@clampd/sdk 0.14.0 → 0.15.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/_frameworkAdapters.d.ts +93 -0
- package/dist/_frameworkAdapters.d.ts.map +1 -0
- package/dist/_frameworkAdapters.js +177 -0
- package/dist/_frameworkAdapters.js.map +1 -0
- package/dist/errors.d.ts +23 -0
- package/dist/errors.d.ts.map +1 -1
- package/dist/errors.js +28 -0
- package/dist/errors.js.map +1 -1
- package/dist/generated/taxonomy-data.d.ts +4 -0
- package/dist/generated/taxonomy-data.d.ts.map +1 -1
- package/dist/generated/taxonomy-data.js +36 -36
- package/dist/generated/taxonomy-data.js.map +1 -1
- package/dist/guardrails.d.ts.map +1 -1
- package/dist/guardrails.js +16 -1
- package/dist/guardrails.js.map +1 -1
- package/dist/index.d.ts +2 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +37 -5
- package/dist/index.js.map +1 -1
- package/dist/interceptor.d.ts.map +1 -1
- package/dist/interceptor.js +8 -0
- package/dist/interceptor.js.map +1 -1
- package/dist/langchain.d.ts.map +1 -1
- package/dist/langchain.js +11 -1
- package/dist/langchain.js.map +1 -1
- package/dist/register.d.ts +58 -7
- package/dist/register.d.ts.map +1 -1
- package/dist/register.js +98 -33
- package/dist/register.js.map +1 -1
- package/dist/stream-guard.d.ts.map +1 -1
- package/dist/stream-guard.js +7 -1
- package/dist/stream-guard.js.map +1 -1
- package/package.json +2 -2
package/dist/register.js
CHANGED
|
@@ -10,7 +10,7 @@
|
|
|
10
10
|
* time, the SDK POSTs the already-classified descriptor to the backend,
|
|
11
11
|
* and the tool skips the dashboard approval queue entirely.
|
|
12
12
|
*
|
|
13
|
-
* API shape choice: the `classification`
|
|
13
|
+
* API shape choice: the `classification` field is a single
|
|
14
14
|
* `ToolClassification` discriminated-union object rather than three
|
|
15
15
|
* independent string params. This lets the tsc compiler narrow the valid
|
|
16
16
|
* `operation` values based on the (`category`, `subcategory`) pair the
|
|
@@ -18,38 +18,49 @@
|
|
|
18
18
|
* "query"`, the only valid `operation` is `"read"`. That compile-time
|
|
19
19
|
* narrowing is the whole point of the feature and would be lost if we
|
|
20
20
|
* took three separate strings.
|
|
21
|
+
*
|
|
22
|
+
* Three call shapes are accepted (overloads):
|
|
23
|
+
*
|
|
24
|
+
* 1. `registerTool({ name, classification, ... })` — original options-bag
|
|
25
|
+
* form. Kept for backward compatibility with v0.15 callers.
|
|
26
|
+
* 2. `registerTool(name, { category, subcategory, operation, ... })` —
|
|
27
|
+
* positional form, mirrors Python's `register_tool(name, *, ...)`.
|
|
28
|
+
* 3. `registerTool(toolObject, { category, subcategory, operation })` —
|
|
29
|
+
* pass a LangChain `BaseTool`, OpenAI tool def, or Anthropic tool
|
|
30
|
+
* def directly. The SDK extracts name / description / paramSchema
|
|
31
|
+
* via duck typing in `_frameworkAdapters.extractToolDescriptor`.
|
|
32
|
+
*
|
|
33
|
+
* Forms 2 and 3 disallow passing both a tool object AND a `description`
|
|
34
|
+
* / `paramSchema` override — the tool object is the source of truth,
|
|
35
|
+
* mixing the two is almost always a mistake.
|
|
21
36
|
*/
|
|
22
37
|
import { computeScope, validateClassification, } from "./taxonomy.js";
|
|
23
38
|
import { ClampdClassificationError } from "./errors.js";
|
|
24
39
|
import { sharedConfig } from "./config.js";
|
|
25
40
|
import { contractHash } from "./contract-hash.js";
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
* Behaviour:
|
|
31
|
-
* 1. Runtime-validates the classification even though the type system
|
|
32
|
-
* already enforces it — callers who bypass `ToolClassification` via
|
|
33
|
-
* `as any` will get a `ClampdClassificationError`.
