@carfiedli/runtime-guardrail 0.1.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.fe.md +256 -0
- package/README.hooks-security.md +1017 -0
- package/README.md +1316 -0
- package/dist/adapters/index.d.ts +1 -0
- package/dist/adapters/persistence/file-store.d.ts +18 -0
- package/dist/adapters/persistence/index.d.ts +4 -0
- package/dist/adapters/persistence/json-event-log.d.ts +31 -0
- package/dist/adapters/persistence/queue-store.d.ts +19 -0
- package/dist/adapters/persistence/snapshot-store.d.ts +14 -0
- package/dist/approval/approval-service.d.ts +27 -0
- package/dist/approval/approval-state-machine.d.ts +5 -0
- package/dist/approval/hitl/hitl-connector.d.ts +9 -0
- package/dist/approval/index.d.ts +4 -0
- package/dist/approval/run-hold-service.d.ts +16 -0
- package/dist/audit/audit-event-store.d.ts +12 -0
- package/dist/audit/audit-read-model-builder.d.ts +17 -0
- package/dist/audit/audit-service.d.ts +18 -0
- package/dist/audit/incident-query-service.d.ts +7 -0
- package/dist/audit/index.d.ts +5 -0
- package/dist/audit/metrics-projection.d.ts +10 -0
- package/dist/bootstrap/create-runtime-guardrail-plugin.d.ts +3 -0
- package/dist/bootstrap/dependency-container.d.ts +2 -0
- package/dist/bootstrap/index.d.ts +3 -0
- package/dist/bootstrap/runtime-facade.d.ts +31 -0
- package/dist/compat/index.d.ts +1 -0
- package/dist/compat/legacy-types.d.ts +29 -0
- package/dist/contracts/core.d.ts +277 -0
- package/dist/contracts/events.d.ts +35 -0
- package/dist/contracts/host.d.ts +239 -0
- package/dist/contracts/index.d.ts +6 -0
- package/dist/contracts/operator.d.ts +110 -0
- package/dist/execution/egress-mediator.d.ts +7 -0
- package/dist/execution/execution-broker.d.ts +13 -0
- package/dist/execution/execution-plan-builder.d.ts +12 -0
- package/dist/execution/index.d.ts +4 -0
- package/dist/execution/model-governance-service.d.ts +7 -0
- package/dist/index.d.ts +29 -0
- package/dist/index.js +23 -0
- package/dist/openclaw/hooks/egress-adapter.d.ts +9 -0
- package/dist/openclaw/hooks/hook-registry.d.ts +21 -0
- package/dist/openclaw/hooks/hook-result-mapper.d.ts +43 -0
- package/dist/openclaw/hooks/hook-types.d.ts +31 -0
- package/dist/openclaw/hooks/index.d.ts +8 -0
- package/dist/openclaw/hooks/ingress-adapter.d.ts +14 -0
- package/dist/openclaw/hooks/llm-request-adapter.d.ts +9 -0
- package/dist/openclaw/hooks/persist-adapter.d.ts +30 -0
- package/dist/openclaw/hooks/tool-call-adapter.d.ts +7 -0
- package/dist/openclaw/index.d.ts +4 -0
- package/dist/openclaw/plugin-runtime.d.ts +103 -0
- package/dist/openclaw/rpc-handlers.d.ts +20 -0
- package/dist/openclaw/skills-availability.d.ts +10 -0
- package/dist/openclaw/skills-upload.d.ts +17 -0
- package/dist/openclaw/testing/index.d.ts +1 -0
- package/dist/openclaw/testing/mock-openclaw-api.d.ts +74 -0
- package/dist/operator/cli/register-cli.d.ts +4 -0
- package/dist/operator/command-service.d.ts +15 -0
- package/dist/operator/index.d.ts +5 -0
- package/dist/operator/query-service.d.ts +21 -0
- package/dist/operator/reporting/report-service.d.ts +9 -0
- package/dist/operator/rpc/register-rpc.d.ts +5 -0
- package/dist/policy/detectors/detector-port.d.ts +23 -0
- package/dist/policy/finding-normalizer.d.ts +3 -0
- package/dist/policy/index.d.ts +4 -0
- package/dist/policy/policy-engine.d.ts +8 -0
- package/dist/policy/stage-resolver.d.ts +7 -0
- package/dist/runtime-core/device-id.d.ts +15 -0
- package/dist/runtime-core/evaluate-service.d.ts +91 -0
- package/dist/runtime-core/index.d.ts +10 -0
- package/dist/runtime-core/memory-audit-logger.d.ts +55 -0
- package/dist/runtime-core/memory-store.d.ts +141 -0
- package/dist/runtime-core/remote-guard-request-builder.d.ts +15 -0
- package/dist/runtime-core/remote-guard-transport.d.ts +79 -0
