@guardiojs/guardio 0.0.1

package/dist/core/GuardioCore.js

@@ -0,0 +1,115 @@
+import { spawn } from "node:child_process";
+import * as readline from "node:readline";
+import { PluginManager } from "../config/PluginManager.js";
+export class GuardioCore {
+    config;
+    policyPlugins = [];
+    interventionPlugins = [];
+    child = null;
+    appInterface = null;
+    toolInterface = null;
+    pendingResponseId = null;
+    appQueue = [];
+    constructor(config) {
+        this.config = config;
+    }
+    async run() {
+        const pluginManager = new PluginManager();
+        const cwd = this.config.cwd ?? process.cwd();
+        this.policyPlugins = await pluginManager.getPolicyPlugins(cwd, this.config.configPath);
+        if (this.policyPlugins.length === 0) {
+            throw new Error("No policy plugins in config. Add at least one plugin with type 'policy'.");
+        }
+        this.interventionPlugins = await pluginManager.getInterventionPlugins(cwd, this.config.configPath);
+        this.child = spawn(this.config.command, this.config.args, {
+            stdio: ["pipe", "pipe", "inherit"],
+        });
+        this.appInterface = readline.createInterface({
+            input: process.stdin,
+            terminal: false,
+        });
+        this.toolInterface = readline.createInterface({
+            input: this.child.stdout,
+            terminal: false,
+        });
+        this.attachAppHandler();
+        this.attachToolHandler();
+    }
+    sendErrorResponse(id, message) {
+        process.stdout.write(JSON.stringify({
+            jsonrpc: "2.0",
+            id,
+            error: { code: -32000, message },
+        }) + "\n");
+    }
+    async processAppLine(line) {
+        try {
+            const request = JSON.parse(line);
+            if (request.method === "tools/call") {
+                const toolName = request.params?.name ?? "(unknown)";
+                const args = request.params?.arguments;
+                const context = { toolName, args };
+                for (const policy of this.policyPlugins) {
+                    const result = policy.evaluate(context);
+                    if (result === "blocked") {
+                        console.error(`[SECURITY] Blocked attempt to call: ${toolName} (policy: ${policy.name})`);
+                        this.sendErrorResponse(request.id, "Security Layer: Call Rejected");
+                        this.drainAppQueue();
+                        return;
+                    }
+                }
+                if (this.interventionPlugins.length > 0) {
+                    const interventionContext = { toolName, args };
+                    for (const plugin of this.interventionPlugins) {
+                        const actResult = await Promise.resolve(plugin.act(interventionContext));
+                        if (actResult === false) {
+                            this.sendErrorResponse(request.id, `Call to ${toolName} was rejected by intervention plugin ${plugin.name}`);
+                            this.drainAppQueue();
+                            return;
+                        }
+                    }
+                }
+                this.pendingResponseId = request.id ?? null;
+                this.child.stdin?.write(line + "\n");
+                return;
+            }
+            this.child.stdin?.write(line + "\n");
+        }
+        catch {
+            this.child.stdin?.write(line + "\n");
+        }
+    }
+    drainAppQueue() {
+        this.pendingResponseId = null;
+        while (this.appQueue.length > 0) {
+            const line = this.appQueue.shift();
+            if (line !== undefined)
+                this.processAppLine(line);
+        }
+    }
+    attachAppHandler() {
+        this.appInterface.on("line", async (line) => {
+            if (this.pendingResponseId !== null) {
+                this.appQueue.push(line);
+                return;
+            }
+            await this.processAppLine(line);
+        });
+    }
+    attachToolHandler() {
+        this.toolInterface.on("line", (line) => {
+            process.stdout.write(line + "\n");
+            if (this.pendingResponseId !== null) {
+                try {
+                    const response = JSON.parse(line);
+                    if (response.id === this.pendingResponseId)
+                        this.drainAppQueue();
+                }
+                catch {
+                    // not JSON or no id – keep waiting
+                }
+            }
+        });
+    }
+}
+//# sourceMappingURL=GuardioCore.js.map

