@bryti/agent 0.0.1 → 0.1.0

package/dist/tools/web-search.d.ts

@@ -0,0 +1,42 @@
+/**
+ * Web search tools for workers.
+ *
+ * Two backends exist because they serve different deployment needs:
+ *
+ *   Brave Search — hosted SaaS, single API key, 2000 free queries/month.
+ *                  Good default: no infrastructure to run.
+ *
+ *   SearXNG     — self-hosted metasearch engine that aggregates Google, Bing,
+ *                 DuckDuckGo, Brave, and many others in one query. More sources,
+ *                 no per-query cost, but requires a running SearXNG instance.
+ *                 Preferred when the user controls their own instance (privacy,
+ *                 higher volume, or aggregated coverage matters more than setup
+ *                 cost).
+ *
+ * Workers only; the main agent has no access to these tools (security boundary).
+ *
+ * Selection logic (in workers/tools.ts):
+ *   - brave_api_key set → Brave Search
+ *   - searxng_url set  → SearXNG
+ *   - neither          → web search disabled
+ */
+import type { AgentTool } from "@mariozechner/pi-agent-core";
+declare const webSearchSchema: import("@sinclair/typebox").TObject<{
+    query: import("@sinclair/typebox").TString;
+    count: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TNumber>;
+    freshness: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
+    language: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
+}>;
+/**
+ * Create the web search tool backed by Brave Search API.
+ *
+ * Brave free tier: 2000 queries/month, no credit card required.
+ * Docs: https://api.search.brave.com/
+ */
+export declare function createBraveSearchTool(apiKey: string): AgentTool<typeof webSearchSchema>;
+/**
+ * Create the web search tool backed by SearXNG.
+ */
+export declare function createWebSearchTool(searxngUrl: string): AgentTool<typeof webSearchSchema>;
+export {};
+//# sourceMappingURL=web-search.d.ts.map

package/dist/tools/web-search.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"web-search.d.ts","sourceRoot":"","sources":["../../src/tools/web-search.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAIH,OAAO,KAAK,EAAE,SAAS,EAAmB,MAAM,6BAA6B,CAAC;AAoB9E,QAAA,MAAM,eAAe;;;;;EAoBnB,CAAC;AAuGH;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,OAAO,eAAe,CAAC,CAiEvF;AAMD;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,UAAU,EAAE,MAAM,GAAG,SAAS,CAAC,OAAO,eAAe,CAAC,CAiEzF"}

