@dcyfr/ai 2.1.3 → 3.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +91 -0
- package/README.md +75 -10
- package/config/default.json +11 -5
- package/config/default.yaml +13 -5
- package/dist/.tsbuildinfo +1 -0
- package/dist/ai/agents/agent-loader.d.ts.map +1 -1
- package/dist/ai/agents/agent-loader.js +1 -0
- package/dist/ai/agents/agent-loader.js.map +1 -1
- package/dist/ai/agents/agent-registry.d.ts.map +1 -1
- package/dist/ai/agents/agent-registry.js.map +1 -1
- package/dist/ai/agents/agent-router.d.ts +3 -3
- package/dist/ai/agents/agent-router.d.ts.map +1 -1
- package/dist/ai/agents/agent-router.js +6 -7
- package/dist/ai/agents/agent-router.js.map +1 -1
- package/dist/ai/config/schema.js +3 -3
- package/dist/ai/config/schema.js.map +1 -1
- package/dist/ai/core/provider-registry.d.ts.map +1 -1
- package/dist/ai/core/provider-registry.js +47 -16
- package/dist/ai/core/provider-registry.js.map +1 -1
- package/dist/ai/core/telemetry-engine.d.ts.map +1 -1
- package/dist/ai/core/telemetry-engine.js +5 -3
- package/dist/ai/core/telemetry-engine.js.map +1 -1
- package/dist/ai/delegation/capability-bootstrap.js +1 -1
- package/dist/ai/delegation/capability-bootstrap.js.map +1 -1
- package/dist/ai/delegation/contract-manager.d.ts +54 -5
- package/dist/ai/delegation/contract-manager.d.ts.map +1 -1
- package/dist/ai/delegation/contract-manager.js +122 -7
- package/dist/ai/delegation/contract-manager.js.map +1 -1
- package/dist/ai/delegation/feature-flags.d.ts +1 -1
- package/dist/ai/delegation/feature-flags.d.ts.map +1 -1
- package/dist/ai/delegation/feature-flags.js +3 -1
- package/dist/ai/delegation/feature-flags.js.map +1 -1
- package/dist/ai/delegation/index.d.ts +1 -0
- package/dist/ai/delegation/index.d.ts.map +1 -1
- package/dist/ai/delegation/index.js +2 -0
- package/dist/ai/delegation/index.js.map +1 -1
- package/dist/ai/delegation/monitoring.d.ts.map +1 -1
- package/dist/ai/delegation/monitoring.js +1 -0
- package/dist/ai/delegation/monitoring.js.map +1 -1
- package/dist/ai/delegation/session-manager.d.ts +16 -1
- package/dist/ai/delegation/session-manager.d.ts.map +1 -1
- package/dist/ai/delegation/session-manager.js +10 -1
- package/dist/ai/delegation/session-manager.js.map +1 -1
- package/dist/ai/delegation/session-queue.d.ts.map +1 -1
- package/dist/ai/delegation/session-queue.js.map +1 -1
- package/dist/ai/examples/integration-demo.d.ts.map +1 -1
- package/dist/ai/examples/integration-demo.js +1 -0
- package/dist/ai/examples/integration-demo.js.map +1 -1
- package/dist/ai/index.d.ts +7 -0
- package/dist/ai/index.d.ts.map +1 -1
- package/dist/ai/index.js +8 -0
- package/dist/ai/index.js.map +1 -1
- package/dist/ai/mcp/mcp-registry.d.ts.map +1 -1
- package/dist/ai/mcp/mcp-registry.js +1 -1
- package/dist/ai/mcp/mcp-registry.js.map +1 -1
- package/dist/ai/mcp/servers/analytics/index.d.ts.map +1 -1
- package/dist/ai/mcp/servers/analytics/index.js +1 -0
- package/dist/ai/mcp/servers/analytics/index.js.map +1 -1
- package/dist/ai/mcp/servers/content-manager/index.d.ts.map +1 -1
- package/dist/ai/mcp/servers/delegation-monitor/index.js +27 -27
- package/dist/ai/mcp/servers/delegation-monitor/index.js.map +1 -1
- package/dist/ai/mcp/servers/design-tokens/index.js +1 -1
- package/dist/ai/mcp/servers/design-tokens/index.js.map +1 -1
- package/dist/ai/mcp/servers/promptintel/index.d.ts.map +1 -1
- package/dist/ai/mcp/servers/promptintel/index.js +2 -1
- package/dist/ai/mcp/servers/promptintel/index.js.map +1 -1
- package/dist/ai/mcp/servers/shared/rate-limiter.d.ts.map +1 -1
- package/dist/ai/mcp/servers/shared/rate-limiter.js +1 -0
- package/dist/ai/mcp/servers/shared/rate-limiter.js.map +1 -1
- package/dist/ai/mcp/servers/shared/redis-client.d.ts.map +1 -1
- package/dist/ai/mcp/servers/shared/redis-client.js +2 -0
- package/dist/ai/mcp/servers/shared/redis-client.js.map +1 -1
- package/dist/ai/mcp/servers/shared/utils.js +12 -18
- package/dist/ai/mcp/servers/shared/utils.js.map +1 -1
- package/dist/ai/memory/dcyfr-memory.d.ts.map +1 -1
- package/dist/ai/memory/dcyfr-memory.js +11 -1
- package/dist/ai/memory/dcyfr-memory.js.map +1 -1
- package/dist/ai/memory/file-memory-adapter.d.ts +103 -0
- package/dist/ai/memory/file-memory-adapter.d.ts.map +1 -0
- package/dist/ai/memory/file-memory-adapter.js +532 -0
- package/dist/ai/memory/file-memory-adapter.js.map +1 -0
- package/dist/ai/memory/index.d.ts +6 -0
- package/dist/ai/memory/index.d.ts.map +1 -1
- package/dist/ai/memory/index.js +6 -0
- package/dist/ai/memory/index.js.map +1 -1
- package/dist/ai/memory/mem0-client.d.ts.map +1 -1
- package/dist/ai/memory/mem0-client.js +5 -2
- package/dist/ai/memory/mem0-client.js.map +1 -1
- package/dist/ai/memory/sqlite-index.d.ts +89 -0
- package/dist/ai/memory/sqlite-index.d.ts.map +1 -0
- package/dist/ai/memory/sqlite-index.js +295 -0
- package/dist/ai/memory/sqlite-index.js.map +1 -0
- package/dist/ai/memory/types.d.ts.map +1 -1
- package/dist/ai/memory/types.js +1 -0
- package/dist/ai/memory/types.js.map +1 -1
- package/dist/ai/memory/working-memory-persistence.d.ts +79 -0
- package/dist/ai/memory/working-memory-persistence.d.ts.map +1 -0
- package/dist/ai/memory/working-memory-persistence.js +220 -0
- package/dist/ai/memory/working-memory-persistence.js.map +1 -0
- package/dist/ai/permissions/attenuation-engine.d.ts.map +1 -1
- package/dist/ai/permissions/attenuation-engine.js.map +1 -1
- package/dist/ai/reputation/reputation-engine.d.ts +4 -0
- package/dist/ai/reputation/reputation-engine.d.ts.map +1 -1
- package/dist/ai/reputation/reputation-engine.js +1 -0
- package/dist/ai/reputation/reputation-engine.js.map +1 -1
- package/dist/ai/runtime/agent-runtime.d.ts.map +1 -1
- package/dist/ai/runtime/agent-runtime.js +9 -5
- package/dist/ai/runtime/agent-runtime.js.map +1 -1
- package/dist/ai/src/batch-processor.d.ts +6 -6
- package/dist/ai/src/batch-processor.d.ts.map +1 -1
- package/dist/ai/src/batch-processor.js +11 -4
- package/dist/ai/src/batch-processor.js.map +1 -1
- package/dist/ai/src/capability-bootstrap.d.ts.map +1 -1
- package/dist/ai/src/capability-bootstrap.js +1 -0
- package/dist/ai/src/capability-bootstrap.js.map +1 -1
- package/dist/ai/src/capability-registry.js +1 -1
- package/dist/ai/src/capability-registry.js.map +1 -1
- package/dist/ai/src/cli/telemetry-dashboard.d.ts +0 -11
- package/dist/ai/src/cli/telemetry-dashboard.d.ts.map +1 -1
- package/dist/ai/src/cli/telemetry-dashboard.js +12 -6
- package/dist/ai/src/cli/telemetry-dashboard.js.map +1 -1
- package/dist/ai/src/compaction/context-compactor.d.ts +149 -0
- package/dist/ai/src/compaction/context-compactor.d.ts.map +1 -0
- package/dist/ai/src/compaction/context-compactor.js +302 -0
- package/dist/ai/src/compaction/context-compactor.js.map +1 -0
- package/dist/ai/src/compaction/index.d.ts +11 -0
- package/dist/ai/src/compaction/index.d.ts.map +1 -0
- package/dist/ai/src/compaction/index.js +11 -0
- package/dist/ai/src/compaction/index.js.map +1 -0
- package/dist/ai/src/compaction/memory-compaction.d.ts +138 -0
- package/dist/ai/src/compaction/memory-compaction.d.ts.map +1 -0
- package/dist/ai/src/compaction/memory-compaction.js +630 -0
- package/dist/ai/src/compaction/memory-compaction.js.map +1 -0
- package/dist/ai/src/container/agent-container-dispatcher.d.ts +154 -0
- package/dist/ai/src/container/agent-container-dispatcher.d.ts.map +1 -0
- package/dist/ai/src/container/agent-container-dispatcher.js +329 -0
- package/dist/ai/src/container/agent-container-dispatcher.js.map +1 -0
- package/dist/ai/src/container/backend-factory.d.ts +89 -0
- package/dist/ai/src/container/backend-factory.d.ts.map +1 -0
- package/dist/ai/src/container/backend-factory.js +169 -0
- package/dist/ai/src/container/backend-factory.js.map +1 -0
- package/dist/ai/src/container/index.d.ts +13 -0
- package/dist/ai/src/container/index.d.ts.map +1 -0
- package/dist/ai/src/container/index.js +13 -0
- package/dist/ai/src/container/index.js.map +1 -0