package/dist/core/GuardioCore.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"GuardioCore.js","sourceRoot":"","sources":["../../src/core/GuardioCore.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,KAAK,QAAQ,MAAM,eAAe,CAAC;AAK1C,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAE3D,MAAM,OAAO,WAAW;IACL,MAAM,CAAoB;IACnC,aAAa,GAA4B,EAAE,CAAC;IAC5C,mBAAmB,GAAkC,EAAE,CAAC;IAExD,KAAK,GAAoC,IAAI,CAAC;IAC9C,YAAY,GAA8B,IAAI,CAAC;IAC/C,aAAa,GAA8B,IAAI,CAAC;IAEhD,iBAAiB,GAA2B,IAAI,CAAC;IACxC,QAAQ,GAAa,EAAE,CAAC;IAEzC,YAAY,MAAyB;QACnC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,GAAG;QACP,MAAM,aAAa,GAAG,IAAI,aAAa,EAAE,CAAC;QAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QAC7C,IAAI,CAAC,aAAa,GAAG,MAAM,aAAa,CAAC,gBAAgB,CACvD,GAAG,EACH,IAAI,CAAC,MAAM,CAAC,UAAU,CACvB,CAAC;QACF,IAAI,IAAI,CAAC,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CACb,0EAA0E,CAC3E,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,mBAAmB,GAAG,MAAM,aAAa,CAAC,sBAAsB,CACnE,GAAG,EACH,IAAI,CAAC,MAAM,CAAC,UAAU,CACvB,CAAC;QAEF,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE;YACxD,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC;SACnC,CAAC,CAAC;QAEH,IAAI,CAAC,YAAY,GAAG,QAAQ,CAAC,eAAe,CAAC;YAC3C,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,QAAQ,EAAE,KAAK;SAChB,CAAC,CAAC;QAEH,IAAI,CAAC,aAAa,GAAG,QAAQ,CAAC,eAAe,CAAC;YAC5C,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,MAAO;YACzB,QAAQ,EAAE,KAAK;SAChB,CAAC,CAAC;QAEH,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,IAAI,CAAC,iBAAiB,EAAE,CAAC;IAC3B,CAAC;IAEO,iBAAiB,CACvB,EAA+B,EAC/B,OAAe;QAEf,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,IAAI,CAAC,SAAS,CAAC;YACb,OAAO,EAAE,KAAK;YACd,EAAE;YACF,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE;SACjC,CAAC,GAAG,IAAI,CACV,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,cAAc,CAAC,IAAY;QACvC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAmB,CAAC;YAEnD,IAAI,OAAO,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;gBACpC,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,EAAE,IAAI,IAAI,WAAW,CAAC;gBACrD,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC;gBACvC,MAAM,OAAO,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;gBACnC,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;oBACxC,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;oBACxC,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;wBACzB,OAAO,CAAC,KAAK,CACX,uCAAuC,QAAQ,aAAa,MAAM,CAAC,IAAI,GAAG,CAC3E,CAAC;wBACF,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,EAAE,EAAE,+BAA+B,CAAC,CAAC;wBACpE,IAAI,CAAC,aAAa,EAAE,CAAC;wBACrB,OAAO;oBACT,CAAC;gBACH,CAAC;gBAED,IAAI,IAAI,CAAC,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACxC,MAAM,mBAAmB,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;oBAC/C,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,mBAAmB,EAAE,CAAC;wBAC9C,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,OAAO,CACrC,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAChC,CAAC;wBACF,IAAI,SAAS,KAAK,KAAK,EAAE,CAAC;4BACxB,IAAI,CAAC,iBAAiB,CACpB,OAAO,CAAC,EAAE,EACV,WAAW,QAAQ,wCAAwC,MAAM,CAAC,IAAI,EAAE,CACzE,CAAC;4BACF,IAAI,CAAC,aAAa,EAAE,CAAC;4BACrB,OAAO;wBACT,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,IAAI,CAAC,iBAAiB,GAAG,OAAO,CAAC,EAAE,IAAI,IAAI,CAAC;gBAC5C,IAAI,CAAC,KAAM,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;gBACtC,OAAO;YACT,CAAC;YAED,IAAI,CAAC,KAAM,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;QACxC,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,KAAM,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IAEO,aAAa;QACnB,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC;QAC9B,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;YACnC,IAAI,IAAI,KAAK,SAAS;gBAAE,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAEO,gBAAgB;QACtB,IAAI,CAAC,YAAa,CAAC,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,IAAY,EAAE,EAAE;YACnD,IAAI,IAAI,CAAC,iBAAiB,KAAK,IAAI,EAAE,CAAC;gBACpC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACzB,OAAO;YACT,CAAC;YACD,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,iBAAiB;QACvB,IAAI,CAAC,aAAc,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;YAC9C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;YAElC,IAAI,IAAI,CAAC,iBAAiB,KAAK,IAAI,EAAE,CAAC;gBACpC,IAAI,CAAC;oBACH,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAoB,CAAC;oBACrD,IAAI,QAAQ,CAAC,EAAE,KAAK,IAAI,CAAC,iBAAiB;wBAAE,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnE,CAAC;gBAAC,MAAM,CAAC;oBACP,mCAAmC;gBACrC,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF"}

package/dist/core/index.d.ts

@@ -0,0 +1,3 @@
+export { GuardioCore } from "./GuardioCore.js";
+export type { GuardioCoreConfig, JsonRpcRequest, JsonRpcResponse, } from "./types.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/core/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,YAAY,EACV,iBAAiB,EACjB,cAAc,EACd,eAAe,GAChB,MAAM,YAAY,CAAC"}

