@guardiojs/guardio 0.0.1

package/dist/plugins/policy/DefaultPolicyPlugin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"DefaultPolicyPlugin.d.ts","sourceRoot":"","sources":["../../../src/plugins/policy/DefaultPolicyPlugin.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,qBAAqB,EACrB,oBAAoB,EACpB,YAAY,EACb,MAAM,2BAA2B,CAAC;AAEnC,MAAM,WAAW,yBAAyB;IACxC,qFAAqF;IACrF,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAED;;;GAGG;AACH,qBAAa,mBAAoB,YAAW,qBAAqB;IAC/D,QAAQ,CAAC,IAAI,aAAa;IAE1B,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAc;gBAE/B,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAY3C,QAAQ,CAAC,OAAO,EAAE,oBAAoB,GAAG,YAAY;CAItD"}

package/dist/plugins/policy/DefaultPolicyPlugin.js

@@ -0,0 +1,21 @@
+/**
+ * Default policy plugin: block calls by tool name.
+ * Config is required: { blockedTools: ["tool_a", "tool_b"] }. No default block list.
+ */
+export class DefaultPolicyPlugin {
+    name = "default";
+    blockedTools;
+    constructor(config) {
+        const { blockedTools } = config;
+        if (!Array.isArray(blockedTools)) {
+            throw new Error("DefaultPolicyPlugin requires config.blockedTools (array of tool names)");
+        }
+        this.blockedTools = new Set(blockedTools.filter((t) => typeof t === "string"));
+    }
+    evaluate(context) {
+        if (this.blockedTools.has(context.toolName))
+            return "blocked";
+        return "allowed";
+    }
+}
+//# sourceMappingURL=DefaultPolicyPlugin.js.map

package/dist/plugins/policy/DefaultPolicyPlugin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"DefaultPolicyPlugin.js","sourceRoot":"","sources":["../../../src/plugins/policy/DefaultPolicyPlugin.ts"],"names":[],"mappings":"AAWA;;;GAGG;AACH,MAAM,OAAO,mBAAmB;IACrB,IAAI,GAAG,SAAS,CAAC;IAET,YAAY,CAAc;IAE3C,YAAY,MAA+B;QACzC,MAAM,EAAE,YAAY,EAAE,GAAG,MAA8C,CAAC;QACxE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CACb,wEAAwE,CACzE,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,YAAY,GAAG,IAAI,GAAG,CACzB,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAC/D,CAAC;IACJ,CAAC;IAED,QAAQ,CAAC,OAA6B;QACpC,IAAI,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC;YAAE,OAAO,SAAS,CAAC;QAC9D,OAAO,SAAS,CAAC;IACnB,CAAC;CACF"}

package/dist/plugins/policy/RegexPolicyPlugin.d.ts

@@ -0,0 +1,38 @@
+import type { PolicyPluginInterface, PolicyRequestContext, PolicyResult } from "../../interfaces/index.js";
+/**
+ * Result when a rule's regex matches. Maps to PolicyResult.
+ */
+export type RegexPolicyRuleResult = "blocked" | "require_approval";
+/**
+ * One rule: apply regex when the tool name matches; optionally restrict to a specific argument.
+ */
+export interface RegexPolicyRule {
+    /** Tool name this rule applies to (exact match, e.g. "get_weather"). */
+    name: string;
+    /** If set, the regex is applied to this argument's value; otherwise to the tool name. */
+    parameter_name?: string;
+    /** Regex pattern. When it matches the target string, the rule's result is applied. */
+    regex: string;
+    /** Optional RegExp flags (e.g. "i" for case-insensitive). */
+    flags?: string;
+    /** Policy result when the regex matches. Default "blocked". */
+    result?: RegexPolicyRuleResult;
+}
+export interface RegexPolicyPluginConfig {
+    /** List of rules. When a rule matches, its result (blocked or require_approval) is returned. */
+    rules: RegexPolicyRule[];
+}
+/**
+ * Policy plugin that blocks tool calls based on rules aligned to the tools/call schema.
+ * Each rule targets a tool by name and optionally a parameter; the regex is run on
+ * that parameter's value (or the tool name). If any rule matches, the call is blocked.
+ *
+ * Config: { rules: [ { name: "get_weather", parameter_name: "location", regex: "...", flags?: "i" }, ... ], debug?: boolean }
+ */
+export declare class RegexPolicyPlugin implements PolicyPluginInterface {
+    readonly name = "regex";
+    private readonly rules;
+    constructor(config?: Record<string, unknown>);
+    evaluate(context: PolicyRequestContext): PolicyResult;
+}
+//# sourceMappingURL=RegexPolicyPlugin.d.ts.map

