAS;IACzB,SAAS,CAAqB;IAC/C,YAAY,MAA4B;QACtC,6EAA6E;QAC7E,IAAI,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC;QACzB,OAAO,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC;YAAE,EAAE,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC9C,IAAI,CAAC,QAAQ,GAAG,EAAE,CAAC;QACnB,IAAI,CAAC,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,IAAI,IAAI,CAAC;QACxD,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAC7B,GAAG,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,YAAY,EAAE,CAC5C,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACrB,IAAI,CAAC,UAAU,GAAG,SAAS,WAAW,EAAE,CAAC;QACzC,0EAA0E;QAC1E,+DAA+D;QAC/D,4CAA4C;QAC5C,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,SAAS,CAAC,IAAI,EAAE;YAC1D,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,EAAE;YACzB,CAAC,CAAC,SAAS,CAAC;IAChB,CAAC;IAEO,WAAW;QACjB,+EAA+E;QAC/E,wEAAwE;QACxE,EAAE;QACF,wEAAwE;QACxE,uEAAuE;QACvE,kEAAkE;QAClE,MAAM,CAAC,GAA2B;YAChC,cAAc,EAAE,kBAAkB;YAClC,aAAa,EAAE,IAAI,CAAC,UAAU;SAC/B,CAAC;QACF,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,CAAC,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC;QACrC,CAAC;QACD,OAAO,CAAC,CAAC;IACX,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAC5B,GAAW,EACX,IAAkB;QAElB,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAE9E,IAAI,CAAC;YACH,OAAO,MAAM,KAAK,CAAC,GAAG,EAAE;gBACtB,GAAG,IAAI;gBACP,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;QACL,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,SAAS,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,aAAqB,EACrB,SAAiB,EACjB,YAAoB,SAAS;QAE7B,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,QAAQ,yBAAyB,CAAC;QACtD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE;YAChD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,IAAI,CAAC,WAAW,EAAE;YAC3B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,cAAc,EAAE,aAAa;gBAC7B,SAAS;gBACT,SAAS;aACV,CAAC;SACH,CAAC,CAAC;QAEH,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAC;QAEhE,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,YAAY,EACV,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,QAAQ;oBACtC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC;oBACtB,CAAC,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,QAAQ;wBACjC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC;wBACf,CAAC,CAAC,mBAAmB;gBAC3B,kBAAkB,EAAE,wBAAwB,CAAC,IAAI,CAAC;gBAClD,GAAG,oBAAoB,CAAC,IAAI,CAAC;aAC9B,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,iBAAiB,CACzB,QAAQ,CAAC,MAAM,EACf,QAAQ,CAAC,UAAU,EACnB,IAAI,EACJ,aAAa,CACd,CAAC;QACJ,CAAC;QAED,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,IAAI;YACjC,YAAY,EACV,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,QAAQ;gBACtC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC;gBACtB,CAAC,CAAC,SAAS;YACf,kBAAkB,EAAE,wBAAwB,CAAC,IAAI,CAAC;YAClD,GAAG,oBAAoB,CAAC,IAAI,CAAC;SAC9B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,cAAc,CAClB,aAAqB,EACrB,OAAe;QAEf,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,QAAQ,0BAA0B,CAAC;QACvD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE;YAChD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,IAAI,CAAC,WAAW,EAAE;YAC3B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,cAAc,EAAE,aAAa;gBAC7B,OAAO;aACR,CAAC;SACH,CAAC,CAAC;QAEH,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAC;QAEhE,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,YAAY,EACV,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,QAAQ;oBACtC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC;oBACtB,CAAC,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,QAAQ;wBACjC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC;wBACf,CAAC,CAAC,mBAAmB;gBAC3B,kBAAkB,EAAE,wBAAwB,CAAC,IAAI,CAAC;gBAClD,GAAG,oBAAoB,CAAC,IAAI,CAAC;aAC9B,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