|
|
34
|
-
* 2. POSTs `{ name, category, subcategory, operation, description,
|
|
35
|
-
* source: "sdk" }` to
|
|
36
|
-
* `/v1/orgs/{orgId}/tool-descriptors/register` on the dashboard
|
|
37
|
-
* API.
|
|
38
|
-
* 3. Never throws on network failure — logs a warning and returns.
|
|
39
|
-
* App startup must not be blocked by a dashboard outage.
|
|
40
|
-
*
|
|
41
|
-
* Backend endpoint status: the dashboard API does not yet expose a
|
|
42
|
-
* `/register` route. See the report in the PR that introduces this
|
|
43
|
-
* function; until the backend catches up, calls will log the warning
|
|
44
|
-
* path and be no-ops.
|
|
45
|
-
*/
|
|
46
|
-
export async function registerTool(opts) {
|
|
41
|
+
import { extractToolDescriptor, _registeredDescriptors, } from "./_frameworkAdapters.js";
|
|
42
|
+
export async function registerTool(arg1, arg2) {
|
|
43
|
+
// Normalise the three call shapes into a single internal options bag.
|
|
44
|
+
const opts = _normalizeArgs(arg1, arg2);
|
|
47
45
|
const { name, classification, description } = opts;
|
|
48
46
|
// Runtime validation — belt and suspenders for callers that bypass
|
|
49
47
|
// the discriminated union via `as any` or dynamic values.
|
|
50
48
|
if (!validateClassification(classification.category, classification.subcategory, classification.operation)) {
|
|
51
49
|
throw new ClampdClassificationError(classification.category, classification.subcategory, classification.operation);
|
|
52
50
|
}
|
|
51
|
+
// Compute the contract hash client-side first so we can record it in
|
|
52
|
+
// `_registeredDescriptors` even when we skip the network call (e.g.
|
|
53
|
+
// missing orgId in dev). The framework wrappers consult this map to
|
|
54
|
+
// forward the canonical hash to the gateway, which is what makes
|
|
55
|
+
// descriptor-hash checks survive without round-tripping through the
|
|
56
|
+
// dashboard.
|
|
57
|
+
const paramSchema = opts.paramSchema ?? {};
|
|
58
|
+
const descriptorHash = contractHash({
|
|
59
|
+
name,
|
|
60
|
+
description: description ?? "",
|
|
61
|
+
parameters: paramSchema,
|
|
62
|
+
});
|
|
63
|
+
_registeredDescriptors.set(name, descriptorHash);
|
|
53
64
|
const orgId = opts.orgId ?? process.env.CLAMPD_ORG_ID ?? "";
|
|
54
65
|
if (!orgId) {
|
|
55
66
|
console.warn("[clampd] registerTool: no orgId provided (and CLAMPD_ORG_ID is unset); skipping backend registration.");
|
|
@@ -60,17 +71,6 @@ export async function registerTool(opts) {
|
|
|
60
71
|
sharedConfig.gatewayUrl ??
|
|
61
72
|
"http://localhost:3000").replace(/\/$/, "");
|
|
62
73
|
const apiKey = opts.apiKey ?? process.env.CLAMPD_API_KEY ?? "";
|
|
63
|
-
// Compute the contract hash client-side and send it to the server.
|
|
64
|
-
// The server validates it matches its own computation (same formula)
|
|
65
|
-
// and stores it as the authoritative descriptor_hash. Subsequent
|
|
66
|
-
// `guard()` calls compute the same hash and the gateway can then
|
|
67
|
-
// distinguish "approved hash" from "rug-pull" cleanly.
|
|
68
|
-
const paramSchema = opts.paramSchema ?? {};
|
|
69
|
-
const descriptorHash = contractHash({
|
|
70
|
-
name,
|
|
71
|
-
description: description ?? "",
|
|
72
|
-
parameters: paramSchema,
|
|
73
|
-
});
|
|
74
74
|
const body = {
|
|
75
75
|
name,
|
|
76
76
|
category: classification.category,
|
|
@@ -102,4 +102,69 @@ export async function registerTool(opts) {
|
|
|
102
102
|
console.warn(`[clampd] registerTool: failed to reach dashboard for ${name}: ${msg}`);
|
|
103
103
|
}
|
|
104
104
|
}
|
|
105
|
+
// ── Internal: argument normalisation ────────────────────────────────
|
|
106
|
+
/**
|
|
107
|
+
* Detect which of the three overload shapes the caller used and return
|
|
108
|
+
* a single canonical {@link RegisterToolOptions}. Throws `TypeError`
|
|
109
|
+
* for invalid combinations (notably: passing a tool object alongside a
|
|
110
|
+
* `description`/`paramSchema` override).
