@botbotgo/agent-harness 0.0.475 → 0.0.476

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (227) hide show
  1. package/README.md +3 -1234
  2. package/README.zh.md +3 -1191
  3. package/dist/acp.js +1 -1
  4. package/dist/api.js +1 -404
  5. package/dist/benchmark/checkpoint-resume-cost-benchmark.js +1 -55
  6. package/dist/benchmark/deepagent-local-model-benchmark.js +2 -35
  7. package/dist/benchmark/upstream-runtime-ab-benchmark.js +1 -179
  8. package/dist/cli/chat-interactive.js +25 -244
  9. package/dist/cli/chat-rendering.js +6 -100
  10. package/dist/cli/chat-stream.js +23 -512
  11. package/dist/cli/chat-ui.js +21 -199
  12. package/dist/cli/chat-workspace.js +2 -210
  13. package/dist/cli/main.js +21 -428
  14. package/dist/cli/managed-service-commands.js +9 -63
  15. package/dist/cli/managed-service.js +2 -137
  16. package/dist/cli/options-init-chat.js +1 -108
  17. package/dist/cli/options-runtime.js +1 -158
  18. package/dist/cli/options-serve.js +1 -282
  19. package/dist/cli/options.js +2 -19
  20. package/dist/cli/process-guards.js +1 -139
  21. package/dist/cli/request-tree.js +7 -296
  22. package/dist/cli/runtime-commands.js +12 -258
  23. package/dist/cli/runtime-output.js +16 -155
  24. package/dist/cli/server-commands.js +16 -270
  25. package/dist/cli/workspace.js +1 -67
  26. package/dist/cli.js +1 -7
  27. package/dist/client/acp.js +1 -1
  28. package/dist/client/in-process.js +1 -67
  29. package/dist/client/index.js +1 -2
  30. package/dist/client/types.js +0 -1
  31. package/dist/client.js +1 -1
  32. package/dist/contracts/core.js +1 -1
  33. package/dist/contracts/runtime-evaluation.js +0 -1
  34. package/dist/contracts/runtime-memory.js +0 -1
  35. package/dist/contracts/runtime-observability.js +0 -1
  36. package/dist/contracts/runtime-requests.js +0 -1
  37. package/dist/contracts/runtime-scheduling.js +0 -1
  38. package/dist/contracts/runtime.js +1 -27
  39. package/dist/contracts/types.js +1 -3
  40. package/dist/contracts/workspace.js +0 -1
  41. package/dist/flow/build-flow-graph.js +1 -50
  42. package/dist/flow/export-mermaid.js +2 -464
  43. package/dist/flow/export-sequence-mermaid.js +2 -325
  44. package/dist/flow/flow-graph-normalization.js +1 -214
  45. package/dist/flow/flow-graph-runtime.js +1 -107
  46. package/dist/flow/flow-graph-upstream.js +1 -494
  47. package/dist/flow/index.js +1 -3
  48. package/dist/flow/types.js +0 -1
  49. package/dist/index.js +1 -5
  50. package/dist/init-project.js +1 -1
  51. package/dist/knowledge/config.js +1 -32
  52. package/dist/knowledge/contracts.js +0 -1
  53. package/dist/knowledge/index.js +1 -2
  54. package/dist/knowledge/module.js +12 -909
  55. package/dist/knowledge/procedural/config.js +1 -125
  56. package/dist/knowledge/procedural/index.js +1 -2
  57. package/dist/knowledge/procedural/manager.js +9 -345
  58. package/dist/mcp.js +1 -2
  59. package/dist/package-version.d.ts +1 -1
  60. package/dist/package-version.js +1 -2
  61. package/dist/persistence/file-store.js +3 -758
  62. package/dist/persistence/sqlite-request-context-store.js +5 -54
  63. package/dist/persistence/sqlite-request-queue-store.js +10 -108
  64. package/dist/persistence/sqlite-runtime.js +1 -86
  65. package/dist/persistence/sqlite-store.js +62 -810
  66. package/dist/persistence/types.js +0 -1
  67. package/dist/projections/presentation.js +37 -206
  68. package/dist/projections/request-events.js +2 -502
  69. package/dist/projections/upstream-events.js +1 -201
  70. package/dist/protocol/a2a/http-discovery.js +1 -178
  71. package/dist/protocol/a2a/http-rpc.js +6 -622
  72. package/dist/protocol/a2a/http.js +1 -138
  73. package/dist/protocol/a2a/task-state.js +3 -317
  74. package/dist/protocol/acp/client.js +8 -294
  75. package/dist/protocol/acp/harness-client.js +1 -218
  76. package/dist/protocol/acp/http.js +5 -130
  77. package/dist/protocol/acp/server.js +1 -310
  78. package/dist/protocol/acp/stdio.js +2 -69
  79. package/dist/protocol/ag-ui/http.js +3 -378
  80. package/dist/protocol/mcp/server.js +1 -428
  81. package/dist/resource/backend/workspace-scoped-backend.js +1 -319
  82. package/dist/resource/isolation.js +1 -237
  83. package/dist/resource/mcp/tool-support.js +3 -296
  84. package/dist/resource/mcp-tool-support.js +1 -2
  85. package/dist/resource/providers/resource-provider.js +1 -215
  86. package/dist/resource/resource-impl.js +1 -3
  87. package/dist/resource/resource-types.js +0 -1
  88. package/dist/resource/resource.js +1 -1
  89. package/dist/resource/sources.js +1 -247
  90. package/dist/resource/tools/function-tool-resolver.js +2 -272