package/dist/core/index.js

@@ -0,0 +1,2 @@
+export { GuardioCore } from "./GuardioCore.js";
+//# sourceMappingURL=index.js.map

package/dist/core/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC"}

package/dist/core/types.d.ts

@@ -0,0 +1,29 @@
+export interface JsonRpcRequest {
+    jsonrpc?: string;
+    id?: string | number;
+    method?: string;
+    params?: {
+        name?: string;
+        arguments?: unknown;
+    };
+}
+export interface JsonRpcResponse {
+    jsonrpc?: string;
+    id?: string | number;
+    result?: unknown;
+    error?: {
+        code: number;
+        message: string;
+    };
+}
+export interface GuardioCoreConfig {
+    /** Command to run the real MCP server (e.g. "node") */
+    command: string;
+    /** Arguments for the command (e.g. ["/path/to/server.js"]) */
+    args: string[];
+    /** Cwd for resolving guardio.config (default: process.cwd()) */
+    cwd?: string;
+    /** Explicit path to guardio config file (optional) */
+    configPath?: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/core/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;CACjD;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;CAC3C;AAED,MAAM,WAAW,iBAAiB;IAChC,uDAAuD;IACvD,OAAO,EAAE,MAAM,CAAC;IAChB,8DAA8D;IAC9D,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,gEAAgE;IAChE,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,sDAAsD;IACtD,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB"}

package/dist/core/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/core/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":""}

package/dist/index.d.ts

@@ -0,0 +1,7 @@
+export { GuardioCore } from "./core/index.js";
+export type { GuardioCoreConfig, JsonRpcRequest, JsonRpcResponse, } from "./core/index.js";
+export type { PolicyPluginInterface, NotificationPluginInterface, InterventionPluginInterface, InterventionResult, PolicyRequestContext, PolicyResult, InterventionRequestContext, } from "./interfaces/index.js";
+export { DefaultPolicyPlugin, RegexPolicyPlugin, type DefaultPolicyPluginConfig, type RegexPolicyPluginConfig, type RegexPolicyRule, type RegexPolicyRuleResult, } from "./plugins/policy/index.js";
+export { DefaultNotificationPlugin } from "./plugins/notification/index.js";
+export { DefaultInterventionPlugin, HttpInterventionPlugin, type HttpInterventionPluginConfig, } from "./plugins/intervention/index.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,YAAY,EACV,iBAAiB,EACjB,cAAc,EACd,eAAe,GAChB,MAAM,iBAAiB,CAAC;AACzB,YAAY,EACV,qBAAqB,EACrB,2BAA2B,EAC3B,2BAA2B,EAC3B,kBAAkB,EAClB,oBAAoB,EACpB,YAAY,EACZ,0BAA0B,GAC3B,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,mBAAmB,EACnB,iBAAiB,EACjB,KAAK,yBAAyB,EAC9B,KAAK,uBAAuB,EAC5B,KAAK,eAAe,EACpB,KAAK,qBAAqB,GAC3B,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,yBAAyB,EAAE,MAAM,iCAAiC,CAAC;AAC5E,OAAO,EACL,yBAAyB,EACzB,sBAAsB,EACtB,KAAK,4BAA4B,GAClC,MAAM,iCAAiC,CAAC"}

package/dist/index.js

@@ -0,0 +1,6 @@
+// Programmatic API: core, interfaces, and default plugins
+export { GuardioCore } from "./core/index.js";
+export { DefaultPolicyPlugin, RegexPolicyPlugin, } from "./plugins/policy/index.js";
+export { DefaultNotificationPlugin } from "./plugins/notification/index.js";
+export { DefaultInterventionPlugin, HttpInterventionPlugin, } from "./plugins/intervention/index.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,0DAA0D;AAC1D,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAe9C,OAAO,EACL,mBAAmB,EACnB,iBAAiB,GAKlB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,yBAAyB,EAAE,MAAM,iCAAiC,CAAC;AAC5E,OAAO,EACL,yBAAyB,EACzB,sBAAsB,GAEvB,MAAM,iCAAiC,CAAC"}

package/dist/interfaces/InterventionPluginInterface.d.ts

@@ -0,0 +1,20 @@
+import type { InterventionRequestContext } from "./InterventionTypes.js";
+/**
+ * Return type of act(): void/true = continue and forward; false = reject the call.
+ */
+export type InterventionResult = void | boolean | Promise<void> | Promise<boolean>;
+/**
+ * Intervention plugin interface: run side effects when a tool call is about to be forwarded
+ * (e.g. logging, approval UI). Receives config from guardio config.
+ * Return false (or Promise<false>) to reject the call; void/true to continue.
+ */
+export interface InterventionPluginInterface {
+    readonly name: string;
+    /**
+     * Act on the tool call (e.g. log, show approval UI). Called when the call is allowed and before forwarding.
+     * @param context - Request context containing toolName and args
+     * @returns false to reject the call; void or true to continue
+     */
+    act(context: InterventionRequestContext): InterventionResult;
+}
+//# sourceMappingURL=InterventionPluginInterface.d.ts.map

