npm - @flue/client - Versions diffs - 0.0.21 → 0.0.23 - Mend

@flue/client 0.0.21 → 0.0.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md +19 -6
package/dist/index.d.mts +1 -1
package/dist/proxies/index.d.mts +2 -1
package/dist/proxies/index.mjs +38 -21
package/dist/{types-Ch4cwdD8.d.mts → types-37Tgp-H9.d.mts} +17 -11
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -69,10 +69,23 @@ const summary = await flue.prompt('Summarize these test failures: ...', {
 Options: `result`, `model`
-### Properties
+## Proxies (Sandbox Mode)
-| Property       | Type                      | Description                             |
-| -------------- | ------------------------- | --------------------------------------- |
-| `flue.args`    | `Record<string, unknown>` | Workflow arguments passed by the runner |
-| `flue.secrets` | `Record<string, string>`  | Scoped secrets passed by the runner     |
-| `flue.branch`  | `string`                  | Working branch for commits              |
+In sandbox mode, the AI agent runs inside a sandbox container with no access to sensitive host credentials. Proxies let the sandbox talk to external services without leaking any actual credentials into the sandbox.
+Flue ships with built-in presets for popular services. Every proxy supports an access control policy (`policy`) option for advanced control over what the sandbox has access to do. Built-in levels like `'allow-read'` and `'allow-all'` cover common service-specific policy rules, and you can extend them with explicit allow/deny rules for fine-grained control:
+```ts
+import { anthropic, github } from '@flue/client/proxies';
+export const proxies = [
+  anthropic(),
+  github({
+    token: process.env.GH_TOKEN!,
+    policy: {
+      base: 'allow-read',
+      allow: [{ method: 'POST', path: '/repos/withastro/astro/issues/*/comments', limit: 1 }],
+    },
+  }),
+];
+```

package/dist/index.d.mts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { i as ProxyService, n as ProxyPolicy, r as ProxyPresetResult, t as PolicyRule } from "./types-Ch4cwdD8.mjs";
+import { i as ProxyService, n as ProxyPolicy, r as ProxyPresetResult, t as PolicyRule } from "./types-37Tgp-H9.mjs";
 import * as v from "valibot";
 //#region src/errors.d.ts

package/dist/proxies/index.d.mts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { i as ProxyService, n as ProxyPolicy, r as ProxyPresetResult, t as PolicyRule } from "../types-Ch4cwdD8.mjs";
+import { i as ProxyService, n as ProxyPolicy, r as ProxyPresetResult, t as PolicyRule } from "../types-37Tgp-H9.mjs";
 //#region src/proxies/anthropic.d.ts
 /**
@@ -10,6 +10,7 @@ import { i as ProxyService, n as ProxyPolicy, r as ProxyPresetResult, t as Polic
  */
 declare function anthropic(opts?: {
   apiKey?: string;
+  policy?: string | ProxyPolicy;
 }): ProxyService;
 //#endregion
 //#region src/proxies/github.d.ts