  91. package/dist/runtime/adapter/compat/deepagent-compat.js +1 -29
  92. package/dist/runtime/adapter/compat/openai-compatible.js +1 -55
  93. package/dist/runtime/adapter/direct-builtin-utility.js +2 -90
  94. package/dist/runtime/adapter/flow/execution-context.js +1 -71
  95. package/dist/runtime/adapter/flow/invocation-flow.js +8 -425
  96. package/dist/runtime/adapter/flow/invoke-runtime.js +1 -20
  97. package/dist/runtime/adapter/flow/stream-runtime.js +11 -1395
  98. package/dist/runtime/adapter/invocation-result.js +2 -473
  99. package/dist/runtime/adapter/local-tool-invocation.js +6 -638
  100. package/dist/runtime/adapter/middleware/context-hygiene.js +1 -83
  101. package/dist/runtime/adapter/middleware-assembly.js +5 -477
  102. package/dist/runtime/adapter/model/invocation-request.js +3 -183
  103. package/dist/runtime/adapter/model/message-assembly.js +1 -28
  104. package/dist/runtime/adapter/model/model-providers.js +23 -1115
  105. package/dist/runtime/adapter/model/prompted-json-tool-call-capture.js +1 -40
  106. package/dist/runtime/adapter/model/prompted-json-tool-policy.js +1 -22
  107. package/dist/runtime/adapter/resilience.js +1 -104
  108. package/dist/runtime/adapter/runtime-adapter-support.js +3 -141
  109. package/dist/runtime/adapter/runtime-shell.js +5 -166
  110. package/dist/runtime/adapter/stream-event-projection.js +2 -622
  111. package/dist/runtime/adapter/stream-text-consumption.js +1 -18
  112. package/dist/runtime/adapter/terminal-status.js +2 -67
  113. package/dist/runtime/adapter/tool/builtin-middleware-tools.js +6 -627
  114. package/dist/runtime/adapter/tool/declared-middleware.js +1 -154
  115. package/dist/runtime/adapter/tool/interrupt-policy.js +1 -34
  116. package/dist/runtime/adapter/tool/provider-tool.js +1 -25
  117. package/dist/runtime/adapter/tool/resolved-tool.js +1 -225
  118. package/dist/runtime/adapter/tool/tool-arguments.js +3 -486
  119. package/dist/runtime/adapter/tool/tool-hitl.js +1 -346
  120. package/dist/runtime/adapter/tool/tool-name-mapping.js +1 -128
  121. package/dist/runtime/adapter/tool/tool-output-artifacts.js +2 -88
  122. package/dist/runtime/adapter/tool/tool-replay.js +1 -37
  123. package/dist/runtime/adapter/tool-resolution.js +1 -86
  124. package/dist/runtime/adapter/upstream-configurable-keys.js +1 -2
  125. package/dist/runtime/agent-runtime-adapter.js +60 -2338
  126. package/dist/runtime/agent-runtime-assembly.js +7 -249
  127. package/dist/runtime/env/runtime-env.js +1 -62
  128. package/dist/runtime/harness/background-runtime.js +1 -8
  129. package/dist/runtime/harness/bindings.js +1 -58
  130. package/dist/runtime/harness/events/event-bus.js +1 -16
  131. package/dist/runtime/harness/events/event-sink.js +1 -61
  132. package/dist/runtime/harness/events/events.js +1 -80
  133. package/dist/runtime/harness/events/listener-runtime.js +1 -13
  134. package/dist/runtime/harness/events/runtime-event-operations.js +1 -9
  135. package/dist/runtime/harness/events/streaming.js +1 -100
  136. package/dist/runtime/harness/events/timeline.js +1 -52
  137. package/dist/runtime/harness/public-shapes.js +1 -186
  138. package/dist/runtime/harness/run/artifact-paths.js +1 -15
  139. package/dist/runtime/harness/run/governance.js +1 -295
  140. package/dist/runtime/harness/run/helpers.js +1 -71
  141. package/dist/runtime/harness/run/inspection.js +1 -409
  142. package/dist/runtime/harness/run/operator-overview.js +1 -80
  143. package/dist/runtime/harness/run/queue-diagnostics.js +1 -15
  144. package/dist/runtime/harness/run/recovery.js +1 -162
  145. package/dist/runtime/harness/run/resources.js +1 -60
  146. package/dist/runtime/harness/run/resume.js +1 -56
  147. package/dist/runtime/harness/run/routing.js +1 -48
  148. package/dist/runtime/harness/run/run-lifecycle.js +1 -66
  149. package/dist/runtime/harness/run/run-operations.js +1 -217
  150. package/dist/runtime/harness/run/run-queue.js +1 -43
  151. package/dist/runtime/harness/run/run-slot-acquisition.js +1 -157
  152. package/dist/runtime/harness/run/session-records.js +1 -97
  153. package/dist/runtime/harness/run/start-run.js +1 -120
  154. package/dist/runtime/harness/run/startup-runtime.js +1 -69
  155. package/dist/runtime/harness/run/stream-run.js +8 -1418
  156. package/dist/runtime/harness/run/surface-semantics.js +1 -79
  157. package/dist/runtime/harness/runtime-defaults.js +1 -39
  158. package/dist/runtime/harness/system/boundary-analysis.js +1 -234
  159. package/dist/runtime/harness/system/health-monitor.js +1 -258
  160. package/dist/runtime/harness/system/inventory.js +1 -129
  161. package/dist/runtime/harness/system/mem0-ingestion-sync.js +5 -345