package/dist/tools/web-search.js

@@ -0,0 +1,237 @@
+/**
+ * Web search tools for workers.
+ *
+ * Two backends exist because they serve different deployment needs:
+ *
+ *   Brave Search — hosted SaaS, single API key, 2000 free queries/month.
+ *                  Good default: no infrastructure to run.
+ *
+ *   SearXNG     — self-hosted metasearch engine that aggregates Google, Bing,
+ *                 DuckDuckGo, Brave, and many others in one query. More sources,
+ *                 no per-query cost, but requires a running SearXNG instance.
+ *                 Preferred when the user controls their own instance (privacy,
+ *                 higher volume, or aggregated coverage matters more than setup
+ *                 cost).
+ *
+ * Workers only; the main agent has no access to these tools (security boundary).
+ *
+ * Selection logic (in workers/tools.ts):
+ *   - brave_api_key set → Brave Search
+ *   - searxng_url set  → SearXNG
+ *   - neither          → web search disabled
+ */
+import https from "node:https";
+import http from "node:http";
+import { Type } from "@sinclair/typebox";
+const webSearchSchema = Type.Object({
+    query: Type.String({ description: "Search query" }),
+    count: Type.Optional(Type.Number({
+        description: "Number of results to return (default: 10, max: 20)",
+        minimum: 1,
+        maximum: 20,
+    })),
+    freshness: Type.Optional(Type.String({
+        description: 'Time filter: "day", "week", "month", "year"',
+    })),
+    language: Type.Optional(Type.String({
+        description: 'Result language (e.g., "en", "nl", "de"). Default: "en".',
+    })),
+});
+// Why the raw Node http/https module instead of axios or fetch?
+// Self-hosted SearXNG instances often use self-signed TLS certificates. The
+// native fetch() API and axios do not expose `rejectUnauthorized` in a way
+// that is easy to toggle per-request without global side-effects. The raw
+// http/https module accepts a per-request `rejectUnauthorized: false` option,
+// making it straightforward to support internal SearXNG instances without
+// disabling TLS verification globally.
+function fetchJson(url, timeoutMs) {
+    return new Promise((resolve, reject) => {
+        const protocol = url.startsWith("https") ? https : http;
+        const req = protocol.get(url, { timeout: timeoutMs }, (res) => {
+            let data = "";
+            res.on("data", (chunk) => {
+                data += chunk;
+            });
+            res.on("end", () => {
+                try {
+                    resolve(JSON.parse(data));
+                }
+                catch (err) {
+                    reject(new Error(`Failed to parse SearXNG response: ${err.message}`));
+                }
+            });
+        });
+        req.on("error", (err) => {
+            reject(new Error(`SearXNG request failed: ${err.message}`));
+        });
+        req.on("timeout", () => {
+            req.destroy();
+            reject(new Error("SearXNG request timed out"));
+        });
+    });
+}
+/**
+ * Fetch from Brave Search API using Node https (no axios dependency,
+ * keeps parity with the SearXNG implementation).
+ */
+function fetchBraveJson(url, apiKey, timeoutMs) {
+    return new Promise((resolve, reject) => {
+        const parsed = new URL(url);
+        const options = {
+            hostname: parsed.hostname,
+            path: parsed.pathname + parsed.search,
+            headers: {
+                "Accept": "application/json",
+                "Accept-Encoding": "gzip",
+                "X-Subscription-Token": apiKey,
+            },
+            timeout: timeoutMs,
+        };
+        const req = https.get(options, (res) => {
+            const chunks = [];
+            res.on("data", (chunk) => chunks.push(chunk));
+            res.on("end", () => {
+                try {
+                    resolve(JSON.parse(Buffer.concat(chunks).toString()));
+                }
+                catch (err) {
+                    reject(new Error(`Failed to parse Brave response: ${err.message}`));
+                }
+            });
+        });
+        req.on("error", (err) => {
+            reject(new Error(`Brave Search request failed: ${err.message}`));
+        });
+        req.on("timeout", () => {
+            req.destroy();
+            reject(new Error("Brave Search request timed out"));
+        });
+    });
+}
+/**
+ * Create the web search tool backed by Brave Search API.
+ *
+ * Brave free tier: 2000 queries/month, no credit card required.
+ * Docs: https://api.search.brave.com/
+ */
+export function createBraveSearchTool(apiKey) {
+    return {
+        name: "web_search",
+        label: "web_search",
+        description: "Search the web using Brave Search. Returns titles, URLs, and snippets.",
+        parameters: webSearchSchema,
+        async execute(_toolCallId, { query, count, freshness, language }) {
+            const limit = Math.min(count ?? 10, 20);
+            const params = new URLSearchParams({
+                q: query,
+                count: String(limit),
+            });
+            if (language) {
+                params.set("search_lang", language);
+            }
+            if (freshness) {
+                // Brave freshness values: pd, pw, pm, py
+                const timeMap = {
+                    day: "pd",
+                    week: "pw",
+                    month: "pm",
+                    year: "py",
+                    pd: "pd",
+                    pw: "pw",
+                    pm: "pm",
+                    py: "py",
+                };
+                const bf = timeMap[freshness];
+                if (bf)
+                    params.set("freshness", bf);
+            }
+            const url = `https://api.search.brave.com/res/v1/web/search?${params.toString()}`;
+            try {
+                const response = await fetchBraveJson(url, apiKey, 10000);
+                const results = (response.web?.results ?? []).slice(0, limit).map((r) => ({
+                    title: r.title ?? "",
+                    url: r.url ?? "",
+                    snippet: (r.description ?? "").slice(0, 300),
+                    engine: "brave",
+                }));
+                const text = JSON.stringify({ results }, null, 2);
+                return {
+                    content: [{ type: "text", text }],
+                    details: { query, results, total: results.length },
+                };
+            }
+            catch (error) {
+                const err = error;
+                const text = JSON.stringify({ error: `Search failed: ${err.message}` });
+                return {
+                    content: [{ type: "text", text }],
+                    details: { error: err.message },
+                };
+            }
+        },
+    };
+}
+// ---------------------------------------------------------------------------
+// SearXNG backend
+// ---------------------------------------------------------------------------
+/**
+ * Create the web search tool backed by SearXNG.
+ */
+export function createWebSearchTool(searxngUrl) {
+    return {
+        name: "web_search",
+        label: "web_search",
+        description: "Search the web. Returns titles, URLs, and snippets. " +
+            "Aggregates results from Google, Bing, DuckDuckGo, Brave, and more.",
+        parameters: webSearchSchema,
+        async execute(_toolCallId, { query, count, freshness, language }) {
+            const limit = Math.min(count ?? 10, 20);
+            const lang = language ?? "en";
+            const params = new URLSearchParams({
+                q: query,
+                format: "json",
+                language: lang,
+                safesearch: "0",
+            });
+            if (freshness) {
+                // Normalize common formats
+                const timeMap = {
+                    pd: "day",
+                    pw: "week",
+                    pm: "month",
+                    py: "year",
+                    day: "day",
+                    week: "week",
+                    month: "month",
+                    year: "year",
+                };
+                const timeRange = timeMap[freshness] ?? freshness;
+                params.append("time_range", timeRange);
+            }
+            const url = `${searxngUrl}/search?${params.toString()}`;
+            try {
+                const response = await fetchJson(url, 10000);
+                const results = (response.results ?? []).slice(0, limit).map((r) => ({
+                    title: r.title ?? "",
+                    url: r.url ?? "",
+                    snippet: (r.content ?? "").slice(0, 300),
+                    engine: r.engine ?? "unknown",
+                }));
+                const text = JSON.stringify({ results }, null, 2);
+                return {
+                    content: [{ type: "text", text }],
+                    details: { query, results, total: response.number_of_results ?? 0 },
+                };
+            }
+            catch (error) {
+                const err = error;
+                const text = JSON.stringify({ error: `Search failed: ${err.message}` });
+                return {
+                    content: [{ type: "text", text }],
+                    details: { error: err.message },
+                };
+            }
+        },
+    };
+}
+//# sourceMappingURL=web-search.js.map