package/dist/interfaces/InterventionPluginInterface.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"InterventionPluginInterface.d.ts","sourceRoot":"","sources":["../../src/interfaces/InterventionPluginInterface.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,wBAAwB,CAAC;AAEzE;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAC1B,IAAI,GACJ,OAAO,GACP,OAAO,CAAC,IAAI,CAAC,GACb,OAAO,CAAC,OAAO,CAAC,CAAC;AAErB;;;;GAIG;AACH,MAAM,WAAW,2BAA2B;IAC1C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB;;;;OAIG;IACH,GAAG,CAAC,OAAO,EAAE,0BAA0B,GAAG,kBAAkB,CAAC;CAC9D"}

package/dist/interfaces/InterventionPluginInterface.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=InterventionPluginInterface.js.map

package/dist/interfaces/InterventionPluginInterface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"InterventionPluginInterface.js","sourceRoot":"","sources":["../../src/interfaces/InterventionPluginInterface.ts"],"names":[],"mappings":""}

package/dist/interfaces/InterventionTypes.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Context passed to intervention plugin's act() for a tool call request.
+ */
+export interface InterventionRequestContext {
+    toolName: string;
+    args: unknown;
+}
+//# sourceMappingURL=InterventionTypes.d.ts.map

package/dist/interfaces/InterventionTypes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"InterventionTypes.d.ts","sourceRoot":"","sources":["../../src/interfaces/InterventionTypes.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,0BAA0B;IACzC,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,OAAO,CAAC;CACf"}

package/dist/interfaces/InterventionTypes.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=InterventionTypes.js.map

package/dist/interfaces/InterventionTypes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"InterventionTypes.js","sourceRoot":"","sources":["../../src/interfaces/InterventionTypes.ts"],"names":[],"mappings":""}

package/dist/interfaces/NotificationPluginInterface.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Notification plugin interface for side effects when tool calls are
+ * intercepted (e.g. logging, metrics, alerts). Can be no-op for now.
+ */
+export interface NotificationPluginInterface {
+    /**
+     * Notify about a tool call event (e.g. before/after approval).
+     * @param toolName - Name of the tool
+     * @param args - Arguments passed to the tool
+     */
+    notify(toolName: string, args: unknown): void;
+}
+//# sourceMappingURL=NotificationPluginInterface.d.ts.map

package/dist/interfaces/NotificationPluginInterface.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"NotificationPluginInterface.d.ts","sourceRoot":"","sources":["../../src/interfaces/NotificationPluginInterface.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,MAAM,WAAW,2BAA2B;IAC1C;;;;OAIG;IACH,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,GAAG,IAAI,CAAC;CAC/C"}

package/dist/interfaces/NotificationPluginInterface.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=NotificationPluginInterface.js.map

package/dist/interfaces/NotificationPluginInterface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"NotificationPluginInterface.js","sourceRoot":"","sources":["../../src/interfaces/NotificationPluginInterface.ts"],"names":[],"mappings":""}

package/dist/interfaces/PolicyPluginInterface.d.ts

@@ -0,0 +1,16 @@
+import type { PolicyRequestContext } from "./PolicyTypes.js";
+import type { PolicyResult } from "./PolicyTypes.js";
+/**
+ * Policy plugin interface for evaluating whether a tool call is allowed.
+ * Implementations can perform simple checks or more complex policy logic.
+ */
+export interface PolicyPluginInterface {
+    readonly name: string;
+    /**
+     * Evaluate the tool call and return a policy result.
+     * @param context - Request context containing toolName and args
+     * @returns "allowed" to forward without approval, "blocked" to reject, "require_approval" to ask human
+     */
+    evaluate(context: PolicyRequestContext): PolicyResult;
+}
+//# sourceMappingURL=PolicyPluginInterface.d.ts.map

package/dist/interfaces/PolicyPluginInterface.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"PolicyPluginInterface.d.ts","sourceRoot":"","sources":["../../src/interfaces/PolicyPluginInterface.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAC7D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAErD;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB;;;;OAIG;IACH,QAAQ,CAAC,OAAO,EAAE,oBAAoB,GAAG,YAAY,CAAC;CACvD"}

package/dist/interfaces/PolicyPluginInterface.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=PolicyPluginInterface.js.map