  162. package/dist/runtime/harness/system/policy-engine.js +1 -175
  163. package/dist/runtime/harness/system/runtime-memory-candidates.js +4 -110
  164. package/dist/runtime/harness/system/runtime-memory-consolidation.js +1 -51
  165. package/dist/runtime/harness/system/runtime-memory-manager.js +10 -693
  166. package/dist/runtime/harness/system/runtime-memory-policy.js +1 -155
  167. package/dist/runtime/harness/system/runtime-memory-records.js +11 -577
  168. package/dist/runtime/harness/system/runtime-memory-sync.js +5 -206
  169. package/dist/runtime/harness/system/session-memory-sync.js +3 -113
  170. package/dist/runtime/harness/system/skill-requirements.js +1 -112
  171. package/dist/runtime/harness/system/store.js +9 -365
  172. package/dist/runtime/harness/tool-gateway/index.js +1 -2
  173. package/dist/runtime/harness/tool-gateway/policy.js +1 -45
  174. package/dist/runtime/harness/tool-gateway/validation.js +1 -176
  175. package/dist/runtime/harness/tool-schema.js +1 -3
  176. package/dist/runtime/harness.js +3 -1490
  177. package/dist/runtime/index.js +1 -3
  178. package/dist/runtime/layout/runtime-layout.js +1 -31
  179. package/dist/runtime/maintenance/checkpoint-maintenance.js +2 -178
  180. package/dist/runtime/maintenance/file-checkpoint-saver.js +1 -106
  181. package/dist/runtime/maintenance/runtime-record-maintenance.js +2 -169
  182. package/dist/runtime/maintenance/sqlite-checkpoint-saver.js +4 -289
  183. package/dist/runtime/parsing/output-content.js +10 -550
  184. package/dist/runtime/parsing/output-parsing.js +1 -4
  185. package/dist/runtime/parsing/output-recovery.js +3 -213
  186. package/dist/runtime/parsing/output-tool-args.js +7 -663
  187. package/dist/runtime/parsing/stream-event-parsing.js +3 -362
  188. package/dist/runtime/prompts/runtime-prompts.js +4 -73
  189. package/dist/runtime/scheduling/system-schedule-manager.js +11 -532
  190. package/dist/runtime/skills/skill-metadata.js +1 -197
  191. package/dist/runtime/startup-tracing.js +2 -37
  192. package/dist/runtime/support/compiled-binding.js +1 -290
  193. package/dist/runtime/support/embedding-models.js +1 -118
  194. package/dist/runtime/support/harness-support.js +5 -137
  195. package/dist/runtime/support/llamaindex.js +1 -108
  196. package/dist/runtime/support/runtime-adapter-options.js +1 -29
  197. package/dist/runtime/support/runtime-factories.js +1 -51
  198. package/dist/runtime/support/vector-stores.js +9 -270
  199. package/dist/scaffold/init-project.js +54 -233
  200. package/dist/tooling/extensions.js +1 -311
  201. package/dist/tooling/module-loader.js +1 -55
  202. package/dist/tools.js +1 -176
  203. package/dist/utils/agent-display.js +1 -18
  204. package/dist/utils/bundled-text.js +4 -39
  205. package/dist/utils/compiled-binding.js +1 -33
  206. package/dist/utils/fs.js +2 -45
  207. package/dist/utils/id.js +1 -9
  208. package/dist/utils/message-content.js +1 -30
  209. package/dist/utils/object.js +1 -6
  210. package/dist/workspace/agent-binding-compiler.js +3 -613
  211. package/dist/workspace/compile.js +1 -472
  212. package/dist/workspace/framework-contract-validation.js +2 -322
  213. package/dist/workspace/index.js +1 -1
  214. package/dist/workspace/object-loader-paths.js +1 -71
  215. package/dist/workspace/object-loader-readers.js +1 -187
  216. package/dist/workspace/object-loader.js +1 -754
  217. package/dist/workspace/resource-compilers.js +1 -374
  218. package/dist/workspace/support/agent-capabilities.js +1 -37
  219. package/dist/workspace/support/agent-execution-config.js +1 -44
  220. package/dist/workspace/support/discovery.js +1 -147
  221. package/dist/workspace/support/source-collectors.js +1 -30
  222. package/dist/workspace/support/source-protocols.js +2 -192
  223. package/dist/workspace/support/workspace-ref-utils.js +1 -362
  224. package/dist/workspace/tool-hydration.js +1 -280
  225. package/dist/workspace/validate.js +1 -99
  226. package/dist/workspace/yaml-object-reader.js +1 -285
  227. package/package.json +7 -3
package/dist/runtime/harness/run/governance.js CHANGED
@@ -1,295 +1 @@
1
- import { getBindingPrimaryTools } from "../../support/compiled-binding.js";
2
- import { resolveToolApprovalDecisionMode } from "../../adapter/tool/tool-hitl.js";
3
- import { compiledToolHasInputSchema } from "../tool-schema.js";
4
- const FILESYSTEM_INPUT_KEYS = new Set(["path", "paths", "file", "files", "root", "rootDir", "dir", "directory", "folder", "cwd"]);
5
- function hasStructuredKey(value, keys, depth = 0) {
6
- if (depth > 4) {
7
- return false;
8
- }
9
- if (Array.isArray(value)) {
10