,iBAAiB,CACzB,QAAQ,CAAC,MAAM,EACf,QAAQ,CAAC,UAAU,EACnB,IAAI,EACJ,cAAc,CACf,CAAC;QACJ,CAAC;QAED,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,IAAI;YACjC,YAAY,EACV,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,QAAQ;gBACtC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC;gBACtB,CAAC,CAAC,SAAS;YACf,aAAa,EAAE,IAAI,CAAC,eAAe,CAAC,IAAI,SAAS;YACjD,kBAAkB,EAAE,wBAAwB,CAAC,IAAI,CAAC;YAClD,GAAG,oBAAoB,CAAC,IAAI,CAAC;SAC9B,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,aAAa,CACjB,QAAgB,EAChB,MAA+B,EAC/B,MAAgB,EAChB,KAAc,EACd,UAAmB;QAEnB,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,QAAQ,yBAAyB,CAAC;QACtD,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE;gBAC/B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,IAAI,CAAC,WAAW,EAAE;gBAC3B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,SAAS,EAAE,QAAQ;oBACnB,SAAS,EAAE,UAAU;oBACrB,KAAK,EAAE,MAAM;oBACb,MAAM,EAAE,MAAM,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS;oBACrF,OAAO,EAAE,KAAK,IAAI,IAAI;oBACtB,aAAa,EAAE,KAAK;oBACpB,WAAW,EAAE,UAAU;iBACxB,CAAC;aACH,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,+BAA+B;QACjC,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,YAAY,CAChB,QAAgB,EAChB,KAAa,EACb,KAAa,EACb,eAAuB,EACvB,UAAsF,EACtF,SAAiB;QAEjB,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,QAAQ,yBAAyB,CAAC;QACtD,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE;gBAC/B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,IAAI,CAAC,WAAW,EAAE;gBAC3B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,SAAS,EAAE,GAAG,QAAQ,IAAI,KAAK,EAAE;oBACjC,SAAS,EAAE,UAAU;oBACrB,KAAK,EAAE,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;oBACrC,MAAM,EAAE,EAAE,gBAAgB,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,WAAW,EAAE,UAAU,EAAE;oBACpF,OAAO,EAAE,IAAI;oBACb,WAAW,EAAE,SAAS;iBACvB,CAAC;aACH,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,+BAA+B;QACjC,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,iBAAiB,CAAC,OAKvB;QACC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,QAAQ,sBAAsB,CAAC;QACnD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,UAAU,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAE5D,MAAM,IAAI,GAAG;YACX,UAAU,EAAE,OAAO,EAAE,SAAS,IAAI,UAAU,CAAC,WAAW,EAAE;YAC1D,QAAQ,EAAE,OAAO,EAAE,OAAO,IAAI,GAAG,CAAC,WAAW,EAAE;YAC/C,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,IAAI,EAAE,EAAE,GAAG,CAAC;YAC1C,GAAG,CAAC,OAAO,EAAE,WAAW,IAAI,EAAE,YAAY,EAAE,OAAO,CAAC,WAAW,EAAE,CAAC;SACnE,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE;gBAChD,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,IAAI,CAAC,WAAW,EAAE;gBAC3B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;aAC3B,CAAC,CAAC;YACH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,QAAQ,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC;YACrE,CAAC;YACD,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA0C,CAAC;QAC1E,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC;QAC5F,CAAC;IACH,CAAC;IAED,KAAK,CAAC,WAAW;QACf,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC,QAAQ,SAAS,CAAC,CAAC;YACxE,OAAO,QAAQ,CAAC,EAAE,CAAC;QACrB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,+EAA+E;IAC/E,8DAA8D;IAC9D,+EAA+E;IAE/E;;;;;;;;;OASG;IACH,KAAK,CAAC,eAAe,CAAC,UAAkB;QACtC,IAAI,CAAC,UAAU;YAAE,OAAO,IAAI,CAAC;QAC7B,MAAM,OAAO,GAAG,kBAAkB,CAAC,UAAU,CAAC,CAAC;QAC/C,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,QAAQ,qBAAqB,OAAO,UAAU,CAAC;QAEnE,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE;gBAChD,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE,IAAI,CAAC,WAAW,EAAE;aAC5B,CAAC,CAAC;YACH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,OAAO,IAAI,CAAC;YACd,CAAC;YACD,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAwB,CAAC;QACxD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