- package/dist/ai/src/container/kubernetes-backend.d.ts +23 -0
- package/dist/ai/src/container/kubernetes-backend.d.ts.map +1 -0
- package/dist/ai/src/container/kubernetes-backend.js +39 -0
- package/dist/ai/src/container/kubernetes-backend.js.map +1 -0
- package/dist/ai/src/container/local-docker-backend.d.ts +77 -0
- package/dist/ai/src/container/local-docker-backend.d.ts.map +1 -0
- package/dist/ai/src/container/local-docker-backend.js +362 -0
- package/dist/ai/src/container/local-docker-backend.js.map +1 -0
- package/dist/ai/src/container/remote-docker-backend.d.ts +35 -0
- package/dist/ai/src/container/remote-docker-backend.d.ts.map +1 -0
- package/dist/ai/src/container/remote-docker-backend.js +189 -0
- package/dist/ai/src/container/remote-docker-backend.js.map +1 -0
- package/dist/ai/src/container/types.d.ts +270 -0
- package/dist/ai/src/container/types.d.ts.map +1 -0
- package/dist/ai/src/container/types.js +86 -0
- package/dist/ai/src/container/types.js.map +1 -0
- package/dist/ai/src/delegation/feature-flags.d.ts.map +1 -1
- package/dist/ai/src/delegation/feature-flags.js +1 -0
- package/dist/ai/src/delegation/feature-flags.js.map +1 -1
- package/dist/ai/src/delegation/liability-firebreak.d.ts.map +1 -1
- package/dist/ai/src/delegation/liability-firebreak.js +1 -0
- package/dist/ai/src/delegation/liability-firebreak.js.map +1 -1
- package/dist/ai/src/delegation/security-threat-model.d.ts.map +1 -1
- package/dist/ai/src/delegation/security-threat-model.js +1 -1
- package/dist/ai/src/delegation/security-threat-model.js.map +1 -1
- package/dist/ai/src/delegation-capability-integration.d.ts +1 -1
- package/dist/ai/src/delegation-capability-integration.d.ts.map +1 -1
- package/dist/ai/src/delegation-capability-integration.js +2 -7
- package/dist/ai/src/delegation-capability-integration.js.map +1 -1
- package/dist/ai/src/end-to-end-workflow-orchestrator.d.ts.map +1 -1
- package/dist/ai/src/end-to-end-workflow-orchestrator.js +2 -1
- package/dist/ai/src/end-to-end-workflow-orchestrator.js.map +1 -1
- package/dist/ai/src/enhanced-capability-detection.d.ts +1 -1
- package/dist/ai/src/enhanced-capability-detection.d.ts.map +1 -1
- package/dist/ai/src/enhanced-capability-detection.js +1 -1
- package/dist/ai/src/enhanced-capability-detection.js.map +1 -1
- package/dist/ai/src/gateway/index.d.ts +6 -0
- package/dist/ai/src/gateway/index.d.ts.map +1 -0
- package/dist/ai/src/gateway/index.js +6 -0
- package/dist/ai/src/gateway/index.js.map +1 -0
- package/dist/ai/src/gateway/message-gateway.d.ts +296 -0
- package/dist/ai/src/gateway/message-gateway.d.ts.map +1 -0
- package/dist/ai/src/gateway/message-gateway.js +415 -0
- package/dist/ai/src/gateway/message-gateway.js.map +1 -0
- package/dist/ai/src/intelligent-cache-manager.d.ts.map +1 -1
- package/dist/ai/src/intelligent-cache-manager.js +2 -1
- package/dist/ai/src/intelligent-cache-manager.js.map +1 -1
- package/dist/ai/src/mcp/index.d.ts +10 -0
- package/dist/ai/src/mcp/index.d.ts.map +1 -0
- package/dist/ai/src/mcp/index.js +10 -0
- package/dist/ai/src/mcp/index.js.map +1 -0
- package/dist/ai/src/mcp/mcp-tool-bridge.d.ts +186 -0
- package/dist/ai/src/mcp/mcp-tool-bridge.d.ts.map +1 -0
- package/dist/ai/src/mcp/mcp-tool-bridge.js +292 -0
- package/dist/ai/src/mcp/mcp-tool-bridge.js.map +1 -0
- package/dist/ai/src/mcp-auto-configuration.d.ts.map +1 -1
- package/dist/ai/src/mcp-auto-configuration.js +2 -1
- package/dist/ai/src/mcp-auto-configuration.js.map +1 -1
- package/dist/ai/src/performance-profiler.d.ts.map +1 -1
- package/dist/ai/src/performance-profiler.js +1 -0
- package/dist/ai/src/performance-profiler.js.map +1 -1
- package/dist/ai/src/plugins/anomaly/anomaly-detector.d.ts +58 -0
- package/dist/ai/src/plugins/anomaly/anomaly-detector.d.ts.map +1 -0
- package/dist/ai/src/plugins/anomaly/anomaly-detector.js +101 -0
- package/dist/ai/src/plugins/anomaly/anomaly-detector.js.map +1 -0
- package/dist/ai/src/plugins/anomaly/anomaly-monitor.d.ts +145 -0
- package/dist/ai/src/plugins/anomaly/anomaly-monitor.d.ts.map +1 -0
- package/dist/ai/src/plugins/anomaly/anomaly-monitor.js +245 -0
- package/dist/ai/src/plugins/anomaly/anomaly-monitor.js.map +1 -0
- package/dist/ai/src/plugins/anomaly/behavior-baseline.d.ts +79 -0
- package/dist/ai/src/plugins/anomaly/behavior-baseline.d.ts.map +1 -0
- package/dist/ai/src/plugins/anomaly/behavior-baseline.js +161 -0
- package/dist/ai/src/plugins/anomaly/behavior-baseline.js.map +1 -0
- package/dist/ai/src/plugins/anomaly/index.d.ts +15 -0
- package/dist/ai/src/plugins/anomaly/index.d.ts.map +1 -0
- package/dist/ai/src/plugins/anomaly/index.js +12 -0
- package/dist/ai/src/plugins/anomaly/index.js.map +1 -0
- package/dist/ai/src/plugins/anomaly/types.d.ts +150 -0
- package/dist/ai/src/plugins/anomaly/types.d.ts.map +1 -0
- package/dist/ai/src/plugins/anomaly/types.js +68 -0
- package/dist/ai/src/plugins/anomaly/types.js.map +1 -0
- package/dist/ai/src/plugins/certification/certification-manager.d.ts +102 -0
- package/dist/ai/src/plugins/certification/certification-manager.d.ts.map +1 -0
- package/dist/ai/src/plugins/certification/certification-manager.js +321 -0
- package/dist/ai/src/plugins/certification/certification-manager.js.map +1 -0
- package/dist/ai/src/plugins/certification/index.d.ts +12 -0
- package/dist/ai/src/plugins/certification/index.d.ts.map +1 -0
- package/dist/ai/src/plugins/certification/index.js +10 -0
- package/dist/ai/src/plugins/certification/index.js.map +1 -0
- package/dist/ai/src/plugins/certification/types.d.ts +128 -0
- package/dist/ai/src/plugins/certification/types.d.ts.map +1 -0
- package/dist/ai/src/plugins/certification/types.js +201 -0
- package/dist/ai/src/plugins/certification/types.js.map +1 -0
- package/dist/ai/src/plugins/escalation/escalation-trigger.d.ts +155 -0
- package/dist/ai/src/plugins/escalation/escalation-trigger.d.ts.map +1 -0
- package/dist/ai/src/plugins/escalation/escalation-trigger.js +183 -0
- package/dist/ai/src/plugins/escalation/escalation-trigger.js.map +1 -0
- package/dist/ai/src/plugins/escalation/index.d.ts +11 -0
- package/dist/ai/src/plugins/escalation/index.d.ts.map +1 -0
- package/dist/ai/src/plugins/escalation/index.js +10 -0
- package/dist/ai/src/plugins/escalation/index.js.map +1 -0
- package/dist/ai/src/plugins/incidents/incident-response-manager.d.ts +165 -0
- package/dist/ai/src/plugins/incidents/incident-response-manager.d.ts.map +1 -0
- package/dist/ai/src/plugins/incidents/incident-response-manager.js +462 -0
- package/dist/ai/src/plugins/incidents/incident-response-manager.js.map +1 -0
- package/dist/ai/src/plugins/incidents/index.d.ts +8 -0
- package/dist/ai/src/plugins/incidents/index.d.ts.map +1 -0
- package/dist/ai/src/plugins/incidents/index.js +7 -0
- package/dist/ai/src/plugins/incidents/index.js.map +1 -0
- package/dist/ai/src/plugins/incidents/types.d.ts +183 -0
- package/dist/ai/src/plugins/incidents/types.d.ts.map +1 -0
- package/dist/ai/src/plugins/incidents/types.js +55 -0
- package/dist/ai/src/plugins/incidents/types.js.map +1 -0
- package/dist/ai/src/plugins/permissions/index.d.ts +17 -0
- package/dist/ai/src/plugins/permissions/index.d.ts.map +1 -0
- package/dist/ai/src/plugins/permissions/index.js +14 -0
- package/dist/ai/src/plugins/permissions/index.js.map +1 -0
- package/dist/ai/src/plugins/permissions/permission-attenuator.d.ts +29 -0
- package/dist/ai/src/plugins/permissions/permission-attenuator.d.ts.map +1 -0
- package/dist/ai/src/plugins/permissions/permission-attenuator.js +190 -0
- package/dist/ai/src/plugins/permissions/permission-attenuator.js.map +1 -0
- package/dist/ai/src/plugins/permissions/permission-audit-logger.d.ts +72 -0
- package/dist/ai/src/plugins/permissions/permission-audit-logger.d.ts.map +1 -0
- package/dist/ai/src/plugins/permissions/permission-audit-logger.js +176 -0
- package/dist/ai/src/plugins/permissions/permission-audit-logger.js.map +1 -0
