@flowdot.ai/guardian-agent 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/errors.d.ts +24 -0
- package/dist/errors.d.ts.map +1 -1
- package/dist/errors.js +26 -0
- package/dist/errors.js.map +1 -1
- package/dist/gate/two-key.d.ts +62 -0
- package/dist/gate/two-key.d.ts.map +1 -1
- package/dist/gate/two-key.js.map +1 -1
- package/dist/index.d.ts +14 -5
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +9 -3
- package/dist/index.js.map +1 -1
- package/dist/policy/gate-adapter.d.ts +29 -0
- package/dist/policy/gate-adapter.d.ts.map +1 -0
- package/dist/policy/gate-adapter.js +43 -0
- package/dist/policy/gate-adapter.js.map +1 -0
- package/dist/policy/loader.js +6 -0
- package/dist/policy/loader.js.map +1 -1
- package/dist/runtime/runtime.d.ts +59 -4
- package/dist/runtime/runtime.d.ts.map +1 -1
- package/dist/runtime/runtime.js +235 -13
- package/dist/runtime/runtime.js.map +1 -1
- package/package.json +1 -1
package/dist/errors.d.ts
CHANGED
|
@@ -25,4 +25,28 @@ export declare class GuardianIntegrityError extends Error {
|
|
|
25
25
|
readonly detail: string | undefined;
|
|
26
26
|
constructor(message: string, detail?: string);
|
|
27
27
|
}
|
|
28
|
+
/**
|
|
29
|
+
* Thrown inside a tool wrapper when the configured policy gate denies the
|
|
30
|
+
* call (either a `deny` rule matched, or operator confirmation came back
|
|
31
|
+
* denied/timed out from a `prompt` decision). v0.2.0+.
|
|
32
|
+
*
|
|
33
|
+
* Distinct from {@link GuardianHaltedError}: a policy denial is per-call
|
|
34
|
+
* (next call may be allowed by a different rule, or after a re-prompt), and
|
|
35
|
+
* does NOT press the local E-stop. An E-stop denial throws
|
|
36
|
+
* `GuardianHaltedError` instead.
|
|
37
|
+
*/
|
|
38
|
+
export declare class PolicyDenialError extends Error {
|
|
39
|
+
readonly category: string;
|
|
40
|
+
readonly identifier: string;
|
|
41
|
+
readonly policyIdentifier: string;
|
|
42
|
+
readonly scope: string;
|
|
43
|
+
readonly ruleTool: string | undefined;
|
|
44
|
+
constructor(message: string, detail: {
|
|
45
|
+
category: string;
|
|
46
|
+
identifier: string;
|
|
47
|
+
policyIdentifier: string;
|
|
48
|
+
scope: string;
|
|
49
|
+
ruleTool?: string;
|
|
50
|
+
});
|
|
51
|
+
}
|
|
28
52
|
//# sourceMappingURL=errors.d.ts.map
|
package/dist/errors.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;;GAGG;AACH,qBAAa,mBAAoB,SAAQ,KAAK;IAC5C,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC;IACpC,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,SAAS,CAAC;gBAE5B,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM;CAMlE;AAED;;;GAGG;AACH,qBAAa,mBAAoB,SAAQ,KAAK;gBAChC,OAAO,EAAE,MAAM;CAI5B;AAED;;;GAGG;AACH,qBAAa,sBAAuB,SAAQ,KAAK;IAC/C,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC;gBAExB,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM;CAK7C"}
|
|
1
|
+
{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;;GAGG;AACH,qBAAa,mBAAoB,SAAQ,KAAK;IAC5C,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC;IACpC,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,SAAS,CAAC;gBAE5B,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM;CAMlE;AAED;;;GAGG;AACH,qBAAa,mBAAoB,SAAQ,KAAK;gBAChC,OAAO,EAAE,MAAM;CAI5B;AAED;;;GAGG;AACH,qBAAa,sBAAuB,SAAQ,KAAK;IAC/C,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC;gBAExB,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM;CAK7C;AAED;;;;;;;;;GASG;AACH,qBAAa,iBAAkB,SAAQ,KAAK;IAC1C,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAC;gBAGpC,OAAO,EAAE,MAAM,EACf,MAAM,EAAE;QACN,QAAQ,EAAE,MAAM,CAAC;QACjB,UAAU,EAAE,MAAM,CAAC;QACnB,gBAAgB,EAAE,MAAM,CAAC;QACzB,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB;CAUJ"}
|
package/dist/errors.js
CHANGED
|
@@ -37,4 +37,30 @@ export class GuardianIntegrityError extends Error {
|
|
|
37
37
|
this.detail = detail;
|
|
38
38
|
}
|
|
39
39
|
}
|
|
40
|
+
/**
|
|
41
|
+
* Thrown inside a tool wrapper when the configured policy gate denies the
|
|
42
|
+
* call (either a `deny` rule matched, or operator confirmation came back
|
|
43
|
+
* denied/timed out from a `prompt` decision). v0.2.0+.
|
|
44
|
+
*
|
|
45
|
+
* Distinct from {@link GuardianHaltedError}: a policy denial is per-call
|
|
46
|
+
* (next call may be allowed by a different rule, or after a re-prompt), and
|
|
47
|
+
* does NOT press the local E-stop. An E-stop denial throws
|
|
48
|
+
* `GuardianHaltedError` instead.
|
|
49
|
+
*/
|
|
50
|
+
export class PolicyDenialError extends Error {
|
|
51
|
+
category;
|
|
52
|
+
identifier;
|
|
53
|
+
policyIdentifier;
|
|
54
|
+
scope;
|
|
55
|
+
ruleTool;
|
|
56
|
+
constructor(message, detail) {
|
|
57
|
+
super(message);
|
|
58
|
+
this.name = 'PolicyDenialError';
|
|
59
|
+
this.category = detail.category;
|
|
60
|
+
this.identifier = detail.identifier;
|
|
61
|
+
this.policyIdentifier = detail.policyIdentifier;
|
|
62
|
+
this.scope = detail.scope;
|
|
63
|
+
this.ruleTool = detail.ruleTool;
|
|
64
|
+
}
|
|
65
|
+
}
|
|
40
66
|
//# sourceMappingURL=errors.js.map
|
package/dist/errors.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;;GAGG;AACH,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IACnC,MAAM,CAAqB;IAC3B,UAAU,CAAqB;IAExC,YAAY,OAAe,EAAE,MAAe,EAAE,UAAmB;QAC/D,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;QAClC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IAC5C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;IACpC,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,OAAO,sBAAuB,SAAQ,KAAK;IACtC,MAAM,CAAqB;IAEpC,YAAY,OAAe,EAAE,MAAe;QAC1C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAC;QACrC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;CACF"}
|
|
1
|
+
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;;GAGG;AACH,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IACnC,MAAM,CAAqB;IAC3B,UAAU,CAAqB;IAExC,YAAY,OAAe,EAAE,MAAe,EAAE,UAAmB;QAC/D,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;QAClC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IAC5C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;IACpC,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,OAAO,sBAAuB,SAAQ,KAAK;IACtC,MAAM,CAAqB;IAEpC,YAAY,OAAe,EAAE,MAAe;QAC1C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAC;QACrC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;CACF;AAED;;;;;;;;;GASG;AACH,MAAM,OAAO,iBAAkB,SAAQ,KAAK;IACjC,QAAQ,CAAS;IACjB,UAAU,CAAS;IACnB,gBAAgB,CAAS;IACzB,KAAK,CAAS;IACd,QAAQ,CAAqB;IAEtC,YACE,OAAe,EACf,MAMC;QAED,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;QAChC,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QAChC,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;QACpC,IAAI,CAAC,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,CAAC;QAChD,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;QAC1B,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;IAClC,CAAC;CACF"}
|
package/dist/gate/two-key.d.ts
CHANGED
|
@@ -23,6 +23,55 @@
|
|
|
23
23
|
* lifecycle. No reasoning about whether the call is safe — only that this
|
|
24
24
|
* class of call requires a human.
|
|
25
25
|
*/
|
|
26
|
+
import type { PolicyRule, PolicyScope, PolicyWhen } from '../policy/types.js';
|
|
27
|
+
/**
|
|
28
|
+
* Drill-down context attached to a policy-prompt gate request (v0.2.0+).
|
|
29
|
+
*
|
|
30
|
+
* The runtime populates this whenever an operator gate fires because of a
|
|
31
|
+
* policy `prompt` decision (NOT for `requiresOperatorConfirmation: true` —
|
|
32
|
+
* that path retains the legacy shape with `policy_context: undefined`). The
|
|
33
|
+
* field lets the operator UI present scope choices ("exact tool", "any tool
|
|
34
|
+
* on this MCP server", "any MCP tool") whose patterns flow back via
|
|
35
|
+
* {@link OperatorConfirmationResponse.persist_as}.
|
|
36
|
+
*/
|
|
37
|
+
export interface PolicyDrilldownContext {
|
|
38
|
+
/** Policy category (the `<category>` part of the composite identifier). */
|
|
39
|
+
category: string;
|
|
40
|
+
/** Exact identifier the call would match against (`<identifier>` after `:`). */
|
|
41
|
+
exact_identifier: string;
|
|
42
|
+
/** Full composite key (`<category>:<identifier>`). */
|
|
43
|
+
policy_identifier: string;
|
|
44
|
+
/**
|
|
45
|
+
* Suggested drill-down axes. Each axis is a {pattern, label} the operator
|
|
46
|
+
* can pick; the chosen pattern flows back via `response.persist_as.tool`.
|
|
47
|
+
* Library defaults: exact / container-wide (`<container>/*`) / category-wide
|
|
48
|
+
* (`<category>:*`). Consumers can override via gate adapter.
|
|
49
|
+
*/
|
|
50
|
+
drilldown_axes: Array<{
|
|
51
|
+
key: string;
|
|
52
|
+
pattern: string;
|
|
53
|
+
label: string;
|
|
54
|
+
}>;
|
|
55
|
+
}
|
|
56
|
+
/**
|
|
57
|
+
* Operator's persistence intent for a policy-prompt response (v0.2.0+).
|
|
58
|
+
*
|
|
59
|
+
* When the operator says "Yes for this session", "Yes forever", or "Banned
|
|
60
|
+
* forever", the UI populates this so the runtime can persist the rule via
|
|
61
|
+
* `PolicyGate.persist` before resuming dispatch. Mirrors {@link PolicyRule}.
|
|
62
|
+
*/
|
|
63
|
+
export interface PolicyPersistDecision {
|
|
64
|
+
/** Tool/identifier pattern (e.g., `mcp.tool:youtube/*`). */
|
|
65
|
+
tool: string;
|
|
66
|
+
/** Persistence scope. */
|
|
67
|
+
scope: PolicyScope;
|
|
68
|
+
/** Decision when matched. Omit for `scope: banned` (implies `deny`). */
|
|
69
|
+
decision?: Exclude<PolicyRule['decision'], undefined>;
|
|
70
|
+
/** Optional conditional clause (e.g., `{ 'model.provider': 'anthropic' }`). */
|
|
71
|
+
when?: PolicyWhen;
|
|
72
|
+
/** Optional free-text note. */
|
|
73
|
+
notes?: string;
|
|
74
|
+
}
|
|
26
75
|
/**
|
|
27
76
|
* Payload supplied to the gate when a suspended call asks for confirmation.
|
|
28
77
|
*/
|
|
@@ -41,6 +90,11 @@ export interface OperatorConfirmationRequest {
|
|
|
41
90
|
agent_id: string;
|
|
42
91
|
/** Session id stamped on the audit row. */
|
|
43
92
|
session_id: string;
|
|
93
|
+
/**
|
|
94
|
+
* Drill-down context when this gate fired from a policy `prompt` decision.
|
|
95
|
+
* Absent for `requiresOperatorConfirmation: true` gates. v0.2.0+.
|
|
96
|
+
*/
|
|
97
|
+
policy_context?: PolicyDrilldownContext;
|
|
44
98
|
}
|
|
45
99
|
/**
|
|
46
100
|
* Response from the gate. Library accepts the decision verbatim; on timeout
|
|
@@ -52,6 +106,14 @@ export interface OperatorConfirmationResponse {
|
|
|
52
106
|
operator_id?: string;
|
|
53
107
|
/** Free-text reason; primarily for denied + timeout cases. */
|
|
54
108
|
reason?: string;
|
|
109
|
+
/**
|
|
110
|
+
* Persist this rule before resuming dispatch (v0.2.0+). Used for the
|
|
111
|
+
* drill-down "Yes - session/forever" or "No - banned" flows. The library
|
|
112
|
+
* forwards the rule to {@link PolicyGate.persist} if implemented; if the
|
|
113
|
+
* gate has no persist hook, the rule is silently dropped (the immediate
|
|
114
|
+
* decision still applies; only persistence is no-op).
