@handlebar/governance-schema 0.0.1 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/audit/events.d.ts +72 -10
- package/dist/audit/governance-actions.d.ts +9 -5
- package/dist/index.js +427 -296
- package/dist/rules/action.types.d.ts +3 -1
- package/package.json +1 -1
package/dist/audit/events.d.ts
CHANGED
|
@@ -27,6 +27,11 @@ export declare const RunStartedEventSchema: z.ZodObject<{
|
|
|
27
27
|
}, z.core.$strip>>;
|
|
28
28
|
kind: z.ZodLiteral<"run.started">;
|
|
29
29
|
data: z.ZodObject<{
|
|
30
|
+
env: z.ZodOptional<z.ZodEnum<{
|
|
31
|
+
dev: "dev";
|
|
32
|
+
staging: "staging";
|
|
33
|
+
prod: "prod";
|
|
34
|
+
}>>;
|
|
30
35
|
agent: z.ZodObject<{
|
|
31
36
|
framework: z.ZodOptional<z.ZodString>;
|
|
32
37
|
version: z.ZodOptional<z.ZodString>;
|
|
@@ -52,6 +57,16 @@ export declare const RunStartedEventSchema: z.ZodObject<{
|
|
|
52
57
|
}, z.core.$strip>>;
|
|
53
58
|
}, z.core.$strip>;
|
|
54
59
|
}, z.core.$strip>;
|
|
60
|
+
export declare const HitlMetaSchema: z.ZodObject<{
|
|
61
|
+
pendingActionId: z.ZodOptional<z.ZodString>;
|
|
62
|
+
fingerprint: z.ZodOptional<z.ZodString>;
|
|
63
|
+
status: z.ZodOptional<z.ZodEnum<{
|
|
64
|
+
none: "none";
|
|
65
|
+
pending: "pending";
|
|
66
|
+
approved: "approved";
|
|
67
|
+
denied: "denied";
|
|
68
|
+
}>>;
|
|
69
|
+
}, z.core.$strip>;
|
|
55
70
|
export declare const ToolDecisionEventSchema: z.ZodObject<{
|
|
56
71
|
schema: z.ZodLiteral<"handlebar.audit.v1">;
|
|
57
72
|
ts: z.ZodPipe<z.ZodTransform<unknown, unknown>, z.ZodDate>;
|
|
@@ -82,23 +97,34 @@ export declare const ToolDecisionEventSchema: z.ZodObject<{
|
|
|
82
97
|
data: z.ZodObject<{
|
|
83
98
|
effect: z.ZodCustom<import("./governance-actions").GovernanceEffect, import("./governance-actions").GovernanceEffect>;
|
|
84
99
|
code: z.ZodCustom<import("./governance-actions").GovernanceCode, import("./governance-actions").GovernanceCode>;
|
|
85
|
-
matchedRuleIds: z.ZodArray<z.
|
|
100
|
+
matchedRuleIds: z.ZodArray<z.ZodString>;
|
|
86
101
|
appliedActions: z.ZodArray<z.ZodObject<{
|
|
87
|
-
type: z.ZodCustom<"allow" | "block" | "
|
|
88
|
-
ruleId: z.