- package/dist/ai/src/plugins/permissions/permission-enforcer.d.ts +99 -0
- package/dist/ai/src/plugins/permissions/permission-enforcer.d.ts.map +1 -0
- package/dist/ai/src/plugins/permissions/permission-enforcer.js +151 -0
- package/dist/ai/src/plugins/permissions/permission-enforcer.js.map +1 -0
- package/dist/ai/src/plugins/permissions/plugin-permission-validator.d.ts +39 -0
- package/dist/ai/src/plugins/permissions/plugin-permission-validator.d.ts.map +1 -0
- package/dist/ai/src/plugins/permissions/plugin-permission-validator.js +296 -0
- package/dist/ai/src/plugins/permissions/plugin-permission-validator.js.map +1 -0
- package/dist/ai/src/plugins/permissions/types.d.ts +116 -0
- package/dist/ai/src/plugins/permissions/types.d.ts.map +1 -0
- package/dist/ai/src/plugins/permissions/types.js +36 -0
- package/dist/ai/src/plugins/permissions/types.js.map +1 -0
- package/dist/ai/src/plugins/reputation/index.d.ts +9 -0
- package/dist/ai/src/plugins/reputation/index.d.ts.map +1 -0
- package/dist/ai/src/plugins/reputation/index.js +8 -0
- package/dist/ai/src/plugins/reputation/index.js.map +1 -0
- package/dist/ai/src/plugins/reputation/plugin-reputation-db.d.ts +29 -0
- package/dist/ai/src/plugins/reputation/plugin-reputation-db.d.ts.map +1 -0
- package/dist/ai/src/plugins/reputation/plugin-reputation-db.js +120 -0
- package/dist/ai/src/plugins/reputation/plugin-reputation-db.js.map +1 -0
- package/dist/ai/src/plugins/reputation/plugin-reputation-engine.d.ts +115 -0
- package/dist/ai/src/plugins/reputation/plugin-reputation-engine.d.ts.map +1 -0
- package/dist/ai/src/plugins/reputation/plugin-reputation-engine.js +528 -0
- package/dist/ai/src/plugins/reputation/plugin-reputation-engine.js.map +1 -0
- package/dist/ai/src/plugins/reputation/types.d.ts +149 -0
- package/dist/ai/src/plugins/reputation/types.d.ts.map +1 -0
- package/dist/ai/src/plugins/reputation/types.js +14 -0
- package/dist/ai/src/plugins/reputation/types.js.map +1 -0
- package/dist/ai/src/plugins/reviews/index.d.ts +11 -0
- package/dist/ai/src/plugins/reviews/index.d.ts.map +1 -0
- package/dist/ai/src/plugins/reviews/index.js +10 -0
- package/dist/ai/src/plugins/reviews/index.js.map +1 -0
- package/dist/ai/src/plugins/reviews/plugin-rating-aggregator.d.ts +116 -0
- package/dist/ai/src/plugins/reviews/plugin-rating-aggregator.d.ts.map +1 -0
- package/dist/ai/src/plugins/reviews/plugin-rating-aggregator.js +282 -0
- package/dist/ai/src/plugins/reviews/plugin-rating-aggregator.js.map +1 -0
- package/dist/ai/src/plugins/reviews/types.d.ts +113 -0
- package/dist/ai/src/plugins/reviews/types.d.ts.map +1 -0
- package/dist/ai/src/plugins/reviews/types.js +55 -0
- package/dist/ai/src/plugins/reviews/types.js.map +1 -0
- package/dist/ai/src/plugins/runtime/docker-plugin-runner.d.ts +77 -0
- package/dist/ai/src/plugins/runtime/docker-plugin-runner.d.ts.map +1 -0
- package/dist/ai/src/plugins/runtime/docker-plugin-runner.js +248 -0
- package/dist/ai/src/plugins/runtime/docker-plugin-runner.js.map +1 -0
- package/dist/ai/src/plugins/runtime/gvisor-plugin-runner.d.ts +99 -0
- package/dist/ai/src/plugins/runtime/gvisor-plugin-runner.d.ts.map +1 -0
- package/dist/ai/src/plugins/runtime/gvisor-plugin-runner.js +158 -0
- package/dist/ai/src/plugins/runtime/gvisor-plugin-runner.js.map +1 -0
- package/dist/ai/src/plugins/runtime/index.d.ts +13 -0
- package/dist/ai/src/plugins/runtime/index.d.ts.map +1 -0
- package/dist/ai/src/plugins/runtime/index.js +11 -0
- package/dist/ai/src/plugins/runtime/index.js.map +1 -0
- package/dist/ai/src/plugins/runtime/types.d.ts +143 -0
- package/dist/ai/src/plugins/runtime/types.d.ts.map +1 -0
- package/dist/ai/src/plugins/runtime/types.js +19 -0
- package/dist/ai/src/plugins/runtime/types.js.map +1 -0
- package/dist/ai/src/plugins/runtime/wasm-plugin-runner.d.ts +104 -0
- package/dist/ai/src/plugins/runtime/wasm-plugin-runner.d.ts.map +1 -0
- package/dist/ai/src/plugins/runtime/wasm-plugin-runner.js +307 -0
- package/dist/ai/src/plugins/runtime/wasm-plugin-runner.js.map +1 -0
- package/dist/ai/src/plugins/security/index.d.ts +24 -0
- package/dist/ai/src/plugins/security/index.d.ts.map +1 -0
- package/dist/ai/src/plugins/security/index.js +23 -0
- package/dist/ai/src/plugins/security/index.js.map +1 -0
- package/dist/ai/src/plugins/security/license-checker.d.ts +26 -0
- package/dist/ai/src/plugins/security/license-checker.d.ts.map +1 -0
- package/dist/ai/src/plugins/security/license-checker.js +137 -0
- package/dist/ai/src/plugins/security/license-checker.js.map +1 -0
- package/dist/ai/src/plugins/security/malware-scanner.d.ts +19 -0
- package/dist/ai/src/plugins/security/malware-scanner.d.ts.map +1 -0
- package/dist/ai/src/plugins/security/malware-scanner.js +121 -0
- package/dist/ai/src/plugins/security/malware-scanner.js.map +1 -0
- package/dist/ai/src/plugins/security/plugin-security-scanner.d.ts +36 -0
- package/dist/ai/src/plugins/security/plugin-security-scanner.d.ts.map +1 -0
- package/dist/ai/src/plugins/security/plugin-security-scanner.js +160 -0
- package/dist/ai/src/plugins/security/plugin-security-scanner.js.map +1 -0
- package/dist/ai/src/plugins/security/sbom-generator.d.ts +23 -0
- package/dist/ai/src/plugins/security/sbom-generator.d.ts.map +1 -0
- package/dist/ai/src/plugins/security/sbom-generator.js +115 -0
- package/dist/ai/src/plugins/security/sbom-generator.js.map +1 -0
- package/dist/ai/src/plugins/security/secret-detector.d.ts +19 -0
- package/dist/ai/src/plugins/security/secret-detector.d.ts.map +1 -0
- package/dist/ai/src/plugins/security/secret-detector.js +204 -0
- package/dist/ai/src/plugins/security/secret-detector.js.map +1 -0
- package/dist/ai/src/plugins/security/signature-verifier.d.ts +21 -0
- package/dist/ai/src/plugins/security/signature-verifier.d.ts.map +1 -0
- package/dist/ai/src/plugins/security/signature-verifier.js +75 -0
- package/dist/ai/src/plugins/security/signature-verifier.js.map +1 -0
- package/dist/ai/src/plugins/security/sonarcloud-client.d.ts +20 -0
- package/dist/ai/src/plugins/security/sonarcloud-client.d.ts.map +1 -0
- package/dist/ai/src/plugins/security/sonarcloud-client.js +106 -0
- package/dist/ai/src/plugins/security/sonarcloud-client.js.map +1 -0
- package/dist/ai/src/plugins/security/trust-score.d.ts +58 -0
- package/dist/ai/src/plugins/security/trust-score.d.ts.map +1 -0
- package/dist/ai/src/plugins/security/trust-score.js +173 -0
- package/dist/ai/src/plugins/security/trust-score.js.map +1 -0
- package/dist/ai/src/plugins/security/types.d.ts +220 -0
- package/dist/ai/src/plugins/security/types.d.ts.map +1 -0
- package/dist/ai/src/plugins/security/types.js +12 -0
- package/dist/ai/src/plugins/security/types.js.map +1 -0
- package/dist/ai/src/plugins/security/vulnerability-scanner.d.ts +22 -0
- package/dist/ai/src/plugins/security/vulnerability-scanner.d.ts.map +1 -0
- package/dist/ai/src/plugins/security/vulnerability-scanner.js +109 -0
- package/dist/ai/src/plugins/security/vulnerability-scanner.js.map +1 -0
- package/dist/ai/src/plugins/tlp/index.d.ts +17 -0
- package/dist/ai/src/plugins/tlp/index.d.ts.map +1 -0
- package/dist/ai/src/plugins/tlp/index.js +17 -0
- package/dist/ai/src/plugins/tlp/index.js.map +1 -0
- package/dist/ai/src/plugins/tlp/tlp-classifier.d.ts +55 -0
- package/dist/ai/src/plugins/tlp/tlp-classifier.d.ts.map +1 -0
- package/dist/ai/src/plugins/tlp/tlp-classifier.js +232 -0
- package/dist/ai/src/plugins/tlp/tlp-classifier.js.map +1 -0
- package/dist/ai/src/plugins/tlp/tlp-validator.d.ts +97 -0
- package/dist/ai/src/plugins/tlp/tlp-validator.d.ts.map +1 -0
- package/dist/ai/src/plugins/tlp/tlp-validator.js +120 -0
- package/dist/ai/src/plugins/tlp/tlp-validator.js.map +1 -0
- package/dist/ai/src/plugins/tlp/types.d.ts +84 -0
- package/dist/ai/src/plugins/tlp/types.d.ts.map +1 -0
- package/dist/ai/src/plugins/tlp/types.js +20 -0
- package/dist/ai/src/plugins/tlp/types.js.map +1 -0
- package/dist/ai/src/resource-monitor.d.ts +1 -1