package/dist/interfaces/PolicyPluginInterface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"PolicyPluginInterface.js","sourceRoot":"","sources":["../../src/interfaces/PolicyPluginInterface.ts"],"names":[],"mappings":""}

package/dist/interfaces/PolicyTypes.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Context passed to policy evaluation for a tool call request.
+ */
+export interface PolicyRequestContext {
+    toolName: string;
+    args: unknown;
+}
+/**
+ * Result of policy evaluation: allow, block, or require human approval.
+ */
+export type PolicyResult = "allowed" | "blocked" | "require_approval";
+//# sourceMappingURL=PolicyTypes.d.ts.map

package/dist/interfaces/PolicyTypes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"PolicyTypes.d.ts","sourceRoot":"","sources":["../../src/interfaces/PolicyTypes.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,OAAO,CAAC;CACf;AAED;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,SAAS,GAAG,SAAS,GAAG,kBAAkB,CAAC"}

package/dist/interfaces/PolicyTypes.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=PolicyTypes.js.map

package/dist/interfaces/PolicyTypes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"PolicyTypes.js","sourceRoot":"","sources":["../../src/interfaces/PolicyTypes.ts"],"names":[],"mappings":""}

package/dist/interfaces/index.d.ts

@@ -0,0 +1,6 @@
+export type { PolicyPluginInterface } from "./PolicyPluginInterface.js";
+export type { NotificationPluginInterface } from "./NotificationPluginInterface.js";
+export type { InterventionPluginInterface, InterventionResult, } from "./InterventionPluginInterface.js";
+export type { PolicyRequestContext, PolicyResult } from "./PolicyTypes.js";
+export type { InterventionRequestContext } from "./InterventionTypes.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/interfaces/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/interfaces/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AACxE,YAAY,EAAE,2BAA2B,EAAE,MAAM,kCAAkC,CAAC;AACpF,YAAY,EACV,2BAA2B,EAC3B,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAC1C,YAAY,EAAE,oBAAoB,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAC3E,YAAY,EAAE,0BAA0B,EAAE,MAAM,wBAAwB,CAAC"}

package/dist/interfaces/index.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=index.js.map

package/dist/interfaces/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/interfaces/index.ts"],"names":[],"mappings":""}

package/dist/plugins/intervention/DefaultInterventionPlugin.d.ts

@@ -0,0 +1,12 @@
+import type { InterventionPluginInterface } from "../../interfaces/InterventionPluginInterface.js";
+import type { InterventionRequestContext } from "../../interfaces/InterventionTypes.js";
+/**
+ * Default intervention plugin: no-op. Receives config from guardio config; override act() for side effects.
+ */
+export declare class DefaultInterventionPlugin implements InterventionPluginInterface {
+    private readonly config;
+    readonly name = "default";
+    constructor(config?: Record<string, unknown>);
+    act(_context: InterventionRequestContext): void;
+}
+//# sourceMappingURL=DefaultInterventionPlugin.d.ts.map

package/dist/plugins/intervention/DefaultInterventionPlugin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"DefaultInterventionPlugin.d.ts","sourceRoot":"","sources":["../../../src/plugins/intervention/DefaultInterventionPlugin.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,iDAAiD,CAAC;AACnG,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,uCAAuC,CAAC;AAExF;;GAEG;AACH,qBAAa,yBAA0B,YAAW,2BAA2B;IAG/D,OAAO,CAAC,QAAQ,CAAC,MAAM;IAFnC,QAAQ,CAAC,IAAI,aAAa;gBAEG,MAAM,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM;IAEjE,GAAG,CAAC,QAAQ,EAAE,0BAA0B,GAAG,IAAI;CAGhD"}

package/dist/plugins/intervention/DefaultInterventionPlugin.js

@@ -0,0 +1,14 @@
+/**
+ * Default intervention plugin: no-op. Receives config from guardio config; override act() for side effects.
+ */
+export class DefaultInterventionPlugin {
+    config;
+    name = "default";
+    constructor(config = {}) {
+        this.config = config;
+    }
+    act(_context) {
+        // Empty for now; config is available as this.config for subclasses or future use
+    }
+}
+//# sourceMappingURL=DefaultInterventionPlugin.js.map

package/dist/plugins/intervention/DefaultInterventionPlugin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"DefaultInterventionPlugin.js","sourceRoot":"","sources":["../../../src/plugins/intervention/DefaultInterventionPlugin.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,MAAM,OAAO,yBAAyB;IAGP;IAFpB,IAAI,GAAG,SAAS,CAAC;IAE1B,YAA6B,SAAkC,EAAE;QAApC,WAAM,GAAN,MAAM,CAA8B;IAAG,CAAC;IAErE,GAAG,CAAC,QAAoC;QACtC,iFAAiF;IACnF,CAAC;CACF"}