package/dist/plugins/policy/RegexPolicyPlugin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"RegexPolicyPlugin.d.ts","sourceRoot":"","sources":["../../../src/plugins/policy/RegexPolicyPlugin.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,qBAAqB,EACrB,oBAAoB,EACpB,YAAY,EACb,MAAM,2BAA2B,CAAC;AAEnC;;GAEG;AACH,MAAM,MAAM,qBAAqB,GAAG,SAAS,GAAG,kBAAkB,CAAC;AAEnE;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,wEAAwE;IACxE,IAAI,EAAE,MAAM,CAAC;IACb,yFAAyF;IACzF,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,sFAAsF;IACtF,KAAK,EAAE,MAAM,CAAC;IACd,6DAA6D;IAC7D,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,+DAA+D;IAC/D,MAAM,CAAC,EAAE,qBAAqB,CAAC;CAChC;AAED,MAAM,WAAW,uBAAuB;IACtC,gGAAgG;IAChG,KAAK,EAAE,eAAe,EAAE,CAAC;CAC1B;AAsBD;;;;;;GAMG;AACH,qBAAa,iBAAkB,YAAW,qBAAqB;IAC7D,QAAQ,CAAC,IAAI,WAAW;IAExB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAMnB;gBAES,MAAM,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM;IAiChD,QAAQ,CAAC,OAAO,EAAE,oBAAoB,GAAG,YAAY;CAYtD"}

package/dist/plugins/policy/RegexPolicyPlugin.js

@@ -0,0 +1,65 @@
+function getStringToTest(context, parameterName) {
+    if (parameterName == null || parameterName === "") {
+        return context.toolName;
+    }
+    const args = context.args;
+    const value = args?.[parameterName];
+    if (value === undefined || value === null) {
+        return "";
+    }
+    if (typeof value === "string")
+        return value;
+    if (typeof value === "number" || typeof value === "boolean")
+        return String(value);
+    return JSON.stringify(value);
+}
+const LOG_PREFIX = "[RegexPolicyPlugin]";
+/**
+ * Policy plugin that blocks tool calls based on rules aligned to the tools/call schema.
+ * Each rule targets a tool by name and optionally a parameter; the regex is run on
+ * that parameter's value (or the tool name). If any rule matches, the call is blocked.
+ *
+ * Config: { rules: [ { name: "get_weather", parameter_name: "location", regex: "...", flags?: "i" }, ... ], debug?: boolean }
+ */
+export class RegexPolicyPlugin {
+    name = "regex";
+    rules;
+    constructor(config = {}) {
+        const { rules } = config;
+        if (!Array.isArray(rules) || rules.length === 0) {
+            throw new Error("RegexPolicyPlugin requires config.rules (non-empty array of { name, regex, result?, parameter_name?, flags? })");
+        }
+        this.rules = rules.map((rule, i) => {
+            if (typeof rule.name !== "string" || !rule.name) {
+                throw new Error(`RegexPolicyPlugin rules[${i}].name must be a non-empty string`);
+            }
+            if (typeof rule.regex !== "string" || !rule.regex) {
+                throw new Error(`RegexPolicyPlugin rules[${i}].regex must be a non-empty string`);
+            }
+            const result = rule.result === "require_approval" ? "require_approval" : "blocked";
+            return {
+                name: rule.name,
+                parameterName: typeof rule.parameter_name === "string"
+                    ? rule.parameter_name
+                    : undefined,
+                regex: new RegExp(rule.regex, rule.flags ?? ""),
+                pattern: rule.regex,
+                result,
+            };
+        });
+    }
+    evaluate(context) {
+        for (let i = 0; i < this.rules.length; i++) {
+            const rule = this.rules[i];
+            if (context.toolName !== rule.name)
+                continue;
+            const str = getStringToTest(context, rule.parameterName);
+            const matched = rule.regex.test(str);
+            if (matched) {
+                return rule.result;
+            }
+        }
+        return "allowed";
+    }
+}
+//# sourceMappingURL=RegexPolicyPlugin.js.map