- package/dist/ai/src/resource-monitor.d.ts.map +1 -1
- package/dist/ai/src/resource-monitor.js +4 -3
- package/dist/ai/src/resource-monitor.js.map +1 -1
- package/dist/ai/src/runtime/agent-runtime.d.ts +77 -0
- package/dist/ai/src/runtime/agent-runtime.d.ts.map +1 -1
- package/dist/ai/src/runtime/agent-runtime.js +138 -2
- package/dist/ai/src/runtime/agent-runtime.js.map +1 -1
- package/dist/ai/src/scheduler/agent-scheduler.d.ts +365 -0
- package/dist/ai/src/scheduler/agent-scheduler.d.ts.map +1 -0
- package/dist/ai/src/scheduler/agent-scheduler.js +610 -0
- package/dist/ai/src/scheduler/agent-scheduler.js.map +1 -0
- package/dist/ai/src/scheduler/index.d.ts +6 -0
- package/dist/ai/src/scheduler/index.d.ts.map +1 -0
- package/dist/ai/src/scheduler/index.js +6 -0
- package/dist/ai/src/scheduler/index.js.map +1 -0
- package/dist/ai/src/session/index.d.ts +6 -0
- package/dist/ai/src/session/index.d.ts.map +1 -0
- package/dist/ai/src/session/index.js +6 -0
- package/dist/ai/src/session/index.js.map +1 -0
- package/dist/ai/src/session/session-manager.d.ts +380 -0
- package/dist/ai/src/session/session-manager.d.ts.map +1 -0
- package/dist/ai/src/session/session-manager.js +625 -0
- package/dist/ai/src/session/session-manager.js.map +1 -0
- package/dist/ai/src/skills/index.d.ts +10 -0
- package/dist/ai/src/skills/index.d.ts.map +1 -0
- package/dist/ai/src/skills/index.js +10 -0
- package/dist/ai/src/skills/index.js.map +1 -0
- package/dist/ai/src/skills/skill-registry.d.ts +181 -0
- package/dist/ai/src/skills/skill-registry.d.ts.map +1 -0
- package/dist/ai/src/skills/skill-registry.js +465 -0
- package/dist/ai/src/skills/skill-registry.js.map +1 -0
- package/dist/ai/src/telemetry/delegation-telemetry.d.ts.map +1 -1
- package/dist/ai/src/telemetry/delegation-telemetry.js +1 -0
- package/dist/ai/src/telemetry/delegation-telemetry.js.map +1 -1
- package/dist/ai/src/telemetry/runtime-telemetry-integration.d.ts +1 -1
- package/dist/ai/src/telemetry/runtime-telemetry-integration.d.ts.map +1 -1
- package/dist/ai/src/telemetry/runtime-telemetry-integration.js +3 -2
- package/dist/ai/src/telemetry/runtime-telemetry-integration.js.map +1 -1
- package/dist/ai/src/telemetry/telemetry-utils.d.ts.map +1 -1
- package/dist/ai/src/telemetry/telemetry-utils.js +1 -0
- package/dist/ai/src/telemetry/telemetry-utils.js.map +1 -1
- package/dist/ai/src/types/agent-capabilities.d.ts.map +1 -1
- package/dist/ai/src/types/agent-capabilities.js +1 -0
- package/dist/ai/src/types/agent-capabilities.js.map +1 -1
- package/dist/ai/src/types/delegation-contracts.d.ts +92 -0
- package/dist/ai/src/types/delegation-contracts.d.ts.map +1 -1
- package/dist/ai/src/types/delegation-contracts.js.map +1 -1
- package/dist/ai/src/validation-pipeline-integration.d.ts.map +1 -1
- package/dist/ai/src/validation-pipeline-integration.js +1 -2
- package/dist/ai/src/validation-pipeline-integration.js.map +1 -1
- package/dist/ai/src/verification/multi-modal-formatters.d.ts +1 -1
- package/dist/ai/src/verification/multi-modal-formatters.d.ts.map +1 -1
- package/dist/ai/src/verification/multi-modal-formatters.js +3 -2
- package/dist/ai/src/verification/multi-modal-formatters.js.map +1 -1
- package/dist/ai/src/verification/output-formatter.d.ts +1 -1
- package/dist/ai/src/verification/output-formatter.d.ts.map +1 -1
- package/dist/ai/src/verification/output-formatter.js +2 -1
- package/dist/ai/src/verification/output-formatter.js.map +1 -1
- package/dist/ai/src/verification/parser-integration.d.ts.map +1 -1
- package/dist/ai/src/verification/parser-integration.js.map +1 -1
- package/dist/ai/types/agent-capabilities.d.ts +7 -0
- package/dist/ai/types/agent-capabilities.d.ts.map +1 -1
- package/dist/ai/types/delegation-contracts.d.ts +75 -0
- package/dist/ai/types/delegation-contracts.d.ts.map +1 -1
- package/dist/ai/types/index.d.ts +3 -3
- package/dist/ai/types/index.d.ts.map +1 -1
- package/dist/ai/types/index.js.map +1 -1
- package/dist/ai/types/permission-tokens.d.ts +23 -0
- package/dist/ai/types/permission-tokens.d.ts.map +1 -1
- package/dist/ai/types/permission-tokens.js +65 -1
- package/dist/ai/types/permission-tokens.js.map +1 -1
- package/dist/ai/validation/validation-framework.d.ts.map +1 -1
- package/dist/ai/verification/policy-framework.d.ts +1 -1
- package/dist/ai/verification/policy-framework.d.ts.map +1 -1
- package/dist/ai/verification/policy-framework.js +4 -4
- package/dist/ai/verification/policy-framework.js.map +1 -1
- package/package.json +38 -9
|
@@ -0,0 +1,113 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Plugin Review & Rating Types
|
|
3
|
+
*
|
|
4
|
+
* Type definitions for the plugin marketplace community rating and review system.
|
|
5
|
+
*
|
|
6
|
+
* @module plugins/reviews/types
|
|
7
|
+
* @version 1.0.0
|
|
8
|
+
* @date 2026-02-28
|
|
9
|
+
* @license MIT
|
|
10
|
+
*/
|
|
11
|
+
/** Star rating value (1-5) */
|
|
12
|
+
export type StarRating = 1 | 2 | 3 | 4 | 5;
|
|
13
|
+
/** Review moderation status */
|
|
14
|
+
export type ReviewStatus = 'pending' | 'approved' | 'flagged' | 'removed';
|
|
15
|
+
/** A single plugin community review */
|
|
16
|
+
export interface PluginReview {
|
|
17
|
+
/** Unique review identifier (UUID) */
|
|
18
|
+
id: string;
|
|
19
|
+
/** Plugin identifier this review is for */
|
|
20
|
+
pluginId: string;
|
|
21
|
+
/** Author user identifier */
|
|
22
|
+
userId: string;
|
|
23
|
+
/** Display name (may be anonymized) */
|
|
24
|
+
displayName: string;
|
|
25
|
+
/** Star rating 1–5 */
|
|
26
|
+
rating: StarRating;
|
|
27
|
+
/** Review text content (optional) */
|
|
28
|
+
comment?: string;
|
|
29
|
+
/** Moderation status */
|
|
30
|
+
status: ReviewStatus;
|
|
31
|
+
/** When this review was created (ISO-8601) */
|
|
32
|
+
createdAt: string;
|
|
33
|
+
/** When this review was last updated (ISO-8601) */
|
|
34
|
+
updatedAt: string;
|
|
35
|
+
/** Number of helpful votes */
|
|
36
|
+
helpfulVotes: number;
|
|
37
|
+
/** Number of flag/report votes */
|
|
38
|
+
flagCount: number;
|
|
39
|
+
}
|
|
40
|
+
/** Input for submitting a new review */
|
|
41
|
+
export interface CreateReviewInput {
|
|
42
|
+
pluginId: string;
|
|
43
|
+
userId: string;
|
|
44
|
+
displayName: string;
|
|
45
|
+
rating: StarRating;
|
|
46
|
+
comment?: string;
|
|
47
|
+
}
|
|
48
|
+
/** Input for flagging a review */
|
|
49
|
+
export interface FlagReviewInput {
|
|
50
|
+
reviewId: string;
|
|
51
|
+
reason: 'spam' | 'inappropriate' | 'fake' | 'other';
|
|
52
|
+
reportedBy: string;
|
|
53
|
+
}
|
|
54
|
+
/** Distribution of star ratings */
|
|
55
|
+
export interface RatingDistribution {
|
|
56
|
+
1: number;
|
|
57
|
+
2: number;
|
|
58
|
+
3: number;
|
|
59
|
+
4: number;
|
|
60
|
+
5: number;
|
|
61
|
+
}
|
|
62
|
+
/** Aggregated rating statistics for a plugin */
|
|
63
|
+
export interface PluginRatingStats {
|
|
64
|
+
/** Plugin identifier */
|
|
65
|
+
pluginId: string;
|
|
66
|
+
/** Average rating (0 if no reviews) */
|
|
67
|
+
averageRating: number;
|
|
68
|
+
/** Total number of approved reviews */
|
|
69
|
+
totalReviews: number;
|
|
70
|
+
/** Distribution of ratings */
|
|
71
|
+
distribution: RatingDistribution;
|
|
72
|
+
/** Community score (0–100) derived from average rating */
|
|
73
|
+
communityScore: number;
|
|
74
|
+
}
|
|
75
|
+
/** Paginated list of reviews */
|
|
76
|
+
export interface ReviewPage {
|
|
77
|
+
reviews: PluginReview[];
|
|
78
|
+
total: number;
|
|
79
|
+
page: number;
|
|
80
|
+
pageSize: number;
|
|
81
|
+
hasMore: boolean;
|
|
82
|
+
}
|
|
83
|
+
/** Options for querying reviews */
|
|
84
|
+
export interface ReviewQueryOptions {
|
|
85
|
+
page?: number;
|
|
86
|
+
pageSize?: number;
|
|
87
|
+
status?: ReviewStatus;
|
|
88
|
+
sortBy?: 'createdAt' | 'rating' | 'helpfulVotes';
|
|
89
|
+
sortOrder?: 'asc' | 'desc';
|
|
90
|
+
}
|
|
91
|
+
/**
|
|
92
|
+
* Drizzle-compatible column definitions for the plugin_reviews table.