|
|
102
|
+
type: z.ZodCustom<"allow" | "block" | "hitl" | "notify" | "log", "allow" | "block" | "hitl" | "notify" | "log">;
|
|
103
|
+
ruleId: z.ZodString;
|
|
89
104
|
}, z.core.$strip>>;
|
|
90
105
|
reason: z.ZodOptional<z.ZodString>;
|
|
91
106
|
tool: z.ZodObject<{
|
|
92
107
|
name: z.ZodString;
|
|
93
108
|
categories: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
94
109
|
}, z.core.$strip>;
|
|
95
|
-
|
|
96
|
-
latencyMs: z.ZodOptional<z.ZodNumber>;
|
|
110
|
+
args: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
97
111
|
argsMeta: z.ZodOptional<z.ZodObject<{
|
|
98
112
|
redacted: z.ZodBoolean;
|
|
99
113
|
redactedFields: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
100
114
|
sizeBytesApprox: z.ZodOptional<z.ZodNumber>;
|
|
101
115
|
}, z.core.$strip>>;
|
|
116
|
+
hitl: z.ZodOptional<z.ZodObject<{
|
|
117
|
+
pendingActionId: z.ZodOptional<z.ZodString>;
|
|
118
|
+
fingerprint: z.ZodOptional<z.ZodString>;
|
|
119
|
+
status: z.ZodOptional<z.ZodEnum<{
|
|
120
|
+
none: "none";
|
|
121
|
+
pending: "pending";
|
|
122
|
+
approved: "approved";
|
|
123
|
+
denied: "denied";
|
|
124
|
+
}>>;
|
|
125
|
+
}, z.core.$strip>>;
|
|
126
|
+
counters: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>>>;
|
|
127
|
+
latencyMs: z.ZodOptional<z.ZodNumber>;
|
|
102
128
|
}, z.core.$strip>;
|
|
103
129
|
}, z.core.$strip>;
|
|
104
130
|
export declare const ToolResultEventSchema: z.ZodObject<{
|
|
@@ -133,6 +159,16 @@ export declare const ToolResultEventSchema: z.ZodObject<{
|
|
|
133
159
|
name: z.ZodString;
|
|
134
160
|
categories: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
135
161
|
}, z.core.$strip>;
|
|
162
|
+
hitl: z.ZodOptional<z.ZodObject<{
|
|
163
|
+
pendingActionId: z.ZodOptional<z.ZodString>;
|
|
164
|
+
fingerprint: z.ZodOptional<z.ZodString>;
|
|
165
|
+
status: z.ZodOptional<z.ZodEnum<{
|
|
166
|
+
none: "none";
|
|
167
|
+
pending: "pending";
|
|
168
|
+
approved: "approved";
|
|
169
|
+
denied: "denied";
|
|
170
|
+
}>>;
|
|
171
|
+
}, z.core.$strip>>;
|
|
136
172
|
outcome: z.ZodEnum<{
|
|
137
173
|
success: "success";
|
|
138
174
|
error: "error";
|
|
@@ -256,6 +292,11 @@ export declare const AuditEventSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
|
|
|
256
292
|
}, z.core.$strip>>;
|
|
257
293
|
kind: z.ZodLiteral<"run.started">;
|
|
258
294
|
data: z.ZodObject<{
|
|
295
|
+
env: z.ZodOptional<z.ZodEnum<{
|
|
296
|
+
dev: "dev";
|
|
297
|
+
staging: "staging";
|
|
298
|
+
prod: "prod";
|
|
299
|
+
}>>;
|
|
259
300
|
agent: z.ZodObject<{
|
|
260
301
|
framework: z.ZodOptional<z.ZodString>;
|
|
261
302
|
version: z.ZodOptional<z.ZodString>;
|
|
@@ -310,23 +351,34 @@ export declare const AuditEventSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
|
|
|
310
351
|
data: z.ZodObject<{
|
|
311
352
|
effect: z.ZodCustom<import("./governance-actions").GovernanceEffect, import("./governance-actions").GovernanceEffect>;
|
|
312
353
|
code: z.ZodCustom<import("./governance-actions").GovernanceCode, import("./governance-actions").GovernanceCode>;
|
|
313
|
-
matchedRuleIds: z.ZodArray<z.
|
|
354
|
+
matchedRuleIds: z.ZodArray<z.ZodString>;
|
|
314
355
|
appliedActions: z.ZodArray<z.ZodObject<{
|
|
315
|
-
type: z.ZodCustom<"allow" | "block" | "
|
|
316
|
-
ruleId: z.