,cAAc,CAAC,IAA2B;QAC9C,IAAI,CAAC,IAAI,CAAC,cAAc,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,EAAE,CAAC;YACxD,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAC;QACnF,CAAC;QACD,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,QAAQ,mBAAmB,CAAC;QAChD,MAAM,IAAI,GAA4B;YACpC,SAAS,EAAE,IAAI,CAAC,QAAQ;YACxB,WAAW,EAAE,IAAI,CAAC,UAAU;YAC5B,eAAe,EAAE,IAAI,CAAC,cAAc;SACrC,CAAC;QACF,IAAI,IAAI,CAAC,aAAa;YAAE,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,aAAa,CAAC;QACjE,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS;YAAE,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC;QAEtE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE;YAChD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,IAAI,CAAC,WAAW,EAAE;YAC3B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,IAAI,iBAAiB,CACzB,QAAQ,CAAC,MAAM,EACf,QAAQ,CAAC,UAAU,EACnB,EAAE,KAAK,EAAE,IAAI,EAAE,EACf,iBAAiB,CAClB,CAAC;QACJ,CAAC;QACD,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAyB,CAAC;IACzD,CAAC;IAED,4CAA4C;IAC5C,KAAK,CAAC,cAAc,CAAC,UAAkB;QACrC,IAAI,CAAC,UAAU;YAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC3D,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,QAAQ,qBAAqB,kBAAkB,CAAC,UAAU,CAAC,EAAE,CAAC;QAClF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE;YAChD,MAAM,EAAE,QAAQ;YAChB,OAAO,EAAE,IAAI,CAAC,WAAW,EAAE;SAC5B,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,IAAI,iBAAiB,CACzB,QAAQ,CAAC,MAAM,EACf,QAAQ,CAAC,UAAU,EACnB,EAAE,KAAK,EAAE,IAAI,EAAE,EACf,iBAAiB,CAClB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,qDAAqD;IACrD,KAAK,CAAC,aAAa,CAAC,OAAyD;QAI3E,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;QACrC,IAAI,OAAO,EAAE,QAAQ;YAAE,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QACjE,IAAI,OAAO,EAAE,cAAc;YAAE,MAAM,CAAC,GAAG,CAAC,iBAAiB,EAAE,MAAM,CAAC,CAAC;QACnE,MAAM,EAAE,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;QAC7B,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,QAAQ,oBAAoB,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;QAErE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE;YAChD,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,IAAI,CAAC,WAAW,EAAE;SAC5B,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO,EAAE,SAAS,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;QACrC,CAAC;QACD,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAG5B,CAAC;IACJ,CAAC;CACF"}
|
package/dist/config.d.ts
CHANGED
|
@@ -11,6 +11,25 @@ export interface AxonFlowPluginConfig {
|
|
|
11
11
|
clientId: string;
|
|
12
12
|
/** License key for evaluation/enterprise features. Empty for community mode. */
|
|
13
13
|
clientSecret: string;
|
|
14
|
+
/**
|
|
15
|
+
* Per-user identity forwarded on every request via X-User-Email.
|
|
16
|
+
*
|
|
17
|
+
* Required (and only required) when you want user-scoped AxonFlow
|
|
18
|
+
* features to work through this plugin:
|
|
19
|
+
* - `createOverride` / `revokeOverride` / `listOverrides`
|
|
20
|
+
* (endpoint requires an authenticated user identity per ADR-044)
|
|
21
|
+
* - `explainDecision` historical_hit_count scoping
|
|
22
|
+
* - per-user override enforcement on block paths
|
|
23
|
+
*
|
|
24
|
+
* If unset, block responses still include decision_id + risk_level
|
|
25
|
+
* + policy_matches, but the override lifecycle methods will reject
|
|
26
|
+
* with HTTP 401 and explain's hit-count will aggregate across users.
|
|
27
|
+
*
|
|
28
|
+
* A reasonable default for CLI/local-agent setups is `os.userInfo().username`
|
|
29
|
+
* + the agent hostname; a reasonable default for multi-tenant SaaS
|
|
30
|
+
* deployments is the end-user's authenticated email.
|
|
31
|
+
*/
|
|
32
|
+
userEmail?: string;
|
|
14
33
|
/**
|
|
15
34
|
* Tools that require human approval even when AxonFlow allows them.