|
|
115
|
+
*/
|
|
116
|
+
persist_as?: PolicyPersistDecision;
|
|
55
117
|
}
|
|
56
118
|
/**
|
|
57
119
|
* The contract a consumer implements. One method.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"two-key.d.ts","sourceRoot":"","sources":["../../src/gate/two-key.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAIH;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C,gFAAgF;IAChF,OAAO,EAAE,MAAM,CAAC;IAChB,iDAAiD;IACjD,SAAS,EAAE,MAAM,CAAC;IAClB,sEAAsE;IACtE,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,8EAA8E;IAC9E,MAAM,EAAE,MAAM,CAAC;IACf,yEAAyE;IACzE,UAAU,EAAE,MAAM,CAAC;IACnB,yCAAyC;IACzC,QAAQ,EAAE,MAAM,CAAC;IACjB,2CAA2C;IAC3C,UAAU,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"two-key.d.ts","sourceRoot":"","sources":["../../src/gate/two-key.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAIH,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAE9E;;;;;;;;;GASG;AACH,MAAM,WAAW,sBAAsB;IACrC,2EAA2E;IAC3E,QAAQ,EAAE,MAAM,CAAC;IACjB,gFAAgF;IAChF,gBAAgB,EAAE,MAAM,CAAC;IACzB,sDAAsD;IACtD,iBAAiB,EAAE,MAAM,CAAC;IAC1B;;;;;OAKG;IACH,cAAc,EAAE,KAAK,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACxE;AAED;;;;;;GAMG;AACH,MAAM,WAAW,qBAAqB;IACpC,4DAA4D;IAC5D,IAAI,EAAE,MAAM,CAAC;IACb,yBAAyB;IACzB,KAAK,EAAE,WAAW,CAAC;IACnB,wEAAwE;IACxE,QAAQ,CAAC,EAAE,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,SAAS,CAAC,CAAC;IACtD,+EAA+E;IAC/E,IAAI,CAAC,EAAE,UAAU,CAAC;IAClB,+BAA+B;IAC/B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C,gFAAgF;IAChF,OAAO,EAAE,MAAM,CAAC;IAChB,iDAAiD;IACjD,SAAS,EAAE,MAAM,CAAC;IAClB,sEAAsE;IACtE,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,8EAA8E;IAC9E,MAAM,EAAE,MAAM,CAAC;IACf,yEAAyE;IACzE,UAAU,EAAE,MAAM,CAAC;IACnB,yCAAyC;IACzC,QAAQ,EAAE,MAAM,CAAC;IACjB,2CAA2C;IAC3C,UAAU,EAAE,MAAM,CAAC;IACnB;;;OAGG;IACH,cAAc,CAAC,EAAE,sBAAsB,CAAC;CACzC;AAED;;;GAGG;AACH,MAAM,WAAW,4BAA4B;IAC3C,QAAQ,EAAE,UAAU,GAAG,QAAQ,CAAC;IAChC,mEAAmE;IACnE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,8DAA8D;IAC9D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;;;;OAMG;IACH,UAAU,CAAC,EAAE,qBAAqB,CAAC;CACpC;AAED;;;;;;GAMG;AACH,MAAM,WAAW,wBAAwB;IACvC,OAAO,CACL,GAAG,EAAE,2BAA2B,GAC/B,OAAO,CAAC,4BAA4B,CAAC,GAAG,4BAA4B,CAAC;CACzE;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAClC,EAAE,EAAE,CACF,GAAG,EAAE,2BAA2B,KAC7B,OAAO,CAAC,4BAA4B,CAAC,GAAG,4BAA4B,GACxE,wBAAwB,CAE1B;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,SAAgC,GAAG,wBAAwB,CAIpG;AAED;;GAEG;AACH,wBAAgB,SAAS,IAAI,MAAM,CAElC;AAED;;;;GAIG;AACH,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,wBAAwB,EAC9B,OAAO,EAAE,2BAA2B,GACnC,OAAO,CAAC,4BAA4B,CAAC,CAiBvC"}
|
package/dist/gate/two-key.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"two-key.js","sourceRoot":"","sources":["../../src/gate/two-key.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,OAAO,CAAC;
|
|
1
|
+
{"version":3,"file":"two-key.js","sourceRoot":"","sources":["../../src/gate/two-key.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,OAAO,CAAC;AA4G7B;;;;;;GAMG;AACH,MAAM,UAAU,oBAAoB,CAClC,EAEyE;IAEzE,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;AACzB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,mBAAmB,CAAC,MAAM,GAAG,6BAA6B;IACxE,OAAO;QACL,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;KAChD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS;IACvB,OAAO,KAAK,GAAG,IAAI,EAAE,CAAC;AACxB,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,IAA8B,EAC9B,OAAoC;IAEpC,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC;IACrC,IAAI,KAAgD,CAAC;IACrD,MAAM,OAAO,GAAG,IAAI,OAAO,CAA+B,CAAC,OAAO,EAAE,EAAE;QACpE,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YACtB,OAAO,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;QACrD,CAAC,EAAE,SAAS,CAAC,CAAC;IAChB,CAAC,CAAC,CAAC;IACH,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;YAChC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YACtC,OAAO;SACR,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;YAAS,CAAC;QACT,IAAI,KAAK,KAAK,SAAS;YAAE,YAAY,CAAC,KAAK,CAAC,CAAC;IAC/C,CAAC;AACH,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -2,10 +2,10 @@
|
|
|
2
2
|
* @flowdot.ai/guardian-agent — public API surface.
|
|
3
3
|
* SPEC: see flowdot-llc/guardian-agent/SPEC.md (v0.2.0).
|
|
4
4
|
*/
|
|
5
|
-
export declare const VERSION: "0.
|
|
5
|
+
export declare const VERSION: "0.2.0";
|
|
6
6
|
export { SPEC_VERSION } from './types.js';
|
|
7
7
|
export { GuardianRuntime } from './runtime/runtime.js';
|
|
8
|
-
export type { GuardianRuntimeOptions, ToolOptions } from './runtime/runtime.js';
|
|
8
|
+
export type { GuardianRuntimeOptions, ToolOptions, PolicyGate, PolicyIdentifierFn, PolicyIdentifierCall, } from './runtime/runtime.js';
|
|
9
9
|
export { defineHoneytokenSet, matchPhantomTool, matchHoneytokenInArgs, checkHoneytoken, } from './runtime/honeytokens.js';
|
|
10
10
|
export type { Honeytoken, HoneytokenSet, HoneytokenHit } from './runtime/honeytokens.js';
|
|
11
11
|
export { CapabilityWindow } from './runtime/capability.js';
|
|
@@ -22,12 +22,21 @@ export type { EStopState, EStopPressOptions, EStopClearOptions, EStopPressResult
|
|
|
22
22
|
export { CLASSIC_FOUR, FLOWDOT_FIVE, defineGateOptionSet, findOption, resolveOption, } from './gate/options.js';
|
|
23
23
|
export type { GateOption, GateOptionSet } from './gate/options.js';
|
|
24
24
|
export { callbackOperatorGate, denyAllOperatorGate, newGateId, awaitWithTimeout, } from './gate/two-key.js';
|
|
25
|
-
export type { OperatorConfirmationGate, OperatorConfirmationRequest, OperatorConfirmationResponse, } from './gate/two-key.js';
|
|
25
|
+
export type { OperatorConfirmationGate, OperatorConfirmationRequest, OperatorConfirmationResponse, PolicyDrilldownContext, PolicyPersistDecision, } from './gate/two-key.js';
|
|
26
|
+
export { PolicyEvaluator, globMatch } from './policy/evaluator.js';
|
|
27
|
+
export { PolicyStore } from './policy/store.js';
|
|
28
|
+
export type { PolicyStoreOptions } from './policy/store.js';
|
|
29
|
+
export { parsePolicy, validatePolicy } from './policy/loader.js';
|
|
30
|
+
export { signPayload, verifyPayload } from './policy/integrity.js';
|
|
31
|
+
export type { SignedPolicyFile } from './policy/integrity.js';
|
|
32
|
+
export { loadOrCreateSiteKey, siteKeyFromBytes, SITE_KEY_BYTES } from './policy/site-key.js';
|
|
33
|
+
export type { SiteKey } from './policy/site-key.js';
|
|
34
|
+
export { policyStoreGate } from './policy/gate-adapter.js';
|
|
26
35
|
export { flatGlobMatch, matchAttributionPath, renderAttributionPath, ATTRIBUTION_MISSING_SEGMENT, } from './policy/attribution.js';
|
|
27
|
-
export type { PolicyWhen } from './policy/types.js';
|
|
36
|
+
export type { Policy, PolicyRule, PolicyScope, PolicyDecision, PolicyEvaluation, PolicyWhen, } from './policy/types.js';
|
|
28
37
|
export type { Notifier, NotificationEvent, NotificationKind } from './notify/types.js';
|
|
29
38
|
export { consoleNotifier, webhookNotifier, multiNotifier } from './notify/index.js';
|
|
30
39
|
export type { ConsoleNotifierOptions, WebhookNotifierOptions, MultiNotifierOptions, } from './notify/index.js';
|
|
31
40
|
export type { ModelAttribution, AuditRecord, AuditRecordKind, AuditRecordStatus, AuditRecordInitiator, } from './types.js';
|
|
32
|
-
export { GuardianHaltedError, GuardianConfigError, GuardianIntegrityError, } from './errors.js';
|
|
41
|
+
export { GuardianHaltedError, GuardianConfigError, GuardianIntegrityError, PolicyDenialError, } from './errors.js';
|
|
33
42
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,eAAO,MAAM,OAAO,EAAG,OAAgB,CAAC;AACxC,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAG1C,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,YAAY,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,eAAO,MAAM,OAAO,EAAG,OAAgB,CAAC;AACxC,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAG1C,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,YAAY,EACV,sBAAsB,EACtB,WAAW,EACX,UAAU,EACV,kBAAkB,EAClB,oBAAoB,GACrB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,qBAAqB,EACrB,eAAe,GAChB,MAAM,0BAA0B,CAAC;AAClC,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACzF,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,YAAY,EACV,eAAe,EACf,cAAc,EACd,eAAe,EACf,eAAe,EACf,uBAAuB,GACxB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AACpF,YAAY,EACV,YAAY,EACZ,uBAAuB,EACvB,cAAc,EACd,aAAa,EACb,aAAa,GACd,MAAM,iCAAiC,CAAC;AAGzC,OAAO,EACL,cAAc,EACd,cAAc,EACd,YAAY,EACZ,iBAAiB,EACjB,sBAAsB,EACtB,mBAAmB,EACnB,sBAAsB,EACtB,cAAc,EACd,aAAa,EACb,UAAU,EACV,YAAY,EACZ,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,iBAAiB,EACjB,YAAY,EACZ,iBAAiB,EACjB,iBAAiB,EACjB,IAAI,EACJ,MAAM,EACN,SAAS,EACT,iBAAiB,EACjB,uBAAuB,EACvB,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,kBAAkB,CAAC;AAC1B,YAAY,EACV,qBAAqB,EACrB,cAAc,EACd,QAAQ,EACR,kBAAkB,EAClB,kBAAkB,EAClB,mBAAmB,EACnB,YAAY,EACZ,SAAS,EACT,eAAe,EACf,cAAc,EACd,WAAW,EACX,cAAc,EACd,gBAAgB,EAChB,kBAAkB,GACnB,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,YAAY,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACxD,YAAY,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AACpE,YAAY,EACV,UAAU,EACV,iBAAiB,EACjB,iBAAiB,EACjB,gBAAgB,EAChB,gBAAgB,GACjB,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,mBAAmB,EACnB,UAAU,EACV,aAAa,GACd,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAGnE,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,SAAS,EACT,gBAAgB,GACjB,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EACV,wBAAwB,EACxB,2BAA2B,EAC3B,4BAA4B,EAC5B,sBAAsB,EACtB,qBAAqB,GACtB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AACnE,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,YAAY,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACjE,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACnE,YAAY,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAC9D,OAAO,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC7F,YAAY,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EACL,aAAa,EACb,oBAAoB,EACpB,qBAAqB,EACrB,2BAA2B,GAC5B,MAAM,yBAAyB,CAAC;AACjC,YAAY,EACV,MAAM,EACN,UAAU,EACV,WAAW,EACX,cAAc,EACd,gBAAgB,EAChB,UAAU,GACX,MAAM,mBAAmB,CAAC;AAG3B,YAAY,EAAE,QAAQ,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACvF,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AACpF,YAAY,EACV,sBAAsB,EACtB,sBAAsB,EACtB,oBAAoB,GACrB,MAAM,mBAAmB,CAAC;AAG3B,YAAY,EACV,gBAAgB,EAChB,WAAW,EACX,eAAe,EACf,iBAAiB,EACjB,oBAAoB,GACrB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,sBAAsB,EACtB,iBAAiB,GAClB,MAAM,aAAa,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
* @flowdot.ai/guardian-agent — public API surface.
|
|
3
3
|
* SPEC: see flowdot-llc/guardian-agent/SPEC.md (v0.2.0).
|
|
4
4
|
*/
|
|
5
|
-
export const VERSION = '0.