|
|
93
|
+
*
|
|
94
|
+
* Column layout:
|
|
95
|
+
* id TEXT PRIMARY KEY — UUID
|
|
96
|
+
* plugin_id TEXT NOT NULL — FK → plugins.id
|
|
97
|
+
* user_id TEXT NOT NULL — FK → users.id / session
|
|
98
|
+
* display_name TEXT NOT NULL — anonymizable display name
|
|
99
|
+
* rating INTEGER NOT NULL — 1–5
|
|
100
|
+
* comment TEXT — optional review body
|
|
101
|
+
* status TEXT NOT NULL — pending | approved | flagged | removed
|
|
102
|
+
* helpful_votes INTEGER DEFAULT 0
|
|
103
|
+
* flag_count INTEGER DEFAULT 0
|
|
104
|
+
* created_at TEXT NOT NULL — ISO-8601
|
|
105
|
+
* updated_at TEXT NOT NULL — ISO-8601
|
|
106
|
+
*
|
|
107
|
+
* Indexes:
|
|
108
|
+
* idx_reviews_plugin_id ON plugin_reviews(plugin_id)
|
|
109
|
+
* idx_reviews_user_id ON plugin_reviews(user_id)
|
|
110
|
+
* idx_reviews_status ON plugin_reviews(status)
|
|
111
|
+
*/
|
|
112
|
+
export declare const PLUGIN_REVIEWS_SCHEMA_SQL = "\nCREATE TABLE IF NOT EXISTS plugin_reviews (\n id TEXT PRIMARY KEY,\n plugin_id TEXT NOT NULL,\n user_id TEXT NOT NULL,\n display_name TEXT NOT NULL,\n rating INTEGER NOT NULL CHECK (rating BETWEEN 1 AND 5),\n comment TEXT,\n status TEXT NOT NULL DEFAULT 'pending'\n CHECK (status IN ('pending', 'approved', 'flagged', 'removed')),\n helpful_votes INTEGER NOT NULL DEFAULT 0,\n flag_count INTEGER NOT NULL DEFAULT 0,\n created_at TEXT NOT NULL,\n updated_at TEXT NOT NULL\n);\n\nCREATE INDEX IF NOT EXISTS idx_reviews_plugin_id ON plugin_reviews(plugin_id);\nCREATE INDEX IF NOT EXISTS idx_reviews_user_id ON plugin_reviews(user_id);\nCREATE INDEX IF NOT EXISTS idx_reviews_status ON plugin_reviews(status);\n";
|
|
113
|
+
//# sourceMappingURL=types.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../../packages/ai/src/plugins/reviews/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAMH,8BAA8B;AAC9B,MAAM,MAAM,UAAU,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;AAE3C,+BAA+B;AAC/B,MAAM,MAAM,YAAY,GAAG,SAAS,GAAG,UAAU,GAAG,SAAS,GAAG,SAAS,CAAC;AAE1E,uCAAuC;AACvC,MAAM,WAAW,YAAY;IAC3B,sCAAsC;IACtC,EAAE,EAAE,MAAM,CAAC;IAEX,2CAA2C;IAC3C,QAAQ,EAAE,MAAM,CAAC;IAEjB,6BAA6B;IAC7B,MAAM,EAAE,MAAM,CAAC;IAEf,uCAAuC;IACvC,WAAW,EAAE,MAAM,CAAC;IAEpB,sBAAsB;IACtB,MAAM,EAAE,UAAU,CAAC;IAEnB,qCAAqC;IACrC,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,wBAAwB;IACxB,MAAM,EAAE,YAAY,CAAC;IAErB,8CAA8C;IAC9C,SAAS,EAAE,MAAM,CAAC;IAElB,mDAAmD;IACnD,SAAS,EAAE,MAAM,CAAC;IAElB,8BAA8B;IAC9B,YAAY,EAAE,MAAM,CAAC;IAErB,kCAAkC;IAClC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,wCAAwC;AACxC,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,UAAU,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,kCAAkC;AAClC,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,GAAG,eAAe,GAAG,MAAM,GAAG,OAAO,CAAC;IACpD,UAAU,EAAE,MAAM,CAAC;CACpB;AAMD,mCAAmC;AACnC,MAAM,WAAW,kBAAkB;IACjC,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;CACX;AAED,gDAAgD;AAChD,MAAM,WAAW,iBAAiB;IAChC,wBAAwB;IACxB,QAAQ,EAAE,MAAM,CAAC;IAEjB,uCAAuC;IACvC,aAAa,EAAE,MAAM,CAAC;IAEtB,uCAAuC;IACvC,YAAY,EAAE,MAAM,CAAC;IAErB,8BAA8B;IAC9B,YAAY,EAAE,kBAAkB,CAAC;IAEjC,0DAA0D;IAC1D,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,gCAAgC;AAChC,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,YAAY,EAAE,CAAC;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,mCAAmC;AACnC,MAAM,WAAW,kBAAkB;IACjC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,MAAM,CAAC,EAAE,WAAW,GAAG,QAAQ,GAAG,cAAc,CAAC;IACjD,SAAS,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC;CAC5B;AAMD;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,eAAO,MAAM,yBAAyB,+xBAmBrC,CAAC"}
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Plugin Review & Rating Types
|
|
3
|
+
*
|
|
4
|
+
* Type definitions for the plugin marketplace community rating and review system.
|
|
5
|
+
*
|
|
6
|
+
* @module plugins/reviews/types
|
|
7
|
+
* @version 1.0.0
|
|
8
|
+
* @date 2026-02-28
|
|
9
|
+
* @license MIT
|
|
10
|
+
*/
|
|
11
|
+
// ---------------------------------------------------------------------------
|
|
12
|
+
// Schema definitions (for reference / Drizzle migration)
|
|
13
|
+
// ---------------------------------------------------------------------------
|
|
14
|
+
/**
|
|
15
|
+
* Drizzle-compatible column definitions for the plugin_reviews table.
|
|
16
|
+
*
|
|
17
|
+
* Column layout:
|
|
18
|
+
* id TEXT PRIMARY KEY — UUID
|
|
19
|
+
* plugin_id TEXT NOT NULL — FK → plugins.id
|
|
20
|
+
* user_id TEXT NOT NULL — FK → users.id / session
|
|
21
|
+
* display_name TEXT NOT NULL — anonymizable display name
|
|
22
|
+
* rating INTEGER NOT NULL — 1–5
|
|
23
|
+
* comment TEXT — optional review body
|
|
24
|
+
* status TEXT NOT NULL — pending | approved | flagged | removed
|
|
25
|
+
* helpful_votes INTEGER DEFAULT 0
|
|
26
|
+
* flag_count INTEGER DEFAULT 0
|
|
27
|
+
* created_at TEXT NOT NULL — ISO-8601
|
|
28
|
+
* updated_at TEXT NOT NULL — ISO-8601
|
|
29
|
+
*
|
|
30
|
+
* Indexes:
|
|
31
|
+
* idx_reviews_plugin_id ON plugin_reviews(plugin_id)
|
|
32
|
+
* idx_reviews_user_id ON plugin_reviews(user_id)
|
|
33
|
+
* idx_reviews_status ON plugin_reviews(status)
|
|
34
|
+
*/
|
|
35
|
+
export const PLUGIN_REVIEWS_SCHEMA_SQL = `
|
|
36
|
+
CREATE TABLE IF NOT EXISTS plugin_reviews (
|
|
37
|
+
id TEXT PRIMARY KEY,
|
|
38
|
+
plugin_id TEXT NOT NULL,
|
|
39
|
+
user_id TEXT NOT NULL,
|
|
40
|
+
display_name TEXT NOT NULL,
|
|
41
|
+
rating INTEGER NOT NULL CHECK (rating BETWEEN 1 AND 5),
|
|
42
|
+
comment TEXT,
|
|
43
|
+
status TEXT NOT NULL DEFAULT 'pending'
|
|
44
|
+
CHECK (status IN ('pending', 'approved', 'flagged', 'removed')),
|
|
45
|
+
helpful_votes INTEGER NOT NULL DEFAULT 0,
|
|
46
|
+
flag_count INTEGER NOT NULL DEFAULT 0,
|
|
47
|
+
created_at TEXT NOT NULL,
|
|
48
|
+
updated_at TEXT NOT NULL
|
|
49
|
+
);
|
|
50
|
+
|
|
51
|
+
CREATE INDEX IF NOT EXISTS idx_reviews_plugin_id ON plugin_reviews(plugin_id);
|
|
52
|
+
CREATE INDEX IF NOT EXISTS idx_reviews_user_id ON plugin_reviews(user_id);
|
|
53
|
+
CREATE INDEX IF NOT EXISTS idx_reviews_status ON plugin_reviews(status);
|
|
54
|
+
`;
|
|
55
|
+
//# sourceMappingURL=types.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../../packages/ai/src/plugins/reviews/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAiHH,8EAA8E;AAC9E,yDAAyD;AACzD,8EAA8E;AAE9E;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG;;;;;;;;;;;;;;;;;;;CAmBxC,CAAC"}
|
|
@@ -0,0 +1,77 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Docker Plugin Runner
|
|
3
|
+
*
|
|
4
|
+
* Executes plugins inside isolated Docker containers with configurable
|
|
5
|
+
* resource limits, network restrictions, read-only filesystems, and
|
|
6
|
+
* Linux capability dropping.
|
|
7
|
+
*
|
|
8
|
+
* Specification: Plugin Runtime Isolation Specification (plugin-runtime-isolation)
|
|
9
|
+
*
|
|
10
|
+
* @module plugins/runtime/docker-plugin-runner
|
|
11
|
+
* @version 1.0.0
|
|
12
|
+
* @date 2026-02-28
|
|
13
|
+
* @license MIT
|
|
14
|
+
*/
|
|
15
|
+
import type { SandboxConfig, SandboxResult, DockerProbeResult, GVisorProbeResult } from './types.js';
|
|
16
|
+
/**
|
|
17
|
+
* Parse a human-readable duration string to milliseconds.
|
|
18
|
+
* Supports: "30s", "5m", "1h", "500ms"
|
|
19
|
+
*/
|
|
20
|
+
export declare function parseDurationMs(value: string): number;
|
|
21
|
+
/**
|
|
22
|
+
* Normalize a memory string to Docker's short format ("k", "m", "g").
|
|
23
|
+
* Accepts "512MB", "512M", "512mb", "1GB", "1g", "1024k".
|
|
24
|
+
*/
|
|
25
|
+
export declare function normalizeMemory(value: string): string;
|
|
26
|
+
/**
|
|
27
|
+
* Runs plugins in isolated Docker containers.
|
|
28
|
+
*
|
|
29
|
+
* @example
|
|
30
|
+
* ```ts
|
|
31
|
+
* const runner = new DockerPluginRunner();
|
|
32
|
+
* const result = await runner.run({
|
|
33
|
+
* image: 'dcyfr-plugin-sandbox:latest',
|
|
34
|
+
* command: ['node', 'dist/index.js'],
|
|
35
|
+
* resourceLimits: { maxMemory: '256MB', maxExecutionTime: '2m' },
|
|
36
|
+
* });
|
|
37
|
+
* console.log(result.stdout);
|
|
38
|
+
* ```
|
|
39
|
+
*/
|
|
40
|
+
export declare class DockerPluginRunner {
|
|
41
|
+
private readonly containerPrefix;
|
|
42
|
+
constructor(containerPrefix?: string);
|
|
43
|
+
/**
|
|
44
|
+
* Execute a plugin inside a sandboxed Docker container.
|
|
45
|
+
* Returns after the container exits or is killed due to timeout.
|
|
46
|
+
*/
|
|
47
|
+
run(config: SandboxConfig): Promise<SandboxResult>;
|
|
48
|
+
/**
|
|
49
|
+
* Force-remove a container by name (idempotent — ignores "no such container").
|
|
50
|
+
*/
|
|
51
|
+
cleanup(containerName: string): Promise<void>;
|
|
52
|
+
/**
|
|
53
|
+
* Probe whether Docker is installed and the daemon is running.
|
|
54
|
+
*/
|
|
55
|
+
isDockerAvailable(): Promise<DockerProbeResult>;
|
|
56
|
+
/**
|
|
57
|
+
* Probe whether the gVisor runtime (runsc) is registered with Docker.