package/dist/tools/web-search.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"web-search.js","sourceRoot":"","sources":["../../src/tools/web-search.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,OAAO,KAAK,MAAM,YAAY,CAAC;AAC/B,OAAO,IAAI,MAAM,WAAW,CAAC;AAG7B,OAAO,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AAkBzC,MAAM,eAAe,GAAG,IAAI,CAAC,MAAM,CAAC;IAClC,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE,WAAW,EAAE,cAAc,EAAE,CAAC;IACnD,KAAK,EAAE,IAAI,CAAC,QAAQ,CAClB,IAAI,CAAC,MAAM,CAAC;QACV,WAAW,EAAE,oDAAoD;QACjE,OAAO,EAAE,CAAC;QACV,OAAO,EAAE,EAAE;KACZ,CAAC,CACH;IACD,SAAS,EAAE,IAAI,CAAC,QAAQ,CACtB,IAAI,CAAC,MAAM,CAAC;QACV,WAAW,EACT,6CAA6C;KAChD,CAAC,CACH;IACD,QAAQ,EAAE,IAAI,CAAC,QAAQ,CACrB,IAAI,CAAC,MAAM,CAAC;QACV,WAAW,EAAE,0DAA0D;KACxE,CAAC,CACH;CACF,CAAC,CAAC;AAIH,gEAAgE;AAChE,4EAA4E;AAC5E,2EAA2E;AAC3E,0EAA0E;AAC1E,8EAA8E;AAC9E,0EAA0E;AAC1E,uCAAuC;AACvC,SAAS,SAAS,CAAC,GAAW,EAAE,SAAiB;IAC/C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,QAAQ,GAAG,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;QAExD,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE,CAAC,GAAG,EAAE,EAAE;YAC5D,IAAI,IAAI,GAAG,EAAE,CAAC;YACd,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;gBAC/B,IAAI,IAAI,KAAK,CAAC;YAChB,CAAC,CAAC,CAAC;YACH,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;gBACjB,IAAI,CAAC;oBACH,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAoB,CAAC,CAAC;gBAC/C,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,MAAM,CAAC,IAAI,KAAK,CAAC,qCAAsC,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;gBACnF,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;YAC7B,MAAM,CAAC,IAAI,KAAK,CAAC,2BAA2B,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QAC9D,CAAC,CAAC,CAAC;QACH,GAAG,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;YACrB,GAAG,CAAC,OAAO,EAAE,CAAC;YACd,MAAM,CAAC,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC,CAAC;QACjD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAsBD;;;GAGG;AACH,SAAS,cAAc,CACrB,GAAW,EACX,MAAc,EACd,SAAiB;IAEjB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,OAAO,GAAG;YACd,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,IAAI,EAAE,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM;YACrC,OAAO,EAAE;gBACP,QAAQ,EAAE,kBAAkB;gBAC5B,iBAAiB,EAAE,MAAM;gBACzB,sBAAsB,EAAE,MAAM;aAC/B;YACD,OAAO,EAAE,SAAS;SACnB,CAAC;QAEF,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACrC,MAAM,MAAM,GAAa,EAAE,CAAC;YAC5B,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;YACtD,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;gBACjB,IAAI,CAAC;oBACH,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAwB,CAAC,CAAC;gBAC/E,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,MAAM,CAAC,IAAI,KAAK,CAAC,mCAAoC,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;gBACjF,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;YAC7B,MAAM,CAAC,IAAI,KAAK,CAAC,gCAAgC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QACnE,CAAC,CAAC,CAAC;QACH,GAAG,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;YACrB,GAAG,CAAC,OAAO,EAAE,CAAC;YACd,MAAM,CAAC,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC,CAAC;QACtD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CAAC,MAAc;IAClD,OAAO;QACL,IAAI,EAAE,YAAY;QAClB,KAAK,EAAE,YAAY;QACnB,WAAW,EACT,wEAAwE;QAC1E,UAAU,EAAE,eAAe;QAC3B,KAAK,CAAC,OAAO,CACX,WAAmB,EACnB,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAkB;YAErD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;YAExC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;gBACjC,CAAC,EAAE,KAAK;gBACR,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC;aACrB,CAAC,CAAC;YAEH,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,CAAC,GAAG,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;YACtC,CAAC;YAED,IAAI,SAAS,EAAE,CAAC;gBACd,yCAAyC;gBACzC,MAAM,OAAO,GAA2B;oBACtC,GAAG,EAAE,IAAI;oBACT,IAAI,EAAE,IAAI;oBACV,KAAK,EAAE,IAAI;oBACX,IAAI,EAAE,IAAI;oBACV,EAAE,EAAE,IAAI;oBACR,EAAE,EAAE,IAAI;oBACR,EAAE,EAAE,IAAI;oBACR,EAAE,EAAE,IAAI;iBACT,CAAC;gBACF,MAAM,EAAE,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;gBAC9B,IAAI,EAAE;oBAAE,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;YACtC,CAAC;YAED,MAAM,GAAG,GAAG,kDAAkD,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;YAElF,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;gBAE1D,MAAM,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,EAAE,OAAO,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBACxE,KAAK,EAAE,CAAC,CAAC,KAAK,IAAI,EAAE;oBACpB,GAAG,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE;oBAChB,OAAO,EAAE,CAAC,CAAC,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBAC5C,MAAM,EAAE,OAAO;iBAChB,CAAC,CAAC,CAAC;gBAEJ,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;gBAClD,OAAO;oBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;oBACjC,OAAO,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,CAAC,MAAM,EAAE;iBACnD,CAAC;YACJ,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,GAAG,GAAG,KAAc,CAAC;gBAC3B,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,kBAAkB,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;gBACxE,OAAO;oBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;oBACjC,OAAO,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE;iBAChC,CAAC;YACJ,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,kBAAkB;AAClB,8EAA8E;AAE9E;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,UAAkB;IACpD,OAAO;QACL,IAAI,EAAE,YAAY;QAClB,KAAK,EAAE,YAAY;QACnB,WAAW,EACT,sDAAsD;YACtD,oEAAoE;QACtE,UAAU,EAAE,eAAe;QAC3B,KAAK,CAAC,OAAO,CACX,WAAmB,EACnB,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAkB;YAErD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;YACxC,MAAM,IAAI,GAAG,QAAQ,IAAI,IAAI,CAAC;YAE9B,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;gBACjC,CAAC,EAAE,KAAK;gBACR,MAAM,EAAE,MAAM;gBACd,QAAQ,EAAE,IAAI;gBACd,UAAU,EAAE,GAAG;aAChB,CAAC,CAAC;YAEH,IAAI,SAAS,EAAE,CAAC;gBACd,2BAA2B;gBAC3B,MAAM,OAAO,GAA2B;oBACtC,EAAE,EAAE,KAAK;oBACT,EAAE,EAAE,MAAM;oBACV,EAAE,EAAE,OAAO;oBACX,EAAE,EAAE,MAAM;oBACV,GAAG,EAAE,KAAK;oBACV,IAAI,EAAE,MAAM;oBACZ,KAAK,EAAE,OAAO;oBACd,IAAI,EAAE,MAAM;iBACb,CAAC;gBACF,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC;gBAClD,MAAM,CAAC,MAAM,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;YACzC,CAAC;YAED,MAAM,GAAG,GAAG,GAAG,UAAU,WAAW,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;YAExD,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;gBAE7C,MAAM,OAAO,GAAG,CAAC,QAAQ,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBACnE,KAAK,EAAE,CAAC,CAAC,KAAK,IAAI,EAAE;oBACpB,GAAG,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE;oBAChB,OAAO,EAAE,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBACxC,MAAM,EAAE,CAAC,CAAC,MAAM,IAAI,SAAS;iBAC9B,CAAC,CAAC,CAAC;gBAEJ,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;gBAClD,OAAO;oBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;oBACjC,OAAO,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,CAAC,iBAAiB,IAAI,CAAC,EAAE;iBACpE,CAAC;YACJ,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,GAAG,GAAG,KAAc,CAAC;gBAC3B,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,kBAAkB,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;gBACxE,OAAO;oBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;oBACjC,OAAO,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE;iBAChC,CAAC;YACJ,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/trust/guardrail.d.ts