|
|
356
|
+
type: z.ZodCustom<"allow" | "block" | "hitl" | "notify" | "log", "allow" | "block" | "hitl" | "notify" | "log">;
|
|
357
|
+
ruleId: z.ZodString;
|
|
317
358
|
}, z.core.$strip>>;
|
|
318
359
|
reason: z.ZodOptional<z.ZodString>;
|
|
319
360
|
tool: z.ZodObject<{
|
|
320
361
|
name: z.ZodString;
|
|
321
362
|
categories: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
322
363
|
}, z.core.$strip>;
|
|
323
|
-
|
|
324
|
-
latencyMs: z.ZodOptional<z.ZodNumber>;
|
|
364
|
+
args: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
325
365
|
argsMeta: z.ZodOptional<z.ZodObject<{
|
|
326
366
|
redacted: z.ZodBoolean;
|
|
327
367
|
redactedFields: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
328
368
|
sizeBytesApprox: z.ZodOptional<z.ZodNumber>;
|
|
329
369
|
}, z.core.$strip>>;
|
|
370
|
+
hitl: z.ZodOptional<z.ZodObject<{
|
|
371
|
+
pendingActionId: z.ZodOptional<z.ZodString>;
|
|
372
|
+
fingerprint: z.ZodOptional<z.ZodString>;
|
|
373
|
+
status: z.ZodOptional<z.ZodEnum<{
|
|
374
|
+
none: "none";
|
|
375
|
+
pending: "pending";
|
|
376
|
+
approved: "approved";
|
|
377
|
+
denied: "denied";
|
|
378
|
+
}>>;
|
|
379
|
+
}, z.core.$strip>>;
|
|
380
|
+
counters: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>>>;
|
|
381
|
+
latencyMs: z.ZodOptional<z.ZodNumber>;
|
|
330
382
|
}, z.core.$strip>;
|
|
331
383
|
}, z.core.$strip>, z.ZodObject<{
|
|
332
384
|
schema: z.ZodLiteral<"handlebar.audit.v1">;
|
|
@@ -360,6 +412,16 @@ export declare const AuditEventSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
|
|
|
360
412
|
name: z.ZodString;
|
|
361
413
|
categories: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
362
414
|
}, z.core.$strip>;
|
|
415
|
+
hitl: z.ZodOptional<z.ZodObject<{
|
|
416
|
+
pendingActionId: z.ZodOptional<z.ZodString>;
|
|
417
|
+
fingerprint: z.ZodOptional<z.ZodString>;
|
|
418
|
+
status: z.ZodOptional<z.ZodEnum<{
|
|
419
|
+
none: "none";
|
|
420
|
+
pending: "pending";
|
|
421
|
+
approved: "approved";
|
|
422
|
+
denied: "denied";
|
|
423
|
+
}>>;
|
|
424
|
+
}, z.core.$strip>>;
|
|
363
425
|
outcome: z.ZodEnum<{
|
|
364
426
|
success: "success";
|
|
365
427
|
error: "error";
|
|
@@ -1,18 +1,22 @@
|
|
|
1
1
|
import { z } from "zod";
|
|
2
|
-
|
|
2
|
+
/**
|
|
3
|
+
* "hitl" effect specifically denote human-in-the-loop interventions.
|
|
4
|
+
* Flow blocking/approval as a result of a decided hitl intervention should have the corresponding effect.
|
|
5
|
+
*/
|
|
6
|
+
export type GovernanceEffect = "allow" | "block" | "hitl";
|
|
3
7
|
type RuleAction = "allow" | "block" | "notify" | "log" | "hitl";
|
|
4
|
-
export type GovernanceCode = "BLOCKED_UNCATEGORISED" | "BLOCKED_RULE" | "BLOCKED_CUSTOM" | "
|
|
8
|
+
export type GovernanceCode = "ALLOWED" | "ALLOWED_HITL_APPROVED" | "BLOCKED_UNCATEGORISED" | "BLOCKED_RULE" | "BLOCKED_CUSTOM" | "BLOCKED_HITL_DENIED" | "BLOCKED_HITL_PENDING" | "BLOCKED_HITL_REQUESTED" | "NO_OP";
|
|
5
9
|
export declare const AppliedActionSchema: z.ZodObject<{
|
|
6
10
|
type: z.ZodCustom<RuleAction, RuleAction>;
|
|
7
|
-
ruleId: z.
|
|
11
|
+
ruleId: z.ZodString;
|
|
8
12
|
}, z.core.$strip>;
|
|
9
13
|
export declare const GovernanceDecisionSchema: z.ZodObject<{
|
|
10
14
|
effect: z.ZodCustom<GovernanceEffect, GovernanceEffect>;
|
|
11
15
|
code: z.ZodCustom<GovernanceCode, GovernanceCode>;
|
|
12
|
-
matchedRuleIds: z.ZodArray<z.
|
|
16
|
+
matchedRuleIds: z.ZodArray<z.ZodString>;
|
|
13
17
|
appliedActions: z.ZodArray<z.ZodObject<{
|
|
14
18
|
type: z.ZodCustom<RuleAction, RuleAction>;
|
|
15
|
-
ruleId: z.
|
|
19
|
+
ruleId: z.ZodString;
|
|
16
20
|
}, z.core.$strip>>;
|
|
17
21
|
reason: z.ZodOptional<z.ZodString>;
|
|
18
22
|
}, z.core.$strip>;
|