|
|
58
|
+
*/
|
|
59
|
+
isGVisorAvailable(): Promise<GVisorProbeResult>;
|
|
60
|
+
private generateContainerName;
|
|
61
|
+
private resolveResourceLimits;
|
|
62
|
+
/**
|
|
63
|
+
* Build the complete `docker run` argument array.
|
|
64
|
+
* Does NOT include the `docker` binary itself.
|
|
65
|
+
*/
|
|
66
|
+
private buildRunArgs;
|
|
67
|
+
/**
|
|
68
|
+
* Spawn `docker run [args]`, enforce time limit, return stdout/stderr/exit code.
|
|
69
|
+
*/
|
|
70
|
+
private spawnWithTimeout;
|
|
71
|
+
/**
|
|
72
|
+
* Gracefully stop then forcefully remove a running container.
|
|
73
|
+
* First sends SIGTERM (via `docker stop --time=10`), then ensures removal.
|
|
74
|
+
*/
|
|
75
|
+
private stopContainer;
|
|
76
|
+
}
|
|
77
|
+
//# sourceMappingURL=docker-plugin-runner.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"docker-plugin-runner.d.ts","sourceRoot":"","sources":["../../../../../packages/ai/src/plugins/runtime/docker-plugin-runner.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAKH,OAAO,KAAK,EACV,aAAa,EAEb,aAAa,EACb,iBAAiB,EACjB,iBAAiB,EAClB,MAAM,YAAY,CAAC;AAWpB;;;GAGG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAcrD;AAID;;;GAGG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAQrD;AA8CD;;;;;;;;;;;;;GAaG;AACH,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;gBAE7B,eAAe,SAAiB;IAQ5C;;;OAGG;IACG,GAAG,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;IAgBxD;;OAEG;IACG,OAAO,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAQnD;;OAEG;IACG,iBAAiB,IAAI,OAAO,CAAC,iBAAiB,CAAC;IAUrD;;OAEG;IACG,iBAAiB,IAAI,OAAO,CAAC,iBAAiB,CAAC;IAcrD,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,qBAAqB;IAM7B;;;OAGG;IACH,OAAO,CAAC,YAAY;IAoCpB;;OAEG;YACW,gBAAgB;IAiC9B;;;OAGG;YACW,aAAa;CAa5B"}
|
|
@@ -0,0 +1,248 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Docker Plugin Runner
|
|
3
|
+
*
|
|
4
|
+
* Executes plugins inside isolated Docker containers with configurable
|
|
5
|
+
* resource limits, network restrictions, read-only filesystems, and
|
|
6
|
+
* Linux capability dropping.
|
|
7
|
+
*
|
|
8
|
+
* Specification: Plugin Runtime Isolation Specification (plugin-runtime-isolation)
|
|
9
|
+
*
|
|
10
|
+
* @module plugins/runtime/docker-plugin-runner
|
|
11
|
+
* @version 1.0.0
|
|
12
|
+
* @date 2026-02-28
|
|
13
|
+
* @license MIT
|
|
14
|
+
*/
|
|
15
|
+
import { spawn, execFile } from 'node:child_process';
|
|
16
|
+
import { promisify } from 'node:util';
|
|
17
|
+
import { randomUUID } from 'node:crypto';
|
|
18
|
+
import { DEFAULT_RESOURCE_LIMITS } from './types.js';
|
|
19
|
+
const execFileAsync = promisify(execFile);
|
|
20
|
+
// ---------------------------------------------------------------------------
|
|
21
|
+
// Duration / memory parsing helpers
|
|
22
|
+
// ---------------------------------------------------------------------------
|
|
23
|
+
const DURATION_REGEX = /^(\d+(?:\.\d+)?)(ms|s|m|h)$/i;
|
|
24
|
+
/**
|
|
25
|
+
* Parse a human-readable duration string to milliseconds.
|
|
26
|
+
* Supports: "30s", "5m", "1h", "500ms"
|
|
27
|
+
*/
|
|
28
|
+
export function parseDurationMs(value) {
|
|
29
|
+
const match = DURATION_REGEX.exec(value.trim());
|
|
30
|
+
if (!match) {
|
|
31
|
+
throw new Error(`Invalid duration: "${value}". Expected format: "5m", "30s", "1h", "500ms"`);
|
|
32
|
+
}
|
|
33
|
+
const amount = Number.parseFloat(match[1] ?? '0');
|
|
34
|
+
const unit = (match[2] ?? 's').toLowerCase();
|
|
35
|
+
switch (unit) {
|
|
36
|
+
case 'ms': return Math.ceil(amount);
|
|
37
|
+
case 's': return Math.ceil(amount * 1_000);
|
|
38
|
+
case 'm': return Math.ceil(amount * 60_000);
|
|
39
|
+
case 'h': return Math.ceil(amount * 3_600_000);
|
|
40
|
+
default: return Math.ceil(amount * 1_000);
|
|
41
|
+
}
|
|
42
|
+
}
|
|
43
|
+
const MEMORY_REGEX = /^(\d+(?:\.\d+)?)\s*(kb?|mb?|gb?|tb?)/i;
|
|
44
|
+
/**
|
|
45
|
+
* Normalize a memory string to Docker's short format ("k", "m", "g").
|
|
46
|
+
* Accepts "512MB", "512M", "512mb", "1GB", "1g", "1024k".
|
|
47
|
+
*/
|
|
48
|
+
export function normalizeMemory(value) {
|
|
49
|
+
const match = MEMORY_REGEX.exec(value.trim());
|
|
50
|
+
if (!match) {
|
|
51
|
+
throw new Error(`Invalid memory value: "${value}". Expected format: "512MB", "1GB"`);
|
|
52
|
+
}
|
|
53
|
+
const amount = match[1] ?? '512';
|
|
54
|
+
const unit = (match[2] ?? 'm')[0].toLowerCase();
|
|
55
|
+
return `${amount}${unit}`;
|
|
56
|
+
}
|
|
57
|
+
// ---------------------------------------------------------------------------
|
|
58
|
+
// Argument builder helpers
|
|
59
|
+
// ---------------------------------------------------------------------------
|
|
60
|
+
function applyResourceFlags(args, limits) {
|
|
61
|
+
args.push(`--memory=${normalizeMemory(limits.maxMemory)}`, `--cpus=${limits.maxCpu}`);
|
|
62
|
+
}
|
|
63
|
+
function applyNetworkFlags(args, networkPermitted) {
|
|
64
|
+
if (!networkPermitted) {
|
|
65
|
+
args.push('--network=none');
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
function applyFilesystemFlags(args, config, tmpfsSize) {
|
|
69
|
+
if (!config.writePermitted) {
|
|
70
|
+
args.push('--read-only');
|
|
71
|
+
}
|
|
72
|
+
// Always provide a writable /tmp via tmpfs
|
|
73
|
+
args.push(`--tmpfs=/tmp:rw,noexec,nosuid,size=${normalizeMemory(tmpfsSize)}`);
|
|
74
|
+
// Explicit writable bind-mounts (only useful when writePermitted=true)
|
|
75
|
+
if (config.writePermitted && config.writableMounts) {
|
|
76
|
+
for (const mount of config.writableMounts) {
|
|
77
|
+
args.push('-v', mount);
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
}
|
|
81
|
+
function applyEnvFlags(args, env) {
|
|
82
|
+
if (!env)
|
|
83
|
+
return;
|
|
84
|
+
for (const [key, value] of Object.entries(env)) {
|
|
85
|
+
args.push('-e', `${key}=${value}`);
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
// ---------------------------------------------------------------------------
|
|
89
|
+
// Main class
|
|
90
|
+
// ---------------------------------------------------------------------------
|
|
91
|
+
/**
|
|
92
|
+
* Runs plugins in isolated Docker containers.
|
|
93
|
+
*
|
|
94
|
+
* @example
|
|
95
|
+
* ```ts
|
|
96
|
+
* const runner = new DockerPluginRunner();
|
|
97
|
+
* const result = await runner.run({
|
|
98
|
+
* image: 'dcyfr-plugin-sandbox:latest',
|
|
99
|
+
* command: ['node', 'dist/index.js'],
|
|
100
|
+
* resourceLimits: { maxMemory: '256MB', maxExecutionTime: '2m' },
|
|
101
|
+
* });
|
|
102
|
+
* console.log(result.stdout);
|
|
103
|
+
* ```
|
|
104
|
+
*/
|
|
105
|
+
export class DockerPluginRunner {
|
|
106
|
+
containerPrefix;
|
|
107
|
+
constructor(containerPrefix = 'dcyfr-plugin') {
|
|
108
|
+
this.containerPrefix = containerPrefix;
|
|
109
|
+
}
|
|
110
|
+
// --------------------------------------------------------------------------
|
|
111
|
+
// Public API
|
|
112
|
+
// --------------------------------------------------------------------------
|
|
113
|
+
/**
|
|
114
|
+
* Execute a plugin inside a sandboxed Docker container.
|
|
115
|
+
* Returns after the container exits or is killed due to timeout.
|
|
116
|
+
*/
|
|
117
|
+
async run(config) {
|
|
118
|
+
const containerName = this.generateContainerName();
|
|
119
|
+
const limits = this.resolveResourceLimits(config.resourceLimits);
|
|
120
|
+
const limitMs = parseDurationMs(limits.maxExecutionTime);
|
|
121
|
+
const runArgs = this.buildRunArgs(containerName, config, limits);
|
|
122
|
+
const startTime = Date.now();
|
|
123
|
+
const result = await this.spawnWithTimeout(runArgs, containerName, limitMs);
|
|
124
|
+
return {
|
|
125
|
+
...result,
|
|
126
|
+
containerName,
|
|
127
|
+
executionTimeMs: Date.now() - startTime,
|
|
128
|
+
};
|
|
129
|
+
}
|
|
130
|
+
/**
|
|
131
|
+
* Force-remove a container by name (idempotent — ignores "no such container").
|
|
132
|
+
*/
|
|
133
|
+
async cleanup(containerName) {
|
|
134
|
+
try {
|
|
135
|
+
await execFileAsync('docker', ['rm', '-f', containerName]);
|
|
136
|
+
}
|
|
137
|
+
catch {
|
|
138
|
+
// Container already removed or never existed — not an error
|
|
139
|
+
}
|
|
140
|
+
}
|
|
141
|
+
/**
|
|
142
|
+
* Probe whether Docker is installed and the daemon is running.