|
|
5
|
+
export const VERSION = '0.2.0';
|
|
6
6
|
export { SPEC_VERSION } from './types.js';
|
|
7
7
|
// runtime
|
|
8
8
|
export { GuardianRuntime } from './runtime/runtime.js';
|
|
@@ -18,9 +18,15 @@ export { HeartbeatMonitor } from './estop/heartbeat.js';
|
|
|
18
18
|
export { CLASSIC_FOUR, FLOWDOT_FIVE, defineGateOptionSet, findOption, resolveOption, } from './gate/options.js';
|
|
19
19
|
// two-key operator authorization (v0.9 / SPEC §4.5)
|
|
20
20
|
export { callbackOperatorGate, denyAllOperatorGate, newGateId, awaitWithTimeout, } from './gate/two-key.js';
|
|
21
|
-
// policy
|
|
21
|
+
// policy (v0.2.0+ — evaluator, store, types now part of the public surface)
|
|
22
|
+
export { PolicyEvaluator, globMatch } from './policy/evaluator.js';
|
|
23
|
+
export { PolicyStore } from './policy/store.js';
|
|
24
|
+
export { parsePolicy, validatePolicy } from './policy/loader.js';
|
|
25
|
+
export { signPayload, verifyPayload } from './policy/integrity.js';
|
|
26
|
+
export { loadOrCreateSiteKey, siteKeyFromBytes, SITE_KEY_BYTES } from './policy/site-key.js';
|
|
27
|
+
export { policyStoreGate } from './policy/gate-adapter.js';
|
|
22
28
|
export { flatGlobMatch, matchAttributionPath, renderAttributionPath, ATTRIBUTION_MISSING_SEGMENT, } from './policy/attribution.js';
|
|
23
29
|
export { consoleNotifier, webhookNotifier, multiNotifier } from './notify/index.js';
|
|
24
30
|
// errors
|
|
25
|
-
export { GuardianHaltedError, GuardianConfigError, GuardianIntegrityError, } from './errors.js';
|
|
31
|
+
export { GuardianHaltedError, GuardianConfigError, GuardianIntegrityError, PolicyDenialError, } from './errors.js';
|
|
26
32
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,CAAC,MAAM,OAAO,GAAG,OAAgB,CAAC;AACxC,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE1C,UAAU;AACV,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,CAAC,MAAM,OAAO,GAAG,OAAgB,CAAC;AACxC,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE1C,UAAU;AACV,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAQvD,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,qBAAqB,EACrB,eAAe,GAChB,MAAM,0BAA0B,CAAC;AAElC,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAQ3D,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AASpF,QAAQ;AACR,OAAO,EACL,cAAc,EACd,cAAc,EACd,YAAY,EACZ,iBAAiB,EACjB,sBAAsB,EACtB,mBAAmB,EACnB,sBAAsB,EACtB,cAAc,EACd,aAAa,EACb,UAAU,EACV,YAAY,EACZ,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,iBAAiB,EACjB,YAAY,EACZ,iBAAiB,EACjB,iBAAiB,EACjB,IAAI,EACJ,MAAM,EACN,SAAS,EACT,iBAAiB,EACjB,uBAAuB,EACvB,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,kBAAkB,CAAC;AAkB1B,QAAQ;AACR,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAUxD,mDAAmD;AACnD,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,mBAAmB,EACnB,UAAU,EACV,aAAa,GACd,MAAM,mBAAmB,CAAC;AAG3B,oDAAoD;AACpD,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,SAAS,EACT,gBAAgB,GACjB,MAAM,mBAAmB,CAAC;AAS3B,4EAA4E;AAC5E,OAAO,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AACnE,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACjE,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEnE,OAAO,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAE7F,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EACL,aAAa,EACb,oBAAoB,EACpB,qBAAqB,EACrB,2BAA2B,GAC5B,MAAM,yBAAyB,CAAC;AAYjC,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAgBpF,SAAS;AACT,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,sBAAsB,EACtB,iBAAiB,GAClB,MAAM,aAAa,CAAC"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* `policyStoreGate` — reference adapter wrapping a {@link PolicyStore} into the
|
|
3
|
+
* {@link PolicyGate} shape expected by `GuardianRuntime`. v0.2.0+.
|
|
4
|
+
*
|
|
5
|
+
* Consumers are not required to use this adapter. It exists because the most
|
|
6
|
+
* common pattern is "evaluator over the policy the store holds, with persist
|
|
7
|
+
* forwarding to `store.addRule`", and writing that wrapper inline at every
|
|
8
|
+
* surface bloats glue code.
|
|
9
|
+
*
|
|
10
|
+
* The adapter re-reads the policy on every `evaluate()` so that
|
|
11
|
+
* operator-persisted rules from earlier in the same session are visible to
|
|
12
|
+
* the next call without explicit cache invalidation. `PolicyStore` already
|
|
13
|
+
* does in-memory parsing per call, so the overhead is bounded by
|
|
14
|
+
* `readFileSync` of two small YAML files.
|
|
15
|
+
*/
|
|
16
|
+
import { PolicyStore } from './store.js';
|
|
17
|
+
import type { PolicyGate } from '../runtime/runtime.js';
|
|
18
|
+
export interface PolicyStoreGateOptions {
|
|
19
|
+
/** Cache the underlying policy across evaluate() calls. Default: false
|
|
20
|
+
* (re-read on every evaluation so operator-persisted rules are picked up
|
|
21
|
+
* immediately). When true, the consumer is responsible for calling
|
|
22
|
+
* `invalidate()` after writes. */
|
|
23
|
+
cache?: boolean;
|
|
24
|
+
}
|
|
25
|
+
/** Wrap a {@link PolicyStore} as a {@link PolicyGate}. */
|
|
26
|
+
export declare function policyStoreGate(store: PolicyStore, options?: PolicyStoreGateOptions): PolicyGate & {
|
|
27
|
+
invalidate: () => void;
|
|
28
|
+
};
|
|
29
|
+
//# sourceMappingURL=gate-adapter.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"gate-adapter.d.ts","sourceRoot":"","sources":["../../src/policy/gate-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAGH,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAGzC,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAExD,MAAM,WAAW,sBAAsB;IACrC;;;uCAGmC;IACnC,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED,0DAA0D;AAC1D,wBAAgB,eAAe,CAC7B,KAAK,EAAE,WAAW,EAClB,OAAO,GAAE,sBAA2B,GACnC,UAAU,GAAG;IAAE,UAAU,EAAE,MAAM,IAAI,CAAA;CAAE,CAwBzC"}
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* `policyStoreGate` — reference adapter wrapping a {@link PolicyStore} into the
|
|
3
|
+
* {@link PolicyGate} shape expected by `GuardianRuntime`. v0.2.0+.
|
|
4
|
+
*
|
|
5
|
+
* Consumers are not required to use this adapter. It exists because the most
|
|
6
|
+
* common pattern is "evaluator over the policy the store holds, with persist
|
|
7
|
+
* forwarding to `store.addRule`", and writing that wrapper inline at every
|
|
8
|
+
* surface bloats glue code.
|
|
9
|
+
*
|
|
10
|
+
* The adapter re-reads the policy on every `evaluate()` so that
|
|
11
|
+
* operator-persisted rules from earlier in the same session are visible to
|
|
12
|
+
* the next call without explicit cache invalidation. `PolicyStore` already
|
|
13
|
+
* does in-memory parsing per call, so the overhead is bounded by
|
|
14
|
+
* `readFileSync` of two small YAML files.
|
|
15
|
+
*/
|
|
16
|
+
import { PolicyEvaluator } from './evaluator.js';
|
|
17
|
+
/** Wrap a {@link PolicyStore} as a {@link PolicyGate}. */
|
|
18
|
+
export function policyStoreGate(store, options = {}) {
|
|
19
|
+
const cache = options.cache === true;
|
|
20
|
+
let cached;
|
|
21
|
+
const getPolicy = () => {
|
|
22
|
+
if (cache && cached !== undefined)
|
|
23
|
+
return cached;
|
|
24
|
+
const fresh = store.getPolicy();
|
|
25
|
+
if (cache)
|
|
26
|
+
cached = fresh;
|
|
27
|
+
return fresh;
|
|
28
|
+
};
|
|
29
|
+
return {
|
|
30
|
+
evaluate(toolName, model) {
|
|
31
|
+
const evaluator = new PolicyEvaluator(getPolicy());
|
|
32
|
+
return evaluator.evaluate(toolName, model);
|
|
33
|
+
},
|
|
34
|
+
async persist(rule) {
|
|
35
|
+
await store.addRule(rule);
|
|
36
|
+
cached = undefined;
|
|
37
|
+
},
|
|
38
|
+
invalidate() {
|
|
39
|
+
cached = undefined;
|
|
40
|
+
},
|
|
41
|
+
};
|
|
42
|
+
}
|
|
43
|
+
//# sourceMappingURL=gate-adapter.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"gate-adapter.js","sourceRoot":"","sources":["../../src/policy/gate-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAcjD,0DAA0D;AAC1D,MAAM,UAAU,eAAe,CAC7B,KAAkB,EAClB,UAAkC,EAAE;IAEpC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,KAAK,IAAI,CAAC;IACrC,IAAI,MAA0B,CAAC;IAE/B,MAAM,SAAS,GAAG,GAAW,EAAE;QAC7B,IAAI,KAAK,IAAI,MAAM,KAAK,SAAS;YAAE,OAAO,MAAM,CAAC;QACjD,MAAM,KAAK,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;QAChC,IAAI,KAAK;YAAE,MAAM,GAAG,KAAK,CAAC;QAC1B,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;IAEF,OAAO;QACL,QAAQ,CAAC,QAAgB,EAAE,KAAwB;YACjD,MAAM,SAAS,GAAG,IAAI,eAAe,CAAC,SAAS,EAAE,CAAC,CAAC;YACnD,OAAO,SAAS,CAAC,QAAQ,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QAC7C,CAAC;QACD,KAAK,CAAC,OAAO,CAAC,IAAgB;YAC5B,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAC1B,MAAM,GAAG,SAAS,CAAC;QACrB,CAAC;QACD,UAAU;YACR,MAAM,GAAG,SAAS,CAAC;QACrB,CAAC;KACF,CAAC;AACJ,CAAC"}
|
package/dist/policy/loader.js
CHANGED
|
@@ -102,6 +102,12 @@ function validateRule(raw, index) {
|
|
|
102
102
|
}
|
|
103
103
|
validatedWhen['model.id'] = when['model.id'];
|
|
104
104
|
}
|
|
105
|
+
if (when.attribution_path !== undefined) {
|
|
106
|
+
if (typeof when.attribution_path !== 'string') {
|
|
107
|
+
throw new GuardianConfigError(`rule[${index}].when.attribution_path must be a string`);
|
|
108
|
+
}
|
|
109
|
+
validatedWhen.attribution_path = when.attribution_path;
|
|
110
|
+
}
|
|
105
111
|
}
|
|
106
112
|
const out = {
|
|
107
113
|
tool,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"loader.js","sourceRoot":"","sources":["../../src/policy/loader.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,KAAK,IAAI,SAAS,EAAE,MAAM,MAAM,CAAC;AAE1C,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AAGnD,MAAM,YAAY,GAA2B,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;AACtF,MAAM,oBAAoB,GAAsB,CAAC,QAAQ,EAAE,GAAG,YAAY,CAAC,CAAC;AAE5E,mDAAmD;AACnD,MAAM,UAAU,WAAW,CAAC,IAAY;IACtC,MAAM,GAAG,GAAG,SAAS,CAAC,IAAI,CAAY,CAAC;IACvC,OAAO,cAAc,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED,kFAAkF;AAClF,MAAM,UAAU,cAAc,CAAC,GAAY;IACzC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACnB,MAAM,IAAI,mBAAmB,CAAC,0BAA0B,CAAC,CAAC;IAC5D,CAAC;IACD,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;IAC5B,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxD,MAAM,IAAI,mBAAmB,CAAC,2CAA2C,CAAC,CAAC;IAC7E,CAAC;IACD,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;IAC9B,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1D,MAAM,IAAI,mBAAmB,CAAC,4CAA4C,CAAC,CAAC;IAC9E,CAAC;IAED,MAAM,WAAW,GAAG,GAAG,CAAC,QAAQ,CAAC;IACjC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,mBAAmB,CAAC,mCAAmC,CAAC,CAAC;IACrE,CAAC;IACD,MAAM,aAAa,GAAG,WAAW,CAAC,KAAK,CAAC;IACxC,IAAI,OAAO,aAAa,KAAK,QAAQ,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;QACvF,MAAM,IAAI,mBAAmB,CAC3B,wCAAwC,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC1E,CAAC;IACJ,CAAC;IACD,MAAM,gBAAgB,GAAG,WAAW,CAAC,QAAQ,CAAC;IAC9C,IAAI,gBAAgB,KAAK,SAAS,IAAI,gBAAgB,KAAK,OAAO,IAAI,gBAAgB,KAAK,MAAM,EAAE,CAAC;QAClG,MAAM,IAAI,mBAAmB,CAAC,2DAA2D,CAAC,CAAC;IAC7F,CAAC;IAED,MAAM,QAAQ,GAAG,GAAG,CAAC,KAAK,CAAC;IAC3B,IAAI,QAAQ,KAAK,SAAS,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACvD,MAAM,IAAI,mBAAmB,CAAC,0CAA0C,CAAC,CAAC;IAC5E,CAAC;IACD,MAAM,KAAK,GAAiB,EAAE,CAAC;IAC/B,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACzC,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAuB;QACnC,KAAK,EAAE,aAA4C;KACpD,CAAC;IACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACnC,QAAQ,CAAC,QAAQ,GAAG,gBAAsE,CAAC;IAC7F,CAAC;IAED,OAAO;QACL,OAAO;QACP,QAAQ;QACR,QAAQ;QACR,KAAK;KACN,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,GAAY,EAAE,KAAa;IAC/C,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACnB,MAAM,IAAI,mBAAmB,CAAC,QAAQ,KAAK,qBAAqB,CAAC,CAAC;IACpE,CAAC;IACD,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC;IACtB,