npm - @govplane/runtime-sdk - Versions diffs - 0.2.4 - Mend

@govplane/runtime-sdk 0.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/README.md +365 -0
package/dist/index.cjs +1080 -0
package/dist/index.cjs.map +1 -0
package/dist/index.d.cts +413 -0
package/dist/index.d.ts +413 -0
package/dist/index.js +1054 -0
package/dist/index.js.map +1 -0
package/docs/operations/Govplane_Incident_Playbook.md +318 -0
package/docs/operations/Govplane_Runtime_Incident_Controls.md +101 -0
package/docs/security/Govplane_Threat_Model.md +137 -0
package/package.json +40 -0

package/docs/security/Govplane_Threat_Model.md ADDED Viewed

@@ -0,0 +1,137 @@
+# Govplane Runtime SDK – Threat Model & Security Guarantees
+---
+## 1. Scope & Assumptions
+### In scope
+- Backend services (APIs, workers, jobs, gateways)
+- Node.js environments (≥18)
+- Runtime bundles generados por Govplane Control Plane
+- Runtime keys con permisos **read-only**
+### Out of scope
+- Browsers / client-side execution
+- Policy authoring
+- Runtime bundle generation
+- Handling of PII
+---
+## 2. Trust Boundaries
+```
+Govplane Control Plane
+  └─ Runtime Bundle (immutable)
+        └─ Runtime API (read-only)
+              └─ Runtime SDK
+                    └─ Policy Engine (local)
+```
+➡️ No inbound arrows into the SDK
+➡️ The SDK never exposes HTTP endpoints
+---
+## 3. Attack Surface
+| Vector | Status |
+|------|--------|
+| Inbound HTTP | ❌ None |
+| Middleware hooks | ❌ None |
+| Dynamic code execution | ❌ None |
+| Runtime DSL parsing | ❌ None |
+| eval / Function | ❌ None |
+| PII handling | ❌ None |
+---
+## 4. Runtime Key Security
+- Read-only
+- Scoped by org / project / env
+- Cannot modify policies
+- Cannot trigger side effects
+---
+## 5. Policy Evaluation Guarantees
+- Deterministic decisions
+- Deny-by-default
+- Immutable bundles
+---
+## 6. Precedence Rules
+1. kill_switch
+2. deny
+3. throttle (most restrictive)
+4. allow
+5. default → deny
+---
+## 7. Context Security (PII Protection)
+- Explicit allowlist
+- Hard limits
+- Unknown keys rejected
+---
+## 8. Decision Trace Safety
+Trace MAY include:
+- policyKey
+- ruleId
+- effect type
+Trace NEVER includes:
+- context values
+- rule bodies
+- PII
+---
+## 9. Failure Scenarios
+- Runtime unavailable → cached bundle
+- Missing bundle → deny
+- Polling failure → backoff + degraded
+---
+## 10. DDoS & Abuse
+- No network I/O per request
+- In-memory evaluation
+- Deterministic enforcement
+---
+## 11. Non-Goals
+- No middleware
+- No auth
+- No persistence
+- No remote execution
+---
+## 12. Security Summary
+Safe for:
+- APIs
+- Gateways
+- Workers
+- Critical paths
+---
+## 13. Responsible Usage
+- Treat keys as secrets
+- Explicit context mapping
+- Sampling traces only

package/package.json ADDED Viewed

@@ -0,0 +1,40 @@
+{
+  "name": "@govplane/runtime-sdk",
+  "version": "0.2.4",
+  "description": "Govplane Runtime SDK (Node/TS) with ETag caching + polling",
+  "license": "MIT",
+  "type": "module",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs"
+    }
+  },
+  "files": [
+    "dist",
+    "docs",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsup --watch",
+    "test": "jest"
+  },
+  "devDependencies": {
+    "@jest/types": "^29.6.3",
+    "@types/jest": "^30.0.0",
+    "@types/node": "^25.0.3",
+    "jest": "^29.7.0",
+    "ts-jest": "^29.4.6",
+    "ts-node": "^10.9.2",
+    "tsup": "^8.2.4",
+    "typescript": "^5.6.3"
+  },
+  "dependencies": {
+    "undici": "^7.18.2"
+  }
+}