|
|
143
|
+
*/
|
|
144
|
+
async isDockerAvailable() {
|
|
145
|
+
try {
|
|
146
|
+
const { stdout } = await execFileAsync('docker', ['version', '--format', '{{.Server.Version}}']);
|
|
147
|
+
return { available: true, version: stdout.trim() };
|
|
148
|
+
}
|
|
149
|
+
catch (error_) {
|
|
150
|
+
const msg = error_ instanceof Error ? error_.message : String(error_);
|
|
151
|
+
return { available: false, error: msg };
|
|
152
|
+
}
|
|
153
|
+
}
|
|
154
|
+
/**
|
|
155
|
+
* Probe whether the gVisor runtime (runsc) is registered with Docker.
|
|
156
|
+
*/
|
|
157
|
+
async isGVisorAvailable() {
|
|
158
|
+
try {
|
|
159
|
+
await execFileAsync('docker', ['run', '--rm', '--runtime=runsc', 'hello-world']);
|
|
160
|
+
return { available: true };
|
|
161
|
+
}
|
|
162
|
+
catch (error_) {
|
|
163
|
+
const msg = error_ instanceof Error ? error_.message : String(error_);
|
|
164
|
+
return { available: false, error: msg };
|
|
165
|
+
}
|
|
166
|
+
}
|
|
167
|
+
// --------------------------------------------------------------------------
|
|
168
|
+
// Private helpers
|
|
169
|
+
// --------------------------------------------------------------------------
|
|
170
|
+
generateContainerName() {
|
|
171
|
+
return `${this.containerPrefix}-${randomUUID().slice(0, 8)}`;
|
|
172
|
+
}
|
|
173
|
+
resolveResourceLimits(partial) {
|
|
174
|
+
return { ...DEFAULT_RESOURCE_LIMITS, ...partial };
|
|
175
|
+
}
|
|
176
|
+
/**
|
|
177
|
+
* Build the complete `docker run` argument array.
|
|
178
|
+
* Does NOT include the `docker` binary itself.
|
|
179
|
+
*/
|
|
180
|
+
buildRunArgs(containerName, config, limits) {
|
|
181
|
+
const args = ['run', '--rm', '--name', containerName];
|
|
182
|
+
// Resource limits
|
|
183
|
+
applyResourceFlags(args, limits);
|
|
184
|
+
// Network
|
|
185
|
+
applyNetworkFlags(args, config.networkPermitted ?? false);
|
|
186
|
+
// Filesystem isolation
|
|
187
|
+
applyFilesystemFlags(args, config, limits.maxDiskSpace);
|
|
188
|
+
// Security hardening
|
|
189
|
+
args.push('--cap-drop=ALL', '--security-opt=no-new-privileges', '--user=65534:65534');
|
|
190
|
+
// gVisor runtime (best-effort — falls through to standard if unavailable)
|
|
191
|
+
if (config.useGVisor) {
|
|
192
|
+
args.push('--runtime=runsc');
|
|
193
|
+
}
|
|
194
|
+
// Working directory
|
|
195
|
+
args.push('-w', config.workDir ?? '/plugin');
|
|
196
|
+
// Environment variables
|
|
197
|
+
applyEnvFlags(args, config.env);
|
|
198
|
+
// Image + command
|
|
199
|
+
args.push(config.image, ...config.command);
|
|
200
|
+
return args;
|
|
201
|
+
}
|
|
202
|
+
/**
|
|
203
|
+
* Spawn `docker run [args]`, enforce time limit, return stdout/stderr/exit code.
|
|
204
|
+
*/
|
|
205
|
+
async spawnWithTimeout(args, containerName, limitMs) {
|
|
206
|
+
const proc = spawn('docker', args, { stdio: 'pipe' });
|
|
207
|
+
const stdoutChunks = [];
|
|
208
|
+
const stderrChunks = [];
|
|
209
|
+
let timedOut = false;
|
|
210
|
+
proc.stdout?.on('data', (chunk) => stdoutChunks.push(chunk));
|
|
211
|
+
proc.stderr?.on('data', (chunk) => stderrChunks.push(chunk));
|
|
212
|
+
const timer = setTimeout(() => {
|
|
213
|
+
timedOut = true;
|
|
214
|
+
void this.stopContainer(containerName);
|
|
215
|
+
}, limitMs);
|
|
216
|
+
const exitCode = await new Promise((resolve) => {
|
|
217
|
+
proc.on('close', (code) => resolve(code));
|
|
218
|
+
proc.on('error', () => resolve(null));
|
|
219
|
+
});
|
|
220
|
+
clearTimeout(timer);
|
|
221
|
+
return {
|
|
222
|
+
exitCode,
|
|
223
|
+
stdout: Buffer.concat(stdoutChunks).toString('utf8'),
|
|
224
|
+
stderr: Buffer.concat(stderrChunks).toString('utf8'),
|
|
225
|
+
timedOut,
|
|
226
|
+
};
|
|
227
|
+
}
|
|
228
|
+
/**
|
|
229
|
+
* Gracefully stop then forcefully remove a running container.
|
|
230
|
+
* First sends SIGTERM (via `docker stop --time=10`), then ensures removal.
|
|
231
|
+
*/
|
|
232
|
+
async stopContainer(containerName) {
|
|
233
|
+
try {
|
|
234
|
+
// 10-second grace period before Docker sends SIGKILL
|
|
235
|
+
await execFileAsync('docker', ['stop', '--time', '10', containerName]);
|
|
236
|
+
}
|
|
237
|
+
catch {
|
|
238
|
+
// Container may have already exited — attempt force kill
|
|
239
|
+
try {
|
|
240
|
+
await execFileAsync('docker', ['kill', containerName]);
|
|
241
|
+
}
|
|
242
|
+
catch {
|
|
243
|
+
// Already gone — ignore
|
|
244
|
+
}
|
|
245
|
+
}
|
|
246
|
+
}
|
|
247
|
+
}
|
|
248
|
+
//# sourceMappingURL=docker-plugin-runner.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"docker-plugin-runner.js","sourceRoot":"","sources":["../../../../../packages/ai/src/plugins/runtime/docker-plugin-runner.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAQzC,OAAO,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAErD,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAE1C,8EAA8E;AAC9E,oCAAoC;AACpC,8EAA8E;AAE9E,MAAM,cAAc,GAAG,8BAA8B,CAAC;AAEtD;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,KAAa;IAC3C,MAAM,KAAK,GAAG,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IAChD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,sBAAsB,KAAK,gDAAgD,CAAC,CAAC;IAC/F,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC;IAClD,MAAM,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;IAC7C,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,IAAI,CAAC,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACpC,KAAK,GAAG,CAAC,CAAE,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,CAAC;QAC5C,KAAK,GAAG,CAAC,CAAE,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC;QAC7C,KAAK,GAAG,CAAC,CAAE,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,SAAS,CAAC,CAAC;QAChD,OAAO,CAAC,CAAG,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,CAAC;IAC9C,CAAC;AACH,CAAC;AAED,MAAM,YAAY,GAAG,uCAAuC,CAAC;AAE7D;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,KAAa;IAC3C,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IAC9C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,0BAA0B,KAAK,oCAAoC,CAAC,CAAC;IACvF,CAAC;IACD,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC;IACjC,MAAM,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IAChD,OAAO,GAAG,MAAM,GAAG,IAAI,EAAE,CAAC;AAC5B,CAAC;AAED,8EAA8E;AAC9E,2BAA2B;AAC3B,8EAA8E;AAE9E,SAAS,kBAAkB,CAAC,IAAc,EAAE,MAA6B;IACvE,IAAI,CAAC,IAAI,CAAC,YAAY,eAAe,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,EAAE,UAAU,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;AACxF,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAc,EAAE,gBAAyB;IAClE,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IAC9B,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAC3B,IAAc,EACd,MAAqB,EACrB,SAAiB;IAEjB,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAC3B,CAAC;IACD,2CAA2C;IAC3C,IAAI,CAAC,IAAI,CAAC,sCAAsC,eAAe,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IAE9E,uEAAuE;IACvE,IAAI,MAAM,CAAC,cAAc,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;QACnD,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;YAC1C,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,IAAc,EAAE,GAA4B;IACjE,IAAI,CAAC,GAAG;QAAE,OAAO;IACjB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC,CAAC;IACrC,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAE9E;;;;;;;;;;;;;GAaG;AACH,MAAM,OAAO,kBAAkB;IACZ,eAAe,CAAS;IAEzC,YAAY,eAAe,GAAG,cAAc;QAC1C,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;IACzC,CAAC;IAED,6EAA6E;IAC7E,aAAa;IACb,6EAA6E;IAE7E;;;OAGG;IACH,KAAK,CAAC,GAAG,CAAC,MAAqB;QAC7B,MAAM,aAAa,GAAG,IAAI,CAAC,qBAAqB,EAAE,CAAC;QACnD,MAAM,MAAM,GAAG,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;QACjE,MAAM,OAAO,GAAG,eAAe,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,aAAa,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QACjE,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAE7B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,aAAa,EAAE,OAAO,CAAC,CAAC;QAE5E,OAAO;YACL,GAAG,MAAM;YACT,aAAa;YACb,eAAe,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;SACxC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CAAC,aAAqB;QACjC,IAAI,CAAC;YACH,MAAM,aAAa,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,aAAa,CAAC,CAAC,CAAC;QAC7D,CAAC;QAAC,MAAM,CAAC;YACP,4DAA4D;QAC9D,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,iBAAiB;QACrB,IAAI,CAAC;YACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,qBAAqB,CAAC,CAAC,CAAC;YACjG,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;QACrD,CAAC;QAAC,OAAO,MAAM,EAAE,CAAC;YAChB,MAAM,GAAG,GAAG,MAAM,YAAY,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YACtE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;QAC1C,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,iBAAiB;QACrB,IAAI,CAAC;YACH,MAAM,aAAa,CAAC,QAAQ,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,aAAa,CAAC,CAAC,CAAC;YACjF,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;QAC7B,CAAC;QAAC,OAAO,MAAM,EAAE,CAAC;YAChB,MAAM,GAAG,GAAG,MAAM,YAAY,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YACtE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,6EAA6E;IAC7E,kBAAkB;IAClB,6EAA6E;IAErE,qBAAqB;QAC3B,OAAO,GAAG,IAAI,CAAC,eAAe,IAAI,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;IAC/D,CAAC;IAEO,qBAAqB,CAC3B,OAAwC;QAExC,OAAO,EAAE,GAAG,uBAAuB,EAAE,GAAG,OAAO,EAAE,CAAC;IACpD,CAAC;IAED;;;OAGG;IACK,YAAY,CAClB,aAAqB,EACrB,MAAqB,EACrB,MAA6B;QAE7B,MAAM,IAAI,GAAa,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC;QAEhE,kBAAkB;QAClB,kBAAkB,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAEjC,UAAU;QACV,iBAAiB,CAAC,IAAI,EAAE,MAAM,CAAC,gBAAgB,IAAI,KAAK,CAAC,CAAC;QAE1D,uBAAuB;QACvB,oBAAoB,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;QAExD,qBAAqB;QACrB,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,kCAAkC,EAAE,oBAAoB,CAAC,CAAC;QAEtF,0EAA0E;QAC1E,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACrB,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QAC/B,CAAC;QAED,oBAAoB;QACpB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,IAAI,SAAS,CAAC,CAAC;QAE7C,wBAAwB;QACxB,aAAa,CAAC,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QAEhC,kBAAkB;QAClB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;QAE3C,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,gBAAgB,CAC5B,IAAc,EACd,aAAqB,EACrB,OAAe;QAEf,MAAM,IAAI,GAAG,KAAK,CAAC,QAAQ,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QACtD,MAAM,YAAY,GAAa,EAAE,CAAC;QAClC,MAAM,YAAY,GAAa,EAAE,CAAC;QAClC,IAAI,QAAQ,GAAG,KAAK,CAAC;QAErB,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QACrE,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QAErE,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,QAAQ,GAAG,IAAI,CAAC;YAChB,KAAK,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC;QACzC,CAAC,EAAE,OAAO,CAAC,CAAC;QAEZ,MAAM,QAAQ,GAAG,MAAM,IAAI,OAAO,CAAgB,CAAC,OAAO,EAAE,EAAE;YAC5D,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;YAC1C,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,YAAY,CAAC,KAAK,CAAC,CAAC;QAEpB,OAAO;YACL,QAAQ;YACR,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC;YACpD,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC;YACpD,QAAQ;SACT,CAAC;IACJ,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,aAAa,CAAC,aAAqB;QAC/C,IAAI,CAAC;YACH,qDAAqD;YACrD,MAAM,aAAa,CAAC,QAAQ,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,aAAa,CAAC,CAAC,CAAC;QACzE,CAAC;QAAC,MAAM,CAAC;YACP,yDAAyD;YACzD,IAAI,CAAC;gBACH,MAAM,aAAa,CAAC,QAAQ,EAAE,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC;YACzD,CAAC;YAAC,MAAM,CAAC;gBACP,wBAAwB;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;CACF"}
|
|
@@ -0,0 +1,99 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* gVisor Plugin Runner
|
|
3
|
+
*
|
|
4
|
+
* Extends DockerPluginRunner with gVisor (runsc) runtime support.