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClD,MAAM,IAAI,mBAAmB,CAAC,QAAQ,KAAK,mCAAmC,CAAC,CAAC;IAClF,CAAC;IACD,IACE,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC;QAC5B,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;QAC3B,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAC5B,CAAC;QACD,MAAM,IAAI,mBAAmB,CAAC,QAAQ,KAAK,+BAA+B,CAAC,CAAC;IAC9E,CAAC;IACD,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC;IACxB,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,KAAoB,CAAC,EAAE,CAAC;QAC9E,MAAM,IAAI,mBAAmB,CAC3B,QAAQ,KAAK,0BAA0B,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACjE,CAAC;IACJ,CAAC;IACD,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;IAC9B,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,KAAK,OAAO,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QAC1E,MAAM,IAAI,mBAAmB,CAC3B,QAAQ,KAAK,6CAA6C,CAC3D,CAAC;IACJ,CAAC;IACD,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC;IACxB,IAAI,KAAK,KAAK,SAAS,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACrD,MAAM,IAAI,mBAAmB,CAAC,QAAQ,KAAK,iCAAiC,CAAC,CAAC;IAChF,CAAC;IACD,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC;IACtB,IAAI,aAAiC,CAAC;IACtC,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACpB,MAAM,IAAI,mBAAmB,CAAC,QAAQ,KAAK,iCAAiC,CAAC,CAAC;QAChF,CAAC;QACD,aAAa,GAAG,EAAE,CAAC;QACnB,IAAI,IAAI,CAAC,gBAAgB,CAAC,KAAK,SAAS,EAAE,CAAC;YACzC,IAAI,OAAO,IAAI,CAAC,gBAAgB,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAC/C,MAAM,IAAI,mBAAmB,CAAC,QAAQ,KAAK,2CAA2C,CAAC,CAAC;YAC1F,CAAC;YACD,aAAa,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC3D,CAAC;QACD,IAAI,IAAI,CAAC,UAAU,CAAC,KAAK,SAAS,EAAE,CAAC;YACnC,IAAI,OAAO,IAAI,CAAC,UAAU,CAAC,KAAK,QAAQ,EAAE,CAAC;gBACzC,MAAM,IAAI,mBAAmB,CAAC,QAAQ,KAAK,qCAAqC,CAAC,CAAC;YACpF,CAAC;YACD,aAAa,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;IAED,MAAM,GAAG,GAAe;QACtB,IAAI;QACJ,KAAK,EAAE,KAAoB;KAC5B,CAAC;IACF,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,GAAG,CAAC,QAAQ,GAAG,QAAsD,CAAC;IACxE,CAAC;IACD,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,GAAG,CAAC,KAAK,GAAG,KAAK,CAAC;IACpB,CAAC;IACD,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;QAChC,GAAG,CAAC,IAAI,GAAG,aAAa,CAAC;IAC3B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,QAAQ,CAAC,CAAU;IAC1B,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;AAClE,CAAC"}
|
|
1
|
+
{"version":3,"file":"loader.js","sourceRoot":"","sources":["../../src/policy/loader.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,KAAK,IAAI,SAAS,EAAE,MAAM,MAAM,CAAC;AAE1C,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AAGnD,MAAM,YAAY,GAA2B,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;AACtF,MAAM,oBAAoB,GAAsB,CAAC,QAAQ,EAAE,GAAG,YAAY,CAAC,CAAC;AAE5E,mDAAmD;AACnD,MAAM,UAAU,WAAW,CAAC,IAAY;IACtC,MAAM,GAAG,GAAG,SAAS,CAAC,IAAI,CAAY,CAAC;IACvC,OAAO,cAAc,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED,kFAAkF;AAClF,MAAM,UAAU,cAAc,CAAC,GAAY;IACzC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACnB,MAAM,IAAI,mBAAmB,CAAC,0BAA0B,CAAC,CAAC;IAC5D,CAAC;IACD,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;IAC5B,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxD,MAAM,IAAI,mBAAmB,CAAC,2CAA2C,CAAC,CAAC;IAC7E,CAAC;IACD,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;IAC9B,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1D,MAAM,IAAI,mBAAmB,CAAC,4CAA4C,CAAC,CAAC;IAC9E,CAAC;IAED,MAAM,WAAW,GAAG,GAAG,CAAC,QAAQ,CAAC;IACjC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,mBAAmB,CAAC,mCAAmC,CAAC,CAAC;IACrE,CAAC;IACD,MAAM,aAAa,GAAG,WAAW,CAAC,KAAK,CAAC;IACxC,IAAI,OAAO,aAAa,KAAK,QAAQ,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;QACvF,MAAM,IAAI,mBAAmB,CAC3B,wCAAwC,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC1E,CAAC;IACJ,CAAC;IACD,MAAM,gBAAgB,GAAG,WAAW,CAAC,QAAQ,CAAC;IAC9C,IAAI,gBAAgB,KAAK,SAAS,IAAI,gBAAgB,KAAK,OAAO,IAAI,gBAAgB,KAAK,MAAM,EAAE,CAAC;QAClG,MAAM,IAAI,mBAAmB,CAAC,2DAA2D,CAAC,CAAC;IAC7F,CAAC;IAED,MAAM,QAAQ,GAAG,GAAG,CAAC,KAAK,CAAC;IAC3B,IAAI,QAAQ,KAAK,SAAS,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACvD,MAAM,IAAI,mBAAmB,CAAC,0CAA0C,CAAC,CAAC;IAC5E,CAAC;IACD,MAAM,KAAK,GAAiB,EAAE,CAAC;IAC/B,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACzC,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAuB;QACnC,KAAK,EAAE,aAA4C;KACpD,CAAC;IACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACnC,QAAQ,CAAC,QAAQ,GAAG,gBAAsE,CAAC;IAC7F,CAAC;IAED,OAAO;QACL,OAAO;QACP,QAAQ;QACR,QAAQ;QACR,KAAK;KACN,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,GAAY,EAAE,KAAa;IAC/C,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACnB,MAAM,IAAI,mBAAmB,CAAC,QAAQ,KAAK,qBAAqB,CAAC,CAAC;IACpE,CAAC;IACD,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC;IACtB,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClD,MAAM,IAAI,mBAAmB,CAAC,QAAQ,KAAK,mCAAmC,CAAC,CAAC;IAClF,CAAC;IACD,IACE,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC;QAC5B,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;QAC3B,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAC5B,CAAC;QACD,MAAM,IAAI,mBAAmB,CAAC,QAAQ,KAAK,+BAA+B,CAAC,CAAC;IAC9E,CAAC;IACD,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC;IACxB,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,KAAoB,CAAC,EAAE,CAAC;QAC9E,MAAM,IAAI,mBAAmB,CAC3B,QAAQ,KAAK,0BAA0B,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACjE,CAAC;IACJ,CAAC;IACD,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;IAC9B,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,KAAK,OAAO,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QAC1E,MAAM,IAAI,mBAAmB,CAC3B,QAAQ,KAAK,6CAA6C,CAC3D,CAAC;IACJ,CAAC;IACD,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC;IACxB,IAAI,KAAK,KAAK,SAAS,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACrD,MAAM,IAAI,mBAAmB,CAAC,QAAQ,KAAK,iCAAiC,CAAC,CAAC;IAChF,CAAC;IACD,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC;IACtB,IAAI,aAAiC,CAAC;IACtC,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACpB,MAAM,IAAI,mBAAmB,CAAC,QAAQ,KAAK,iCAAiC,CAAC,CAAC;QAChF,CAAC;QACD,aAAa,GAAG,EAAE,CAAC;QACnB,IAAI,IAAI,CAAC,gBAAgB,CAAC,KAAK,SAAS,EAAE,CAAC;YACzC,IAAI,OAAO,IAAI,CAAC,gBAAgB,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAC/C,MAAM,IAAI,mBAAmB,CAAC,QAAQ,KAAK,2CAA2C,CAAC,CAAC;YAC1F,CAAC;YACD,aAAa,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC3D,CAAC;QACD,IAAI,IAAI,CAAC,UAAU,CAAC,KAAK,SAAS,EAAE,CAAC;YACnC,IAAI,OAAO,IAAI,CAAC,UAAU,CAAC,KAAK,QAAQ,EAAE,CAAC;gBACzC,MAAM,IAAI,mBAAmB,CAAC,QAAQ,KAAK,qCAAqC,CAAC,CAAC;YACpF,CAAC;YACD,aAAa,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;QAC/C,CAAC;QACD,IAAI,IAAI,CAAC,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACxC,IAAI,OAAO,IAAI,CAAC,gBAAgB,KAAK,QAAQ,EAAE,CAAC;gBAC9C,MAAM,IAAI,mBAAmB,CAAC,QAAQ,KAAK,0CAA0C,CAAC,CAAC;YACzF,CAAC;YACD,aAAa,CAAC,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,CAAC;QACzD,CAAC;IACH,CAAC;IAED,MAAM,GAAG,GAAe;QACtB,IAAI;QACJ,KAAK,EAAE,KAAoB;KAC5B,CAAC;IACF,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,GAAG,CAAC,QAAQ,GAAG,QAAsD,CAAC;IACxE,CAAC;IACD,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,GAAG,CAAC,KAAK,GAAG,KAAK,CAAC;IACpB,CAAC;IACD,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;QAChC,GAAG,CAAC,IAAI,GAAG,aAAa,CAAC;IAC3B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,QAAQ,CAAC,CAAU;IAC1B,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;AAClE,CAAC"}
|
|
@@ -1,10 +1,11 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* GuardianRuntime — the orchestrator. SPEC §4 / §5.
|
|
3
3
|
*
|
|
4
|
-
* v0.
|
|
5
|
-
*
|
|
6
|
-
*
|
|
7
|
-
*
|
|
4
|
+
* v0.2.0 wires the policy hook: when a `PolicyGate` is supplied along with a
|
|
5
|
+
* `policyIdentifier` extractor, `tool()` runs `gate.evaluate(...)` before
|
|
6
|
+
* dispatch and either allows, denies (throws `PolicyDenialError`), or routes
|
|
7
|
+
* to the operator gate with a drill-down `policy_context`. When no gate is
|
|
8
|
+
* configured, behavior is unchanged from v0.1 (fail-open audit row).
|
|
8
9
|
*/
|
|
9
10
|
import type { AuditLogWriter } from '../audit/writer.js';
|
|
10
11
|
import type { ModelAttribution } from '../types.js';
|
|
@@ -13,6 +14,50 @@ import type { EStopPressOptions } from '../estop/types.js';
|
|
|
13
14
|
import { type HoneytokenSet } from './honeytokens.js';
|
|
14
15
|
import { CapabilityWindow, type CapabilityClass, type CapabilityRule } from './capability.js';
|
|
15
16
|
import { type OperatorConfirmationGate } from '../gate/two-key.js';
|
|
17
|
+
import type { PolicyEvaluation, PolicyRule } from '../policy/types.js';
|
|
18
|
+
/**
|
|
19
|
+
* Adapter the consumer supplies to plug policy evaluation into dispatch.
|
|
20
|
+
* v0.2.0+. SPEC §3.
|
|
21
|
+
*
|
|
22
|
+
* The library never reads files or constructs evaluators on its own — the
|
|
23
|
+
* consumer wraps a {@link PolicyStore} + {@link PolicyEvaluator} (or any
|
|
24
|
+
* equivalent) into a gate. A reference adapter is {@link policyStoreGate}.
|
|
25
|
+
*
|
|
26
|
+
* `evaluate(toolName, model?)` produces a {@link PolicyEvaluation}. The
|
|
27
|
+
* runtime acts on `decision`:
|
|
28
|
+
*
|
|
29
|
+
* - `allow` → dispatch, audit `policy_check { status: 'approved' }` with the
|
|
30
|
+
* matched rule's `scope` / `matchedAt` / `rule_id`.
|
|
31
|
+
* - `deny` → throw {@link PolicyDenialError}; no dispatch. Audit row:
|
|
32
|
+
* `policy_check { status: 'denied' }`.
|
|
33
|
+
* - `prompt` → route through `operatorGate` with a `policy_context` so the
|
|
34
|
+
* operator can choose a drill-down pattern. If `persist?` is
|
|
35
|
+
* implemented and the response carries `persist_as`, the
|
|
36
|
+
* returned rule is added to the store before dispatch resumes.
|
|
37
|
+
*/
|
|
38
|
+
export interface PolicyGate {
|
|
39
|
+
evaluate(toolName: string, model?: ModelAttribution): PolicyEvaluation;
|
|
40
|
+
/** Optional persistence hook for operator drill-down responses (`persist_as`). */
|
|
41
|
+
persist?(rule: PolicyRule): Promise<void> | void;
|
|
42
|
+
}
|
|
43
|
+
/**
|
|
44
|
+
* Maps a tool call into the composite identifier the policy is evaluated
|
|
45
|
+
* against. Returning `null` skips policy evaluation for this call (audit row
|
|
46
|
+
* is the v0.1 fail-open default).
|
|
47
|
+
*
|
|
48
|
+
* The convention is `<category>:<identifier>` — for example
|
|
49
|
+
* `mcp.tool:youtube/list_videos`, `llm.call:redpill/anthropic/claude-haiku-4.5`,
|
|
50
|
+
* `toolkit.tool:youtube-data-api/list_videos`, `tool:file.read`. The library
|
|
51
|
+
* treats the joined string as an opaque pattern; consumers adopt the
|
|
52
|
+
* conventions documented in SPEC §13.5.
|
|
53
|
+
*/
|
|
54
|
+
export type PolicyIdentifierFn = (call: PolicyIdentifierCall) => string | null;
|
|
55
|
+
export interface PolicyIdentifierCall {
|
|
56
|
+
/** Tool name as passed to `runtime.tool()` (i.e., `opts.name ?? fn.name`). */
|
|
57
|
+
name: string;
|
|
58
|
+
args: Record<string, unknown>;
|
|
59
|
+
model: ModelAttribution | undefined;
|
|
60
|
+
}
|
|
16
61
|
export interface GuardianRuntimeOptions {
|
|
17
62
|
agentId: string;
|
|
18
63
|
sessionId?: string;
|
|
@@ -38,6 +83,14 @@ export interface GuardianRuntimeOptions {
|
|
|
38
83
|
operatorGate?: OperatorConfirmationGate;
|
|
39
84
|
/** Default timeout for operator confirmations. Default 5 minutes. */
|
|
40
85
|
operatorTimeoutMs?: number;
|
|
86
|
+
/**
|
|
87
|
+
* Policy gate (v0.2.0+). When set together with `policyIdentifier`, every
|
|
88
|
+
* tool call is evaluated against the consumer's policy before dispatch.
|
|
89
|
+
* See {@link PolicyGate}.