package/dist/plugins/intervention/HttpInterventionPlugin.d.ts

@@ -0,0 +1,22 @@
+import type { InterventionPluginInterface } from "../../interfaces/InterventionPluginInterface.js";
+import type { InterventionRequestContext } from "../../interfaces/InterventionTypes.js";
+export interface HttpInterventionPluginConfig {
+    port?: number;
+    timeoutMs?: number;
+}
+/**
+ * Intervention plugin that starts an HTTP server and waits for user approve/reject
+ * before the tool call is forwarded. Config: { port?, timeoutMs? }.
+ */
+export declare class HttpInterventionPlugin implements InterventionPluginInterface {
+    readonly name = "http";
+    private readonly port;
+    private readonly timeoutMs;
+    private server;
+    private readonly pendingApprovals;
+    private approvalCounter;
+    constructor(config?: Record<string, unknown>);
+    private ensureServer;
+    act(context: InterventionRequestContext): Promise<boolean>;
+}
+//# sourceMappingURL=HttpInterventionPlugin.d.ts.map

package/dist/plugins/intervention/HttpInterventionPlugin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"HttpInterventionPlugin.d.ts","sourceRoot":"","sources":["../../../src/plugins/intervention/HttpInterventionPlugin.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,iDAAiD,CAAC;AACnG,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,uCAAuC,CAAC;AAKxF,MAAM,WAAW,4BAA4B;IAC3C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;GAGG;AACH,qBAAa,sBAAuB,YAAW,2BAA2B;IACxE,QAAQ,CAAC,IAAI,UAAU;IAEvB,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAS;IAC9B,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,MAAM,CAAgD;IAC9D,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAG7B;IACJ,OAAO,CAAC,eAAe,CAAK;gBAEhB,MAAM,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM;IAMhD,OAAO,CAAC,YAAY;IAsDpB,GAAG,CAAC,OAAO,EAAE,0BAA0B,GAAG,OAAO,CAAC,OAAO,CAAC;CA+B3D"}

package/dist/plugins/intervention/HttpInterventionPlugin.js

@@ -0,0 +1,99 @@
+import { createServer } from "node:http";
+import { exec } from "node:child_process";
+const DEFAULT_PORT = 3939;
+const DEFAULT_TIMEOUT_MS = 120_000;
+/**
+ * Intervention plugin that starts an HTTP server and waits for user approve/reject
+ * before the tool call is forwarded. Config: { port?, timeoutMs? }.
+ */
+export class HttpInterventionPlugin {
+    name = "http";
+    port;
+    timeoutMs;
+    server = null;
+    pendingApprovals = new Map();
+    approvalCounter = 0;
+    constructor(config = {}) {
+        const opts = config;
+        this.port = opts.port ?? DEFAULT_PORT;
+        this.timeoutMs = opts.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+    }
+    ensureServer() {
+        if (this.server !== null)
+            return;
+        this.server = createServer((req, res) => {
+            if (req.method === "GET" && req.url === "/") {
+                const pending = Array.from(this.pendingApprovals.entries())
+                    .map(([id]) => `<li><a href="/approve/${id}">Approve ${id}</a> | <a href="/reject/${id}">Reject ${id}</a></li>`)
+                    .join("");
+                res.writeHead(200, { "Content-Type": "text/html" });
+                res.end(`
+          <html>
+            <body>
+              <h1>Guardio - Pending Approvals</h1>
+              <ul>${pending || "<li>No pending approvals</li>"}</ul>
+            </body>
+          </html>
+        `);
+            }
+            else if (req.url?.startsWith("/approve/")) {
+                const id = req.url.split("/")[2];
+                const resolver = this.pendingApprovals.get(id);
+                if (resolver) {
+                    resolver(true);
+                    this.pendingApprovals.delete(id);
+                    res.writeHead(200, { "Content-Type": "text/plain" });
+                    res.end("Approved!");
+                }
+                else {
+                    res.writeHead(404);
+                    res.end("Not found");
+                }
+            }
+            else if (req.url?.startsWith("/reject/")) {
+                const id = req.url.split("/")[2];
+                const resolver = this.pendingApprovals.get(id);
+                if (resolver) {
+                    resolver(false);
+                    this.pendingApprovals.delete(id);
+                    res.writeHead(200, { "Content-Type": "text/plain" });
+                    res.end("Rejected!");
+                }
+                else {
+                    res.writeHead(404);
+                    res.end("Not found");
+                }
+            }
+        });
+        this.server.listen(this.port, () => {
+            console.error(`🔐 Guardio approval server running on http://localhost:${this.port}`);
+        });
+    }
+    act(context) {
+        this.ensureServer();
+        return new Promise((resolve) => {
+            const id = `approval-${++this.approvalCounter}`;
+            this.pendingApprovals.set(id, resolve);
+            console.error("\n" + "=".repeat(60));
+            console.error(`🔔 AI wants to call: ${context.toolName}`);
+            console.error(`Arguments: ${JSON.stringify(context.args, null, 2)}`);
+            console.error(`Approve at: http://localhost:${this.port}`);
+            console.error("=".repeat(60));
+            const url = `http://localhost:${this.port}`;
+            const cmd = process.platform === "darwin"
+                ? "open"
+                : process.platform === "win32"
+                    ? "start"
+                    : "xdg-open";
+            exec(`${cmd} ${url}`);
+            setTimeout(() => {
+                if (this.pendingApprovals.has(id)) {
+                    this.pendingApprovals.delete(id);
+                    console.error("\n⏱️  Approval timed out - rejecting call");
+                    resolve(false);
+                }
+            }, this.timeoutMs);
+        });
+    }
+}
+//# sourceMappingURL=HttpInterventionPlugin.js.map