|
|
16
35
|
* Uses OpenClaw's native approval flow (Telegram/Discord/approve command).
|
package/dist/config.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,WAAW,oBAAoB;IACnC,uEAAuE;IACvE,QAAQ,EAAE,MAAM,CAAC;IAEjB,sFAAsF;IACtF,QAAQ,EAAE,MAAM,CAAC;IAEjB,gFAAgF;IAChF,YAAY,EAAE,MAAM,CAAC;IAErB;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IAEzB;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IAEzB;;OAEG;IACH,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IAEzB;;;OAGG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAE1B;;;;;;;OAOG;IACH,OAAO,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC;IAE5B;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,kDAAkD;AAClD,wBAAgB,aAAa,CAC3B,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,SAAS,GACvC,oBAAoB,
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,WAAW,oBAAoB;IACnC,uEAAuE;IACvE,QAAQ,EAAE,MAAM,CAAC;IAEjB,sFAAsF;IACtF,QAAQ,EAAE,MAAM,CAAC;IAEjB,gFAAgF;IAChF,YAAY,EAAE,MAAM,CAAC;IAErB;;;;;;;;;;;;;;;;;OAiBG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IAEzB;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IAEzB;;OAEG;IACH,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IAEzB;;;OAGG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAE1B;;;;;;;OAOG;IACH,OAAO,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC;IAE5B;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,kDAAkD;AAClD,wBAAgB,aAAa,CAC3B,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,SAAS,GACvC,oBAAoB,CA0DtB;AAED,0DAA0D;AAC1D,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,oBAAoB,GAC3B,OAAO,CAWT"}
|
package/dist/config.js
CHANGED
|
@@ -28,6 +28,9 @@ export function resolveConfig(raw) {
|
|
|
28
28
|
endpoint,
|
|
29
29
|
clientId,
|
|
30
30
|
clientSecret,
|
|
31
|
+
userEmail: typeof raw["userEmail"] === "string" && raw["userEmail"].trim()
|
|
32
|
+
? raw["userEmail"].trim()
|
|
33
|
+
: undefined,
|
|
31
34
|
highRiskTools: Array.isArray(raw["highRiskTools"])
|
|
32
35
|
? raw["highRiskTools"]
|
|
33
36
|
: [],
|
package/dist/config.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAyEH,kDAAkD;AAClD,MAAM,UAAU,aAAa,CAC3B,GAAwC;IAExC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CACb,kHAAkH,CACnH,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC;IACjC,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,yEAAyE,CAAC,CAAC;IAC7F,CAAC;IAED,oEAAoE;IACpE,gEAAgE;IAChE,MAAM,WAAW,GAAG,OAAO,GAAG,CAAC,UAAU,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAC/E,MAAM,eAAe,GAAG,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAE3F,+EAA+E;IAC/E,IAAI,CAAC,WAAW,IAAI,eAAe,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CACb,sEAAsE;YACtE,oFAAoF,CACrF,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,WAAW,IAAI,WAAW,CAAC;IAC5C,MAAM,YAAY,GAAG,eAAe,CAAC;IAErC,OAAO;QACL,QAAQ;QACR,QAAQ;QACR,YAAY;QACZ,SAAS,EACP,OAAO,GAAG,CAAC,WAAW,CAAC,KAAK,QAAQ,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC,IAAI,EAAE;YAC7D,CAAC,CAAE,GAAG,CAAC,WAAW,CAAY,CAAC,IAAI,EAAE;YACrC,CAAC,CAAC,SAAS;QACf,aAAa,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YAChD,CAAC,CAAE,GAAG,CAAC,eAAe,CAAc;YACpC,CAAC,CAAC,EAAE;QACN,aAAa,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YAChD,CAAC,CAAE,GAAG,CAAC,eAAe,CAAc;YACpC,CAAC,CAAC,EAAE;QACN,aAAa,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YAChD,CAAC,CAAE,GAAG,CAAC,eAAe,CAAc;YACpC,CAAC,CAAC,EAAE;QACN,gBAAgB,EACd,OAAO,GAAG,CAAC,kBAAkB,CAAC,KAAK,QAAQ;YACzC,CAAC,CAAC,GAAG,CAAC,kBAAkB,CAAC;YACzB,CAAC,CAAC,SAAS;QACf,OAAO,EACL,GAAG,CAAC,SAAS,CAAC,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO;QAChD,gBAAgB,EACd,OAAO,GAAG,CAAC,kBAAkB,CAAC,KAAK,QAAQ;YAC3C,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;YACxC,GAAG,CAAC,kBAAkB,CAAC,GAAG,CAAC;YACzB,CAAC,CAAC,GAAG,CAAC,kBAAkB,CAAC;YACzB,CAAC,CAAC,IAAI;KACX,CAAC;AACJ,CAAC;AAED,0DAA0D;AAC1D,MAAM,UAAU,gBAAgB,CAC9B,QAAgB,EAChB,MAA4B;IAE5B,iCAAiC;IACjC,IAAI,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpE,OAAO,KAAK,CAAC;IACf,CAAC;IACD,yDAAyD;IACzD,IAAI,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5D,OAAO,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACjD,CAAC;IACD,4BAA4B;IAC5B,OAAO,IAAI,CAAC;AACd,CAAC"}
|
package/dist/governance.d.ts
CHANGED
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
* Evaluates tool arguments against AxonFlow policies before execution.