|
|
111
|
+
*/
|
|
112
|
+
function _normalizeArgs(arg1, arg2) {
|
|
113
|
+
// Form 1: registerTool({ name, classification, ... })
|
|
114
|
+
if (arg2 === undefined &&
|
|
115
|
+
typeof arg1 === "object" &&
|
|
116
|
+
arg1 !== null &&
|
|
117
|
+
"name" in arg1 &&
|
|
118
|
+
"classification" in arg1) {
|
|
119
|
+
return arg1;
|
|
120
|
+
}
|
|
121
|
+
if (arg2 === undefined) {
|
|
122
|
+
throw new TypeError("registerTool: expected either registerTool(opts), registerTool(name, opts), or registerTool(toolObject, opts).");
|
|
123
|
+
}
|
|
124
|
+
const classification = {
|
|
125
|
+
category: arg2.category,
|
|
126
|
+
subcategory: arg2.subcategory,
|
|
127
|
+
operation: arg2.operation,
|
|
128
|
+
};
|
|
129
|
+
const routing = {
|
|
130
|
+
orgId: arg2.orgId,
|
|
131
|
+
dashboardUrl: arg2.dashboardUrl,
|
|
132
|
+
apiKey: arg2.apiKey,
|
|
133
|
+
};
|
|
134
|
+
// Form 2: registerTool(name, opts)
|
|
135
|
+
if (typeof arg1 === "string") {
|
|
136
|
+
const o = arg2;
|
|
137
|
+
return {
|
|
138
|
+
name: arg1,
|
|
139
|
+
classification,
|
|
140
|
+
description: o.description,
|
|
141
|
+
paramSchema: o.paramSchema,
|
|
142
|
+
...routing,
|
|
143
|
+
};
|
|
144
|
+
}
|
|
145
|
+
// Form 3: registerTool(toolObject, opts)
|
|
146
|
+
if (typeof arg1 === "object" && arg1 !== null) {
|
|
147
|
+
const o = arg2;
|
|
148
|
+
if (o.description !== undefined || o.paramSchema !== undefined) {
|
|
149
|
+
throw new TypeError("registerTool: pass description/paramSchema OR a tool object, not both. " +
|
|
150
|
+
"The tool object's own metadata is the source of truth — drop the override " +
|
|
151
|
+
"or call registerTool(name, opts) instead.");
|
|
152
|
+
}
|
|
153
|
+
const extracted = extractToolDescriptor(arg1);
|
|
154
|
+
if (!extracted) {
|
|
155
|
+
throw new TypeError("registerTool: first argument is not a recognised tool object. " +
|
|
156
|
+
"Expected a LangChain BaseTool ({ name, schema/args_schema }), " +
|
|
157
|
+
"an OpenAI tool def ({ type: 'function', function: { name, ... } }), " +
|
|
158
|
+
"or an Anthropic tool def ({ name, input_schema }).");
|
|
159
|
+
}
|
|
160
|
+
return {
|
|
161
|
+
name: extracted.name,
|
|
162
|
+
classification,
|
|
163
|
+
description: extracted.description,
|
|
164
|
+
paramSchema: extracted.paramSchema,
|
|
165
|
+
...routing,
|
|
166
|
+
};
|
|
167
|
+
}
|
|
168
|
+
throw new TypeError("registerTool: first argument must be an options object, a tool name string, or a framework tool object.");
|
|
169
|
+
}
|
|
105
170
|
//# sourceMappingURL=register.js.map
|