@@ -0,0 +1,60 @@
+/**
+ * LLM-based guardrail for elevated tool calls.
+ *
+ * Before an elevated tool runs, a single LLM call classifies it as ALLOW
+ * (safe, execute silently), ASK (risky, confirm with user), or BLOCK
+ * (dangerous, reject outright).
+ *
+ * Replaces static allowlists with contextual understanding: the model knows
+ * that `rm -rf node_modules` is cleanup but `rm -rf /` is destruction.
+ *
+ * The guardrail only sees tool name, arguments, and the last user message.
+ * It never sees the full conversation context, so prompt injection in prior
+ * turns can't influence the safety check. If the LLM call fails for any
+ * reason, it defaults to ASK (fail-safe, not fail-open).
+ */
+import type { Config } from "../config.js";
+export type GuardrailVerdict = "ALLOW" | "ASK" | "BLOCK";
+export interface GuardrailResult {
+    verdict: GuardrailVerdict;
+    /** Short explanation for the user (shown when ASK or BLOCK). */
+    reason: string;
+}
+export interface GuardrailInput {
+    /** Tool name */
+    toolName: string;
+    /** Tool arguments as a JSON string or key-value description */
+    args: string;
+    /** The last user message (for context on what was requested) */
+    userMessage?: string;
+    /** Tool description */
+    toolDescription?: string;
+}
+declare function buildGuardrailPrompt(input: GuardrailInput): string;
+declare function parseVerdict(response: string): GuardrailResult;
+/**
+ * Evaluate a tool call through the LLM guardrail.
+ *
+ * The prompt is deliberately narrow: it only receives the tool name,
+ * arguments, the tool's own description, and the last user message. The full
+ * conversation transcript is never included. This limits the prompt injection
+ * surface — a malicious message earlier in the conversation cannot reach the
+ * guardrail and influence the safety verdict.
+ *
+ * Fail-safe default: any LLM failure (network error, parse error, no model
+ * available) falls back to ASK rather than ALLOW. The guardrail must never
+ * fail open. An operator who wants fewer interruptions should tune the
+ * GUARDRAIL_SYSTEM_PROMPT guidelines, not weaken the error path.
+ *
+ * TODO: the guardrail currently uses the same primary model as the main agent.
+ * A smaller, faster model (Claude Haiku, GPT-4o-mini) would be more
+ * appropriate here: the classification task is simple, latency matters, and
+ * cost adds up on every elevated tool call. Consider adding a
+ * `guardrail_model` config key analogous to `reflection_model`.
+ */
+export declare function evaluateToolCall(config: Config, input: GuardrailInput): Promise<GuardrailResult>;
+/**
+ * For testing: evaluate with a custom function instead of LLM.
+ */
+export { buildGuardrailPrompt, parseVerdict };
+//# sourceMappingURL=guardrail.d.ts.map