package/dist/proxies/index.mjs CHANGED Viewed

@@ -26,7 +26,7 @@ function anthropic(opts) {
 			filtered["x-api-key"] = apiKey;
 			return { headers: filtered };
 		},
-		policy: "allow-all",
+		policy: opts?.policy ?? "allow-all",
 		isModelProvider: true,
 		providerConfig: {
 			providerKey: "anthropic",
@@ -49,7 +49,7 @@ function anthropic(opts) {
 * Both share the same token and policy.
 */
 function github(opts) {
-	const resolvedPolicy = resolveGitHubPolicy(opts.policy ?? "read-only");
+	const resolvedPolicy = resolveGitHubPolicy(opts.policy);
 	const denyResponse = ({ method, path, reason }) => ({
 		status: 403,
 		headers: { "Content-Type": "application/json" },
@@ -85,29 +85,46 @@ function github(opts) {
 	}];
 }
 /**
-* Resolve GitHub-specific policy level names to concrete ProxyPolicy rules.
+* Resolve a GitHub policy into a concrete ProxyPolicy.
 *
-* Levels:
-* - 'read-only': GET/HEAD only (default)
-* - 'read-only+clone': GET/HEAD + git smart HTTP fetch (clone/pull)
-* - 'allow-all': everything allowed
+* Accepts a core policy level string ('allow-read', 'allow-all', 'deny-all')
+* or a ProxyPolicy object. Defaults to 'allow-read' if omitted.
+*
+* When the base is 'allow-read', GitHub-specific allow rules are prepended
+* so that the gh CLI (GraphQL queries) and git clone/fetch work out of the box.
+* Other base levels are used as-is.
 */
 function resolveGitHubPolicy(policy) {
-	if (typeof policy !== "string") return policy;
-	switch (policy) {
-		case "read-only": return { default: "deny-non-safe" };
-		case "read-only+clone": return {
-			default: "deny-non-safe",
-			allow: [{
-				method: "POST",
-				path: "/*/git-upload-pack"
-			}, {
-				method: "GET",
-				path: "/*/info/refs"
-			}]
+	const base = typeof policy === "string" ? policy : policy?.base ?? "allow-read";
+	const userAllow = typeof policy === "object" ? policy.allow ?? [] : [];
+	const userDeny = typeof policy === "object" ? policy.deny ?? [] : [];
+	switch (base) {
+		case "allow-all":
+		case "deny-all": return {
+			base,
+			allow: userAllow,
+			deny: userDeny
+		};
+		default: return {
+			base: "allow-read",
+			allow: [
+				{
+					method: "POST",
+					path: "/graphql",
+					body: githubBody.graphql()
+				},
+				{
+					method: "POST",
+					path: "/*/git-upload-pack"
+				},
+				{
+					method: "GET",
+					path: "/*/info/refs"
+				},
+				...userAllow
+			],
+			deny: userDeny
 		};
-		case "allow-all": return { default: "allow-all" };
-		default: throw new Error(`Unknown github() policy level: '${policy}'`);
 	}
 }
 /**

package/dist/{types-Ch4cwdD8.d.mts → types-37Tgp-H9.d.mts} RENAMED Viewed

@@ -63,14 +63,14 @@ interface ProxyService {
   /**
    * Access control policy for this proxy.
    *
-   * String shorthand: a named policy level defined by the preset.
-   * Object form: full control with default level + allow/deny rules.
+   * String shorthand: a core policy level ('allow-read', 'allow-all', 'deny-all').
+   * Object form: full control with base level + allow/deny rules.
    *
-   * When a string is provided, it is equivalent to { default: theString }.
+   * When a string is provided, it is equivalent to { base: theString }.
    *
-   * If omitted, defaults to 'read-only' (GET/HEAD only).
-   * Each preset defines what its policy levels mean — see the preset
-   * documentation for available levels.
+   * If omitted, defaults to 'allow-read' (GET/HEAD/OPTIONS only).
+   * Presets may extend the base level with additional allow rules
+   * appropriate for their service.
    */
   policy?: string | ProxyPolicy;
   /**
@@ -108,16 +108,22 @@ interface ProxyService {
 }
 interface ProxyPolicy {
   /**
-   * The base policy level. Preset-defined string that maps to a set of rules.
-   * Common levels: 'read-only', 'allow-all', 'deny-all'.
-   * Presets may define additional levels (e.g., 'read-only+clone' for GitHub).
+   * The base policy level that applies when no allow/deny rule matches.
+   *
+   * - `'allow-read'`: allow GET/HEAD/OPTIONS, deny everything else
+   * - `'allow-all'`: allow everything
+   * - `'deny-all'`: deny everything
+   *
+   * Presets may extend the base level with additional allow rules
+   * (e.g., the GitHub preset adds GraphQL query and git clone support
+   * on top of `'allow-read'`).
    */
-  default: string;
+  base: string;
   /**
    * Explicit allow rules. Evaluated after deny rules.
    * A request matching an allow rule is permitted (subject to rate limits).
    * If a request matches method + path but fails body validation, the rule
-   * does not match and evaluation continues to the next rule or default.
+   * does not match and evaluation continues to the next rule or base level.
    */
   allow?: PolicyRule[];
   /**

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@flue/client",
-  "version": "0.0.21",
+  "version": "0.0.23",
   "type": "module",
   "license": "Apache-2.0",
   "exports": {