- package/dist/runtime-core/remote-guard-types.d.ts +183 -0
- package/dist/runtime-core/remote-policy-evaluator.d.ts +51 -0
- package/dist/runtime-core/skill-name-resolver.d.ts +31 -0
- package/dist/runtime-core/sync-remote-evaluate.d.ts +29 -0
- package/dist/runtime-core/sync-remote-worker.d.ts +14 -0
- package/dist/runtime-core/sync-remote-worker.js +2 -0
- package/dist/runtime-core/telemetry-service.d.ts +94 -0
- package/dist/runtime-core/telemetry-types.d.ts +181 -0
- package/dist/types.d.ts +224 -0
- package/dist/version.d.ts +1 -0
- package/openclaw.plugin.json +76 -0
- package/package.json +71 -0
- package/remote-guard-config.json +30 -0
- package/scripts/runtime-guardrailctl.mjs +864 -0
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import type { OpenClawApi } from "../contracts";
|
|
2
|
+
export type SkillsAvailabilityOptions = {
|
|
3
|
+
/** 是否启用 skills 可用性治理(默认开启;可显式设为 false 关闭) */
|
|
4
|
+
enabled?: boolean;
|
|
5
|
+
/** 预留:后端校验接口地址(当前仅记录 TODO,不发起调用) */
|
|
6
|
+
verificationEndpoint?: string;
|
|
7
|
+
/** 模拟返回需禁用的 skills(用于联调验证) */
|
|
8
|
+
simulatedDisabledSkills?: string[];
|
|
9
|
+
};
|
|
10
|
+
export declare const registerSkillsAvailabilityService: (api: OpenClawApi, options?: SkillsAvailabilityOptions) => void;
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
import type { OpenClawApi } from "../contracts";
|
|
2
|
+
import { type RemoteGuardConfig } from "../runtime-core";
|
|
3
|
+
export type SkillsUploadOptions = {
|
|
4
|
+
/** 是否启用自动上传(默认启用) */
|
|
5
|
+
enabled?: boolean;
|
|
6
|
+
/** 上传超时毫秒数(默认使用 remote-guard-config.options.timeoutMs) */
|
|
7
|
+
timeoutMs?: number;
|
|
8
|
+
/** 是否忽略幂等缓存强制上传 */
|
|
9
|
+
force?: boolean;
|
|
10
|
+
/** 申请预签名 URL 时使用的 content_type */
|
|
11
|
+
contentType?: string;
|
|
12
|
+
/** 指向用户侧下发的 remote-guard-config.json */
|
|
13
|
+
remoteGuardConfigPath?: string;
|
|
14
|
+
/** 直接注入远端配置(优先于 remoteGuardConfigPath) */
|
|
15
|
+
remoteGuardConfig?: RemoteGuardConfig;
|
|
16
|
+
};
|
|
17
|
+
export declare const registerSkillsUploadService: (api: OpenClawApi, options?: SkillsUploadOptions) => void;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export * from "./mock-openclaw-api";
|
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
import type { CliCommandHandler, GatewayRequestHandlerOptions, OpenClawApi, OpenClawCliRegistrarContext, OpenClawHookName, PluginHookContextMap, PluginHookEventMap, PluginHookHandler } from "../../contracts";
|
|
2
|
+
/**
|
|
3
|
+
* Mock OpenClaw API
|
|
4
|
+
* 模拟宿主平台的完整能力:钩子注册、网关方法、CLI 命令、日志
|
|
5
|
+
* 用于独立测试和集成测试
|
|
6
|
+
*/
|
|
7
|
+
export declare class MockOpenClawApi implements OpenClawApi {
|
|
8
|
+
/** 已注册的钩子处理器 */
|
|
9
|
+
private readonly hookHandlers;
|
|
10
|
+
/** 已注册的网关方法 */
|
|
11
|
+
private readonly gatewayMethods;
|
|
12
|
+
/** 已注册的 CLI 命令 */
|
|
13
|
+
private readonly cliCommands;
|
|
14
|
+
/** 日志记录 */
|
|
15
|
+
private readonly logEntries;
|
|
16
|
+
/** 是否静默模式(不输出日志到控制台) */
|
|
17
|
+
private silent;
|
|
18
|
+
constructor(options?: {
|
|
19
|
+
silent?: boolean;
|
|
20
|
+
});
|
|
21
|
+
on<H extends OpenClawHookName>(hookName: H, handler: PluginHookHandler<H>): void;
|
|
22
|
+
registerGatewayMethod(method: string, handler: (options: GatewayRequestHandlerOptions) => Promise<void> | void): void;
|
|
23
|
+
registerCli(nameOrRegistrar: string | ((ctx: OpenClawCliRegistrarContext) => void | Promise<void>), handlerOrOptions?: CliCommandHandler | {
|
|
24
|
+
commands?: string[];
|
|
25
|
+
}): void;
|
|
26
|
+
log: {
|
|
27
|
+
info: (message: string) => void;
|
|
28
|
+
warn: (message: string) => void;
|
|
29
|
+
error: (message: string) => void;
|
|
30
|
+
debug: (message: string) => void;
|
|
31
|
+
};
|
|
32
|
+
/**
|
|
33
|
+
* 模拟触发一个钩子事件
|
|
34
|
+
* @returns 所有处理器的返回结果数组
|
|
35
|