|
|
5
5
|
* Can block the call, require human approval, or allow through.
|
|
6
6
|
*/
|
|
7
|
-
import type { AxonFlowClient } from "./axonflow-client.js";
|
|
7
|
+
import type { AxonFlowClient, MCPCheckInputResponse } from "./axonflow-client.js";
|
|
8
8
|
import type { AxonFlowPluginConfig } from "./config.js";
|
|
9
9
|
/** Result type matching OpenClaw's PluginHookBeforeToolCallResult. */
|
|
10
10
|
export interface BeforeToolCallResult {
|
|
@@ -21,6 +21,20 @@ export interface BeforeToolCallResult {
|
|
|
21
21
|
}
|
|
22
22
|
/** Derive connector_type from tool name for AxonFlow policy evaluation. */
|
|
23
23
|
export declare function deriveConnectorType(toolName: string): string;
|
|
24
|
+
/**
|
|
25
|
+
* Format the Plugin Batch 1 richer-context fields (decision_id, risk_level,
|
|
26
|
+
* override availability, top matched policy) into a suffix users see in the
|
|
27
|
+
* OpenClaw block message / approval dialog.
|
|
28
|
+
*
|
|
29
|
+
* Every field is optional (older AxonFlow platforms return undefined for all
|
|
30
|
+
* of them). When no richer context is present, returns an empty string so
|
|
31
|
+
* the caller can safely concatenate.
|
|
32
|
+
*
|
|
33
|
+
* Split out of the block/approval return sites so the same formatting is used
|
|
34
|
+
* in both — so users see the same decision identifier + unblock path
|
|
35
|
+
* regardless of whether they hit a deny or a highRiskTools approval gate.
|
|
36
|
+
*/
|
|
37
|
+
export declare function formatRicherContext(check: MCPCheckInputResponse): string;
|
|
24
38
|
/**
|
|
25
39
|
* Classify an error thrown by the AxonFlow client as an auth/config error
|
|
26
40
|
* vs a transient network / server-side error.
|
package/dist/governance.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"governance.d.ts","sourceRoot":"","sources":["../src/governance.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,
|
|
1
|
+
{"version":3,"file":"governance.d.ts","sourceRoot":"","sources":["../src/governance.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,cAAc,EACd,qBAAqB,EACtB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAUxD,sEAAsE;AACtE,MAAM,WAAW,oBAAoB;IACnC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,CAAC,EAAE;QAChB,KAAK,EAAE,MAAM,CAAC;QACd,WAAW,EAAE,MAAM,CAAC;QACpB,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,GAAG,UAAU,CAAC;QAC3C,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,eAAe,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;KACpC,CAAC;CACH;AAED,2EAA2E;AAC3E,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAE5D;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,qBAAqB,GAAG,MAAM,CAgBxE;AAoCD;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAazD;AAED;;;;;;;;;GASG;AACH,wBAAgB,2BAA2B,CACzC,MAAM,EAAE,cAAc,EACtB,MAAM,EAAE,oBAAoB,IAEd,OAAO;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,KAAG,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC,CAoF9C"}
|
package/dist/governance.js
CHANGED
|
@@ -10,6 +10,40 @@ import { recordToolCallEvaluated, recordToolCallBlocked, recordToolCallApprovalR
|
|
|
10
10
|
export function deriveConnectorType(toolName) {
|
|
11
11
|
return `openclaw.${toolName}`;
|
|
12
12
|
}
|
|
13
|
+
/**
|
|
14
|
+
* Format the Plugin Batch 1 richer-context fields (decision_id, risk_level,
|
|
15
|
+
* override availability, top matched policy) into a suffix users see in the
|
|
16
|
+
* OpenClaw block message / approval dialog.
