@handlebar/governance-schema 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +118 -32
- package/dist/rules/condition.d.ts +119 -1365
- package/dist/rules/index.d.ts +5 -4
- package/dist/rules/metrics.d.ts +2 -1
- package/dist/rules/rule.d.ts +2 -1796
- package/dist/rules/sensitive.d.ts +136 -0
- package/dist/rules/time.d.ts +5 -2
- package/dist/rules/tools.d.ts +55 -9
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -13881,10 +13881,10 @@ var MetricRefSchema = exports_external.discriminatedUnion("kind", [
|
|
|
13881
13881
|
]);
|
|
13882
13882
|
var MetricWindowConditionSchema = exports_external.object({
|
|
13883
13883
|
kind: exports_external.literal("metricWindow"),
|
|
13884
|
-
scope: exports_external.enum(["agent", "agent_user"]),
|
|
13884
|
+
scope: exports_external.enum(["run", "agent", "agent_user"]),
|
|
13885
13885
|
metric: MetricRefSchema,
|
|
13886
13886
|
aggregate: exports_external.enum(["sum", "avg", "max", "min", "count"]),
|
|
13887
|
-
windowSeconds: exports_external.number().int().positive(),
|
|
13887
|
+
windowSeconds: exports_external.number().int().positive().optional(),
|
|
13888
13888
|
filter: exports_external.object({
|
|
13889
13889
|
toolName: exports_external.union([GlobSchema, exports_external.array(GlobSchema).min(1)]).optional(),
|
|
13890
13890
|
toolTag: exports_external.union([exports_external.string().min(1), exports_external.array(exports_external.string().min(1)).min(1)]).optional()
|
|
@@ -13894,6 +13894,53 @@ var MetricWindowConditionSchema = exports_external.object({
|
|
|
13894
13894
|
onMissing: RuleEffectKindSchema.optional()
|
|
13895
13895
|
}).strict();
|
|
13896
13896
|
|
|
13897
|
+
// src/rules/sensitive.ts
|
|
13898
|
+
var SensitiveDataDetectorSchema = exports_external.enum([
|
|
13899
|
+
"email",
|
|
13900
|
+
"email_domain",
|
|
13901
|
+
"phone",
|
|
13902
|
+
"credit_card",
|
|
13903
|
+
"iban",
|
|
13904
|
+
"uk_nino",
|
|
13905
|
+
"ip_address",
|
|
13906
|
+
"url",
|
|
13907
|
+
"jwt",
|
|
13908
|
+
"private_key",
|
|
13909
|
+
"secret_key"
|
|
13910
|
+
]);
|
|
13911
|
+
var SubConditionValueSchema = exports_external.union([
|
|
13912
|
+
exports_external.string().min(1),
|
|
13913
|
+
exports_external.array(exports_external.string().min(1)).min(1)
|
|
13914
|
+
]);
|
|
13915
|
+
var SensitiveDataSubConditionSchema = exports_external.discriminatedUnion("check", [
|
|
13916
|
+
exports_external.object({
|
|
13917
|
+
check: exports_external.literal("domain"),
|
|
13918
|
+
op: exports_external.enum(["eq", "neq", "endsWith", "in"]),
|
|
13919
|
+
value: SubConditionValueSchema
|
|
13920
|
+
}).strict(),
|
|
13921
|
+
exports_external.object({
|
|
13922
|
+
check: exports_external.literal("tld"),
|
|
13923
|
+
op: exports_external.enum(["eq", "neq", "in"]),
|
|
13924
|
+
value: SubConditionValueSchema
|
|
13925
|
+
}).strict(),
|
|
13926
|
+
exports_external.object({
|
|
13927
|
+
check: exports_external.literal("scheme"),
|
|
13928
|
+
op: exports_external.enum(["eq", "neq", "in"]),
|
|
13929
|
+
value: SubConditionValueSchema
|
|
13930
|
+
}).strict()
|
|
13931
|
+
]);
|
|
13932
|
+
var SensitiveDataDetectorEntrySchema = exports_external.object({
|
|
13933
|
+
detector: SensitiveDataDetectorSchema,
|
|
13934
|
+
subCondition: SensitiveDataSubConditionSchema.optional()
|
|
13935
|
+
}).strict();
|
|
13936
|
+
var SensitiveDataConditionSchema = exports_external.object({
|
|
13937
|
+
kind: exports_external.literal("sensitiveData"),
|
|
13938
|
+
target: exports_external.literal("toolArg"),
|
|
13939
|
+
path: exports_external.string().min(1).max(200).optional(),
|
|
13940
|
+
op: exports_external.enum(["anyOf", "allOf"]).default("anyOf"),
|
|
13941
|
+
detectors: exports_external.array(SensitiveDataDetectorEntrySchema).min(1)
|
|
13942
|
+
}).strict();
|
|
13943
|
+
|
|
13897
13944
|
// src/rules/signals.ts
|
|
13898
13945
|