|
|
90
|
+
*/
|
|
91
|
+
policy?: PolicyGate;
|
|
92
|
+
/** Identifier extractor: turn a tool call into the policy lookup key. */
|
|
93
|
+
policyIdentifier?: PolicyIdentifierFn;
|
|
41
94
|
}
|
|
42
95
|
export interface ToolOptions {
|
|
43
96
|
name?: string;
|
|
@@ -76,6 +129,8 @@ export declare class GuardianRuntime {
|
|
|
76
129
|
readonly capabilityWindow: CapabilityWindow | undefined;
|
|
77
130
|
readonly operatorGate: OperatorConfirmationGate | undefined;
|
|
78
131
|
readonly operatorTimeoutMs: number;
|
|
132
|
+
readonly policy: PolicyGate | undefined;
|
|
133
|
+
readonly policyIdentifier: PolicyIdentifierFn | undefined;
|
|
79
134
|
private sessionOpened;
|
|
80
135
|
private closed;
|
|
81
136
|
constructor(options: GuardianRuntimeOptions);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"runtime.d.ts","sourceRoot":"","sources":["../../src/runtime/runtime.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"runtime.d.ts","sourceRoot":"","sources":["../../src/runtime/runtime.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAC3D,OAAO,EAAmB,KAAK,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACvE,OAAO,EAAE,gBAAgB,EAAE,KAAK,eAAe,EAAE,KAAK,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAC9F,OAAO,EAGL,KAAK,wBAAwB,EAG9B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEvE;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,gBAAgB,GAAG,gBAAgB,CAAC;IACvE,kFAAkF;IAClF,OAAO,CAAC,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;CAClD;AAED;;;;;;;;;;GAUG;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,IAAI,EAAE,oBAAoB,KAAK,MAAM,GAAG,IAAI,CAAC;AAE/E,MAAM,WAAW,oBAAoB;IACnC,8EAA8E;IAC9E,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,KAAK,EAAE,gBAAgB,GAAG,SAAS,CAAC;CACrC;AAED,MAAM,WAAW,sBAAsB;IACrC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,cAAc,CAAC;IACtB,KAAK,CAAC,EAAE,UAAU,CAAC;IACnB,YAAY,CAAC,EAAE,gBAAgB,CAAC;IAChC;;;;OAIG;IACH,WAAW,CAAC,EAAE,aAAa,CAAC;IAC5B;;;OAGG;IACH,eAAe,CAAC,EAAE,cAAc,EAAE,CAAC;IACnC;;;;OAIG;IACH,YAAY,CAAC,EAAE,wBAAwB,CAAC;IACxC,qEAAqE;IACrE,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B;;;;OAIG;IACH,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB,yEAAyE;IACzE,gBAAgB,CAAC,EAAE,kBAAkB,CAAC;CACvC;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,gBAAgB,CAAC;IACzB;;;;;;;;OAQG;IACH,YAAY,CAAC,EAAE,eAAe,EAAE,CAAC;IACjC;;;;;;;OAOG;IACH,4BAA4B,CAAC,EAAE,OAAO,CAAC;IACvC,0DAA0D;IAC1D,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,6EAA6E;IAC7E,6BAA6B,CAAC,EAAE,MAAM,CAAC;CACxC;AAED,qBAAa,eAAe;IAC1B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,KAAK,EAAE,cAAc,CAAC;IAC/B,QAAQ,CAAC,KAAK,EAAE,UAAU,GAAG,SAAS,CAAC;IACvC,QAAQ,CAAC,YAAY,EAAE,gBAAgB,GAAG,SAAS,CAAC;IACpD,QAAQ,CAAC,WAAW,EAAE,aAAa,GAAG,SAAS,CAAC;IAChD,QAAQ,CAAC,gBAAgB,EAAE,gBAAgB,GAAG,SAAS,CAAC;IACxD,QAAQ,CAAC,YAAY,EAAE,wBAAwB,GAAG,SAAS,CAAC;IAC5D,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,MAAM,EAAE,UAAU,GAAG,SAAS,CAAC;IACxC,QAAQ,CAAC,gBAAgB,EAAE,kBAAkB,GAAG,SAAS,CAAC;IAE1D,OAAO,CAAC,aAAa,CAAS;IAC9B,OAAO,CAAC,MAAM,CAAS;gBAEX,OAAO,EAAE,sBAAsB;IAiB3C,wDAAwD;IAClD,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC;IAUlC;;;OAGG;IACH,IAAI,CAAC,IAAI,SAAS,OAAO,EAAE,EAAE,MAAM,EACjC,EAAE,EAAE,CAAC,GAAG,IAAI,EAAE,IAAI,KAAK,OAAO,CAAC,MAAM,CAAC,GAAG,MAAM,EAC/C,IAAI,CAAC,EAAE,WAAW,GACjB,CAAC,GAAG,IAAI,EAAE,IAAI,KAAK,OAAO,CAAC,MAAM,CAAC;IAgXrC,0EAA0E;IACpE,UAAU,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAO3D,4EAA4E;IACtE,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;CAY7B"}
|
package/dist/runtime/runtime.js
CHANGED
|
@@ -1,13 +1,14 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* GuardianRuntime — the orchestrator. SPEC §4 / §5.
|
|
3
3
|
*
|
|
4
|
-
* v0.
|
|
5
|
-
*
|
|
6
|
-
*
|
|
7
|
-
*
|
|
4
|
+
* v0.2.0 wires the policy hook: when a `PolicyGate` is supplied along with a
|
|
5
|
+
* `policyIdentifier` extractor, `tool()` runs `gate.evaluate(...)` before
|
|
6
|
+
* dispatch and either allows, denies (throws `PolicyDenialError`), or routes
|
|
7
|
+
* to the operator gate with a drill-down `policy_context`. When no gate is
|
|
8
|
+
* configured, behavior is unchanged from v0.1 (fail-open audit row).
|
|
8
9
|
*/
|
|
9
10
|
import { ulid } from 'ulidx';
|
|
10
|
-
import { GuardianHaltedError } from '../errors.js';
|
|
11
|
+
import { GuardianHaltedError, PolicyDenialError } from '../errors.js';
|
|
11
12
|
import { checkHoneytoken } from './honeytokens.js';
|
|
12
13
|
import { CapabilityWindow } from './capability.js';
|
|
13
14
|
import { awaitWithTimeout, newGateId, } from '../gate/two-key.js';
|
|
@@ -21,6 +22,8 @@ export class GuardianRuntime {
|
|
|
21
22
|
capabilityWindow;
|
|
22
23
|
operatorGate;
|
|
23
24
|
operatorTimeoutMs;
|
|
25
|
+
policy;
|
|
26
|
+
policyIdentifier;
|
|
24
27
|
sessionOpened = false;
|
|
25
28
|
closed = false;
|
|
26
29
|
constructor(options) {
|
|
@@ -36,6 +39,8 @@ export class GuardianRuntime {
|
|
|
36
39
|
: undefined;
|
|
37
40
|
this.operatorGate = options.operatorGate;
|
|
38
41
|
this.operatorTimeoutMs = options.operatorTimeoutMs ?? 5 * 60 * 1000;
|
|
42
|
+
this.policy = options.policy;
|
|
43
|
+
this.policyIdentifier = options.policyIdentifier;
|
|
39
44
|
}
|
|
40
45
|
/** Open the session. Idempotent. Emits session_open. */
|
|
41
46
|
async openSession() {
|
|
@@ -197,14 +202,165 @@ export class GuardianRuntime {
|
|
|
197
202
|
// in v0.10 — explicitly NOT wired here. When v0.10 lands, the
|
|
198
203
|
// estop.press() call goes inside this `if`.
|
|
199
204
|
}
|
|
200
|
-
// 2. policy_check
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
205
|
+
// 2. policy_check — v0.2 wires the real policy gate.
|
|
206
|
+
//
|
|
207
|
+
// When no gate is configured, fall back to v0.1's fail-open behavior
|
|
208
|
+
// (`status: 'approved'`, `matched_at: 'default'`). When a gate IS
|
|
209
|
+
// configured, run the evaluator. On `prompt`, route through the
|
|
210
|
+
// operator gate with a `policy_context` so the consumer can present
|
|
211
|
+
// drill-down scope choices and persist the result.
|
|
212
|
+
const policyIdentifier = this.policy && this.policyIdentifier
|
|
213
|
+
? this.policyIdentifier({
|
|
214
|
+
name: toolName,
|
|
215
|
+
args: argsToObject(args),
|
|
216
|
+
model,
|
|
217
|
+
})
|
|
218
|
+
: null;
|
|
219
|
+
if (this.policy && policyIdentifier !== null) {
|
|
220
|
+
const evaluation = this.policy.evaluate(policyIdentifier, model);
|
|
221
|
+
const { category, identifier } = splitPolicyIdentifier(policyIdentifier);
|
|
222
|
+
if (evaluation.decision === 'allow') {
|
|
223
|
+
await this.audit.append({
|
|
224
|
+
kind: 'policy_check',
|
|
225
|
+
status: 'approved',
|
|
226
|
+
initiator: 'system',
|
|
227
|
+
tool: toolBase,
|
|
228
|
+
detail: policyDetail(policyIdentifier, category, identifier, evaluation),
|
|
229
|
+
});
|
|
230
|
+
}
|
|
231
|
+
else if (evaluation.decision === 'deny') {
|
|
232
|
+
await this.audit.append({
|
|
233
|
+
kind: 'policy_check',
|
|
234
|
+
status: 'denied',
|
|
235
|
+
initiator: 'system',
|
|
236
|
+
tool: toolBase,
|
|
237
|
+
detail: policyDetail(policyIdentifier, category, identifier, evaluation),
|
|
238
|
+
});
|
|
239
|
+
throw new PolicyDenialError(`policy denied tool call ${JSON.stringify(toolName)} ` +
|
|
240
|
+
`(policy ${JSON.stringify(policyIdentifier)}, scope ${evaluation.scope})`, {
|
|
241
|
+
category,
|
|
242
|
+
identifier,
|
|
243
|
+
policyIdentifier,
|
|
244
|
+
scope: evaluation.scope,
|
|
245
|
+
ruleTool: evaluation.matchedRule?.tool,
|
|
246
|
+
});
|
|
247
|
+
}
|
|
248
|
+
else {
|
|
249
|
+
// decision === 'prompt' — operator drill-down.
|
|
250
|
+
if (!this.operatorGate) {
|
|
251
|
+
await this.audit.append({
|
|
252
|
+
kind: 'policy_check',
|
|
253
|
+
status: 'denied',
|
|
254
|
+
initiator: 'system',
|
|
255
|
+
tool: toolBase,
|
|
256
|
+
detail: {
|
|
257
|
+
...policyDetail(policyIdentifier, category, identifier, evaluation),
|
|
258
|
+
reason: 'no_operator_gate',
|
|
259
|
+
},
|
|
260
|
+
});
|
|
261
|
+
throw new PolicyDenialError(`policy prompted for tool call ${JSON.stringify(toolName)} ` +
|
|
262
|
+
`but no operatorGate is configured on the runtime`, {
|
|
263
|
+
category,
|
|
264
|
+
identifier,
|
|
265
|
+
policyIdentifier,
|
|
266
|
+
scope: 'prompt',
|
|
267
|
+
});
|
|
268
|
+
}
|
|
269
|
+
const gateId = newGateId();
|
|
270
|
+
const policyContext = {
|
|
271
|
+
category,
|
|
272
|
+
exact_identifier: identifier,
|
|
273
|
+
policy_identifier: policyIdentifier,
|
|
274
|
+
drilldown_axes: defaultDrilldownAxes(category, identifier),
|
|
275
|
+
};
|
|
276
|
+
const reason = `policy_prompt:${category}`;
|
|
277
|
+
await this.audit.append({
|
|
278
|
+
kind: 'policy_check',
|
|
279
|
+
status: 'pending_operator',
|
|
280
|
+
initiator: 'system',
|
|
281
|
+
tool: toolBase,
|
|
282
|
+
detail: {
|
|
283
|
+
...policyDetail(policyIdentifier, category, identifier, evaluation),
|
|
284
|
+
gate_id: gateId,
|
|
285
|
+
reason,
|
|
286
|
+
timeout_ms: this.operatorTimeoutMs,
|
|
287
|
+
},
|
|
288
|
+
});
|
|
289
|
+
const gateRequest = {
|
|
290
|
+
gate_id: gateId,
|
|
291
|
+
tool_name: toolName,
|
|
292
|
+
tool_args: argsToObject(args),
|
|
293
|
+
reason,
|
|
294
|
+
timeout_ms: this.operatorTimeoutMs,
|
|
295
|
+
agent_id: this.agentId,
|
|
296
|
+
session_id: this.sessionId,
|
|
297
|
+
policy_context: policyContext,
|
|
298
|
+
};
|
|
299
|
+
const response = await awaitWithTimeout(this.operatorGate, gateRequest);
|
|
300
|
+
// Persist before deciding (allows "Always deny" responses to land
|
|
301
|
+
// a banned rule even on the first call).