- return value.some((item) => hasStructuredKey(item, keys, depth + 1));
11
- }
12
- if (typeof value !== "object" || value === null) {
13
- return false;
14
- }
15
- const record = value;
16
- for (const [key, nested] of Object.entries(record)) {
17
- if (keys.has(key)) {
18
- return true;
19
- }
20
- if (key === "properties" || key === "items" || key === "anyOf" || key === "oneOf" || key === "allOf") {
21
- if (hasStructuredKey(nested, keys, depth + 1)) {
22
- return true;
23
- }
24
- }
25
- }
26
- return false;
27
- }
28
- function inputHints(binding, tool) {
29
- const hints = new Set();
30
- if (tool.config?.filesystem || hasStructuredKey(tool.modelSchema, FILESYSTEM_INPUT_KEYS)) {
31
- hints.add("filesystem-scope");
32
- }
33
- if (tool.config?.memory) {
34
- hints.add("memory-scope");
35
- }
36
- if (tool.config?.mcp) {
37
- hints.add("remote-mcp");
38
- }
39
- if (binding.agent.executionMode === "deepagent") {
40
- hints.add("delegated-runtime");
41
- }
42
- return Array.from(hints);
43
- }
44
- function classifyRisk(policy) {
45
- if (policy.requiresApproval) {
46
- return "high";
47
- }
48
- if (policy.mcpTrustTier === "untrusted" || policy.tenantScope === "cross-tenant" || policy.promptInjectionRisk === "high") {
49
- return "high";
50
- }
51
- if (policy.mcpAccess === "read-write" || policy.promptInjectionRisk === "medium") {
52
- return "medium";
53
- }
54
- if (policy.toolType === "backend" || policy.toolType === "mcp") {
55
- return "medium";
56
- }
57
- return "low";
58
- }
59
- function toCategory(toolType) {
60
- if (toolType === "mcp") {
61
- return "mcp";
62
- }
63
- if (toolType === "backend") {
64
- return "backend";
65
- }
66
- if (toolType === "provider") {
67
- return "provider-native";
68
- }
69
- return "local";
70
- }
71
- function asObject(value) {
72
- return typeof value === "object" && value !== null && !Array.isArray(value) ? value : null;
73
- }
74
- function readStringArray(value) {
75
- return Array.isArray(value)
76
- ? value.filter((item) => typeof item === "string" && item.trim().length > 0).map((item) => item.trim())
77
- : [];
78
- }
79
- function readRisk(value) {
80
- return value === "low" || value === "medium" || value === "high" ? value : undefined;
81
- }
82
- function readApprovalPolicy(value) {
83
- return value === "explicit-hitl" || value === "runtime-default" || value === "none" ? value : undefined;
84
- }
85
- function readDecisionMode(value) {
86
- return value === "none" || value === "manual" || value === "auto-approve" || value === "auto-reject" || value === "deny-and-continue"
87
- ? value
88
- : undefined;
89
- }
90
- function normalizeServerRef(value) {
91
- if (typeof value !== "string" || value.trim().length === 0) {
92
- return undefined;
93
- }
94
- const trimmed = value.trim();
95
- return trimmed.startsWith("mcp/") ? trimmed : `mcp/${trimmed}`;
96
- }
97
- function readRemoteMcpMetadata(tool) {
98
- const config = asObject(tool.config);
99
- const mcpReference = asObject(config?.mcp);
100
- const inlineServer = asObject(config?.mcpServer);
101
- const oauth = asObject(inlineServer?.oauth);
102
- const transport = typeof inlineServer?.transport === "string" && inlineServer.transport.trim().length > 0
103
- ? inlineServer.transport.trim()
104
- : undefined;
105
- const readEnum = (value, allowed) => typeof value === "string" && allowed.includes(value) ? value : undefined;
106
- const oauthScopes = readStringArray(oauth?.scopes);
107
- return {
108
- ...(normalizeServerRef(mcpReference?.serverRef) ? { serverRef: normalizeServerRef(mcpReference?.serverRef) } : {}),
109
- ...(transport ? { transport } : {}),
110
- ...(readEnum(inlineServer?.trustTier, ["trusted", "reviewed", "untrusted"]) ? { trustTier: readEnum(inlineServer?.trustTier, ["trusted", "reviewed", "untrusted"]) } : {}),
111
- ...(readEnum(inlineServer?.access, ["read-only", "read-write"]) ? { access: readEnum(inlineServer?.access, ["read-only", "read-write"]) } : {}),
112
- ...(readEnum(inlineServer?.tenantScope, ["workspace", "project", "tenant", "cross-tenant"])
113
- ? { tenantScope: readEnum(inlineServer?.tenantScope, ["workspace", "project", "tenant", "cross-tenant"]) }
114
- : {}),
115
- ...(readEnum(inlineServer?.approvalPolicy, ["always", "write", "never"])
116
- ? { approvalPolicy: readEnum(inlineServer?.approvalPolicy, ["always", "write", "never"]) }
117
- : {}),
118
- ...(readEnum(inlineServer?.promptInjectionRisk, ["low", "medium", "high"])
119
- ? { promptInjectionRisk: readEnum(inlineServer?.promptInjectionRisk, ["low", "medium", "high"]) }
120
- : {}),
121
- ...(oauthScopes.length > 0 ? { oauthScopes } : {}),
122
- };
123
- }
124
- function matchesToolPolicy(rule, policy) {