package/dist/trust/guardrail.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"guardrail.d.ts","sourceRoot":"","sources":["../../src/trust/guardrail.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAGH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAO3C,MAAM,MAAM,gBAAgB,GAAG,OAAO,GAAG,KAAK,GAAG,OAAO,CAAC;AAEzD,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,gBAAgB,CAAC;IAC1B,gEAAgE;IAChE,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,cAAc;IAC7B,gBAAgB;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,+DAA+D;IAC/D,IAAI,EAAE,MAAM,CAAC;IACb,gEAAgE;IAChE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,uBAAuB;IACvB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAsCD,iBAAS,oBAAoB,CAAC,KAAK,EAAE,cAAc,GAAG,MAAM,CAU3D;AAMD,iBAAS,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,eAAe,CAuBvD;AAkBD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,gBAAgB,CACpC,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,cAAc,GACpB,OAAO,CAAC,eAAe,CAAC,CAiD1B;AAED;;GAEG;AACH,OAAO,EAAE,oBAAoB,EAAE,YAAY,EAAE,CAAC"}

package/dist/trust/guardrail.js

@@ -0,0 +1,171 @@
+/**
+ * LLM-based guardrail for elevated tool calls.
+ *
+ * Before an elevated tool runs, a single LLM call classifies it as ALLOW
+ * (safe, execute silently), ASK (risky, confirm with user), or BLOCK
+ * (dangerous, reject outright).
+ *
+ * Replaces static allowlists with contextual understanding: the model knows
+ * that `rm -rf node_modules` is cleanup but `rm -rf /` is destruction.
+ *
+ * The guardrail only sees tool name, arguments, and the last user message.
+ * It never sees the full conversation context, so prompt injection in prior
+ * turns can't influence the safety check. If the LLM call fails for any
+ * reason, it defaults to ASK (fail-safe, not fail-open).
+ */
+import { completeSimple } from "@mariozechner/pi-ai";
+import { createModelInfra, resolveFirstModel } from "../model-infra.js";
+// ---------------------------------------------------------------------------
+// Prompt
+// ---------------------------------------------------------------------------
+const GUARDRAIL_SYSTEM_PROMPT = `You are a security guardrail for an AI agent. Your job is to evaluate whether a tool call is safe to execute.
+
+You will receive:
+- The tool name and its arguments
+- The last thing the user asked the agent to do
+- A description of what the tool does
+
+Classify the action as one of:
+- ALLOW: Safe to execute. Routine operations, reads, harmless commands, actions that clearly match what the user asked for.
+- ASK: Potentially risky. Destructive operations (delete, overwrite), network access to unknown/suspicious destinations, actions that seem disproportionate to what the user asked, or anything you're unsure about.
+- BLOCK: Clearly dangerous. Data destruction (rm -rf /), exfiltration attempts (curl to unknown servers piping to bash), credential theft, or actions that no reasonable user would intend.
+
+Guidelines:
+- Be practical, not paranoid. Most tool calls are fine. Users expect their agent to run commands.
+- Reading files, listing directories, checking system status: ALLOW
+- Writing/creating files in the agent's workspace: ALLOW
+- Installing packages, running build commands: ALLOW
+- Deleting files the user mentioned: ASK (confirm scope)
+- Network requests to well-known APIs (weather, search): ALLOW
+- Network requests to unknown URLs: ASK
+- Piping curl output to bash/sh/eval: BLOCK
+- Any command with sudo, chmod 777, or touching system files: ASK
+- If the tool call clearly matches what the user just asked for: lean ALLOW
+
+Respond with EXACTLY one line in this format:
+VERDICT: reason
+
+Examples:
+ALLOW: listing directory contents as requested
+ASK: deleting files outside the workspace directory
+BLOCK: piping untrusted URL content to shell execution`;
+function buildGuardrailPrompt(input) {
+    const parts = [`Tool: ${input.toolName}`];
+    if (input.toolDescription) {
+        parts.push(`Description: ${input.toolDescription}`);
+    }
+    parts.push(`Arguments: ${input.args}`);
+    if (input.userMessage) {
+        parts.push(`User's last message: "${input.userMessage}"`);
+    }
+    return parts.join("\n");
+}
+// ---------------------------------------------------------------------------
+// Parse response
+// ---------------------------------------------------------------------------
+function parseVerdict(response) {
+    const lines = response.trim().split("\n");