package/dist/plugins/intervention/HttpInterventionPlugin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"HttpInterventionPlugin.js","sourceRoot":"","sources":["../../../src/plugins/intervention/HttpInterventionPlugin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACzC,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAI1C,MAAM,YAAY,GAAG,IAAI,CAAC;AAC1B,MAAM,kBAAkB,GAAG,OAAO,CAAC;AAOnC;;;GAGG;AACH,MAAM,OAAO,sBAAsB;IACxB,IAAI,GAAG,MAAM,CAAC;IAEN,IAAI,CAAS;IACb,SAAS,CAAS;IAC3B,MAAM,GAA2C,IAAI,CAAC;IAC7C,gBAAgB,GAAG,IAAI,GAAG,EAGxC,CAAC;IACI,eAAe,GAAG,CAAC,CAAC;IAE5B,YAAY,SAAkC,EAAE;QAC9C,MAAM,IAAI,GAAG,MAAsC,CAAC;QACpD,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,YAAY,CAAC;QACtC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,kBAAkB,CAAC;IACxD,CAAC;IAEO,YAAY;QAClB,IAAI,IAAI,CAAC,MAAM,KAAK,IAAI;YAAE,OAAO;QAEjC,IAAI,CAAC,MAAM,GAAG,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;YACtC,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,IAAI,GAAG,CAAC,GAAG,KAAK,GAAG,EAAE,CAAC;gBAC5C,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,CAAC;qBACxD,GAAG,CACF,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CACP,yBAAyB,EAAE,aAAa,EAAE,2BAA2B,EAAE,YAAY,EAAE,WAAW,CACnG;qBACA,IAAI,CAAC,EAAE,CAAC,CAAC;gBACZ,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC;;;;oBAII,OAAO,IAAI,+BAA+B;;;SAGrD,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,GAAG,CAAC,GAAG,EAAE,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC5C,MAAM,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBACjC,MAAM,QAAQ,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAC/C,IAAI,QAAQ,EAAE,CAAC;oBACb,QAAQ,CAAC,IAAI,CAAC,CAAC;oBACf,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;oBACjC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,YAAY,EAAE,CAAC,CAAC;oBACrD,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;gBACvB,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;oBACnB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;gBACvB,CAAC;YACH,CAAC;iBAAM,IAAI,GAAG,CAAC,GAAG,EAAE,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC3C,MAAM,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBACjC,MAAM,QAAQ,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAC/C,IAAI,QAAQ,EAAE,CAAC;oBACb,QAAQ,CAAC,KAAK,CAAC,CAAC;oBAChB,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;oBACjC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,YAAY,EAAE,CAAC,CAAC;oBACrD,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;gBACvB,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;oBACnB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;gBACvB,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE;YACjC,OAAO,CAAC,KAAK,CACX,0DAA0D,IAAI,CAAC,IAAI,EAAE,CACtE,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAED,GAAG,CAAC,OAAmC;QACrC,IAAI,CAAC,YAAY,EAAE,CAAC;QAEpB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,MAAM,EAAE,GAAG,YAAY,EAAE,IAAI,CAAC,eAAe,EAAE,CAAC;YAChD,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;YAEvC,OAAO,CAAC,KAAK,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;YACrC,OAAO,CAAC,KAAK,CAAC,wBAAwB,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC1D,OAAO,CAAC,KAAK,CAAC,cAAc,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;YACrE,OAAO,CAAC,KAAK,CAAC,gCAAgC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;YAC3D,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;YAE9B,MAAM,GAAG,GAAG,oBAAoB,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5C,MAAM,GAAG,GACP,OAAO,CAAC,QAAQ,KAAK,QAAQ;gBAC3B,CAAC,CAAC,MAAM;gBACR,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,OAAO;oBAC9B,CAAC,CAAC,OAAO;oBACT,CAAC,CAAC,UAAU,CAAC;YACjB,IAAI,CAAC,GAAG,GAAG,IAAI,GAAG,EAAE,CAAC,CAAC;YAEtB,UAAU,CAAC,GAAG,EAAE;gBACd,IAAI,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;oBAClC,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;oBACjC,OAAO,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAC;oBAC3D,OAAO,CAAC,KAAK,CAAC,CAAC;gBACjB,CAAC;YACH,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;QACrB,CAAC,CAAC,CAAC;IACL,CAAC;CACF"}