|
|
302
|
+
if (response.persist_as && this.policy.persist) {
|
|
303
|
+
const persist = response.persist_as;
|
|
304
|
+
const rule = {
|
|
305
|
+
tool: persist.tool,
|
|
306
|
+
scope: persist.scope,
|
|
307
|
+
};
|
|
308
|
+
if (persist.decision !== undefined) {
|
|
309
|
+
rule.decision = persist.decision;
|
|
310
|
+
}
|
|
311
|
+
if (persist.notes !== undefined) {
|
|
312
|
+
rule.notes = persist.notes;
|
|
313
|
+
}
|
|
314
|
+
if (persist.when !== undefined) {
|
|
315
|
+
rule.when = persist.when;
|
|
316
|
+
}
|
|
317
|
+
await this.policy.persist(rule);
|
|
318
|
+
}
|
|
319
|
+
const resolutionDetail = {
|
|
320
|
+
...policyDetail(policyIdentifier, category, identifier, evaluation),
|
|
321
|
+
gate_id: gateId,
|
|
322
|
+
};
|
|
323
|
+
if (response.operator_id !== undefined) {
|
|
324
|
+
resolutionDetail.operator_id = response.operator_id;
|
|
325
|
+
}
|
|
326
|
+
if (response.reason !== undefined) {
|
|
327
|
+
resolutionDetail.reason = response.reason;
|
|
328
|
+
}
|
|
329
|
+
if (response.persist_as !== undefined) {
|
|
330
|
+
resolutionDetail.persisted = {
|
|
331
|
+
tool: response.persist_as.tool,
|
|
332
|
+
scope: response.persist_as.scope,
|
|
333
|
+
decision: response.persist_as.decision ?? 'allow',
|
|
334
|
+
};
|
|
335
|
+
}
|
|
336
|
+
await this.audit.append({
|
|
337
|
+
kind: 'policy_check',
|
|
338
|
+
status: response.decision,
|
|
339
|
+
initiator: 'operator',
|
|
340
|
+
tool: toolBase,
|
|
341
|
+
detail: resolutionDetail,
|
|
342
|
+
});
|
|
343
|
+
if (response.decision === 'denied') {
|
|
344
|
+
throw new PolicyDenialError(`policy denied tool call ${JSON.stringify(toolName)} ` +
|
|
345
|
+
`(operator ${response.reason === 'timeout' ? 'timed out' : 'denied'})`, {
|
|
346
|
+
category,
|
|
347
|
+
identifier,
|
|
348
|
+
policyIdentifier,
|
|
349
|
+
scope: 'operator',
|
|
350
|
+
});
|
|
351
|
+
}
|
|
352
|
+
}
|
|
353
|
+
}
|
|
354
|
+
else {
|
|
355
|
+
// v0.1 fail-open path preserved.
|
|
356
|
+
await this.audit.append({
|
|
357
|
+
kind: 'policy_check',
|
|
358
|
+
status: 'approved',
|
|
359
|
+
initiator: 'system',
|
|
360
|
+
tool: toolBase,
|
|
361
|
+
detail: { matched_at: 'default' },
|
|
362
|
+
});
|
|
363
|
+
}
|
|
208
364
|
// 3. execute
|
|
209
365
|
const startMs = Date.now();
|
|
210
366
|
let result;
|
|
@@ -263,6 +419,72 @@ function argsToObject(args) {
|
|
|
263
419
|
}
|
|
264
420
|
return out;
|
|
265
421
|
}
|
|
422
|
+
/** Split `<category>:<identifier>` into its parts. If no `:` is present, the
|
|
423
|
+
* whole string is the identifier and category is `''`. The library imposes
|
|
424
|
+
* the convention but tolerates legacy single-string identifiers. */
|
|
425
|
+
function splitPolicyIdentifier(id) {
|
|
426
|
+
const colon = id.indexOf(':');
|
|
427
|
+
if (colon < 0)
|
|
428
|
+
return { category: '', identifier: id };
|
|
429
|
+
return { category: id.slice(0, colon), identifier: id.slice(colon + 1) };
|
|
430
|
+
}
|
|
431
|
+
/** Build the `detail` blob for a policy_check audit row. */
|
|
432
|
+
function policyDetail(policyIdentifier, category, identifier, evaluation) {
|
|
433
|
+
const detail = {
|
|
434
|
+
policy_identifier: policyIdentifier,
|
|
435
|
+
category,
|
|
436
|
+
identifier,
|
|
437
|
+
decision: evaluation.decision,
|
|
438
|
+
matched_at: evaluation.matchedAt,
|
|
439
|
+
scope: evaluation.scope,
|
|
440
|
+
};
|
|
441
|
+
if (evaluation.matchedRule !== undefined) {
|
|
442
|
+
detail.rule_tool = evaluation.matchedRule.tool;
|
|
443
|
+
}
|
|
444
|
+
return detail;
|
|
445
|
+
}
|
|
446
|
+
/** Default drill-down axes for the well-known categories. Consumers can pass
|
|
447
|
+
* their own `policy_context.drilldown_axes` by intercepting the gate, but
|
|
448
|
+
* this gives them a working baseline for free. */
|
|
449
|
+
function defaultDrilldownAxes(category, identifier) {
|
|
450
|
+
const axes = [
|
|
451
|
+
{ key: 'exact', pattern: `${category}:${identifier}`, label: 'this exact target' },
|
|
452
|
+
];
|
|
453
|
+
// For categories where the identifier has a `<container>/<leaf>` shape
|
|
454
|
+
// (mcp.tool, toolkit.tool, llm.call/<agg>/<provider>/<model>), offer the
|
|
455
|
+
// container-wide pattern.
|
|
456
|
+
const slash = identifier.indexOf('/');
|
|
457
|
+
if (slash > 0) {
|
|
458
|
+
const container = identifier.slice(0, slash);
|
|
459
|
+
axes.push({
|
|
460
|
+
key: 'container',
|
|
461
|
+
pattern: `${category}:${container}/*`,
|
|
462
|
+
label: containerLabel(category, container),
|
|
463
|
+
});
|
|
464
|
+
}
|
|
465
|
+
if (category !== '') {
|
|
466
|
+
axes.push({
|
|
467
|
+
key: 'category',
|
|
468
|
+
pattern: `${category}:*`,
|
|
469
|
+
label: `any ${category}`,
|
|
470
|
+
});
|
|
471
|
+
}
|
|
472
|
+
return axes;
|
|
473
|
+
}
|
|
474
|
+
function containerLabel(category, container) {
|
|
475
|
+
switch (category) {
|
|
476
|
+
case 'mcp.tool':
|
|
477
|
+
return `any tool on MCP server "${container}"`;
|
|
478
|
+
case 'toolkit.tool':
|
|
479
|
+
return `any tool in toolkit "${container}"`;
|
|
480
|
+
case 'llm.call':
|
|
481
|
+
return `any model under aggregator "${container}"`;
|
|
482
|
+
case 'net.host':
|
|
483
|
+
return `any request to host "${container}"`;
|
|
484
|
+
default:
|
|
485
|
+
return `any ${category} under "${container}"`;
|
|
486
|
+
}
|
|
487
|
+
}
|
|
266
488
|
function modelToWire(model) {
|
|
267
489
|
return {
|
|
268
490
|
provider: model.provider,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"runtime.js","sourceRoot":"","sources":["../../src/runtime/runtime.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,OAAO,CAAC;AAE7B,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AAKnD,OAAO,EAAE,eAAe,EAAsB,MAAM,kBAAkB,CAAC;AACvE,OAAO,EAAE,gBAAgB,EAA6C,MAAM,iBAAiB,CAAC;AAC9F,OAAO,EACL,gBAAgB,EAChB,SAAS,GAEV,MAAM,oBAAoB,CAAC;AAyD5B,MAAM,OAAO,eAAe;IACjB,OAAO,CAAS;IAChB,SAAS,CAAS;IAClB,KAAK,CAAiB;IACtB,KAAK,CAAyB;IAC9B,YAAY,CAA+B;IAC3C,WAAW,CAA4B;IACvC,gBAAgB,CAA+B;IAC/C,YAAY,CAAuC;IACnD,iBAAiB,CAAS;IAE3B,aAAa,GAAG,KAAK,CAAC;IACtB,MAAM,GAAG,KAAK,CAAC;IAEvB,YAAY,OAA+B;QACzC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAC/B,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,GAAG,IAAI,EAAE,CAAC;QACvD,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC3B,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC3B,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;QACzC,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QACvC,IAAI,CAAC,gBAAgB;YACnB,OAAO,CAAC,eAAe,IAAI,OAAO,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC;gBAC3D,CAAC,CAAC,IAAI,gBAAgB,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,eAAe,EAAE,CAAC;gBAC1D,CAAC,CAAC,SAAS,CAAC;QAChB,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;QACzC,IAAI,CAAC,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;IACtE,CAAC;IAED,wDAAwD;IACxD,KAAK,CAAC,WAAW;QACf,IAAI,IAAI,CAAC,aAAa;YAAE,OAAO;QAC/B,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;QAC1B,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;YACtB,IAAI,EAAE,cAAc;YACpB,MAAM,EAAE,UAAU;YAClB,SAAS,EAAE,QAAQ;SACpB,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACH,IAAI,CACF,EAA+C,EAC/C,IAAkB;QAElB,MAAM,QAAQ,GAAG,IAAI,EAAE,IAAI,IAAI,EAAE,CAAC,IAAI,CAAC;QACvC,IAAI,QAAQ,KAAK,EAAE,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC9C,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;QAC1E,CAAC;QACD,IACE,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC;YAChC,QAAQ,CAAC,UAAU,CAAC,UAAU,CAAC;YAC/B,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC,EAChC,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,cAAc,QAAQ,0BAA0B,CAAC,CAAC;QACpE,CAAC;QAED,OAAO,KAAK,EAAE,GAAG,IAAU,EAAmB,EAAE;YAC9C,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;gBACxB,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;YAC3B,CAAC;YAED,qEAAqE;YACrE,kEAAkE;YAClE,oEAAoE;YACpE,uDAAuD;YACvD,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBACrB,MAAM,GAAG,GAAG,eAAe,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,EAAE,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;gBAC5E,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;oBACjB,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;wBACtB,IAAI,EAAE,wBAAqD;wBAC3D,MAAM,EAAE,QAAQ;wBAChB,SAAS,EAAE,QAAQ;wBACnB,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,CAAC,IAAI,CAAC,EAAE;wBAClD,MAAM,EAAE;4BACN,MAAM,EAAE,IAAI,CAAC,WAAW,CAAC,EAAE;4BAC3B,QAAQ,EAAE,GAAG,CAAC,IAAI;4BAClB,GAAG,CAAC,GAAG,CAAC,IAAI,KAAK,eAAe,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;4BAClE,GAAG,CAAC,GAAG,CAAC,IAAI,KAAK,cAAc,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;yBACpE;qBACF,CAAC,CAAC;oBACH,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;wBACf,MAAM,MAAM,GACV,GAAG,CAAC,IAAI,KAAK,eAAe;4BAC1B,CAAC,CAAC,cAAc,GAAG,CAAC,OAAO,EAAE;4BAC7B,CAAC,CAAC,2BAA2B,GAAG,CAAC,QAAQ,EAAE,CAAC;wBAChD,MAAM,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC;oBAC1D,CAAC;oBACD,MAAM,IAAI,mBAAmB,CAC3B,6CAA6C,GAAG,CAAC,IAAI,GAAG,EACxD,YAAY,CACb,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,wEAAwE;YACxE,IAAI,IAAI,CAAC,KAAK,EAAE,SAAS,EAAE,EAAE,CAAC;gBAC5B,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;oBACtB,IAAI,EAAE,cAAc;oBACpB,MAAM,EAAE,QAAQ;oBAChB,SAAS,EAAE,QAAQ;oBACnB,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,CAAC,IAAI,CAAC,EAAE;oBAClD,MAAM,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE;iBAC5B,CAAC,CAAC;gBACH,MAAM,IAAI,mBAAmB,CAC3B,2CAA2C,EAC3C,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,aAAa,CACpC,CAAC;YACJ,CAAC;YAED,oEAAoE;YACpE,+DAA+D;YAC/D,iEAAiE;YACjE,yDAAyD;YACzD,IAAI,IAAI,EAAE,4BAA4B,EAAE,CAAC;gBACvC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;oBACvB,MAAM,IAAI,KAAK,CACb,QAAQ,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,kFAAkF,CACnH,CAAC;gBACJ,CAAC;gBACD,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;gBAC3B,MAAM,SAAS,GAAG,IAAI,CAAC,6BAA6B,IAAI,IAAI,CAAC,iBAAiB,CAAC;gBAC/E,MAAM,MAAM,GAAG,IAAI,CAAC,0BAA0B,IAAI,aAAa,CAAC;gBAChE,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;oBACtB,IAAI,EAAE,cAAc;oBACpB,MAAM,EAAE,kBAAkB;oBAC1B,SAAS,EAAE,QAAQ;oBACnB,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,CAAC,IAAI,CAAC,EAAE;oBAClD,MAAM,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,EAAE;iBAC3D,CAAC,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,YAAY,EAAE;oBACzD,OAAO,EAAE,MAAM;oBACf,SAAS,EAAE,QAAQ;oBACnB,SAAS,EAAE,YAAY,CAAC,IAAI,CAAC;oBAC7B,MAAM;oBACN,UAAU,EAAE,SAAS;oBACrB,QAAQ,EAAE,IAAI,CAAC,OAAO;oBACtB,UAAU,EAAE,IAAI,CAAC,SAAS;iBAC3B,CAAC,CAAC;gBACH,MAAM,gBAAgB,GAA4B,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;gBACtE,IAAI,QAAQ,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;oBACvC,gBAAgB,CAAC,WAAW,GAAG,QAAQ,CAAC,WAAW,CAAC;gBACtD,CAAC;gBACD,IAAI,QAAQ,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