package/dist/register.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"register.js","sourceRoot":"","sources":["../src/register.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"register.js","sourceRoot":"","sources":["../src/register.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AAEH,OAAO,EACL,YAAY,EACZ,sBAAsB,GAEvB,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,yBAAyB,CAAC;AA0GjC,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,IAA2C,EAC3C,IAAyE;IAEzE,sEAAsE;IACtE,MAAM,IAAI,GAAG,cAAc,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAExC,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;IAEnD,mEAAmE;IACnE,0DAA0D;IAC1D,IACE,CAAC,sBAAsB,CACrB,cAAc,CAAC,QAAQ,EACvB,cAAc,CAAC,WAAW,EAC1B,cAAc,CAAC,SAAS,CACzB,EACD,CAAC;QACD,MAAM,IAAI,yBAAyB,CACjC,cAAc,CAAC,QAAQ,EACvB,cAAc,CAAC,WAAW,EAC1B,cAAc,CAAC,SAAS,CACzB,CAAC;IACJ,CAAC;IAED,qEAAqE;IACrE,oEAAoE;IACpE,oEAAoE;IACpE,iEAAiE;IACjE,oEAAoE;IACpE,aAAa;IACb,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC;IAC3C,MAAM,cAAc,GAAG,YAAY,CAAC;QAClC,IAAI;QACJ,WAAW,EAAE,WAAW,IAAI,EAAE;QAC9B,UAAU,EAAE,WAAW;KACxB,CAAC,CAAC;IACH,sBAAsB,CAAC,GAAG,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;IAEjD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,EAAE,CAAC;IAC5D,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,CAAC,IAAI,CACV,uGAAuG,CACxG,CAAC;QACF,OAAO;IACT,CAAC;IAED,MAAM,YAAY,GAAG,CACnB,IAAI,CAAC,YAAY;QACjB,OAAO,CAAC,GAAG,CAAC,oBAAoB;QAChC,YAAY,CAAC,UAAU;QACvB,uBAAuB,CACxB,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAErB,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,EAAE,CAAC;IAE/D,MAAM,IAAI,GAAG;QACX,IAAI;QACJ,QAAQ,EAAE,cAAc,CAAC,QAAQ;QACjC,WAAW,EAAE,cAAc,CAAC,WAAW;QACvC,SAAS,EAAE,cAAc,CAAC,SAAS;QACnC,WAAW;QACX,YAAY,EAAE,WAAW;QACzB,eAAe,EAAE,cAAc;QAC/B,MAAM,EAAE,KAAc;QACtB,KAAK,EAAE,YAAY,CAAC,cAAc,CAAC;KACpC,CAAC;IAEF,MAAM,GAAG,GAAG,GAAG,YAAY,YAAY,kBAAkB,CAAC,KAAK,CAAC,4BAA4B,CAAC;IAE7F,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC5B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,UAAU,EAAE,MAAM;aACnB;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACb,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,QAAQ,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;YAClE,OAAO,CAAC,IAAI,CACV,2CAA2C,IAAI,CAAC,MAAM,QAAQ,IAAI,KAAK,IAAI,EAAE,CAC9E,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7D,OAAO,CAAC,IAAI,CACV,wDAAwD,IAAI,KAAK,GAAG,EAAE,CACvE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,uEAAuE;AAEvE;;;;;GAKG;AACH,SAAS,cAAc,CACrB,IAA2C,EAC3C,IAAyE;IAEzE,sDAAsD;IACtD,IACE,IAAI,KAAK,SAAS;QAClB,OAAO,IAAI,KAAK,QAAQ;QACxB,IAAI,KAAK,IAAI;QACb,MAAM,IAAI,IAAI;QACd,gBAAgB,IAAI,IAAI,EACxB,CAAC;QACD,OAAO,IAA2B,CAAC;IACrC,CAAC;IAED,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,MAAM,IAAI,SAAS,CACjB,gHAAgH,CACjH,CAAC;IACJ,CAAC;IAED,MAAM,cAAc,GAAuB;QACzC,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,SAAS,EAAE,IAAI,CAAC,SAAS;KACJ,CAAC;IAExB,MAAM,OAAO,GAAwB;QACnC,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB,CAAC;IAEF,mCAAmC;IACnC,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC7B,MAAM,CAAC,GAAG,IAAyC,CAAC;QACpD,OAAO;YACL,IAAI,EAAE,IAAI;YACV,cAAc;YACd,WAAW,EAAE,CAAC,CAAC,WAAW;YAC1B,WAAW,EAAE,CAAC,CAAC,WAAW;YAC1B,GAAG,OAAO;SACX,CAAC;IACJ,CAAC;IAED,yCAAyC;IACzC,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;QAC9C,MAAM,CAAC,GAAG,IAAyC,CAAC;QACpD,IAAI,CAAC,CAAC,WAAW,KAAK,SAAS,IAAI,CAAC,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YAC/D,MAAM,IAAI,SAAS,CACjB,yEAAyE;gBACvE,4EAA4E;gBAC5E,2CAA2C,CAC9C,CAAC;QACJ,CAAC;QACD,MAAM,SAAS,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;QAC9C,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,SAAS,CACjB,gEAAgE;gBAC9D,gEAAgE;gBAChE,sEAAsE;gBACtE,oDAAoD,CACvD,CAAC;QACJ,CAAC;QACD,OAAO;YACL,IAAI,EAAE,SAAS,CAAC,IAAI;YACpB,cAAc;YACd,WAAW,EAAE,SAAS,CAAC,WAAW;YAClC,WAAW,EAAE,SAAS,CAAC,WAAW;YAClC,GAAG,OAAO;SACX,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,SAAS,CACjB,yGAAyG,CAC1G,CAAC;AACJ,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"stream-guard.d.ts","sourceRoot":"","sources":["../src/stream-guard.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,YAAY,EAAsB,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"stream-guard.d.ts","sourceRoot":"","sources":["../src/stream-guard.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,YAAY,EAAsB,MAAM,aAAa,CAAC;AAQ/D,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC5B;AAgHD;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE,aAAa,CAAC,OAAO,CAAC,EAC9B,MAAM,EAAE,YAAY,EACpB,IAAI,EAAE,kBAAkB,GACvB,aAAa,CAAC,OAAO,CAAC,CAqGxB;AAID;;;;GAIG;AACH,wBAAgB,oBAAoB,CAClC,MAAM,EAAE,aAAa,CAAC,OAAO,CAAC,EAC9B,MAAM,EAAE,YAAY,EACpB,IAAI,EAAE,kBAAkB,GACvB,aAAa,CAAC,OAAO,CAAC,CAgFxB"}
|
package/dist/stream-guard.js
CHANGED
|
@@ -6,6 +6,8 @@
|
|
|
6
6
|
* Text/content chunks pass through immediately with zero added latency.
|
|
7
7
|
*/
|
|
8
8
|
import { ClampdBlockedError } from "./interceptor.js";
|
|
9
|
+
import { ClampdUnregisteredToolError } from "./errors.js";
|
|
10
|
+
import { raiseIfUnregistered, _registeredDescriptors } from "./_frameworkAdapters.js";
|
|
9
11
|
import { withDelegation, getDelegation, getCallerAgentId } from "./delegation.js";
|
|
10
12
|
// ── Proxy helper ─────────────────────────────────────────────────
|
|
11
13
|
async function guardToolCall(client, toolName, toolArgs, opts) {
|
|
@@ -20,7 +22,9 @@ async function guardToolCall(client, toolName, toolArgs, opts) {
|
|
|
20
22
|
};
|
|
21
23
|
}
|
|
22
24
|
try {
|
|
23
|
-
const
|
|
25
|
+
const registeredHash = _registeredDescriptors.get(toolName);
|
|
26
|
+
const res = await client.proxy(toolName, proxyParams, opts.targetUrl ?? "", undefined, registeredHash, opts.authorizedTools);
|
|
27
|
+
raiseIfUnregistered(toolName, res);
|
|
24
28
|
if (!res.allowed) {
|
|
25
29
|
// Respect failOpen for gateway errors
|
|
26
30
|
if (opts.failOpen && res._gatewayError) {
|
|
@@ -32,6 +36,8 @@ async function guardToolCall(client, toolName, toolArgs, opts) {
|
|
|
32
36
|
catch (e) {
|
|
33
37
|
if (e instanceof ClampdBlockedError)
|
|
34
38
|