+
*/
|
|
36
|
+
triggerHook<H extends OpenClawHookName>(hookName: H, event: PluginHookEventMap[H], ctx?: PluginHookContextMap[H]): Promise<unknown[]>;
|
|
37
|
+
/**
|
|
38
|
+
* 模拟调用 RPC 方法
|
|
39
|
+
* @returns 处理器的响应结果
|
|
40
|
+
*/
|
|
41
|
+
callRpc(method: string, params?: Record<string, unknown>): Promise<unknown>;
|
|
42
|
+
/**
|
|
43
|
+
* 模拟执行 CLI 命令
|
|
44
|
+
*/
|
|
45
|
+
executeCli(name: string, args?: Record<string, unknown>): Promise<unknown>;
|
|
46
|
+
/** 获取已注册的钩子名称列表 */
|
|
47
|
+
getRegisteredHooks(): string[];
|
|
48
|
+
/** 获取已注册的网关方法列表 */
|
|
49
|
+
getRegisteredGatewayMethods(): string[];
|
|
50
|
+
/** 获取已注册的 CLI 命令列表 */
|
|
51
|
+
getRegisteredCliCommands(): string[];
|
|
52
|
+
/** 获取日志记录 */
|
|
53
|
+
getLogs(): ReadonlyArray<{
|
|
54
|
+
level: string;
|
|
55
|
+
message: string;
|
|
56
|
+
timestamp: number;
|
|
57
|
+
}>;
|
|
58
|
+
/** 获取指定级别的日志 */
|
|
59
|
+
getLogsByLevel(level: string): Array<{
|
|
60
|
+
level: string;
|
|
61
|
+
message: string;
|
|
62
|
+
timestamp: number;
|
|
63
|
+
}>;
|
|
64
|
+
/** 清空日志 */
|
|
65
|
+
clearLogs(): void;
|
|
66
|
+
/** 设置是否静默 */
|
|
67
|
+
setSilent(silent: boolean): void;
|
|
68
|
+
}
|
|
69
|
+
/**
|
|
70
|
+
* 工厂函数:创建 Mock OpenClaw API 实例
|
|
71
|
+
*/
|
|
72
|
+
export declare const createMockOpenClawApi: (options?: {
|
|
73
|
+
silent?: boolean;
|
|
74
|
+
}) => MockOpenClawApi;
|
|
@@ -0,0 +1,4 @@
|
|
|
1
|
+
import type { OpenClawApi } from "../../contracts";
|
|
2
|
+
import type { OperatorCommandService } from "../command-service";
|
|
3
|
+
import type { OperatorQueryService } from "../query-service";
|
|
4
|
+
export declare const registerShieldCli: (api: OpenClawApi, queryService: OperatorQueryService, commandService: OperatorCommandService) => void;
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import type { CancelRunHoldCommand, ResolveApprovalCommand, ResumeRunHoldCommand } from "../contracts";
|
|
2
|
+
import type { ApprovalService, RunHoldService } from "../approval";
|
|
3
|
+
export interface OperatorCommandService {
|
|
4
|
+
resolveApproval(command: ResolveApprovalCommand): Promise<unknown>;
|
|
5
|
+
resumeRunHold(command: ResumeRunHoldCommand): Promise<unknown>;
|
|
6
|
+
cancelRunHold(command: CancelRunHoldCommand): Promise<unknown>;
|
|
7
|
+
}
|
|
8
|
+
export declare class DefaultOperatorCommandService implements OperatorCommandService {
|
|
9
|
+
private readonly approvalService;
|
|
10
|
+
private readonly runHoldService;
|
|
11
|
+
constructor(approvalService: ApprovalService, runHoldService: RunHoldService);
|
|
12
|
+
resolveApproval(command: ResolveApprovalCommand): Promise<unknown>;
|
|
13
|
+
resumeRunHold(command: ResumeRunHoldCommand): Promise<unknown>;
|
|
14
|
+
cancelRunHold(command: CancelRunHoldCommand): Promise<unknown>;
|
|
15
|
+
}
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
import type { ApprovalListQuery, ApprovalListResult, IncidentListQuery, IncidentListResult, RunHoldListQuery, RunHoldListResult, StatusQueryResult } from "../contracts";
|
|
2
|
+
import type { ApprovalService, RunHoldService } from "../approval";
|
|
3
|
+
import type { AuditReadModelBuilder } from "../audit";
|
|
4
|
+
import type { ShieldRuntimeConfig } from "../runtime-core";
|
|
5
|
+
export interface OperatorQueryService {
|
|
6
|
+
getStatus(): Promise<StatusQueryResult>;
|
|
7
|
+
listIncidents(query?: IncidentListQuery): Promise<IncidentListResult>;
|
|
8
|
+
listApprovals(query?: ApprovalListQuery): Promise<ApprovalListResult>;
|
|
9
|
+
listRunHolds(query?: RunHoldListQuery): Promise<RunHoldListResult>;
|
|
10
|
+
}
|
|
11
|
+
export declare class DefaultOperatorQueryService implements OperatorQueryService {
|
|
12
|
+
private readonly runtimeConfig;
|
|
13
|
+
private readonly auditReadModelBuilder;