+    // Scan all lines for "VERDICT: reason" pattern (models sometimes prefix with explanation)
+    for (const raw of lines) {
+        const line = raw.trim();
+        const match = line.match(/^(ALLOW|ASK|BLOCK):\s*(.+)$/i);
+        if (match) {
+            return {
+                verdict: match[1].toUpperCase(),
+                reason: match[2].trim(),
+            };
+        }
+    }
+    // Fallback: look for the verdict word anywhere in the response
+    const upper = response.toUpperCase();
+    if (upper.includes("BLOCK"))
+        return { verdict: "BLOCK", reason: lines[0].trim() };
+    if (upper.includes("ALLOW"))
+        return { verdict: "ALLOW", reason: lines[0].trim() };
+    if (upper.includes("ASK"))
+        return { verdict: "ASK", reason: lines[0].trim() };
+    // Unparseable: fail safe
+    return { verdict: "ASK", reason: `Guardrail returned unparseable response: ${lines[0].trim().slice(0, 100)}` };
+}
+// ---------------------------------------------------------------------------
+// Model resolution
+// ---------------------------------------------------------------------------
+let cachedInfra = null;
+function getModelInfra(config) {
+    if (cachedInfra)
+        return cachedInfra;
+    cachedInfra = createModelInfra(config);
+    return cachedInfra;
+}
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+/**
+ * Evaluate a tool call through the LLM guardrail.
+ *
+ * The prompt is deliberately narrow: it only receives the tool name,
+ * arguments, the tool's own description, and the last user message. The full
+ * conversation transcript is never included. This limits the prompt injection
+ * surface — a malicious message earlier in the conversation cannot reach the
+ * guardrail and influence the safety verdict.
+ *
+ * Fail-safe default: any LLM failure (network error, parse error, no model
+ * available) falls back to ASK rather than ALLOW. The guardrail must never
+ * fail open. An operator who wants fewer interruptions should tune the
+ * GUARDRAIL_SYSTEM_PROMPT guidelines, not weaken the error path.
+ *
+ * TODO: the guardrail currently uses the same primary model as the main agent.
+ * A smaller, faster model (Claude Haiku, GPT-4o-mini) would be more
+ * appropriate here: the classification task is simple, latency matters, and
+ * cost adds up on every elevated tool call. Consider adding a
+ * `guardrail_model` config key analogous to `reflection_model`.
+ */
+export async function evaluateToolCall(config, input) {
+    const { modelRegistry } = getModelInfra(config);
+    // Use the primary model for guardrail evaluation. This is a security boundary;
+    // reliability matters more than cost. The prompt is tiny (~300 tokens in, ~20 out).
+    const candidates = [
+        config.agent.model,
+        ...(config.agent.fallback_models ?? []),
+    ];
+    const model = resolveFirstModel(candidates, modelRegistry);
+    if (!model) {
+        return { verdict: "ASK", reason: "No model available for guardrail evaluation." };
+    }
+    const userPrompt = buildGuardrailPrompt(input);
+    try {
+        const apiKey = await modelRegistry.getApiKey(model);
+        const result = await completeSimple(model, {
+            systemPrompt: GUARDRAIL_SYSTEM_PROMPT,
+            messages: [{
+                    role: "user",
+                    content: userPrompt,
+                    timestamp: Date.now(),
+                }],
+        }, {
+            maxTokens: 100,
+            temperature: 0,
+            apiKey: apiKey ?? undefined,
+        });
+        if (result.stopReason === "error") {
+            console.warn(`[guardrail] LLM error: ${result.errorMessage ?? "unknown"}`);
+            return { verdict: "ASK", reason: "Guardrail evaluation failed; asking for safety." };
+        }
+        const text = result.content
+            .filter((c) => c.type === "text")
+            .map((c) => c.type === "text" ? c.text : "")
+            .join("");
+        const verdict = parseVerdict(text);
+        console.log(`[guardrail] ${input.toolName}: ${verdict.verdict} — ${verdict.reason}`);
+        return verdict;
+    }
+    catch (err) {
+        console.warn(`[guardrail] LLM call failed: ${err.message}`);
+        return { verdict: "ASK", reason: "Guardrail evaluation failed; asking for safety." };
+    }
+}
+/**
+ * For testing: evaluate with a custom function instead of LLM.
+ */
+export { buildGuardrailPrompt, parseVerdict };
+//# sourceMappingURL=guardrail.js.map