|
|
17
|
+
*
|
|
18
|
+
* Every field is optional (older AxonFlow platforms return undefined for all
|
|
19
|
+
* of them). When no richer context is present, returns an empty string so
|
|
20
|
+
* the caller can safely concatenate.
|
|
21
|
+
*
|
|
22
|
+
* Split out of the block/approval return sites so the same formatting is used
|
|
23
|
+
* in both — so users see the same decision identifier + unblock path
|
|
24
|
+
* regardless of whether they hit a deny or a highRiskTools approval gate.
|
|
25
|
+
*/
|
|
26
|
+
export function formatRicherContext(check) {
|
|
27
|
+
const parts = [];
|
|
28
|
+
if (check.decision_id)
|
|
29
|
+
parts.push(`decision: ${check.decision_id}`);
|
|
30
|
+
if (check.risk_level)
|
|
31
|
+
parts.push(`risk: ${check.risk_level}`);
|
|
32
|
+
if (check.policy_matches && check.policy_matches.length > 0) {
|
|
33
|
+
const first = check.policy_matches[0];
|
|
34
|
+
if (first?.policy_name)
|
|
35
|
+
parts.push(`policy: ${first.policy_name}`);
|
|
36
|
+
}
|
|
37
|
+
if (check.override_available === true) {
|
|
38
|
+
if (check.override_existing_id) {
|
|
39
|
+
parts.push(`active override: ${check.override_existing_id}`);
|
|
40
|
+
}
|
|
41
|
+
else {
|
|
42
|
+
parts.push("override available via explain_decision MCP tool");
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
return parts.length > 0 ? ` [${parts.join(", ")}]` : "";
|
|
46
|
+
}
|
|
13
47
|
/**
|
|
14
48
|
* Regex used by the auth-error classifier for message-based matching.
|
|
15
49
|
*
|
|
@@ -118,20 +152,32 @@ export function createBeforeToolCallHandler(client, config) {
|
|
|
118
152
|
}
|
|
119
153
|
if (!check.allowed) {
|
|
120
154
|
recordToolCallBlocked();
|
|
155
|
+
const baseReason = check.block_reason ?? "Blocked by AxonFlow policy";
|
|
121
156
|
return {
|
|
122
157
|
block: true,
|
|
123
|
-
blockReason:
|
|
158
|
+
blockReason: baseReason + formatRicherContext(check),
|
|
124
159
|
};
|
|
125
160
|
}
|
|
126
161
|
// High-risk tools get approval even when policy allows
|
|
127
162
|
if (config.highRiskTools &&
|
|
128
163
|
config.highRiskTools.includes(event.toolName)) {
|
|
129
164
|
recordToolCallApprovalRequired();
|
|
165
|
+
// Map platform risk_level (low|medium|high|critical) to OpenClaw's
|
|
166
|
+
// approval severity (info|warning|critical). When the platform doesn't
|
|
167
|
+
// surface risk_level, fall back to warning to preserve v1.2.x behavior.