throw e;
|
|
39
|
+
if (e instanceof ClampdUnregisteredToolError)
|
|
40
|
+
throw e;
|
|
35
41
|
if (!opts.failOpen)
|
|
36
42
|
throw new ClampdBlockedError({
|
|
37
43
|
request_id: "error",
|
package/dist/stream-guard.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"stream-guard.js","sourceRoot":"","sources":["../src/stream-guard.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAkElF,oEAAoE;AAEpE,KAAK,UAAU,aAAa,CAC1B,MAAoB,EACpB,QAAgB,EAChB,QAAiC,EACjC,IAAwB;IAExB,MAAM,cAAc,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,IAAI,EAAE;QAC5C,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;QACnC,MAAM,WAAW,GAA4B,EAAE,GAAG,QAAQ,EAAE,CAAC;QAC7D,IAAI,UAAU,IAAI,UAAU,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9C,WAAW,CAAC,WAAW,GAAG;gBACxB,eAAe,EAAE,gBAAgB,EAAE;gBACnC,gBAAgB,EAAE,UAAU,CAAC,KAAK;gBAClC,mBAAmB,EAAE,UAAU,CAAC,OAAO;aACxC,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,KAAK,CAC5B,QAAQ,EACR,WAAW,EACX,IAAI,CAAC,SAAS,IAAI,EAAE,EACpB,SAAS,EACT,
|
|
1
|
+
{"version":3,"file":"stream-guard.js","sourceRoot":"","sources":["../src/stream-guard.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AACtD,OAAO,EAAE,2BAA2B,EAAE,MAAM,aAAa,CAAC;AAC1D,OAAO,EAAE,mBAAmB,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AACtF,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAkElF,oEAAoE;AAEpE,KAAK,UAAU,aAAa,CAC1B,MAAoB,EACpB,QAAgB,EAChB,QAAiC,EACjC,IAAwB;IAExB,MAAM,cAAc,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,IAAI,EAAE;QAC5C,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;QACnC,MAAM,WAAW,GAA4B,EAAE,GAAG,QAAQ,EAAE,CAAC;QAC7D,IAAI,UAAU,IAAI,UAAU,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9C,WAAW,CAAC,WAAW,GAAG;gBACxB,eAAe,EAAE,gBAAgB,EAAE;gBACnC,gBAAgB,EAAE,UAAU,CAAC,KAAK;gBAClC,mBAAmB,EAAE,UAAU,CAAC,OAAO;aACxC,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,MAAM,cAAc,GAAG,sBAAsB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC5D,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,KAAK,CAC5B,QAAQ,EACR,WAAW,EACX,IAAI,CAAC,SAAS,IAAI,EAAE,EACpB,SAAS,EACT,cAAc,EACd,IAAI,CAAC,eAAe,CACrB,CAAC;YACF,mBAAmB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;YACnC,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;gBACjB,sCAAsC;gBACtC,IAAI,IAAI,CAAC,QAAQ,IAAI,GAAG,CAAC,aAAa,EAAE,CAAC;oBACvC,OAAO;gBACT,CAAC;gBACD,MAAM,IAAI,kBAAkB,CAAC,GAAG,CAAC,CAAC;YACpC,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,IAAI,CAAC,YAAY,kBAAkB;gBAAE,MAAM,CAAC,CAAC;YAC7C,IAAI,CAAC,YAAY,2BAA2B;gBAAE,MAAM,CAAC,CAAC;YACtD,IAAI,CAAC,IAAI,CAAC,QAAQ;gBAAE,MAAM,IAAI,kBAAkB,CAAC;oBAC/C,UAAU,EAAE,OAAO;oBACnB,OAAO,EAAE,KAAK;oBACd,UAAU,EAAE,GAAG;oBACf,aAAa,EAAE,MAAM,CAAC,CAAC,CAAC;oBACxB,UAAU,EAAE,CAAC;oBACb,eAAe,EAAE,EAAE;oBACnB,aAAa,EAAE,EAAE;iBAClB,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED,oEAAoE;AAEpE;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,iBAAiB,CAC/B,MAA8B,EAC9B,MAAoB,EACpB,IAAwB;IAExB,MAAM,eAAe,GAAG,KAAK,SAAS,CAAC;QACrC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAiC,CAAC;QACzD,6EAA6E;QAC7E,MAAM,cAAc,GAAkB,EAAE,CAAC;QACzC,IAAI,YAAY,GAAG,KAAK,CAAC;QAEzB,IAAI,KAAK,EAAE,MAAM,QAAQ,IAAI,MAAM,EAAE,CAAC;YACpC,MAAM,KAAK,GAAG,QAAuB,CAAC;YACtC,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;YAElC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC;gBACvC,0DAA0D;gBAC1D,0DAA0D;gBAC1D,6CAA6C;gBAC7C,IAAI,CAAC,YAAY,EAAE,CAAC;oBAClB,MAAM,KAAK,CAAC;oBACZ,SAAS;gBACX,CAAC;gBACD,oDAAoD;gBACpD,IAAI,MAAM,EAAE,aAAa,EAAE,CAAC;oBAC1B,uCAAuC;oBACvC,KAAK,MAAM,CAAC,EAAE,EAAE,CAAC,IAAI,OAAO,EAAE,CAAC;wBAC7B,MAAM,OAAO,GAAG,EAAE,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;wBAC9C,IAAI,QAAiC,CAAC;wBACtC,IAAI,CAAC;4BACH,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;wBACjC,CAAC;wBAAC,MAAM,CAAC;4BACP,QAAQ,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;wBAC9B,CAAC;wBACD,MAAM,aAAa,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC;oBACvD,CAAC;oBAED,8BAA8B;oBAC9B,KAAK,MAAM,QAAQ,IAAI,cAAc,EAAE,CAAC;wBACtC,MAAM,QAAQ,CAAC;oBACjB,CAAC;oBACD,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC;oBAC1B,OAAO,CAAC,KAAK,EAAE,CAAC;oBAChB,YAAY,GAAG,KAAK,CAAC;oBAErB,6BAA6B;oBAC7B,MAAM,KAAK,CAAC;oBACZ,SAAS;gBACX,CAAC;gBAED,MAAM,KAAK,CAAC;gBACZ,SAAS;YACX,CAAC;YAED,yCAAyC;YACzC,YAAY,GAAG,IAAI,CAAC;YACpB,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;gBAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC;gBAC1B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBACtB,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE;wBACf,KAAK,EAAE,GAAG;wBACV,IAAI,EAAE,OAAO,CAAC,QAAQ,EAAE,IAAI,IAAI,SAAS;wBACzC,iBAAiB,EAAE,EAAE;qBACtB,CAAC,CAAC;gBACL,CAAC;gBACD,MAAM,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAE,CAAC;gBAC7B,IAAI,OAAO,CAAC,QAAQ,EAAE,IAAI,IAAI,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;oBACvC,EAAE,CAAC,IAAI,GAAG,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;gBAClC,CAAC;gBACD,IAAI,OAAO,CAAC,QAAQ,EAAE,SAAS,EAAE,CAAC;oBAChC,EAAE,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;gBACxD,CAAC;YACH,CAAC;YACD,0DAA0D;YAC1D,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC7B,CAAC;QAED,gDAAgD;QAChD,IAAI,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YACrB,KAAK,MAAM,CAAC,EAAE,EAAE,CAAC,IAAI,OAAO,EAAE,CAAC;gBAC7B,MAAM,OAAO,GAAG,EAAE,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAC9C,IAAI,QAAiC,CAAC;gBACtC,IAAI,CAAC;oBACH,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACjC,CAAC;gBAAC,MAAM,CAAC;oBACP,QAAQ,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;gBAC9B,CAAC;gBACD,MAAM,aAAa,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC;YACvD,CAAC;YACD,KAAK,MAAM,QAAQ,IAAI,cAAc,EAAE,CAAC;gBACtC,MAAM,QAAQ,CAAC;YACjB,CAAC;QACH,CAAC;IACH,CAAC,CAAC;IAEF,oEAAoE;IACpE,0EAA0E;IAC1E,OAAO,IAAI,KAAK,CAAC,MAAgB,EAAE;QACjC,