125
- const match = asObject(rule.match) ?? rule;
126
- const toolName = typeof match.toolName === "string" ? match.toolName.trim() : undefined;
127
- const category = typeof match.category === "string" ? match.category.trim() : undefined;
128
- const toolType = typeof match.toolType === "string" ? match.toolType.trim() : undefined;
129
- return (!toolName || toolName === policy.toolName)
130
- && (!category || category === policy.category)
131
- && (!toolType || toolType === policy.toolType);
132
- }
133
- function applyGovernanceOverrides(binding, policies) {
134
- const governance = asObject(binding.harnessRuntime.governance);
135
- const overrides = Array.isArray(governance?.toolPolicies) ? governance.toolPolicies : [];
136
- if (overrides.length === 0) {
137
- return policies;
138
- }
139
- return policies.map((policy) => {
140
- const merged = { ...policy };
141
- for (const rule of overrides) {
142
- const typedRule = asObject(rule);
143
- if (!typedRule || !matchesToolPolicy(typedRule, merged)) {
144
- continue;
145
- }
146
- const overrideRisk = readRisk(typedRule.risk);
147
- const overrideApprovalPolicy = readApprovalPolicy(typedRule.approvalPolicy);
148
- const overrideRequiresApproval = typeof typedRule.requiresApproval === "boolean" ? typedRule.requiresApproval : undefined;
149
- const overrideDecisionMode = readDecisionMode(typedRule.decisionMode ?? typedRule.approvalMode);
150
- if (overrideRisk) {
151
- merged.risk = overrideRisk;
152
- }
153
- if (overrideRequiresApproval !== undefined) {
154
- merged.requiresApproval = overrideRequiresApproval;
155
- }
156
- if (overrideDecisionMode) {
157
- merged.decisionMode = overrideDecisionMode;
158
- merged.requiresApproval = overrideDecisionMode === "manual";
159
- merged.approvalPolicy =
160
- overrideDecisionMode === "none"
161
- ? "none"
162
- : merged.approvalPolicy === "explicit-hitl"
163
- ? "explicit-hitl"
164
- : "runtime-default";
165
- }
166
- if (overrideApprovalPolicy) {
167
- merged.approvalPolicy = overrideApprovalPolicy;
168
- }
169
- else if (overrideRequiresApproval === true && merged.approvalPolicy === "none") {
170
- merged.approvalPolicy = "runtime-default";
171
- }
172
- else if (overrideRequiresApproval === false && !overrideDecisionMode) {
173
- merged.approvalPolicy = "none";
174
- }
175
- const extraHints = readStringArray(typedRule.inputRiskHints);
176
- if (extraHints.length > 0) {
177
- merged.inputRiskHints = Array.from(new Set([...merged.inputRiskHints, ...extraHints]));
178
- }
179
- }
180
- return merged;
181
- });
182
- }
183
- function applyRemoteMcpGovernance(binding, policies) {
184
- const governance = asObject(binding.harnessRuntime.governance);
185
- const remoteMcp = asObject(governance?.remoteMcp);
186
- if (!remoteMcp) {
187
- return policies;
188
- }
189
- const requireApprovalTransports = new Set(readStringArray(remoteMcp.requireApprovalTransports));
190
- const riskByTransport = asObject(remoteMcp.riskByTransport);
191
- const inputRiskHintsByTransport = asObject(remoteMcp.inputRiskHintsByTransport);
192
- return policies.map((policy) => {
193
- if (policy.category !== "mcp") {
194
- return policy;
195
- }
196
- const merged = { ...policy };
197
- const transport = merged.mcpTransport;
198
- if (transport && requireApprovalTransports.has(transport)) {
199
- merged.requiresApproval = true;
200
- if (merged.decisionMode === "none") {
201
- merged.decisionMode = "manual";
202
- }
203
- if (merged.approvalPolicy === "none") {
204
- merged.approvalPolicy = "runtime-default";
205
- }
206
- }
207
- const transportRisk = transport ? readRisk(riskByTransport?.[transport]) : undefined;
208
- if (transportRisk) {
209
- merged.risk = transportRisk;
210
- }
211
- const transportHints = transport ? readStringArray(inputRiskHintsByTransport?.[transport]) : [];
212
- if (transportHints.length > 0) {
213
- merged.inputRiskHints = Array.from(new Set([...merged.inputRiskHints, ...transportHints]));
214
- }
215
- return merged;
216
- });
217
- }
218
- export function buildRuntimeGovernanceBundles(binding) {
219
- const toolPolicies = applyGovernanceOverrides(binding, applyRemoteMcpGovernance(binding, getBindingPrimaryTools(binding).map((tool) => {
220
- const remoteMcp = readRemoteMcpMetadata(tool);
221
- const remoteMcpWriteAccess = tool.type === "mcp" && remoteMcp.access === "read-write";
222
- const derivedDecisionMode = resolveToolApprovalDecisionMode(tool, binding);
223
- const requiresApproval = derivedDecisionMode === "manual" ||
224
- remoteMcp.trustTier === "untrusted" ||
225
- remoteMcp.approvalPolicy === "always" ||
226
- (remoteMcp.approvalPolicy === "write" && remoteMcpWriteAccess) ||