;oBAClC,gBAAgB,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;gBAC5C,CAAC;gBACD,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;oBACtB,IAAI,EAAE,cAAc;oBACpB,MAAM,EAAE,QAAQ,CAAC,QAAQ;oBACzB,SAAS,EAAE,UAAU;oBACrB,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,CAAC,IAAI,CAAC,EAAE;oBAClD,MAAM,EAAE,gBAAgB;iBACzB,CAAC,CAAC;gBACH,IAAI,QAAQ,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;oBACnC,MAAM,IAAI,mBAAmB,CAC3B,gCAAgC,QAAQ,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC,CAAC,QAAQ,EAAE,EACrG,YAAY,QAAQ,CAAC,MAAM,IAAI,QAAQ,EAAE,CAC1C,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,MAAM,KAAK,GAAG,IAAI,EAAE,KAAK,IAAI,IAAI,CAAC,YAAY,CAAC;YAC/C,MAAM,YAAY,GAAsB,IAAI,EAAE,YAAY,IAAI,CAAC,SAAS,CAAC,CAAC;YAE1E,oEAAoE;YACpE,mEAAmE;YACnE,qEAAqE;YACrE,wCAAwC;YACxC,MAAM,QAAQ,GAAG;gBACf,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,YAAY,CAAC,IAAI,CAAC;gBACxB,YAAY;aACb,CAAC;YAEF,yBAAyB;YACzB,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;gBACzC,IAAI,EAAE,WAAW;gBACjB,MAAM,EAAE,SAAS;gBACjB,SAAS,EAAE,OAAO;gBAClB,IAAI,EAAE,QAAQ;gBACd,GAAG,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;aAC9D,CAAC,CAAC;YAEH,iEAAiE;YACjE,oEAAoE;YACpE,oEAAoE;YACpE,iEAAiE;YACjE,wDAAwD;YACxD,MAAM,iBAAiB,GAAG,IAAI,CAAC,gBAAgB;gBAC7C,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,YAAY,EAAE,UAAU,CAAC,QAAQ,CAAC;gBACjE,CAAC,CAAC,EAAE,CAAC;YACP,KAAK,MAAM,KAAK,IAAI,iBAAiB,EAAE,CAAC;gBACtC,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;oBACtB,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,KAAK,QAAQ;wBAC7B,CAAC,CAAC,qBAAqB;wBACvB,CAAC,CAAC,sBAAsB,CAA8B;oBACxD,MAAM,EAAE,UAAU;oBAClB,SAAS,EAAE,QAAQ;oBACnB,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE;wBACN,OAAO,EAAE,KAAK,CAAC,MAAM;wBACrB,WAAW,EAAE,KAAK,CAAC,WAAW;wBAC9B,SAAS,EAAE,KAAK,CAAC,SAAS;wBAC1B,sBAAsB,EAAE,KAAK,CAAC,oBAAoB;wBAClD,iBAAiB,EAAE,YAAY;qBAChC;iBACF,CAAC,CAAC;gBACH,kEAAkE;gBAClE,8DAA8D;gBAC9D,4CAA4C;YAC9C,CAAC;YAED,0EAA0E;YAC1E,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;gBACtB,IAAI,EAAE,cAAc;gBACpB,MAAM,EAAE,UAAU;gBAClB,SAAS,EAAE,QAAQ;gBACnB,IAAI,EAAE,QAAQ;gBACd,MAAM,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE;aAClC,CAAC,CAAC;YAEH,aAAa;YACb,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAC3B,IAAI,MAAc,CAAC;YACnB,IAAI,CAAC;gBACH,MAAM,GAAG,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;YAC7B,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC;gBACxC,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;oBACtB,IAAI,EAAE,aAAa;oBACnB,MAAM,EAAE,SAAS;oBACjB,SAAS,EAAE,QAAQ;oBACnB,IAAI,EAAE,EAAE,GAAG,QAAQ,EAAE,WAAW,EAAE,UAAU,EAAE;oBAC9C,MAAM,EAAE,EAAE,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;iBACpE,CAAC,CAAC;gBACH,MAAM,GAAG,CAAC;YACZ,CAAC;YAED,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC;YACxC,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;gBACtB,IAAI,EAAE,aAAa;gBACnB,MAAM,EAAE,UAAU;gBAClB,SAAS,EAAE,QAAQ;gBACnB,IAAI,EAAE,EAAE,GAAG,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE;aACvD,CAAC,CAAC;YAEH,OAAO,MAAM,CAAC;QAChB,CAAC,CAAC;IACJ,CAAC;IAED,0EAA0E;IAC1E,KAAK,CAAC,UAAU,CAAC,OAA0B;QACzC,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;QACvE,CAAC;QACD,MAAM,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAClC,CAAC;IAED,4EAA4E;IAC5E,KAAK,CAAC,KAAK;QACT,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO;QACxB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACnB,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;gBACtB,IAAI,EAAE,eAAe;gBACrB,MAAM,EAAE,UAAU;gBAClB,SAAS,EAAE,QAAQ;aACpB,CAAC,CAAC;QACL,CAAC;QACD,MAAM,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IAC3B,CAAC;CACF;AAED,SAAS,YAAY,CAAC,IAAwB;IAC5C,uEAAuE;IACvE,wDAAwD;IACxD,MAAM,GAAG,GAA4B,EAAE,CAAC;IACxC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IAC3B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,WAAW,CAAC,KAAuB;IAQ1C,OAAO;QACL,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,EAAE,EAAE,KAAK,CAAC,EAAE;QACZ,GAAG,CAAC,KAAK,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC;QAClE,GAAG,CAAC,KAAK,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,KAAK,CAAC,UAAU,EAAE,CAAC;QAC3E,GAAG,CAAC,KAAK,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;QAC/E,GAAG,CAAC,KAAK,CAAC,YAAY,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,KAAK,CAAC,YAAY,EAAE,CAAC;KACnF,CAAC;AACJ,CAAC"}
|
|
1
|
+
{"version":3,"file":"runtime.js","sourceRoot":"","sources":["../../src/runtime/runtime.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,OAAO,CAAC;AAE7B,OAAO,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAKtE,OAAO,EAAE,eAAe,EAAsB,MAAM,kBAAkB,CAAC;AACvE,OAAO,EAAE,gBAAgB,EAA6C,MAAM,iBAAiB,CAAC;AAC9F,OAAO,EACL,gBAAgB,EAChB,SAAS,GAIV,MAAM,oBAAoB,CAAC;AAgH5B,MAAM,OAAO,eAAe;IACjB,OAAO,CAAS;IAChB,SAAS,CAAS;IAClB,KAAK,CAAiB;IACtB,KAAK,CAAyB;IAC9B,YAAY,CAA+B;IAC3C,WAAW,CAA4B;IACvC,gBAAgB,CAA+B;IAC/C,YAAY,CAAuC;IACnD,iBAAiB,CAAS;IAC1B,MAAM,CAAyB;IAC/B,gBAAgB,CAAiC;IAElD,aAAa,GAAG,KAAK,CAAC;IACtB,MAAM,GAAG,KAAK,CAAC;IAEvB,YAAY,OAA+B;QACzC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAC/B,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,GAAG,IAAI,EAAE,CAAC;QACvD,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC3B,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC3B,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;QACzC,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QACvC,IAAI,CAAC,gBAAgB;YACnB,OAAO,CAAC,eAAe,IAAI,OAAO,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC;gBAC3D,CAAC,CAAC,IAAI,gBAAgB,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,eAAe,EAAE,CAAC;gBAC1D,CAAC,CAAC,SAAS,CAAC;QAChB,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;QACzC,IAAI,CAAC,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;QACpE,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAC;IACnD,CAAC;IAED,wDAAwD;IACxD,KAAK,CAAC,WAAW;QACf,IAAI,IAAI,CAAC,aAAa;YAAE,OAAO;QAC/B,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;QAC1B,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;YACtB,IAAI,EAAE,cAAc;YACpB,MAAM,EAAE,UAAU;YAClB,SAAS,EAAE,QAAQ;SACpB,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACH,IAAI,CACF,EAA+C,EAC/C,IAAkB;QAElB,MAAM,QAAQ,GAAG,IAAI,EAAE,IAAI,IAAI,EAAE,CAAC,IAAI,CAAC;QACvC,IAAI,QAAQ,KAAK,EAAE,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC9C,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;QAC1E,CAAC;QACD,IACE,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC;YAChC,QAAQ,CAAC,UAAU,CAAC,UAAU,CAAC;YAC/B,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC,EAChC,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,cAAc,QAAQ,0BAA0B,CAAC,CAAC;QACpE,CAAC;QAED,OAAO,KAAK,EAAE,GAAG,IAAU,EAAmB,EAAE;YAC9C,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;gBACxB,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;YAC3B,CAAC;YAED,qEAAqE;YACrE,kEAAkE;YAClE,oEAAoE;YACpE,uDAAuD;YACvD,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBACrB,MAAM,GAAG,GAAG,eAAe,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,EAAE,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;gBAC5E,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;oBACjB,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;wBACtB,IAAI,EAAE,wBAAqD;wBAC3D,MAAM,EAAE,QAAQ;wBAChB,SAAS,EAAE,QAAQ;wBACnB,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,CAAC,IAAI,CAAC,EAAE;wBAClD,MAAM,EAAE;4BACN,MAAM,EAAE,IAAI,CAAC,WAAW,CAAC,EAAE;4BAC3B,QAAQ,EAAE,GAAG,CAAC,IAAI;4BAClB,GAAG,CAAC,GAAG,CAAC,IAAI,KAAK,eAAe,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;4BAClE,GAAG,CAAC,GAAG,CAAC,IAAI,KAAK,cAAc,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;yBACpE;qBACF,CAAC,CAAC;oBACH,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;wBACf,MAAM,MAAM,GACV,GAAG,CAAC,IAAI,KAAK,eAAe;4BAC1B,CAAC,CAAC,cAAc,GAAG,CAAC,OAAO,EAAE;4BAC7B,CAAC,CAAC,2BAA2B,GAAG,CAAC,QAAQ,EAAE,CAAC;wBAChD,MAAM,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC;oBAC1D,CAAC;oBACD,MAAM,IAAI,mBAAmB,CAC3B,6CAA6C,GAAG,CAAC,IAAI,GAAG,EACxD,YAAY,CACb,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,wEAAwE;YACxE,IAAI,IAAI,CAAC,KAAK,EAAE,SAAS,EAAE,EAAE,CAAC;gBAC5B,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;oBACtB,IAAI,EAAE,cAAc;oBACpB,MAAM,EAAE,QAAQ;oBAChB,SAAS,EAAE,QAAQ;oBACnB,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,CAAC,IAAI,CAAC,EAAE;oBAClD,MAAM,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE;iBAC5B,CAAC,CAAC;gBACH,MAAM,IAAI,mBAAmB,CAC3B,2CAA2C,EAC3C,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,aAAa,CACpC,CAAC;YACJ,CAAC;YAED,oEAAoE;YACpE,+DAA+D;YAC/D,iEAAiE;YACjE,yDAAyD;YACzD,IAAI,IAAI,EAAE,4BAA4B,EAAE,CAAC;gBACvC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;oBACvB,MAAM,IAAI,KAAK,CACb,QAAQ,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,kFAAkF,CACnH,CAAC;gBACJ,CAAC;gBACD,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;gBAC3B,MAAM,SAAS,GAAG,IAAI,CAAC,6BAA6B,IAAI,IAAI,CAAC,iBAAiB,CAAC;gBAC/E,MAAM,MAAM,GAAG,IAAI,CAAC,0BAA0B,IAAI,aAAa,CAAC;gBAChE,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;oBACtB,IAAI,EAAE,cAAc;oBACpB,MAAM,EAAE,kBAAkB;oBAC1B,SAAS,EAAE,QAAQ;oBACnB,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,CAAC,IAAI,CAAC,EAAE;oBAClD,MAAM,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,EAAE;iBAC3D,CAAC,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,YAAY,EAAE;oBACzD,OAAO,EAAE,MAAM;oBACf,SAAS,EAAE,QAAQ;oBACnB,SAAS,EAAE,YAAY,CAAC,IAAI,CAAC;oBAC7B,MAAM;oBACN,UAAU,EAAE,SAAS;oBACrB,QAAQ,EAAE,IAAI,CAAC,OAAO;oBACtB,UAAU,EAAE,IAAI,CAAC,SAAS;iBAC3B,CAAC,CAAC;gBACH,MAAM,gBAAgB,GAA4B,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;gBACtE,IAAI,QAAQ,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;oBACvC,gBAAgB,CAAC,WAAW,GAAG,QAAQ,CAAC,WAAW,CAAC;gBACtD,CAAC;gBACD,IAAI,QAAQ,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;oBAClC,gBAAgB,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;gBAC5C,CAAC;gBACD,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;oBACtB,IAAI,EAAE,cAAc;oBACpB,MAAM,EAAE,QAAQ,CAAC,QAAQ;oBACzB,SAAS,EAAE,UAAU;oBACrB,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,CAAC,IAAI,CAAC,EAAE;oBAClD,MAAM,EAAE,gBAAgB;iBACzB,CAAC,CAAC;gBACH,IAAI,QAAQ,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;oBACnC,MAAM,IAAI,mBAAmB,CAC3B,gCAAgC,QAAQ,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC,CAAC,QAAQ,EAAE,EACrG,YAAY,QAAQ,CAAC,MAAM,IAAI,QAAQ,EAAE,CAC1C,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,MAAM,KAAK,GAAG,IAAI,EAAE,KAAK,IAAI,IAAI,CAAC,YAAY,CAAC;YAC/C,MAAM,YAAY,GAAsB,IAAI,EAAE,YAAY,IAAI,CAAC,SAAS,CAAC,CAAC;YAE1E,oEAAoE;YACpE,mEAAmE;YACnE,qEAAqE;YACrE,wCAAwC;YACxC,MAAM,QAAQ,GAAG;gBACf,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,YAAY,CAAC,IAAI,CAAC;gBACxB,YAAY;aACb,CAAC;YAEF,yBAAyB;YACzB,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