|
|
14
|
+
private readonly approvalService;
|
|
15
|
+
private readonly runHoldService;
|
|
16
|
+
constructor(runtimeConfig: ShieldRuntimeConfig, auditReadModelBuilder: AuditReadModelBuilder, approvalService: ApprovalService, runHoldService: RunHoldService);
|
|
17
|
+
getStatus(): Promise<StatusQueryResult>;
|
|
18
|
+
listIncidents(query?: IncidentListQuery): Promise<IncidentListResult>;
|
|
19
|
+
listApprovals(query?: ApprovalListQuery): Promise<ApprovalListResult>;
|
|
20
|
+
listRunHolds(query?: RunHoldListQuery): Promise<RunHoldListResult>;
|
|
21
|
+
}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import type { OperatorQueryService } from "../query-service";
|
|
2
|
+
export interface ReportService {
|
|
3
|
+
generateSummary(): Promise<Record<string, unknown>>;
|
|
4
|
+
}
|
|
5
|
+
export declare class DefaultReportService implements ReportService {
|
|
6
|
+
private readonly queryService;
|
|
7
|
+
constructor(queryService: OperatorQueryService);
|
|
8
|
+
generateSummary(): Promise<Record<string, unknown>>;
|
|
9
|
+
}
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
import type { OpenClawApi } from "../../contracts";
|
|
2
|
+
import type { OperatorCommandService } from "../command-service";
|
|
3
|
+
import type { OperatorQueryService } from "../query-service";
|
|
4
|
+
import type { ReportService } from "../reporting/report-service";
|
|
5
|
+
export declare const registerShieldRpc: (api: OpenClawApi, queryService: OperatorQueryService, commandService: OperatorCommandService, reportService: ReportService) => void;
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
import type { ReasonCode } from "../../contracts";
|
|
2
|
+
import type { ShieldPolicyInput, ShieldRedaction, ShieldSeverity, ShieldStage, ShieldRuleAction } from "../../types";
|
|
3
|
+
export type DetectorContext = {
|
|
4
|
+
stage: ShieldStage;
|
|
5
|
+
now: number;
|
|
6
|
+
};
|
|
7
|
+
export type DetectorSignal = {
|
|
8
|
+
detector: string;
|
|
9
|
+
reasonCode: ReasonCode | string;
|
|
10
|
+
severity: ShieldSeverity;
|
|
11
|
+
summary: string;
|
|
12
|
+
tags: string[];
|
|
13
|
+
evidence?: Record<string, unknown>;
|
|
14
|
+
matchedRuleIds?: string[];
|
|
15
|
+
suggestedAction?: Exclude<ShieldRuleAction, "allow">;
|
|
16
|
+
redactions?: ShieldRedaction[];
|
|
17
|
+
};
|
|
18
|
+
export interface PolicyDetector {
|
|
19
|
+
detect(input: ShieldPolicyInput, context: DetectorContext): Promise<DetectorSignal[]>;
|
|
20
|
+
}
|
|
21
|
+
export declare class NoopPolicyDetector implements PolicyDetector {
|
|
22
|
+
detect(): Promise<DetectorSignal[]>;
|
|
23
|
+
}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import type { PolicyEvaluator } from "../runtime-core";
|
|
2
|
+
import type { ShieldPolicyInput, ShieldPolicyResult, ShieldStage } from "../types";
|
|
3
|
+
import type { PolicyDetector } from "./detectors/detector-port";
|
|
4
|
+
export declare class PolicyEngine implements PolicyEvaluator {
|
|
5
|
+
private readonly detectors;
|
|
6
|
+
constructor(detectors?: PolicyDetector[]);
|
|
7
|
+
evaluate(input: ShieldPolicyInput, stage: ShieldStage): Promise<ShieldPolicyResult>;
|
|
8
|
+
}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import type { ShieldRuleAction, ShieldSeverity, ShieldStage } from "../types";
|
|
2
|
+
export type StageResolution = {
|
|
3
|
+
effectiveAction: ShieldRuleAction;
|
|
4
|
+
simulatedBlock: boolean;
|
|
5
|
+
simulatedRedaction: boolean;
|
|
6
|
+
};
|
|
7
|
+
export declare const resolveStageAction: (stage: ShieldStage, rawAction: ShieldRuleAction, severity: ShieldSeverity) => StageResolution;
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* 设备 ID 自动获取工具
|
|
3
|
+
* 基于操作系统信息自动生成设备标识,用于心跳上报、数据上报和安全检测请求
|
|
4
|
+
*/
|
|
5
|
+