227
- remoteMcpWriteAccess ||
228
- remoteMcp.tenantScope === "cross-tenant";
229
- const decisionMode = requiresApproval
230
- ? (derivedDecisionMode === "none" ? "manual" : derivedDecisionMode)
231
- : derivedDecisionMode;
232
- const approvalReason = remoteMcp.trustTier === "untrusted"
233
- ? "untrusted-mcp-server"
234
- : remoteMcp.tenantScope === "cross-tenant"
235
- ? "cross-tenant-mcp-access"
236
- : remoteMcp.approvalPolicy === "always"
237
- ? "remote-mcp-approval-policy"
238
- : remoteMcp.approvalPolicy === "write" && remoteMcpWriteAccess
239
- ? "high-risk-mcp-write"
240
- : remoteMcpWriteAccess
241
- ? "high-risk-mcp-write"
242
- : undefined;
243
- const inputRiskHints = inputHints(binding, tool);
244
- if (remoteMcp.access === "read-write") {
245
- inputRiskHints.push("remote-write-access");
246
- }
247
- if (remoteMcp.tenantScope === "cross-tenant") {
248
- inputRiskHints.push("cross-tenant-scope");
249
- }
250
- if (remoteMcp.promptInjectionRisk) {
251
- inputRiskHints.push(`prompt-injection-${remoteMcp.promptInjectionRisk}`);
252
- }
253
- return {
254
- toolName: tool.name,
255
- toolId: tool.id,
256
- toolType: tool.type,
257
- category: toCategory(tool.type),
258
- ...(remoteMcp.serverRef ? { mcpServerRef: remoteMcp.serverRef } : {}),
259
- ...(remoteMcp.transport ? { mcpTransport: remoteMcp.transport } : {}),
260
- ...(remoteMcp.trustTier ? { mcpTrustTier: remoteMcp.trustTier } : {}),
261
- ...(remoteMcp.access ? { mcpAccess: remoteMcp.access } : {}),
262
- ...(remoteMcp.tenantScope ? { tenantScope: remoteMcp.tenantScope } : {}),
263
- ...(remoteMcp.promptInjectionRisk ? { promptInjectionRisk: remoteMcp.promptInjectionRisk } : {}),
264
- ...(remoteMcp.oauthScopes && remoteMcp.oauthScopes.length > 0 ? { oauthScopes: remoteMcp.oauthScopes } : {}),
265
- ...(approvalReason ? { approvalReason } : {}),
266
- risk: classifyRisk({
267
- toolType: tool.type,
268
- requiresApproval,
269
- toolName: tool.name,
270
- description: tool.description,
271
- config: tool.config,
272
- mcpTrustTier: remoteMcp.trustTier,
273
- mcpAccess: remoteMcp.access,
274
- tenantScope: remoteMcp.tenantScope,
275
- promptInjectionRisk: remoteMcp.promptInjectionRisk,
276
- }),
277
- requiresApproval,
278
- approvalPolicy: tool.hitl?.enabled === true ? "explicit-hitl" : decisionMode === "none" ? "none" : "runtime-default",
279
- decisionMode,
280
- hasInputSchema: compiledToolHasInputSchema(tool),
281
- inputRiskHints: Array.from(new Set(inputRiskHints)),
282
- };
283
- })));
284
- if (toolPolicies.length === 0) {
285
- return [];
286
- }
287
- return [{
288
- bundleId: `governance/${binding.agent.id}`,
289
- title: "Runtime tool governance",
290
- summary: `${toolPolicies.filter((tool) => tool.requiresApproval).length} of ${toolPolicies.length} tool(s) require approval; ` +
291
- `auto-approved=${toolPolicies.filter((tool) => tool.decisionMode === "auto-approve").length}; ` +
292
- `auto-rejected=${toolPolicies.filter((tool) => tool.decisionMode === "auto-reject" || tool.decisionMode === "deny-and-continue").length}`,
293
- toolPolicies,
294
- }];
295
- }
1
+ import{getBindingPrimaryTools as v}from"../../support/compiled-binding.js";import{resolveToolApprovalDecisionMode as R}from"../../adapter/tool/tool-hitl.js";import{compiledToolHasInputSchema as k}from"../tool-schema.js";const S=new Set(["path","paths","file","files","root","rootDir","dir","directory","folder","cwd"]);function l(e,n,r=0){if(r>4)return!1;if(Array.isArray(e))return e.some(i=>l(i,n,r+1));if(typeof e!="object"||e===null)return!1;const t=e;for(const[i,o]of Object.entries(t))if(n.has(i)||(i==="properties"||i==="items"||i==="anyOf"||i==="oneOf"||i==="allOf")&&l(o,n,r+1))return!0;return!1}function T(e,n){const r=new Set;return(n.config?.filesystem||l(n.modelSchema,S))&&r.add("filesystem-scope"),n.config?.memory&&r.add("memory-scope"),n.config?.mcp&&r.add("remote-mcp"),e.agent.executionMode==="deepagent"&&r.add("delegated-runtime"),Array.from(r)}function w(e){return e.requiresApproval||e.mcpTrustTier==="untrusted"||e.tenantScope==="cross-tenant"||e.promptInjectionRisk==="high"?"high":e.mcpAccess==="read-write"||e.promptInjectionRisk==="medium"||e.toolType==="backend"||e.toolType==="mcp"?"medium":"low"}function A(e){return e==="mcp"?"mcp":e==="backend"?"backend":e==="provider"?"provider-native":"local"}function u(e){return typeof e=="object"&&e!==null&&!Array.isArray(e)?e:null}function f(e){return Array.isArray(e)?e.filter(n=>typeof n=="string"&&n.trim().length>0).map(n=>n.trim()):[]}function h(e){return e==="low"||e==="medium"||e==="high"?e:void 0}function P(e){return e==="explicit-hitl"||e==="runtime-default"||e==="none"?e:void 0}function j(e){return e==="none"||e==="manual"||e==="auto-approve"||e==="auto-reject"||e==="deny-and-continue"?e:void 0}function g(e){if(typeof e!