package/dist/plugins/policy/RegexPolicyPlugin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"RegexPolicyPlugin.js","sourceRoot":"","sources":["../../../src/plugins/policy/RegexPolicyPlugin.ts"],"names":[],"mappings":"AAgCA,SAAS,eAAe,CACtB,OAA6B,EAC7B,aAAsB;IAEtB,IAAI,aAAa,IAAI,IAAI,IAAI,aAAa,KAAK,EAAE,EAAE,CAAC;QAClD,OAAO,OAAO,CAAC,QAAQ,CAAC;IAC1B,CAAC;IACD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAkD,CAAC;IACxE,MAAM,KAAK,GAAG,IAAI,EAAE,CAAC,aAAa,CAAC,CAAC;IACpC,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QAC1C,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC5C,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,SAAS;QACzD,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;IACvB,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;AAC/B,CAAC;AAED,MAAM,UAAU,GAAG,qBAAqB,CAAC;AAEzC;;;;;;GAMG;AACH,MAAM,OAAO,iBAAiB;IACnB,IAAI,GAAG,OAAO,CAAC;IAEP,KAAK,CAMnB;IAEH,YAAY,SAAkC,EAAE;QAC9C,MAAM,EAAE,KAAK,EAAE,GAAG,MAA4C,CAAC;QAC/D,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CACb,gHAAgH,CACjH,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;YACjC,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;gBAChD,MAAM,IAAI,KAAK,CACb,2BAA2B,CAAC,mCAAmC,CAChE,CAAC;YACJ,CAAC;YACD,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;gBAClD,MAAM,IAAI,KAAK,CACb,2BAA2B,CAAC,oCAAoC,CACjE,CAAC;YACJ,CAAC;YACD,MAAM,MAAM,GACV,IAAI,CAAC,MAAM,KAAK,kBAAkB,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,OAAO;gBACL,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,aAAa,EACX,OAAO,IAAI,CAAC,cAAc,KAAK,QAAQ;oBACrC,CAAC,CAAC,IAAI,CAAC,cAAc;oBACrB,CAAC,CAAC,SAAS;gBACf,KAAK,EAAE,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC/C,OAAO,EAAE,IAAI,CAAC,KAAK;gBACnB,MAAM;aACP,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAED,QAAQ,CAAC,OAA6B;QACpC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC3B,IAAI,OAAO,CAAC,QAAQ,KAAK,IAAI,CAAC,IAAI;gBAAE,SAAS;YAC7C,MAAM,GAAG,GAAG,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;YACzD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACrC,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO,IAAI,CAAC,MAAM,CAAC;YACrB,CAAC;QACH,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;CACF"}

package/dist/plugins/policy/index.d.ts

@@ -0,0 +1,3 @@
+export { DefaultPolicyPlugin, type DefaultPolicyPluginConfig, } from "./DefaultPolicyPlugin.js";
+export { RegexPolicyPlugin, type RegexPolicyPluginConfig, type RegexPolicyRule, type RegexPolicyRuleResult, } from "./RegexPolicyPlugin.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/plugins/policy/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/plugins/policy/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,mBAAmB,EACnB,KAAK,yBAAyB,GAC/B,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,iBAAiB,EACjB,KAAK,uBAAuB,EAC5B,KAAK,eAAe,EACpB,KAAK,qBAAqB,GAC3B,MAAM,wBAAwB,CAAC"}

package/dist/plugins/policy/index.js

@@ -0,0 +1,3 @@
+export { DefaultPolicyPlugin, } from "./DefaultPolicyPlugin.js";
+export { RegexPolicyPlugin, } from "./RegexPolicyPlugin.js";
+//# sourceMappingURL=index.js.map

package/dist/plugins/policy/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/plugins/policy/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,mBAAmB,GAEpB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,iBAAiB,GAIlB,MAAM,wBAAwB,CAAC"}

package/package.json

@@ -0,0 +1,41 @@
+{
+  "name": "@guardiojs/guardio",
+  "version": "0.0.1",
+  "description": "Security layer for MCP servers and AI Agents",
+  "type": "module",
+  "main": "dist/index.js",
+  "bin": {
+    "guardio": "./bin/guardio.mjs"
+  },
+  "files": [
+    "dist",
+    "bin"
+  ],
+  "scripts": {
+    "prepublishOnly": "pnpm run build",
+    "build": "tsc",
+    "start": "node dist/index.js",
+    "dev": "tsx watch src/index.ts",
+    "guardio": "node bin/guardio.mjs",
+    "create": "node create-guardio/index.mjs"
+  },
+  "keywords": [
+    "mcp",
+    "security",
+    "guardio",
+    "ai",
+    "agents"
+  ],
+  "author": "Radoslaw Szymkiewicz",
+  "license": "Apache-2.0",
+  "dependencies": {
+    "fastify": "^5.1.0",
+    "pino": "^9.5.0",
+    "pino-pretty": "^13.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "tsx": "^4.19.0",
+    "typescript": "^5.6.0"
+  }
+}