/**
|
|
6
|
+
* 获取设备 ID
|
|
7
|
+
* 格式: {platform}-{release}
|
|
8
|
+
* 例如: linux-5.15.0-86-generic
|
|
9
|
+
* 获取失败时返回 "Unknown"
|
|
10
|
+
*/
|
|
11
|
+
export declare const getDeviceId: () => string;
|
|
12
|
+
/**
|
|
13
|
+
* 清除缓存的设备 ID(仅用于测试)
|
|
14
|
+
*/
|
|
15
|
+
export declare const clearDeviceIdCache: () => void;
|
|
@@ -0,0 +1,91 @@
|
|
|
1
|
+
import type { GuardrailDecision, HookEnvelope } from "../contracts";
|
|
2
|
+
import type { ShieldFailMode, ShieldPolicyInput, ShieldPolicyResult } from "../types";
|
|
3
|
+
import type { ShieldStage } from "../types";
|
|
4
|
+
/**
|
|
5
|
+
* 策略评估器接口
|
|
6
|
+
* 负责根据输入和当前阶段执行策略评估,返回评估结果
|
|
7
|
+
*/
|
|
8
|
+
export interface PolicyEvaluator {
|
|
9
|
+
evaluate(input: ShieldPolicyInput, stage: ShieldStage): Promise<ShieldPolicyResult>;
|
|
10
|
+
evaluateSync?(input: ShieldPolicyInput, stage: ShieldStage): ShieldPolicyResult;
|
|
11
|
+
}
|
|
12
|
+
/**
|
|
13
|
+
* 审计日志器接口
|
|
14
|
+
* 负责记录每次护栏决策的审计日志
|
|
15
|
+
*/
|
|
16
|
+
export interface AuditLogger {
|
|
17
|
+
logDecision(decision: GuardrailDecision): Promise<void>;
|
|
18
|
+
logDecisionSync?(decision: GuardrailDecision): void;
|
|
19
|
+
}
|
|
20
|
+
/** 护盾运行时配置 */
|
|
21
|
+
export interface ShieldRuntimeConfig {
|
|
22
|
+
/** 是否为模拟模式(仅记录不实际执行) */
|
|
23
|
+
simulated: boolean;
|
|
24
|
+
/** 失败模式(评估异常时的行为) */
|
|
25
|
+
failMode: ShieldFailMode;
|
|
26
|
+
}
|
|
27
|
+
/**
|
|
28
|
+
* 评估服务接口
|
|
29
|
+
* 接收钩子信封,返回护栏决策
|
|
30
|
+
*/
|
|
31
|
+
export interface EvaluateService {
|
|
32
|
+
evaluate(envelope: HookEnvelope): Promise<GuardrailDecision>;
|
|
33
|
+
evaluateSync?(envelope: HookEnvelope): GuardrailDecision | undefined;
|
|
34
|
+
}
|
|
35
|
+
/**
|
|
36
|
+
* 创建空操作(Noop)策略评估器
|
|
37
|
+
* 始终返回"放行"结果,用于未配置策略评估器时的默认行为
|
|
38
|
+
*/
|
|
39
|
+
export declare const createNoopPolicyEvaluator: () => PolicyEvaluator;
|
|
40
|
+
/**
|
|
41
|
+
* 创建空操作(Noop)审计日志器
|
|
42
|
+
* 不做任何记录,用于未配置审计日志器时的默认行为
|
|
43
|
+
*/
|
|
44
|
+
export declare const createNoopAuditLogger: () => AuditLogger;
|
|
45
|
+
/**
|
|
46
|
+
* 评估服务实现类(核心引擎)
|
|
47
|
+
* 整个护栏系统的核心处理流程:
|
|
48
|
+
* 信封(Envelope) → 策略输入 → 策略评估 → 决策映射 → 审计日志
|
|
49
|
+
*/
|
|
50
|
+
export declare class EvaluateServiceImpl implements EvaluateService {
|
|
51
|
+
private readonly config;
|
|
52
|
+
private readonly policyEvaluator;
|
|
53
|
+
private readonly auditLogger;
|
|
54
|
+
constructor(config: ShieldRuntimeConfig, policyEvaluator: PolicyEvaluator, auditLogger: AuditLogger);
|
|
55
|
+
/**
|
|
56
|
+
* 执行完整的安全评估流程(异步主路径)
|
|
57
|
+
*/
|
|
58
|
+
evaluate(envelope: HookEnvelope): Promise<GuardrailDecision>;
|
|
59
|
+
/**
|
|
60
|
+
* 同步评估路径:仅当策略评估器支持 evaluateSync 时可用。
|
|
61
|
+
* 主要用于 OpenClaw 的同步 persist hooks。
|
|
62
|
+
*/
|
|
63
|
+
evaluateSync(envelope: HookEnvelope): GuardrailDecision | undefined;
|
|
64
|
+
/**
|
|
65
|
+
* 生成唯一的决策 ID
|
|
66
|
+
* 格式:decision_{时间戳}_{随机字符串}
|
|
67
|
+
*/
|
|
68
|
+
private createDecisionId;
|
|
69
|
+
/**
|
|
70
|
+
* 将钩子信封转换为策略评估输入
|
|
71
|
+
* 根据不同的钩子类型,提取对应的字段组合成 ShieldPolicyInput
|
|
72
|
+
*/
|
|
73
|
+
private mapEnvelopeToPolicyInput;
|
|
74
|
+
/**
|
|
75
|
+
* 将策略评估结果映射为护栏决策
|
|
76
|
+
*/
|
|
77
|
+
private mapPolicyResultToDecision;
|
|
78
|
+
/**
|
|
79
|
+
* 将策略评估结果映射为决策效果列表
|
|
80
|
+
*/
|
|
81
|
+
private mapPolicyResultToEffects;
|
|
82
|
+
/**
|
|
83
|
+
* 标准化原因代码
|
|
84
|
+
*/
|
|
85
|
+
private normalizeReasonCode;
|
|
86
|
+
/**
|
|
87
|
+
* 构建 failMode 降级决策
|
|
88
|
+
* failMode="open" → 放行(allow),failMode="closed" → 拦截(block)
|
|
89
|
+
*/
|
|
90
|
+
private buildFailModeDecision;
|
|
91
|
+
}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
export * from "./evaluate-service";
|
|
2
|
+
export * from "./remote-policy-evaluator";
|
|
3
|
+
export * from "./memory-audit-logger";