package/dist/trust/guardrail.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"guardrail.js","sourceRoot":"","sources":["../../src/trust/guardrail.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAErD,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAmB,MAAM,mBAAmB,CAAC;AAyBzF,8EAA8E;AAC9E,SAAS;AACT,8EAA8E;AAE9E,MAAM,uBAAuB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;uDA8BuB,CAAC;AAExD,SAAS,oBAAoB,CAAC,KAAqB;IACjD,MAAM,KAAK,GAAG,CAAC,SAAS,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC1C,IAAI,KAAK,CAAC,eAAe,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,gBAAgB,KAAK,CAAC,eAAe,EAAE,CAAC,CAAC;IACtD,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,cAAc,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IACvC,IAAI,KAAK,CAAC,WAAW,EAAE,CAAC;QACtB,KAAK,CAAC,IAAI,CAAC,yBAAyB,KAAK,CAAC,WAAW,GAAG,CAAC,CAAC;IAC5D,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,8EAA8E;AAC9E,iBAAiB;AACjB,8EAA8E;AAE9E,SAAS,YAAY,CAAC,QAAgB;IACpC,MAAM,KAAK,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAE1C,0FAA0F;IAC1F,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;QACxB,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;QACzD,IAAI,KAAK,EAAE,CAAC;YACV,OAAO;gBACL,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAsB;gBACnD,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE;aACxB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,+DAA+D;IAC/D,MAAM,KAAK,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IACrC,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;IAClF,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;IAClF,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;IAE9E,yBAAyB;IACzB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,4CAA4C,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC;AACjH,CAAC;AAED,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E,IAAI,WAAW,GAAsB,IAAI,CAAC;AAE1C,SAAS,aAAa,CAAC,MAAc;IACnC,IAAI,WAAW;QAAE,OAAO,WAAW,CAAC;IACpC,WAAW,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC;IACvC,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAE9E;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,MAAc,EACd,KAAqB;IAErB,MAAM,EAAE,aAAa,EAAE,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IAEhD,+EAA+E;IAC/E,oFAAoF;IACpF,MAAM,UAAU,GAAG;QACjB,MAAM,CAAC,KAAK,CAAC,KAAK;QAClB,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,IAAI,EAAE,CAAC;KACxC,CAAC;IAEF,MAAM,KAAK,GAAG,iBAAiB,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;IAC3D,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,8CAA8C,EAAE,CAAC;IACpF,CAAC;IAED,MAAM,UAAU,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAC;IAE/C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QACpD,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,KAAK,EAAE;YACzC,YAAY,EAAE,uBAAuB;YACrC,QAAQ,EAAE,CAAC;oBACT,IAAI,EAAE,MAAe;oBACrB,OAAO,EAAE,UAAU;oBACnB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;iBACtB,CAAC;SACH,EAAE;YACD,SAAS,EAAE,GAAG;YACd,WAAW,EAAE,CAAC;YACd,MAAM,EAAE,MAAM,IAAI,SAAS;SAC5B,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,UAAU,KAAK,OAAO,EAAE,CAAC;YAClC,OAAO,CAAC,IAAI,CAAC,0BAA0B,MAAM,CAAC,YAAY,IAAI,SAAS,EAAE,CAAC,CAAC;YAC3E,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,iDAAiD,EAAE,CAAC;QACvF,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO;aACxB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC;aAChC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;aAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;QAEZ,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,eAAe,KAAK,CAAC,QAAQ,KAAK,OAAO,CAAC,OAAO,MAAM,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QACrF,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,IAAI,CAAC,gCAAiC,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QACvE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,iDAAiD,EAAE,CAAC;IACvF,CAAC;AACH,CAAC;AAED;;GAEG;AACH,OAAO,EAAE,oBAAoB,EAAE,YAAY,EAAE,CAAC"}