|
|
168
|
+
let severity = "warning";
|
|
169
|
+
if (check.risk_level === "critical" || check.risk_level === "high") {
|
|
170
|
+
severity = "critical";
|
|
171
|
+
}
|
|
172
|
+
else if (check.risk_level === "low") {
|
|
173
|
+
severity = "info";
|
|
174
|
+
}
|
|
130
175
|
return {
|
|
131
176
|
requireApproval: {
|
|
132
177
|
title: `AxonFlow: ${event.toolName} requires approval`,
|
|
133
|
-
description: `Tool call governed by AxonFlow. ${check.policies_evaluated} policies evaluated
|
|
134
|
-
|
|
178
|
+
description: `Tool call governed by AxonFlow. ${check.policies_evaluated} policies evaluated.` +
|
|
179
|
+
formatRicherContext(check),
|
|
180
|
+
severity,
|
|
135
181
|
timeoutMs: 60_000,
|
|
136
182
|
timeoutBehavior: "deny",
|
|
137
183
|
},
|
package/dist/governance.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"governance.js","sourceRoot":"","sources":["../src/governance.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;
|
|
1
|
+
{"version":3,"file":"governance.js","sourceRoot":"","sources":["../src/governance.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAOH,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EACL,uBAAuB,EACvB,qBAAqB,EACrB,8BAA8B,EAC9B,qBAAqB,EACrB,qBAAqB,GACtB,MAAM,cAAc,CAAC;AAgBtB,2EAA2E;AAC3E,MAAM,UAAU,mBAAmB,CAAC,QAAgB;IAClD,OAAO,YAAY,QAAQ,EAAE,CAAC;AAChC,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,mBAAmB,CAAC,KAA4B;IAC9D,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,KAAK,CAAC,WAAW;QAAE,KAAK,CAAC,IAAI,CAAC,aAAa,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;IACpE,IAAI,KAAK,CAAC,UAAU;QAAE,KAAK,CAAC,IAAI,CAAC,SAAS,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC;IAC9D,IAAI,KAAK,CAAC,cAAc,IAAI,KAAK,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5D,MAAM,KAAK,GAAG,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC;QACtC,IAAI,KAAK,EAAE,WAAW;YAAE,KAAK,CAAC,IAAI,CAAC,WAAW,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;IACrE,CAAC;IACD,IAAI,KAAK,CAAC,kBAAkB,KAAK,IAAI,EAAE,CAAC;QACtC,IAAI,KAAK,CAAC,oBAAoB,EAAE,CAAC;YAC/B,KAAK,CAAC,IAAI,CAAC,oBAAoB,KAAK,CAAC,oBAAoB,EAAE,CAAC,CAAC;QAC/D,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;AAC1D,CAAC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,kBAAkB,GAAG,IAAI,MAAM,CACnC;IACE,WAAW;IACX,WAAW;IACX,oBAAoB;IACpB,iBAAiB;IACjB,oBAAoB;IACpB,qCAAqC;IACrC,sCAAsC;IACtC,0BAA0B;CAC3B,CAAC,IAAI,CAAC,GAAG,CAAC,EACX,GAAG,CACJ,CAAC;AAEF;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,mBAAmB,CAAC,GAAY;IAC9C,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAElD,gDAAgD;IAChD,MAAM,WAAW,GACd,GAAgD,CAAC,MAAM;QACvD,GAAgD,CAAC,UAAU,CAAC;IAC/D,IAAI,WAAW,KAAK,GAAG,IAAI,WAAW,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAE5D,8DAA8D;IAC9D,MAAM,OAAO,GACX,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACnD,OAAO,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AAC1C,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,2BAA2B,CACzC,MAAsB,EACtB,MAA4B;IAE5B,OAAO,KAAK,EAAE,KAKb,EAA6C,EAAE;QAC9C,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE,CAAC;YAC9C,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,uBAAuB,EAAE,CAAC;QAC1B,MAAM,aAAa,GAAG,mBAAmB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAC1D,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAE/C,IAAI,KAAK,CAAC;QACV,IAAI,CAAC;YACH,KAAK,GAAG,MAAM,MAAM,CAAC,aAAa,CAChC,aAAa,EACb,SAAS,EACT,MAAM,CAAC,gBAAgB,IAAI,SAAS,CACrC,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,qBAAqB,EAAE,CAAC;YAExB,qEAAqE;YACrE,gEAAgE;YAChE,gEAAgE;YAChE,oEAAoE;YACpE,sEAAsE;YACtE,8DAA8D;YAC9D,+BAA+B;YAC/B,MAAM,WAAW,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC;YAC7C,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,qBAAqB,EAAE,CAAC;gBACxB,OAAO,SAAS,CAAC,CAAC,qCAAqC;YACzD,CAAC;YAED,mEAAmE;YACnE,IAAI,MAAM,CAAC,OAAO,KAAK,OAAO,EAAE,CAAC;gBAC/B,qBAAqB,EAAE,CAAC;gBACxB,OAAO,SAAS,CAAC;YACnB,CAAC;YACD,qBAAqB,EAAE,CAAC;YACxB,OAAO;gBACL,KAAK,EAAE,IAAI;gBACX,WAAW,EAAE,wBAAwB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,6CAA6C;aACvI,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YACnB,qBAAqB,EAAE,CAAC;YACxB,MAAM,UAAU,GAAG,KAAK,CAAC,YAAY,IAAI,4BAA4B,CAAC;YACtE,OAAO;gBACL,KAAK,EAAE,IAAI;gBACX,WAAW,EAAE,UAAU,GAAG,mBAAmB,CAAC,KAAK,CAAC;aACrD,CAAC;QACJ,CAAC;QAED,uDAAuD;QACvD,IACE,MAAM,CAAC,aAAa;YACpB,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,EAC7C,CAAC;YACD,8BAA8B,EAAE,CAAC;YACjC,mEAAmE;YACnE,uEAAuE;YACvE,wEAAwE;YACxE,IAAI,QAAQ,GAAoC,SAAS,CAAC;YAC1D,IAAI,KAAK,CAAC,UAAU,KAAK,UAAU,IAAI,KAAK,CAAC,UAAU,KAAK,MAAM,EAAE,CAAC;gBACnE,QAAQ,GAAG,UAAU,CAAC;YACxB,CAAC;iBAAM,IAAI,KAAK,CAAC,UAAU,KAAK,KAAK,EAAE,CAAC;gBACtC,QAAQ,GAAG,MAAM,CAAC;YACpB,CAAC;YACD,OAAO;gBACL,eAAe,EAAE;oBACf,KAAK,EAAE,aAAa,KAAK,CAAC,QAAQ,oBAAoB;oBACtD,WAAW,EACT,mCAAmC,KAAK,CAAC,kBAAkB,sBAAsB;wBACjF,mBAAmB,CAAC,KAAK,CAAC;oBAC5B,QAAQ;oBACR,SAAS,EAAE,MAAM;oBACjB,eAAe,EAAE,MAAM;iBACxB;aACF,CAAC;QACJ,CAAC;QAED,qBAAqB,EAAE,CAAC;QACxB,OAAO,SAAS,CAAC;IACnB,CAAC,CAAC;AACJ,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -31,7 +31,7 @@
|
|
|
31
31
|
* for async hook support.
|
|
32
32
|
*/
|
|
33
33
|
/** Plugin version — update before each release. */
|
|
34
|
-
export declare const VERSION = "1.
|
|
34
|
+
export declare const VERSION = "1.3.1";
|
|
35
35
|
export { AxonFlowClient } from "./axonflow-client.js";
|
|
36
36
|
export type { AxonFlowPluginConfig } from "./config.js";
|
|
37
37
|
export { resolveConfig, shouldGovernTool } from "./config.js";
|
package/dist/index.js
CHANGED
|
@@ -39,7 +39,7 @@ import { createLlmInputHandler, createLlmOutputHandler } from "./llm-audit.js";
|
|
|
39
39
|
import { sendTelemetryPing } from "./telemetry.js";
|
|
40
40
|
import { resetMetrics } from "./metrics.js";
|
|
41
41
|
/** Plugin version — update before each release. */
|
|
42
|
-
export const VERSION = "1.
|
|
42
|
+
export const VERSION = "1.3.1";
|
|
43
43
|
// Re-export for external consumers
|
|
44
44
|
export { AxonFlowClient } from "./axonflow-client.js";
|
|
45
45
|
export { resolveConfig, shouldGovernTool } from "./config.js";
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@axonflow/openclaw",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.3.1",
|
|
4
4
|
"description": "Policy enforcement, approval gates, and audit trails for OpenClaw — govern tool inputs before execution, scan outbound messages for PII/secrets, and record agent activity for review and compliance",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|