|
|
5
|
+
* Enforces TLP-based runtime selection:
|
|
6
|
+
* - TLP:CLEAR / TLP:GREEN → standard Docker (no gVisor required)
|
|
7
|
+
* - TLP:AMBER → gVisor preferred; gracefully falls back to Docker
|
|
8
|
+
* - TLP:RED → gVisor required; throws if unavailable
|
|
9
|
+
*
|
|
10
|
+
* gVisor (runsc) provides an additional kernel isolation layer on top of
|
|
11
|
+
* Docker by intercepting all guest system calls via a user-space kernel.
|
|
12
|
+
* This significantly reduces the attack surface for privilege escalation
|
|
13
|
+
* exploits in high-sensitivity (AMBER/RED) plugin workloads.
|
|
14
|
+
*
|
|
15
|
+
* Specification: Plugin Marketplace Security — Phase 15 (gVisor Integration)
|
|
16
|
+
*
|
|
17
|
+
* @see https://gvisor.dev/docs/
|
|
18
|
+
* @module plugins/runtime/gvisor-plugin-runner
|
|
19
|
+
* @version 1.0.0
|
|
20
|
+
* @date 2026-02-28
|
|
21
|
+
* @license MIT
|
|
22
|
+
*/
|
|
23
|
+
import { DockerPluginRunner } from './docker-plugin-runner.js';
|
|
24
|
+
import type { SandboxConfig, SandboxResult, GVisorProbeResult } from './types.js';
|
|
25
|
+
import type { TLPLevel } from '../../types/delegation-contracts.js';
|
|
26
|
+
/**
|
|
27
|
+
* Thrown when a TLP:RED plugin cannot be executed because the gVisor
|
|
28
|
+
* runtime (runsc) is not available on the host machine.
|
|
29
|
+
*
|
|
30
|
+
* TLP:RED plugins are blocked unconditionally if gVisor is absent —
|
|
31
|
+
* unlike TLP:AMBER which falls back to standard Docker with a warning.
|
|
32
|
+
*/
|
|
33
|
+
export declare class GVisorRequiredError extends Error {
|
|
34
|
+
readonly code = "GVISOR_REQUIRED";
|
|
35
|
+
constructor(message: string);
|
|
36
|
+
}
|
|
37
|
+
/** Extended result that records which container runtime was actually used. */
|
|
38
|
+
export interface GVisorSandboxResult extends SandboxResult {
|
|
39
|
+
/** Indicates whether gVisor or standard Docker executed the plugin. */
|
|
40
|
+
runtimeUsed: 'gvisor' | 'docker';
|
|
41
|
+
/** The TLP level that drove runtime selection. */
|
|
42
|
+
tlpLevel: TLPLevel;
|
|
43
|
+
}
|
|
44
|
+
/**
|
|
45
|
+
* Plugin runner with gVisor (runsc) isolation support and TLP enforcement.
|
|
46
|
+
*
|
|
47
|
+
* Inherits all standard Docker sandbox behaviour from DockerPluginRunner and
|
|
48
|
+
* adds:
|
|
49
|
+
* 1. Lightweight PATH-based gVisor detection (no Docker daemon required).
|
|
50
|
+
* 2. `runWithTlp()` — TLP-aware `run()` wrapper that automatically selects
|
|
51
|
+
* `--runtime=runsc` for AMBER/RED plugins and enforces blocking for RED
|
|
52
|
+
* when gVisor is absent.
|
|
53
|
+
*
|
|
54
|
+
* @example
|
|
55
|
+
* ```ts
|
|
56
|
+
* const runner = new GVisorPluginRunner();
|
|
57
|
+
* const result = await runner.runWithTlp(
|
|
58
|
+
* { image: 'dcyfr-plugin-sandbox:latest', command: ['node', 'dist/index.js'] },
|
|
59
|
+
* 'TLP:AMBER',
|
|
60
|
+
* );
|
|
61
|
+
* console.log(result.runtimeUsed); // 'gvisor' | 'docker'
|
|
62
|
+
* console.log(result.tlpLevel); // 'TLP:AMBER'
|
|
63
|
+
* ```
|
|
64
|
+
*/
|
|
65
|
+
export declare class GVisorPluginRunner extends DockerPluginRunner {
|
|
66
|
+
/**
|
|
67
|
+
* Probe whether the gVisor `runsc` binary is present on this machine.
|
|
68
|
+
*
|
|
69
|
+
* Uses a two-stage lightweight check — no Docker daemon required:
|
|
70
|
+
* 1. `which runsc` — succeeds on most Linux/macOS installations.
|
|
71
|
+
* 2. `runsc --version` — fallback for non-standard PATH configurations.
|
|
72
|
+
*
|
|
73
|
+
* This is faster than DockerPluginRunner.isGVisorAvailable() which spins
|
|
74
|
+
* up a full container and pulls `hello-world`. Use this method for all
|
|
75
|
+
* availability checks before scheduling plugin workloads.
|
|
76
|
+
*/
|
|
77
|
+
isGVisorAvailable(): Promise<GVisorProbeResult>;
|
|
78
|
+
/**
|
|
79
|
+
* Execute a plugin with TLP-level-aware runtime selection.
|
|
80
|
+
*
|
|
81
|
+
* Runtime selection table:
|
|
82
|
+
*
|
|
83
|
+
* | TLP Level | gVisor Available | Behaviour |
|
|
84
|
+
* |-------------|------------------|--------------------------------------------|
|
|
85
|
+
* | CLEAR/GREEN | any | Standard Docker (--runtime flag omitted) |
|
|
86
|
+
* | AMBER | yes | gVisor (--runtime=runsc) |
|
|
87
|
+
* | AMBER | no | Docker fallback; warning prepended to stderr |
|
|
88
|
+
* | RED | yes | gVisor (--runtime=runsc) |
|
|
89
|
+
* | RED | no | Throws GVisorRequiredError — BLOCKED |
|
|
90
|
+
*
|
|
91
|
+
* @param config Standard SandboxConfig. The `useGVisor` field is managed
|
|
92
|
+
* automatically and should be omitted by callers.
|
|
93
|
+
* @param tlpLevel Plugin data classification. Defaults to 'TLP:CLEAR'.
|
|
94
|
+
* @returns SandboxResult enriched with `runtimeUsed` and `tlpLevel`.
|
|
95
|
+
* @throws {GVisorRequiredError} When tlpLevel is 'TLP:RED' and gVisor is unavailable.
|
|
96
|
+
*/
|
|
97
|
+
runWithTlp(config: SandboxConfig, tlpLevel?: TLPLevel): Promise<GVisorSandboxResult>;
|
|
98
|
+
}
|
|
99
|
+
//# sourceMappingURL=gvisor-plugin-runner.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"gvisor-plugin-runner.d.ts","sourceRoot":"","sources":["../../../../../packages/ai/src/plugins/runtime/gvisor-plugin-runner.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAIH,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,KAAK,EAAE,aAAa,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAClF,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,qCAAqC,CAAC;AAQpE;;;;;;GAMG;AACH,qBAAa,mBAAoB,SAAQ,KAAK;IAC5C,QAAQ,CAAC,IAAI,qBAAqB;gBAEtB,OAAO,EAAE,MAAM;CAM5B;AAMD,8EAA8E;AAC9E,MAAM,WAAW,mBAAoB,SAAQ,aAAa;IACxD,uEAAuE;IACvE,WAAW,EAAE,QAAQ,GAAG,QAAQ,CAAC;IACjC,kDAAkD;IAClD,QAAQ,EAAE,QAAQ,CAAC;CACpB;AAMD;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,qBAAa,kBAAmB,SAAQ,kBAAkB;IAKxD;;;;;;;;;;OAUG;IACY,iBAAiB,IAAI,OAAO,CAAC,iBAAiB,CAAC;IAsB9D;;;;;;;;;;;;;;;;;;OAkBG;IACG,UAAU,CACd,MAAM,EAAE,aAAa,EACrB,QAAQ,GAAE,QAAsB,GAC/B,OAAO,CAAC,mBAAmB,CAAC;CAyChC"}
|