="string"||e.trim().length===0)return;const n=e.trim();return n.startsWith("mcp/")?n:`mcp/${n}`}function M(e){const n=u(e.config),r=u(n?.mcp),t=u(n?.mcpServer),i=u(t?.oauth),o=typeof t?.transport=="string"&&t.transport.trim().length>0?t.transport.trim():void 0,a=(s,p)=>typeof s=="string"&&p.includes(s)?s:void 0,c=f(i?.scopes);return{...g(r?.serverRef)?{serverRef:g(r?.serverRef)}:{},...o?{transport:o}:{},...a(t?.trustTier,["trusted","reviewed","untrusted"])?{trustTier:a(t?.trustTier,["trusted","reviewed","untrusted"])}:{},...a(t?.access,["read-only","read-write"])?{access:a(t?.access,["read-only","read-write"])}:{},...a(t?.tenantScope,["workspace","project","tenant","cross-tenant"])?{tenantScope:a(t?.tenantScope,["workspace","project","tenant","cross-tenant"])}:{},...a(t?.approvalPolicy,["always","write","never"])?{approvalPolicy:a(t?.approvalPolicy,["always","write","never"])}:{},...a(t?.promptInjectionRisk,["low","medium","high"])?{promptInjectionRisk:a(t?.promptInjectionRisk,["low","medium","high"])}:{},...c.length>0?{oauthScopes:c}:{}}}function I(e,n){const r=u(e.match)??e,t=typeof r.toolName=="string"?r.toolName.trim():void 0,i=typeof r.category=="string"?r.category.trim():void 0,o=typeof r.toolType=="string"?r.toolType.trim():void 0;return(!t||t===n.toolName)&&(!i||i===n.category)&&(!o||o===n.toolType)}function H(e,n){const r=u(e.harnessRuntime.governance),t=Array.isArray(r?.toolPolicies)?r.toolPolicies:[];return t.length===0?n:n.map(i=>{const o={...i};for(const a of t){const c=u(a);if(!c||!I(c,o))continue;const s=h(c.risk),p=P(c.approvalPolicy),m=typeof c.requiresApproval=="boolean"?c.requiresApproval:void 0,d=j(c.decisionMode??c.approvalMode);s&&(o.risk=s),m!==void 0&&(o.requiresApproval=m),d&&(o.decisionMode=d,o.requiresApproval=d==="manual",o.approvalPolicy=d==="none"?"none":o.approvalPolicy==="explicit-hitl"?"explicit-hitl":"runtime-default"),p?o.approvalPolicy=p:m===!0&&o.approvalPolicy==="none"?o.approvalPolicy="runtime-default":m===!1&&!d&&(o.approvalPolicy="none");const y=f(c.inputRiskHints);y.length>0&&(o.inputRiskHints=Array.from(new Set([...o.inputRiskHints,...y])))}return o})}function q(e,n){const r=u(e.harnessRuntime.governance),t=u(r?.remoteMcp);if(!t)return n;const i=new Set(f(t.requireApprovalTransports)),o=u(t.riskByTransport),a=u(t.inputRiskHintsByTransport);return n.map(c=>{if(c.category!=="mcp")return c;const s={...c},p=s.mcpTransport;p&&i.has(p)&&(s.requiresApproval=!0,s.decisionMode==="none"&&(s.decisionMode="manual"),s.approvalPolicy==="none"&&(s.approvalPolicy="runtime-default"));const m=p?h(o?.[p]):void 0;m&&(s.risk=m);const d=p?f(a?.[p]):[];return d.length>0&&(s.inputRiskHints=Array.from(new Set([...s.inputRiskHints,...d]))),s})}function b(e){const n=H(e,q(e,v(e).map(r=>{const t=M(r),i=r.type==="mcp"&&t.access==="read-write",o=R(r,e),a=o==="manual"||t.trustTier==="untrusted"||t.approvalPolicy==="always"||t.approvalPolicy==="write"&&i||i||t.tenantScope==="cross-tenant",c=a&&o==="none"?"manual":o,s=t.trustTier==="untrusted"?"untrusted-mcp-server":t.tenantScope==="cross-tenant"?"cross-tenant-mcp-access":t.approvalPolicy==="always"?"remote-mcp-approval-policy":t.approvalPolicy==="write"&&i||i?"high-risk-mcp-write":void 0,p=T(e,r);return t.access==="read-write"&&p.push("remote-write-access"),t.tenantScope==="cross-tenant"&&p.push("cross-tenant-scope"),t.promptInjectionRisk&&p.push(`prompt-injection-${t.promptInjectionRisk}`),{toolName:r.name,toolId:r.id,toolType:r.type,category:A(r.type),...t.serverRef?{mcpServerRef:t.serverRef}:{},...t.transport?{mcpTransport:t.transport}:{},...t.trustTier?{mcpTrustTier:t.trustTier}:{},...t.access?{mcpAccess:t.access}:{},...t.tenantScope?{tenantScope:t.tenantScope}:{},...t.promptInjectionRisk?{promptInjectionRisk:t.promptInjectionRisk}:{},...t.oauthScopes&&t.oauthScopes.length>0?{oauthScopes:t.oauthScopes}:{},...s?{approvalReason:s}:{},risk:w({toolType:r.type,requiresApproval:a,toolName:r.name,description:r.description,config:r.config,mcpTrustTier:t.trustTier,mcpAccess:t.access,tenantScope:t.tenantScope,promptInjectionRisk:t.promptInjectionRisk}),requiresApproval:a,approvalPolicy:r.hitl?.enabled===!0?"explicit-hitl":c==="none"?"none":"runtime-default",decisionMode:c,hasInputSchema:k(r),inputRiskHints:Array.from(new Set(p))}})));return n.length===0?[]:[{bundleId:`governance/${e.agent.id}`,title:"Runtime tool governance",summary:`${n.filter(r=>r.requiresApproval).length} of ${n.length} tool(s) require approval; auto-approved=${n.filter(r=>r.decisionMode==="auto-approve").length}; auto-rejected=${n.filter(r=>r.decisionMode==="auto-reject"||r.decisionMode==="deny-and-continue").length}`,toolPolicies:n}]}export{b as buildRuntimeGovernanceBundles};