|
|
4
|
+
export * from "./memory-store";
|
|
5
|
+
export * from "./remote-guard-types";
|
|
6
|
+
export * from "./remote-guard-request-builder";
|
|
7
|
+
export * from "./remote-guard-transport";
|
|
8
|
+
export * from "./sync-remote-evaluate";
|
|
9
|
+
export * from "./telemetry-types";
|
|
10
|
+
export * from "./telemetry-service";
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
import type { AuditEvent, GuardrailDecision } from "../contracts";
|
|
2
|
+
import type { AuditLogger } from "./evaluate-service";
|
|
3
|
+
/** 审计日志级别 */
|
|
4
|
+
export type AuditLogLevel = "silent" | "error" | "warn" | "info" | "debug";
|
|
5
|
+
/** 内存审计日志器配置 */
|
|
6
|
+
export type MemoryAuditLoggerConfig = {
|
|
7
|
+
/** 日志级别(控制控制台输出的详细程度) */
|
|
8
|
+
logLevel?: AuditLogLevel;
|
|
9
|
+
/** 最大存储事件数(超过后自动清理最早的事件) */
|
|
10
|
+
maxEvents?: number;
|
|
11
|
+
/** 自定义日志前缀 */
|
|
12
|
+
prefix?: string;
|
|
13
|
+
};
|
|
14
|
+
/**
|
|
15
|
+
* 内存审计日志器
|
|
16
|
+
* 将审计事件存储在内存中,并可选输出到控制台
|
|
17
|
+
* 支持查询历史事件、按类型过滤、清空等操作
|
|
18
|
+
*/
|
|
19
|
+
export declare class MemoryAuditLogger implements AuditLogger {
|
|
20
|
+
private readonly events;
|
|
21
|
+
private readonly config;
|
|
22
|
+
constructor(config?: MemoryAuditLoggerConfig);
|
|
23
|
+
/**
|
|
24
|
+
* 记录护栏决策(实现 AuditLogger 接口)
|
|
25
|
+
*/
|
|
26
|
+
logDecision(decision: GuardrailDecision): Promise<void>;
|
|
27
|
+
/**
|
|
28
|
+
* 同步记录护栏决策,供 OpenClaw 的同步 persist hook 使用。
|
|
29
|
+
*/
|
|
30
|
+
logDecisionSync(decision: GuardrailDecision): void;
|
|
31
|
+
/**
|
|
32
|
+
* 直接记录一个审计事件(用于 RPC 操作等非决策场景)
|
|
33
|
+
*/
|
|
34
|
+
logEvent(event: AuditEvent): void;
|
|
35
|
+
/** 获取所有审计事件 */
|
|
36
|
+
getEvents(): ReadonlyArray<AuditEvent>;
|
|
37
|
+
/** 按事件类型查询 */
|
|
38
|
+
getEventsByType(eventType: AuditEvent["eventType"]): AuditEvent[];
|
|
39
|
+
/** 按决策 ID 查询 */
|
|
40
|
+
getEventsByDecisionId(decisionId: string): AuditEvent[];
|
|
41
|
+
/** 获取事件总数 */
|
|
42
|
+
getEventCount(): number;
|
|
43
|
+
/** 清空所有事件 */
|
|
44
|
+
clear(): void;
|
|
45
|
+
/** 存储事件到内存 */
|
|
46
|
+
private storeEvent;
|
|
47
|
+
/** 输出审计事件到控制台 */
|
|
48
|
+
private printEvent;
|
|
49
|
+
/** 检查是否应该输出指定级别的日志 */
|
|
50
|
+
private shouldLog;
|
|
51
|
+
}
|
|
52
|
+
/**
|
|
53
|
+
* 工厂函数:创建内存审计日志器
|
|
54
|
+
*/
|
|
55
|
+
export declare const createMemoryAuditLogger: (config?: MemoryAuditLoggerConfig) => MemoryAuditLogger;
|
|
@@ -0,0 +1,141 @@
|
|
|
1
|
+
import type { ApprovalTicket, ApprovalTicketDraft, GuardrailDecision, RunHoldDraft, RunHoldTicket } from "../contracts";
|
|
2
|
+
import type { ShieldIncident } from "../types";
|
|
3
|
+
/**
|
|
4
|
+
* 内存存储:安全事件(Incident)
|
|
5
|
+
* 记录每次安全检查产生的事件
|
|
6
|
+
*
|
|
7
|
+
* 淘汰策略:写入时若总量超过阈值,自动清理已上报的旧记录;
|
|
8
|
+
* 未上报的记录永远不会被淘汰,确保审计链完整。
|
|
9
|
+
*/
|
|
10
|
+
export declare class IncidentStore {
|
|
11
|
+
private readonly incidents;
|
|
12
|
+
private readonly gcThreshold;
|
|
13
|
+
/** 已上报的记录 ID 集合 */
|
|
14
|
+
private readonly reportedIds;
|
|
15
|
+
constructor(gcThreshold?: number);
|
|
16
|
+
/** 从护栏决策创建安全事件 */
|
|
17
|
+
createFromDecision(decision: GuardrailDecision): ShieldIncident;
|
|
18
|
+
/** 获取所有事件 */
|
|
19
|
+
list(query?: {
|
|
20
|
+
agentId?: string;
|
|
21
|
+
runId?: string;
|
|
22
|
+
limit?: number;
|
|
23
|
+
offset?: number;
|
|
24
|
+
}): {
|
|
25
|
+
total: number;
|
|
26
|
+
items: ShieldIncident[];
|
|
27
|
+
};
|
|
28
|
+
/** 根据 ID 获取事件 */
|
|
29
|
+
get(id: string): ShieldIncident | undefined;
|
|
30
|
+
/** 获取事件总数 */
|
|
31
|
+
count(): number;
|
|
32
|
+
/** 标记事件为已上报,后续 GC 时可被清理 */
|
|
33
|
+
markReported(ids: string[]): void;
|
|
34
|
+
/** 清空所有事件 */
|
|
35
|
+
clear(): void;
|
|
36
|
+
/** 超过阈值时清理已上报的记录 */
|
|
37
|
+
private maybeGc;
|
|
38
|
+
}
|
|
39
|
+