package/dist/trust/index.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Trust subsystem: capability taxonomy, approval store, and guardrail checks.
+ *
+ * Re-exports from:
+ * - store.ts: TrustStore, capability registry, permission checks
+ * - wrapper.ts: tool wrapping with trust + guardrail checks
+ * - guardrail.ts: LLM-based safety evaluation
+ */
+export { type CapabilityLevel, type Capability, type ToolCapabilities, type TrustStore, createTrustStore, registerToolCapabilities, getToolCapabilities, type PermissionCheckResult, checkPermission, setPendingApproval, checkPendingApproval, isAlwaysApproval, } from "./store.js";
+export { type ApprovalCallback, type TrustWrapperContext, wrapToolWithTrustCheck, wrapToolsWithTrustChecks, } from "./wrapper.js";
+export { type GuardrailVerdict, type GuardrailResult, type GuardrailInput, evaluateToolCall, } from "./guardrail.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/trust/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/trust/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EACL,KAAK,eAAe,EACpB,KAAK,UAAU,EACf,KAAK,gBAAgB,EACrB,KAAK,UAAU,EACf,gBAAgB,EAChB,wBAAwB,EACxB,mBAAmB,EACnB,KAAK,qBAAqB,EAC1B,eAAe,EACf,kBAAkB,EAClB,oBAAoB,EACpB,gBAAgB,GACjB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,KAAK,gBAAgB,EACrB,KAAK,mBAAmB,EACxB,sBAAsB,EACtB,wBAAwB,GACzB,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,gBAAgB,GACjB,MAAM,gBAAgB,CAAC"}

package/dist/trust/index.js

@@ -0,0 +1,12 @@
+/**
+ * Trust subsystem: capability taxonomy, approval store, and guardrail checks.
+ *
+ * Re-exports from:
+ * - store.ts: TrustStore, capability registry, permission checks
+ * - wrapper.ts: tool wrapping with trust + guardrail checks
+ * - guardrail.ts: LLM-based safety evaluation
+ */
+export { createTrustStore, registerToolCapabilities, getToolCapabilities, checkPermission, setPendingApproval, checkPendingApproval, isAlwaysApproval, } from "./store.js";
+export { wrapToolWithTrustCheck, wrapToolsWithTrustChecks, } from "./wrapper.js";
+export { evaluateToolCall, } from "./guardrail.js";
+//# sourceMappingURL=index.js.map

package/dist/trust/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/trust/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAKL,gBAAgB,EAChB,wBAAwB,EACxB,mBAAmB,EAEnB,eAAe,EACf,kBAAkB,EAClB,oBAAoB,EACpB,gBAAgB,GACjB,MAAM,YAAY,CAAC;AAEpB,OAAO,EAGL,sBAAsB,EACtB,wBAAwB,GACzB,MAAM,cAAc,CAAC;AAEtB,OAAO,EAIL,gBAAgB,GACjB,MAAM,gBAAgB,CAAC"}