package/dist/plugins/intervention/index.d.ts

@@ -0,0 +1,3 @@
+export { DefaultInterventionPlugin } from "./DefaultInterventionPlugin.js";
+export { HttpInterventionPlugin, type HttpInterventionPluginConfig, } from "./HttpInterventionPlugin.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/plugins/intervention/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/plugins/intervention/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAC3E,OAAO,EACL,sBAAsB,EACtB,KAAK,4BAA4B,GAClC,MAAM,6BAA6B,CAAC"}

package/dist/plugins/intervention/index.js

@@ -0,0 +1,3 @@
+export { DefaultInterventionPlugin } from "./DefaultInterventionPlugin.js";
+export { HttpInterventionPlugin, } from "./HttpInterventionPlugin.js";
+//# sourceMappingURL=index.js.map

package/dist/plugins/intervention/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/plugins/intervention/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAC3E,OAAO,EACL,sBAAsB,GAEvB,MAAM,6BAA6B,CAAC"}

package/dist/plugins/notification/DefaultNotificationPlugin.d.ts

@@ -0,0 +1,8 @@
+import type { NotificationPluginInterface } from "../../interfaces/NotificationPluginInterface.js";
+/**
+ * Default notification plugin: no-op. Replace with logging, metrics, or alerts.
+ */
+export declare class DefaultNotificationPlugin implements NotificationPluginInterface {
+    notify(_toolName: string, _args: unknown): void;
+}
+//# sourceMappingURL=DefaultNotificationPlugin.d.ts.map

package/dist/plugins/notification/DefaultNotificationPlugin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"DefaultNotificationPlugin.d.ts","sourceRoot":"","sources":["../../../src/plugins/notification/DefaultNotificationPlugin.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,iDAAiD,CAAC;AAEnG;;GAEG;AACH,qBAAa,yBAA0B,YAAW,2BAA2B;IAC3E,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,GAAG,IAAI;CAGhD"}

package/dist/plugins/notification/DefaultNotificationPlugin.js

@@ -0,0 +1,9 @@
+/**
+ * Default notification plugin: no-op. Replace with logging, metrics, or alerts.
+ */
+export class DefaultNotificationPlugin {
+    notify(_toolName, _args) {
+        // Empty for now
+    }
+}
+//# sourceMappingURL=DefaultNotificationPlugin.js.map

package/dist/plugins/notification/DefaultNotificationPlugin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"DefaultNotificationPlugin.js","sourceRoot":"","sources":["../../../src/plugins/notification/DefaultNotificationPlugin.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,MAAM,OAAO,yBAAyB;IACpC,MAAM,CAAC,SAAiB,EAAE,KAAc;QACtC,gBAAgB;IAClB,CAAC;CACF"}

package/dist/plugins/notification/index.d.ts

@@ -0,0 +1,2 @@
+export { DefaultNotificationPlugin } from "./DefaultNotificationPlugin.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/plugins/notification/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/plugins/notification/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC"}

package/dist/plugins/notification/index.js

@@ -0,0 +1,2 @@
+export { DefaultNotificationPlugin } from "./DefaultNotificationPlugin.js";
+//# sourceMappingURL=index.js.map

package/dist/plugins/notification/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/plugins/notification/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC"}

package/dist/plugins/policy/DefaultPolicyPlugin.d.ts

@@ -0,0 +1,16 @@
+import type { PolicyPluginInterface, PolicyRequestContext, PolicyResult } from "../../interfaces/index.js";
+export interface DefaultPolicyPluginConfig {
+    /** Tool name(s) to block. If the call’s tool name is in this list, it is blocked. */
+    blockedTools: string[];
+}
+/**
+ * Default policy plugin: block calls by tool name.
+ * Config is required: { blockedTools: ["tool_a", "tool_b"] }. No default block list.
+ */
+export declare class DefaultPolicyPlugin implements PolicyPluginInterface {
+    readonly name = "default";
+    private readonly blockedTools;
+    constructor(config: Record<string, unknown>);
+    evaluate(context: PolicyRequestContext): PolicyResult;
+}
+//# sourceMappingURL=DefaultPolicyPlugin.d.ts.map