/**
|
|
40
|
+
* 内存存储:审批工单(Approval)
|
|
41
|
+
*
|
|
42
|
+
* 淘汰策略:写入时若总量超过阈值,自动清理已终态(approved/rejected)的旧记录;
|
|
43
|
+
* pending 状态的工单永远不会被淘汰,避免 agent 永久卡住。
|
|
44
|
+
*/
|
|
45
|
+
export declare class ApprovalStore {
|
|
46
|
+
private readonly approvals;
|
|
47
|
+
private readonly gcThreshold;
|
|
48
|
+
constructor(gcThreshold?: number);
|
|
49
|
+
/** 从草案创建审批工单 */
|
|
50
|
+
create(draft: ApprovalTicketDraft, incidentId?: string): ApprovalTicket;
|
|
51
|
+
/** 解决审批 */
|
|
52
|
+
resolve(approvalId: string, decision: "approved" | "rejected", resolvedBy?: string, note?: string): ApprovalTicket | undefined;
|
|
53
|
+
/** 列出审批 */
|
|
54
|
+
list(query?: {
|
|
55
|
+
status?: string[];
|
|
56
|
+
category?: string[];
|
|
57
|
+
limit?: number;
|
|
58
|
+
offset?: number;
|
|
59
|
+
}): {
|
|
60
|
+
total: number;
|
|
61
|
+
items: ApprovalTicket[];
|
|
62
|
+
};
|
|
63
|
+
/** 根据 ID 获取审批 */
|
|
64
|
+
get(approvalId: string): ApprovalTicket | undefined;
|
|
65
|
+
/** 获取待审批数量 */
|
|
66
|
+
pendingCount(): number;
|
|
67
|
+
/** 获取总数 */
|
|
68
|
+
count(): number;
|
|
69
|
+
/** 清空 */
|
|
70
|
+
clear(): void;
|
|
71
|
+
/** 已终态的审批状态 */
|
|
72
|
+
private static readonly TERMINAL_STATUSES;
|
|
73
|
+
/** 超过阈值时清理已终态的记录 */
|
|
74
|
+
private maybeGc;
|
|
75
|
+
}
|
|
76
|
+
/**
|
|
77
|
+
* 内存存储:运行暂停(RunHold)
|
|
78
|
+
*
|
|
79
|
+
* 淘汰策略:写入时若总量超过阈值,自动清理已终态(resumed/cancelled)的旧记录;
|
|
80
|
+
* pending 和 approved_waiting_resume 状态的不会被淘汰。
|
|
81
|
+
*/
|
|
82
|
+
export declare class RunHoldStore {
|
|
83
|
+
private readonly holds;
|
|
84
|
+
private readonly gcThreshold;
|
|
85
|
+
constructor(gcThreshold?: number);
|
|
86
|
+
/** 从草案创建运行暂停 */
|
|
87
|
+
create(draft: RunHoldDraft, approvalId: string): RunHoldTicket;
|
|
88
|
+
/** 恢复运行 */
|
|
89
|
+
resume(holdId: string): RunHoldTicket | undefined;
|
|
90
|
+
/** 取消暂停 */
|
|
91
|
+
cancel(holdId: string): RunHoldTicket | undefined;
|
|
92
|
+
/** 列出暂停 */
|
|
93
|
+
list(query?: {
|
|
94
|
+
agentId?: string;
|
|
95
|
+
status?: string[];
|
|
96
|
+
limit?: number;
|
|
97
|
+
offset?: number;
|
|
98
|
+
}): {
|
|
99
|
+
total: number;
|
|
100
|
+
items: RunHoldTicket[];
|
|
101
|
+
};
|
|
102
|
+
/** 根据 ID 获取暂停 */
|
|
103
|
+
get(holdId: string): RunHoldTicket | undefined;
|
|
104
|
+
/** 获取待处理数量 */
|
|
105
|
+
pendingCount(): number;
|
|
106
|
+
/** 获取总数 */
|
|
107
|
+
count(): number;
|
|
108
|
+
/** 清空 */
|
|
109
|
+
clear(): void;
|
|
110
|
+
/** 已终态的 hold 状态 */
|
|
111
|
+
private static readonly TERMINAL_STATUSES;
|
|
112
|
+
/** 超过阈值时清理已终态的记录 */
|
|
113
|
+
private maybeGc;
|
|
114
|
+
}
|
|
115
|
+
/**
|
|
116
|
+
* 聚合存储:统一管理所有内存存储
|
|
117
|
+
*/
|
|
118
|
+
export declare class MemoryStore {
|
|
119
|
+
readonly incidents: IncidentStore;
|
|
120
|
+
readonly approvals: ApprovalStore;
|
|
121
|
+
readonly runHolds: RunHoldStore;
|
|
122
|
+
/** 获取统计摘要 */
|
|
123
|
+
getStats(): {
|
|
124
|
+
incidents: number;
|
|
125
|
+
approvals: number;
|
|
126
|
+
pendingApprovals: number;
|
|
127
|
+
runHolds: number;
|
|
128
|
+
pendingRunHolds: number;
|
|
129
|
+
};
|
|
130
|
+
/** 清空所有存储 */
|
|
131
|
+
clearAll(): void;
|
|
132
|
+
/**
|
|
133
|
+
* 处理护栏决策产生的副作用
|
|
134
|
+
* 根据决策效果自动创建 Incident、Approval、RunHold
|
|
135
|
+
*/
|
|
136
|
+
processDecisionEffects(decision: GuardrailDecision): {
|
|
137
|
+
incident?: ShieldIncident;
|
|
138
|
+
approval?: ApprovalTicket;
|
|
139
|
+
runHold?: RunHoldTicket;
|
|
140
|
+
};
|
|
141
|
+
}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* 远端安全检测请求构建器
|
|
3
|
+
* 将内部 ShieldPolicyInput 数据转换为远端服务需要的统一格式
|
|
4
|
+
*/
|
|
5
|
+
import type { ShieldPolicyInput, ShieldStage } from "../types";
|
|
6
|
+
import type { RemoteGuardConfig, RemoteGuardRequest } from "./remote-guard-types";
|
|
7
|
+
/**
|
|
8
|