package/dist/runtime/harness/run/helpers.js CHANGED
@@ -1,71 +1 @@
1
- import { normalizeMessageContent } from "../../../utils/message-content.js";
2
- export function toInspectableApprovalRecord(approval) {
3
- const { toolCallId: _toolCallId, checkpointRef: _checkpointRef, eventRefs: _eventRefs, ...publicApproval } = approval;
4
- return publicApproval;
5
- }
6
- export function normalizeInvocationEnvelope(options) {
7
- const invocation = options.invocation;
8
- return {
9
- context: invocation?.context,
10
- state: invocation?.inputs,
11
- files: invocation?.attachments,
12
- invocation,
13
- };
14
- }
15
- export function isTerminalRequestState(state) {
16
- return state === "completed" || state === "failed";
17
- }
18
- export function buildPersistedRequestInput(input, invocation, priority) {
19
- const envelope = invocation.invocation ?? {
20
- ...(invocation.context ? { context: invocation.context } : {}),
21
- ...(invocation.state ? { inputs: invocation.state } : {}),
22
- ...(invocation.files ? { attachments: invocation.files } : {}),
23
- };
24
- return {
25
- input: normalizeMessageContent(input),
26
- priority: Number.isFinite(priority) ? Math.trunc(priority) : undefined,
27
- invocation: envelope && Object.keys(envelope).length > 0
28
- ? {
29
- ...(envelope.context ? { context: envelope.context } : {}),
30
- ...(envelope.inputs ? { inputs: envelope.inputs } : {}),
31
- ...(envelope.attachments ? { attachments: envelope.attachments } : {}),
32
- ...(envelope.capabilities ? { capabilities: envelope.capabilities } : {}),
33
- }
34
- : undefined,
35
- savedAt: new Date().toISOString(),
36
- };
37
- }
38
- export function normalizeRequestPriority(priority) {
39
- if (!Number.isFinite(priority)) {
40
- return 0;
41
- }
42
- return Math.trunc(priority);
43
- }
44
- export function resolveRequestListeners(options) {
45
- const listeners = options.listeners;
46
- if (!listeners) {
47
- return undefined;
48
- }
49
- return listeners;
50
- }
51
- export const resolveRunListeners = resolveRequestListeners;
52
- export function mergeRequestResultOutput(result, streamedOutput) {
53
- return {
54
- ...result,
55
- output: result.output || streamedOutput,
56
- finalMessageText: result.finalMessageText ?? result.output ?? streamedOutput,
57
- };
58
- }
59
- export const mergeRunResultOutput = mergeRequestResultOutput;
60
- export function createFallbackRequestResultFromLatestEvent(input) {
61
- return {
62
- sessionId: input.latestEvent.sessionId,
63
- requestId: input.latestRequestId,
64
- agentId: input.latestAgentId ?? input.entryAgentId,
65
- state: input.currentState,
66
- output: input.output,
67
- approvalId: input.approvalId,
68
- pendingActionId: input.pendingActionId,
69
- };
70
- }
71
- export const createFallbackRunResultFromLatestEvent = createFallbackRequestResultFromLatestEvent;
1
+ import{normalizeMessageContent as r}from"../../../utils/message-content.js";function l(t){const{toolCallId:e,checkpointRef:s,eventRefs:n,...o}=t;return o}function p(t){const e=t.invocation;return{context:e?.context,state:e?.inputs,files:e?.attachments,invocation:e}}function d(t){return t==="completed"||t==="failed"}function f(t,e,s){const n=e.invocation??{...e.context?{context:e.context}:{},...e.state?{inputs:e.state}:{},...e.files?{attachments:e.files}:{}};return{input:r(t),priority:Number.isFinite(s)?Math.trunc(s):void 0,invocation:n&&Object.keys(n).length>0?{...n.context?{context:n.context}:{},...n.inputs?{inputs:n.inputs}:{},...n.attachments?{attachments:n.attachments}:{},...n.capabilities?{capabilities:n.capabilities}:{}}:void 0,savedAt:new Date().toISOString()}}function x(t){return Number.isFinite(t)?Math.trunc(t):0}function a(t){const e=t.listeners;if(e)return e}const R=a;function i(t,e){return{...t,output:t.output||e,finalMessageText:t.finalMessageText??t.output??e}}const m=i;function u(t){return{sessionId:t.latestEvent.sessionId,requestId:t.latestRequestId,agentId:t.latestAgentId??t.entryAgentId,state:t.currentState,output:t.output,approvalId:t.approvalId,pendingActionId:t.pendingActionId}}const I=u;export{f as buildPersistedRequestInput,u as createFallbackRequestResultFromLatestEvent,I as createFallbackRunResultFromLatestEvent,d as isTerminalRequestState,i as mergeRequestResultOutput,m as mergeRunResultOutput,p as normalizeInvocationEnvelope,x as normalizeRequestPriority,a as resolveRequestListeners,R as resolveRunListeners,l as toInspectableApprovalRecord};