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ;YACxB,IAAI,IAAI,KAAK,MAAM,CAAC,aAAa,EAAE,CAAC;gBAClC,OAAO,GAAG,EAAE,CAAC,eAAe,EAAE,CAAC;YACjC,CAAC;YACD,OAAO,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;QAC7C,CAAC;KACF,CAA2B,CAAC;AAC/B,CAAC;AAED,oEAAoE;AAEpE;;;;GAIG;AACH,MAAM,UAAU,oBAAoB,CAClC,MAA8B,EAC9B,MAAoB,EACpB,IAAwB;IAExB,MAAM,eAAe,GAAG,KAAK,SAAS,CAAC;QACrC,IAAI,eAAe,GAAoC,IAAI,CAAC;QAE5D,IAAI,KAAK,EAAE,MAAM,QAAQ,IAAI,MAAM,EAAE,CAAC;YACpC,MAAM,KAAK,GAAG,QAAgC,CAAC;YAE/C,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;gBACnB,KAAK,qBAAqB,CAAC,CAAC,CAAC;oBAC3B,IAAI,KAAK,CAAC,aAAa,EAAE,IAAI,KAAK,UAAU,EAAE,CAAC;wBAC7C,mCAAmC;wBACnC,eAAe,GAAG;4BAChB,UAAU,EAAE,KAAK,CAAC,KAAK,IAAI,CAAC;4BAC5B,IAAI,EAAE,KAAK,CAAC,aAAa,CAAC,IAAI,IAAI,SAAS;4BAC3C,aAAa,EAAE,EAAE;4BACjB,cAAc,EAAE,CAAC,KAAK,CAAC;yBACxB,CAAC;oBACJ,CAAC;yBAAM,CAAC;wBACN,kCAAkC;wBAClC,MAAM,KAAK,CAAC;oBACd,CAAC;oBACD,MAAM;gBACR,CAAC;gBAED,KAAK,qBAAqB,CAAC,CAAC,CAAC;oBAC3B,IAAI,eAAe,IAAI,KAAK,CAAC,KAAK,EAAE,IAAI,KAAK,kBAAkB,EAAE,CAAC;wBAChE,8CAA8C;wBAC9C,IAAI,KAAK,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC;4BAC7B,eAAe,CAAC,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;wBAC/D,CAAC;wBACD,eAAe,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;oBAC7C,CAAC;yBAAM,CAAC;wBACN,4BAA4B;wBAC5B,MAAM,KAAK,CAAC;oBACd,CAAC;oBACD,MAAM;gBACR,CAAC;gBAED,KAAK,oBAAoB,CAAC,CAAC,CAAC;oBAC1B,IAAI,eAAe,IAAI,KAAK,CAAC,KAAK,KAAK,eAAe,CAAC,UAAU,EAAE,CAAC;wBAClE,iCAAiC;wBACjC,eAAe,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;wBAC3C,MAAM,OAAO,GAAG,eAAe,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;wBACvD,IAAI,QAAiC,CAAC;wBACtC,IAAI,CAAC;4BACH,QAAQ,GAAG,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;wBAChD,CAAC;wBAAC,MAAM,CAAC;4BACP,QAAQ,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;wBAC9B,CAAC;wBAED,MAAM,aAAa,CAAC,MAAM,EAAE,eAAe,CAAC,IAAI,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC;wBAElE,oCAAoC;wBACpC,KAAK,MAAM,QAAQ,IAAI,eAAe,CAAC,cAAc,EAAE,CAAC;4BACtD,MAAM,QAAQ,CAAC;wBACjB,CAAC;wBACD,eAAe,GAAG,IAAI,CAAC;oBACzB,CAAC;yBAAM,CAAC;wBACN,iCAAiC;wBACjC,MAAM,KAAK,CAAC;oBACd,CAAC;oBACD,MAAM;gBACR,CAAC;gBAED;oBACE,kEAAkE;oBAClE,MAAM,KAAK,CAAC;oBACZ,MAAM;YACV,CAAC;QACH,CAAC;IACH,CAAC,CAAC;IAEF,OAAO,IAAI,KAAK,CAAC,MAAgB,EAAE;QACjC,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ;YACxB,IAAI,IAAI,KAAK,MAAM,CAAC,aAAa,EAAE,CAAC;gBAClC,OAAO,GAAG,EAAE,CAAC,eAAe,EAAE,CAAC;YACjC,CAAC;YACD,OAAO,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;QAC7C,CAAC;KACF,CAA2B,CAAC;AAC/B,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@clampd/sdk",
|
|
3
|
-
"version": "0.
|
|
4
|
-
"description": "Runtime security SDK for AI agents
|
|
3
|
+
"version": "0.15.1",
|
|
4
|
+
"description": "Runtime security SDK for AI agents \u2014 guard tool calls in 1 line",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.js",
|
|
7
7
|
"types": "./dist/index.d.ts",
|