+
* 构建远端安全检测请求
|
|
9
|
+
*/
|
|
10
|
+
export declare const buildRemoteGuardRequest: (input: ShieldPolicyInput, stage: ShieldStage, config: RemoteGuardConfig) => Promise<RemoteGuardRequest>;
|
|
11
|
+
/**
|
|
12
|
+
* 同步版本:构建远端安全检测请求
|
|
13
|
+
* 用于同步 hook(before_message_write / tool_result_persist)中构建请求体
|
|
14
|
+
*/
|
|
15
|
+
export declare const buildRemoteGuardRequestSync: (input: ShieldPolicyInput, stage: ShieldStage, config: RemoteGuardConfig) => RemoteGuardRequest;
|
|
@@ -0,0 +1,79 @@
|
|
|
1
|
+
type PathModule = {
|
|
2
|
+
resolve: (...parts: string[]) => string;
|
|
3
|
+
join: (...parts: string[]) => string;
|
|
4
|
+
};
|
|
5
|
+
type OsModule = {
|
|
6
|
+
homedir: () => string;
|
|
7
|
+
};
|
|
8
|
+
/**
|
|
9
|
+
* 远端安全检测 HTTP Transport 实现
|
|
10
|
+
* 负责调用远端服务并处理响应
|
|
11
|
+
*/
|
|
12
|
+
import type { RemotePolicyResponse, RemotePolicyTransport } from "./remote-policy-evaluator";
|
|
13
|
+
import type { RemoteGuardConfig, RemoteGuardResponse } from "./remote-guard-types";
|
|
14
|
+
/**
|
|
15
|
+
* 清除配置缓存,强制下次重新加载配置文件
|
|
16
|
+
*/
|
|
17
|
+
export declare const clearRemoteGuardConfigCache: () => void;
|
|
18
|
+
export declare const getDefaultRemoteGuardConfigPath: (params?: {
|
|
19
|
+
env?: Record<string, string | undefined>;
|
|
20
|
+
path?: PathModule;
|
|
21
|
+
os?: OsModule;
|
|
22
|
+
}) => string;
|
|
23
|
+
export declare const getDefaultRemoteGuardAuthConfigPath: (params?: {
|
|
24
|
+
env?: Record<string, string | undefined>;
|
|
25
|
+
path?: PathModule;
|
|
26
|
+
os?: OsModule;
|
|
27
|
+
}) => string;
|
|
28
|
+
export declare const resolveRuntimeRemoteGuardConfigPath: (configPath?: string) => string;
|
|
29
|
+
/**
|
|
30
|
+
* 加载远端配置文件
|
|
31
|
+
* 注意:此函数只在 Node.js 环境下工作
|
|
32
|
+
*/
|
|
33
|
+
export declare const loadRemoteGuardConfig: (configPath?: string) => Promise<RemoteGuardConfig | null>;
|
|
34
|
+
/**
|
|
35
|
+
* 同步加载配置(用于启动时)
|
|
36
|
+
*
|
|
37
|
+
* @param configPath 配置文件路径
|
|
38
|
+
* @param forceReload 是否强制重新读取文件(跳过缓存)
|
|
39
|
+
*/
|
|
40
|
+
export declare const loadRemoteGuardConfigSync: (configPath?: string, forceReload?: boolean) => RemoteGuardConfig | null;
|
|
41
|
+
/**
|
|
42
|
+
* 获取已加载的配置
|
|
43
|
+
*/
|
|
44
|
+
export declare const getRemoteGuardConfig: () => RemoteGuardConfig | null;
|
|
45
|
+
/**
|
|
46
|
+
* 设置配置(用于测试或手动注入)
|
|
47
|
+
*/
|
|
48
|
+
export declare const setRemoteGuardConfig: (config: RemoteGuardConfig | null) => void;
|
|
49
|
+
/**
|
|
50
|
+
* 将远端响应转换为内部策略响应格式
|
|
51
|
+
*
|
|
52
|
+
* 处理逻辑:
|
|
53
|
+
* - deny: 阻断,设置 block 动作,创建 finding 用于 Incident 记录
|
|
54
|
+
* - approval: 需要审批,设置 block 动作(暂停会话),创建 approvalRequest 和 runHold
|
|
55
|
+
* - redact: 脱敏
|
|
56
|
+
* - allow/其他: 放行
|
|
57
|
+
*/
|
|
58
|
+
export declare const mapRemoteGuardResponseToPolicyResponse: (response: RemoteGuardResponse, requestContext?: {
|
|
59
|
+
toolName?: string;
|
|
60
|
+
agentId?: string;
|
|
61
|
+
runId?: string;
|
|
62
|
+
sessionId?: string;
|
|
63
|
+
}) => RemotePolicyResponse;
|
|
64
|
+
/**
|
|
65
|
+
* 创建 HTTP Transport 实现
|
|
66
|
+
*
|
|
67
|
+
* 配置在创建 transport 时传入,后续使用该配置。
|
|
68
|
+
* 如需更新本地配置或 API Key,可修改文件后执行 `shield.config.refresh` 或重启 gateway。
|
|
69
|
+
*/
|
|
70
|
+
export declare const createRemoteGuardHttpTransport: (config: RemoteGuardConfig) => RemotePolicyTransport;
|
|
71
|
+
/**
|
|
72
|
+
* 创建带自动配置加载的 HTTP Transport
|
|
73
|
+
*/
|
|
74
|
+
export declare const createAutoConfigRemoteGuardTransport: (configPath?: string) => Promise<RemotePolicyTransport | undefined>;
|
|
75
|
+
/**
|
|
76
|
+
* 创建带自动配置加载的 HTTP Transport(同步版本)
|
|
77
|
+
*/
|
|
78
|
+
export declare const createAutoConfigRemoteGuardTransportSync: (configPath?: string) => RemotePolicyTransport | undefined;
|
|
79
|
+
export {};
|