var RequireSubjectConditionSchema = exports_external.object({
|
|
13899
13946
|
kind: exports_external.literal("requireSubject"),
|
|
@@ -13926,13 +13973,20 @@ var SignalConditionSchema = exports_external.object({
|
|
|
13926
13973
|
// src/rules/time.ts
|
|
13927
13974
|
var DaySchema = exports_external.enum(["mon", "tue", "wed", "thu", "fri", "sat", "sun"]);
|
|
13928
13975
|
var TimeHHMMSchema = exports_external.string().regex(/^([01]\d|2[0-3]):[0-5]\d$/, 'Expected time in "HH:MM" 24-hour format');
|
|
13929
|
-
var
|
|
13930
|
-
|
|
13931
|
-
timezone: exports_external.object({
|
|
13976
|
+
var TimezoneSchema = exports_external.discriminatedUnion("source", [
|
|
13977
|
+
exports_external.object({
|
|
13932
13978
|
source: exports_external.literal("enduserTag"),
|
|
13933
13979
|
tag: exports_external.string().min(1),
|
|
13934
13980
|
fallback: exports_external.literal("org").optional()
|
|
13935
13981
|
}).strict(),
|
|
13982
|
+
exports_external.object({
|
|
13983
|
+
source: exports_external.literal("static"),
|
|
13984
|
+
tz: exports_external.string().min(1)
|
|
13985
|
+
}).strict()
|
|
13986
|
+
]);
|
|
13987
|
+
var TimeGateConditionSchema = exports_external.object({
|
|
13988
|
+
kind: exports_external.literal("timeGate"),
|
|
13989
|
+
timezone: TimezoneSchema,
|
|
13936
13990
|
windows: exports_external.array(exports_external.object({
|
|
13937
13991
|
days: exports_external.array(DaySchema).min(1),
|
|
13938
13992
|
start: TimeHHMMSchema,
|
|
@@ -13960,28 +14014,43 @@ var ToolNameConditionSchema = exports_external.discriminatedUnion("op", [
|
|
|
13960
14014
|
value: exports_external.array(exports_external.string().min(1)).min(1)
|
|
13961
14015
|
}).strict()
|
|
13962
14016
|
]);
|
|
13963
|
-
var ToolArgConditionSchema = exports_external.
|
|
13964
|
-
exports_external.
|
|
13965
|
-
|
|
13966
|
-
|
|
13967
|
-
|
|
13968
|
-
|
|
13969
|
-
|
|
13970
|
-
|
|
13971
|
-
|
|
13972
|
-
|
|
13973
|
-
|
|
13974
|
-
|
|
13975
|
-
|
|
13976
|
-
|
|
13977
|
-
|
|
14017
|
+
var ToolArgConditionSchema = exports_external.union([
|
|
14018
|
+
exports_external.discriminatedUnion("type", [
|
|
14019
|
+
exports_external.object({
|
|
14020
|
+
kind: exports_external.literal("toolArg"),
|
|
14021
|
+
type: exports_external.literal("string"),
|
|
14022
|
+
op: exports_external.enum([
|
|
14023
|
+
"eq",
|
|
14024
|
+
"neq",
|
|
14025
|
+
"contains",
|
|
14026
|
+
"startsWith",
|
|
14027
|
+
"endsWith",
|
|
14028
|
+
"in",
|
|
14029
|
+
"regex"
|
|
14030
|
+
]),
|
|
14031
|
+
path: exports_external.string().min(1).max(100).optional(),
|
|
14032
|
+
value: exports_external.string().min(1).max(1000)
|
|
14033
|
+
}),
|
|
14034
|
+
exports_external.object({
|
|
14035
|
+
kind: exports_external.literal("toolArg"),
|
|
14036
|
+
type: exports_external.literal("number"),
|
|
14037
|
+
op: exports_external.enum(["eq", "neq", "lt", "lte", "gt", "gte"]),
|
|
14038
|
+
path: exports_external.string().min(1).max(100).optional(),
|
|
14039
|
+
value: exports_external.number()
|
|
14040
|
+
}),
|
|
14041
|
+
exports_external.object({
|
|
14042
|
+
kind: exports_external.literal("toolArg"),
|
|
14043
|
+
type: exports_external.literal("boolean"),
|
|
14044
|
+
op: exports_external.literal("eq"),
|
|
14045
|
+
path: exports_external.string().min(1).max(100).optional(),
|
|
14046
|
+
value: exports_external.boolean()
|
|
14047
|
+
})
|
|
14048
|
+
]),
|
|
13978
14049
|
exports_external.object({
|
|
13979
14050
|
kind: exports_external.literal("toolArg"),
|
|
13980
|
-
|
|
13981
|
-
|
|
13982
|
-
|
|
13983
|
-
value: exports_external.boolean()
|
|
13984
|
-
})
|
|
14051
|
+
op: exports_external.enum(["exists", "notExists"]),
|
|
14052
|
+
path: exports_external.string().min(1).max(100)
|
|
14053
|
+
}).strict()
|
|
13985
14054
|
]);
|
|
13986
14055
|
var ToolTagConditionSchema = exports_external.discriminatedUnion("op", [
|
|
13987
14056