;gBACzC,IAAI,EAAE,WAAW;gBACjB,MAAM,EAAE,SAAS;gBACjB,SAAS,EAAE,OAAO;gBAClB,IAAI,EAAE,QAAQ;gBACd,GAAG,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;aAC9D,CAAC,CAAC;YAEH,iEAAiE;YACjE,oEAAoE;YACpE,oEAAoE;YACpE,iEAAiE;YACjE,wDAAwD;YACxD,MAAM,iBAAiB,GAAG,IAAI,CAAC,gBAAgB;gBAC7C,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,YAAY,EAAE,UAAU,CAAC,QAAQ,CAAC;gBACjE,CAAC,CAAC,EAAE,CAAC;YACP,KAAK,MAAM,KAAK,IAAI,iBAAiB,EAAE,CAAC;gBACtC,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;oBACtB,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,KAAK,QAAQ;wBAC7B,CAAC,CAAC,qBAAqB;wBACvB,CAAC,CAAC,sBAAsB,CAA8B;oBACxD,MAAM,EAAE,UAAU;oBAClB,SAAS,EAAE,QAAQ;oBACnB,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE;wBACN,OAAO,EAAE,KAAK,CAAC,MAAM;wBACrB,WAAW,EAAE,KAAK,CAAC,WAAW;wBAC9B,SAAS,EAAE,KAAK,CAAC,SAAS;wBAC1B,sBAAsB,EAAE,KAAK,CAAC,oBAAoB;wBAClD,iBAAiB,EAAE,YAAY;qBAChC;iBACF,CAAC,CAAC;gBACH,kEAAkE;gBAClE,8DAA8D;gBAC9D,4CAA4C;YAC9C,CAAC;YAED,qDAAqD;YACrD,EAAE;YACF,qEAAqE;YACrE,kEAAkE;YAClE,gEAAgE;YAChE,oEAAoE;YACpE,mDAAmD;YACnD,MAAM,gBAAgB,GACpB,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,gBAAgB;gBAClC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC;oBACpB,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,YAAY,CAAC,IAAI,CAAC;oBACxB,KAAK;iBACN,CAAC;gBACJ,CAAC,CAAC,IAAI,CAAC;YAEX,IAAI,IAAI,CAAC,MAAM,IAAI,gBAAgB,KAAK,IAAI,EAAE,CAAC;gBAC7C,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAC;gBACjE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,qBAAqB,CAAC,gBAAgB,CAAC,CAAC;gBAEzE,IAAI,UAAU,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;oBACpC,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;wBACtB,IAAI,EAAE,cAAc;wBACpB,MAAM,EAAE,UAAU;wBAClB,SAAS,EAAE,QAAQ;wBACnB,IAAI,EAAE,QAAQ;wBACd,MAAM,EAAE,YAAY,CAAC,gBAAgB,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,CAAC;qBACzE,CAAC,CAAC;gBACL,CAAC;qBAAM,IAAI,UAAU,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;oBAC1C,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;wBACtB,IAAI,EAAE,cAAc;wBACpB,MAAM,EAAE,QAAQ;wBAChB,SAAS,EAAE,QAAQ;wBACnB,IAAI,EAAE,QAAQ;wBACd,MAAM,EAAE,YAAY,CAAC,gBAAgB,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,CAAC;qBACzE,CAAC,CAAC;oBACH,MAAM,IAAI,iBAAiB,CACzB,2BAA2B,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG;wBACpD,WAAW,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,WAAW,UAAU,CAAC,KAAK,GAAG,EAC3E;wBACE,QAAQ;wBACR,UAAU;wBACV,gBAAgB;wBAChB,KAAK,EAAE,UAAU,CAAC,KAAK;wBACvB,QAAQ,EAAE,UAAU,CAAC,WAAW,EAAE,IAAI;qBACvC,CACF,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,+CAA+C;oBAC/C,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;wBACvB,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;4BACtB,IAAI,EAAE,cAAc;4BACpB,MAAM,EAAE,QAAQ;4BAChB,SAAS,EAAE,QAAQ;4BACnB,IAAI,EAAE,QAAQ;4BACd,MAAM,EAAE;gCACN,GAAG,YAAY,CAAC,gBAAgB,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,CAAC;gCACnE,MAAM,EAAE,kBAAkB;6BAC3B;yBACF,CAAC,CAAC;wBACH,MAAM,IAAI,iBAAiB,CACzB,iCAAiC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG;4BAC1D,kDAAkD,EACpD;4BACE,QAAQ;4BACR,UAAU;4BACV,gBAAgB;4BAChB,KAAK,EAAE,QAAQ;yBAChB,CACF,CAAC;oBACJ,CAAC;oBACD,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;oBAC3B,MAAM,aAAa,GAA2B;wBAC5C,QAAQ;wBACR,gBAAgB,EAAE,UAAU;wBAC5B,iBAAiB,EAAE,gBAAgB;wBACnC,cAAc,EAAE,oBAAoB,CAAC,QAAQ,EAAE,UAAU,CAAC;qBAC3D,CAAC;oBACF,MAAM,MAAM,GAAG,iBAAiB,QAAQ,EAAE,CAAC;oBAC3C,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;wBACtB,IAAI,EAAE,cAAc;wBACpB,MAAM,EAAE,kBAAkB;wBAC1B,SAAS,EAAE,QAAQ;wBACnB,IAAI,EAAE,QAAQ;wBACd,MAAM,EAAE;4BACN,GAAG,YAAY,CAAC,gBAAgB,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,CAAC;4BACnE,OAAO,EAAE,MAAM;4BACf,MAAM;4BACN,UAAU,EAAE,IAAI,CAAC,iBAAiB;yBACnC;qBACF,CAAC,CAAC;oBACH,MAAM,WAAW,GAAgC;wBAC/C,OAAO,EAAE,MAAM;wBACf,SAAS,EAAE,QAAQ;wBACnB,SAAS,EAAE,YAAY,CAAC,IAAI,CAAC;wBAC7B,MAAM;wBACN,UAAU,EAAE,IAAI,CAAC,iBAAiB;wBAClC,QAAQ,EAAE,IAAI,CAAC,OAAO;wBACtB,UAAU,EAAE,IAAI,CAAC,SAAS;wBAC1B,cAAc,EAAE,aAAa;qBAC9B,CAAC;oBACF,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;oBAExE,kEAAkE;oBAClE,yCAAyC;oBACzC,IAAI,QAAQ,CAAC,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;wBAC/C,MAAM,OAAO,GAAG,QAAQ,CAAC,UAAU,CAAC;wBACpC,MAAM,IAAI,GAAe;4BACvB,IAAI,EAAE,OAAO,CAAC,IAAI;4BAClB,KAAK,EAAE,OAAO,CAAC,KAAK;yBACrB,CAAC;wBACF,IAAI,OAAO,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;4BACnC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;wBACnC,CAAC;wBACD,IAAI,OAAO,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;4BAChC,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;wBAC7B,CAAC;wBACD,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;4BAC/B,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;wBAC3B,CAAC;wBACD,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;oBAClC,CAAC;oBAED,MAAM,gBAAgB,GAA4B;wBAChD,GAAG,YAAY,CAAC,gBAAgB,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,CAAC;wBACnE,OAAO,EAAE,MAAM;qBAChB,CAAC;oBACF,IAAI,QAAQ,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;wBACvC,gBAAgB,CAAC,WAAW,GAAG,QAAQ,CAAC,WAAW,CAAC;oBACtD,CAAC;oBACD,IAAI,QAAQ,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;wBAClC,gBAAgB,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;oBAC5C,CAAC;oBACD,IAAI,QAAQ,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;wBACtC,gBAAgB,CAAC,SAAS,GAAG;4BAC3B,IAAI,EAAE,QAAQ,CAAC,UAAU,CAAC,IAAI;4BAC9B,KAAK,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK;4BAChC,QAAQ,EAAE,QAAQ,CAAC,UAAU,CAAC,QAAQ,IAAI,OAAO;yBAClD,CAAC;oBACJ,CAAC;oBACD,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;wBACtB,IAAI,EAAE,cAAc;wBACpB,MAAM,EAAE,QAAQ,CAAC,QAAQ;wBACzB,SAAS,EAAE,UAAU;wBACrB,IAAI,EAAE,QAAQ;wBACd,MAAM,EAAE,gBAAgB;qBACzB,CAAC,CAAC;oBACH,IAAI,QAAQ,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;wBACnC,MAAM,IAAI,iBAAiB,CACzB,2BAA2B,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG;4BACpD,aAAa,QAAQ,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,GAAG,EACxE;4BACE,QAAQ;4BACR,UAAU;4BACV,gBAAgB;4BAChB,KAAK,EAAE,UAAU;yBAClB,CACF,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,iCAAiC;gBACjC,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;oBACtB,IAAI,EAAE,cAAc;oBACpB,MAAM,EAAE,UAAU;oBAClB,SAAS,EAAE,QAAQ;oBACnB,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE;iBAClC,CAAC,CAAC;YACL,CAAC;YAED,aAAa;YACb,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAC3B,IAAI,MAAc,CAAC;YACnB,IAAI,CAAC;gBACH,MAAM,GAAG,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;YAC7B,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC;gBACxC,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;oBACtB,IAAI,EAAE,aAAa;oBACnB,MAAM,EAAE,SAAS;oBACjB,SAAS,EAAE,QAAQ;oBACnB,IAAI,EAAE,EAAE,GAAG,QAAQ,EAAE,WAAW,EAAE,UAAU,EAAE;oBAC9C,MAAM,EAAE,EAAE,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;iBACpE,CAAC,CAAC;gBACH,MAAM,GAAG,CAAC;YACZ,CAAC;YAED,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC;YACxC,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;gBACtB,IAAI,EAAE,aAAa;gBACnB,MAAM,EAAE,UAAU;gBAClB,SAAS,EAAE,QAAQ;gBACnB,IAAI,EAAE,EAAE,GAAG,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE;aACvD,CAAC,CAAC;YAEH,OAAO,MAAM,CAAC;QAChB,CAAC,CAAC;IACJ,CAAC;IAED,0EAA0E;IAC1E,KAAK,CAAC,UAAU,CAAC,OAA0B;QACzC,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;QACvE,CAAC;QACD,MAAM,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAClC,CAAC;IAED,4EAA4E;IAC5E,KAAK,CAAC,KAAK;QACT,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO;QACxB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACnB,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;gBACtB,IAAI,EAAE,eAAe;gBACrB,MAAM,EAAE,UAAU;gBAClB,SAAS,EAAE,QAAQ;aACpB,CAAC,CAAC;QACL,CAAC;QACD,MAAM,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IAC3B,CAAC;CACF;AAED,SAAS,YAAY,CAAC,IAAwB;IAC5C,uEAAuE;IACvE,wDAAwD;IACxD,MAAM,GAAG,GAA4B,EAAE,CAAC;IACxC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IAC3B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;qEAEqE;AACrE,SAAS,qBAAqB,CAAC,EAAU;IACvC,MAAM,KAAK,GAAG,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC9B,IAAI,KAAK,GAAG,CAAC;QAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;IACvD,OAAO,EAAE,QAAQ,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,UAAU,EAAE,EAAE,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,EAAE,CAAC;AAC3E,CAAC;AAED,4DAA4D;AAC5D,SAAS,YAAY,CACnB,gBAAwB,EACxB,QAAgB,EAChB,UAAkB,EAClB,UAA4B;IAE5B,MAAM,MAAM,GAA4B;QACtC,iBAAiB,EAAE,gBAAgB;QACnC,QAAQ;QACR,UAAU;QACV,QAAQ,EAAE,UAAU,CAAC,QAAQ;QAC7B,UAAU,EAAE,UAAU,CAAC,SAAS;QAChC,KAAK,EAAE,UAAU,CAAC,KAAK;KACxB,CAAC;IACF,IAAI,UAAU,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;QACzC,MAAM,CAAC,SAAS,GAAG,UAAU,CAAC,WAAW,CAAC,IAAI,CAAC;IACjD,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;mDAEmD;AACnD,SAAS,oBAAoB,CAC3B,QAAgB,EAChB,UAAkB;IAElB,MAAM,IAAI,GAA2D;QACnE,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,QAAQ,IAAI,UAAU,EAAE,EAAE,KAAK,EAAE,mBAAmB,EAAE;KACnF,CAAC;IACF,uEAAuE;IACvE,yEAAyE;IACzE,0BAA0B;IAC1B,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACtC,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QACd,MAAM,SAAS,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QAC7C,IAAI,CAAC,IAAI,CAAC;YACR,GAAG,EAAE,WAAW;YAChB,OAAO,EAAE,GAAG,QAAQ,IAAI,SAAS,IAAI;YACrC,KAAK,EAAE,cAAc,CAAC,QAAQ,EAAE,SAAS,CAAC;SAC3C,CAAC,CAAC;IACL,CAAC;IACD,IAAI,QAAQ,KAAK,EAAE,EAAE,CAAC;QACpB,IAAI,CAAC,IAAI,CAAC;YACR,GAAG,EAAE,UAAU;YACf,OAAO,EAAE,GAAG,QAAQ,IAAI;YACxB,KAAK,EAAE,OAAO,QAAQ,EAAE;SACzB,CAAC,CAAC;IACL,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,cAAc,CAAC,QAAgB,EAAE,SAAiB;IACzD,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,UAAU;YACb,OAAO,2BAA2B,SAAS,GAAG,CAAC;QACjD,KAAK,cAAc;YACjB,OAAO,wBAAwB,SAAS,GAAG,CAAC;QAC9C,KAAK,UAAU;YACb,OAAO,+BAA+B,SAAS,GAAG,CAAC;QACrD,KAAK,UAAU;YACb,OAAO,wBAAwB,SAAS,GAAG,CAAC;QAC9C;YACE,OAAO,OAAO,QAAQ,WAAW,SAAS,GAAG,CAAC;IAClD,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,KAAuB;IAQ1C,OAAO;QACL,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,EAAE,EAAE,KAAK,CAAC,EAAE;QACZ,GAAG,CAAC,KAAK,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC;QAClE,GAAG,CAAC,KAAK,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,KAAK,CAAC,UAAU,EAAE,CAAC;QAC3E,GAAG,CAAC,KAAK,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;QAC/E,GAAG,CAAC,KAAK,CAAC,YAAY,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,KAAK,CAAC,YAAY,EAAE,CAAC;KACnF,CAAC;AACJ,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@flowdot.ai/guardian-agent",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.2.0",
|
|
4
4
|
"description": "TypeScript reference implementation of the guardian-agent spec: a runtime supervisor for tool-using LLM agents (audit log, tool-permission scoping, HITL approval gates, emergency-stop).",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"ai-safety",
|