|
exports_external.object({
|
|
@@ -14000,10 +14069,22 @@ var ToolTagConditionSchema = exports_external.discriminatedUnion("op", [
|
|
|
14000
14069
|
tags: exports_external.array(exports_external.string().min(1)).min(1)
|
|
14001
14070
|
}).strict()
|
|
14002
14071
|
]);
|
|
14072
|
+
var SequenceEntrySchema = exports_external.union([
|
|
14073
|
+
GlobSchema,
|
|
14074
|
+
exports_external.object({
|
|
14075
|
+
by: exports_external.literal("toolName"),
|
|
14076
|
+
patterns: exports_external.array(GlobSchema).min(1)
|
|
14077
|
+
}).strict(),
|
|
14078
|
+
exports_external.object({
|
|
14079
|
+
by: exports_external.literal("toolTag"),
|
|
14080
|
+
tags: exports_external.array(exports_external.string().min(1)).min(1),
|
|
14081
|
+
op: exports_external.enum(["anyOf", "allOf"]).optional()
|
|
14082
|
+
}).strict()
|
|
14083
|
+
]);
|
|
14003
14084
|
var SequenceConditionSchema = exports_external.object({
|
|
14004
14085
|
kind: exports_external.literal("sequence"),
|
|
14005
|
-
mustHaveCalled: exports_external.array(
|
|
14006
|
-
mustNotHaveCalled: exports_external.array(
|
|
14086
|
+
mustHaveCalled: exports_external.array(SequenceEntrySchema).min(1).optional(),
|
|
14087
|
+
mustNotHaveCalled: exports_external.array(SequenceEntrySchema).min(1).optional()
|
|
14007
14088
|
}).strict().refine((v) => v.mustHaveCalled?.length || v.mustNotHaveCalled?.length, "sequence requires mustHaveCalled and/or mustNotHaveCalled");
|
|
14008
14089
|
var MaxCallsSelectorSchema = exports_external.discriminatedUnion("by", [
|
|
14009
14090
|
exports_external.object({ by: exports_external.literal("toolName"), patterns: exports_external.array(GlobSchema).min(1) }).strict(),
|
|
@@ -14015,7 +14096,10 @@ var MaxCallsSelectorSchema = exports_external.discriminatedUnion("by", [
|
|
|
14015
14096
|
var MaxCallsConditionSchema = exports_external.object({
|
|
14016
14097
|
kind: exports_external.literal("maxCalls"),
|
|
14017
14098
|
selector: MaxCallsSelectorSchema,
|
|
14018
|
-
max: exports_external.number().int().nonnegative()
|
|
14099
|
+
max: exports_external.number().int().nonnegative(),
|
|
14100
|
+
windowSeconds: exports_external.number().int().positive().optional(),
|
|
14101
|
+
per: exports_external.enum(["agent", "agent_user"]).optional(),
|
|
14102
|
+
tagFilter: exports_external.array(exports_external.string().min(1)).min(1).optional()
|
|
14019
14103
|
}).strict();
|
|
14020
14104
|
|
|
14021
14105
|
// src/rules/condition.ts
|
|
@@ -14031,17 +14115,19 @@ var BaseRuleConditionSchema = exports_external.union([
|
|
|
14031
14115
|
MetricWindowConditionSchema,
|
|
14032
14116
|
TimeGateConditionSchema,
|
|
14033
14117
|
RequireSubjectConditionSchema,
|
|
14034
|
-
SignalConditionSchema
|
|
14118
|
+
SignalConditionSchema,
|
|
14119
|
+
SensitiveDataConditionSchema
|
|
14035
14120
|
]);
|
|
14121
|
+
var LazyRuleConditionSchema = exports_external.lazy(() => RuleConditionSchema);
|
|
14036
14122
|
var AndConditionSchema = exports_external.object({
|
|
14037
14123
|
kind: exports_external.literal("and"),
|
|
14038
|
-
all: exports_external.array(
|
|
14124
|
+
all: exports_external.array(LazyRuleConditionSchema).min(1)
|
|
14039
14125
|
}).strict();
|
|
14040
14126
|
var OrConditionSchema = exports_external.object({
|
|
14041
14127
|
kind: exports_external.literal("or"),
|
|
14042
|
-
any: exports_external.array(
|
|
14128
|
+
any: exports_external.array(LazyRuleConditionSchema).min(1)
|
|
14043
14129
|
}).strict();
|
|
14044
|
-
var NotConditionSchema = exports_external.object({ kind: exports_external.literal("not"), not:
|
|
14130
|
+
var NotConditionSchema = exports_external.object({ kind: exports_external.literal("not"), not: LazyRuleConditionSchema }).strict();
|
|
14045
14131
|
var RuleConditionSchema = exports_external.union([
|
|
14046
14132
|
BaseRuleConditionSchema,
|
|
14047
14133
|
AndConditionSchema,
|