@highflame/policy 1.2.1 → 2.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +219 -0
- package/_schemas/overwatch/context.json +433 -0
- package/_schemas/overwatch/schema.cedarschema +179 -0
- package/_schemas/palisade/context.json +325 -0
- package/_schemas/palisade/schema.cedarschema +168 -0
- package/dist/builder.d.ts +1 -2
- package/dist/builder.d.ts.map +1 -1
- package/dist/builder.js +16 -3
- package/dist/builder.js.map +1 -1
- package/dist/context.gen.d.ts +1 -94
- package/dist/context.gen.d.ts.map +1 -1
- package/dist/context.gen.js +1 -97
- package/dist/context.gen.js.map +1 -1
- package/dist/engine.d.ts +18 -18
- package/dist/engine.d.ts.map +1 -1
- package/dist/engine.js +44 -28
- package/dist/engine.js.map +1 -1
- package/dist/engine.test.js.map +1 -1
- package/dist/entities.gen.d.ts +1 -0
- package/dist/entities.gen.d.ts.map +1 -1
- package/dist/entities.gen.js +1 -0
- package/dist/entities.gen.js.map +1 -1
- package/dist/index.d.ts +4 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +5 -0
- package/dist/index.js.map +1 -1
- package/dist/overwatch-context.gen.d.ts +29 -0
- package/dist/overwatch-context.gen.d.ts.map +1 -0
- package/dist/overwatch-context.gen.js +30 -0
- package/dist/overwatch-context.gen.js.map +1 -0
- package/dist/palisade-context.gen.d.ts +25 -0
- package/dist/palisade-context.gen.d.ts.map +1 -0
- package/dist/palisade-context.gen.js +26 -0
- package/dist/palisade-context.gen.js.map +1 -0
- package/dist/schema.gen.d.ts +1 -1
- package/dist/schema.gen.d.ts.map +1 -1
- package/dist/schema.gen.js +60 -541
- package/dist/schema.gen.js.map +1 -1
- package/dist/schemas.d.ts +64 -0
- package/dist/schemas.d.ts.map +1 -0
- package/dist/schemas.js +70 -0
- package/dist/schemas.js.map +1 -0
- package/dist/schemas.test.d.ts +8 -0
- package/dist/schemas.test.d.ts.map +1 -0
- package/dist/schemas.test.js +377 -0
- package/dist/schemas.test.js.map +1 -0
- package/dist/service-schemas.gen.d.ts +48 -0
- package/dist/service-schemas.gen.d.ts.map +1 -0
- package/dist/service-schemas.gen.js +581 -0
- package/dist/service-schemas.gen.js.map +1 -0
- package/dist/studio-ui.test.d.ts +8 -0
- package/dist/studio-ui.test.d.ts.map +1 -0
- package/dist/studio-ui.test.js +165 -0
- package/dist/studio-ui.test.js.map +1 -0
- package/dist/types.d.ts +4 -0
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +5 -0
- package/dist/types.js.map +1 -1
- package/package.json +9 -6
- package/src/builder.ts +18 -5
- package/src/context.gen.ts +0 -97
- package/src/engine.test.ts +0 -1
- package/src/engine.ts +62 -33
- package/src/entities.gen.ts +1 -0
- package/src/index.ts +17 -0
- package/src/overwatch-context.gen.ts +32 -0
- package/src/palisade-context.gen.ts +28 -0
- package/src/schema.gen.ts +60 -541
- package/src/schemas.test.ts +445 -0
- package/src/schemas.ts +91 -0
- package/src/service-schemas.gen.ts +608 -0
- package/src/studio-ui.test.ts +207 -0
- package/src/types.ts +17 -0
package/dist/engine.test.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"engine.test.js","sourceRoot":"","sources":["../src/engine.test.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAC1D,OAAO,EACL,YAAY,EAEZ,UAAU,EACV,UAAU,
|
|
1
|
+
{"version":3,"file":"engine.test.js","sourceRoot":"","sources":["../src/engine.test.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAC1D,OAAO,EACL,YAAY,EAEZ,UAAU,EACV,UAAU,EACV,oBAAoB,EACpB,cAAc,GACf,MAAM,YAAY,CAAC;AAEpB,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;IAC5B,IAAI,MAAoB,CAAC;IAEzB,MAAM,eAAe,GAAG;;GAEvB,CAAC;IAEF,MAAM,aAAa,GAAG;;GAErB,CAAC;IAEF,uFAAuF;IACvF,MAAM,kBAAkB,GAAG;;;;;;;;;;;GAW1B,CAAC;IAEF,UAAU,CAAC,GAAG,EAAE;QACd,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;QAChC,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;YACjD,MAAM,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;YAErC,MAAM,QAAQ,GAAG,MAAM,CAAC,cAAc,CACpC,UAAU,CAAC,OAAO,EAClB,cAAc,EACd,UAAU,CAAC,YAAY,EACvB,UAAU,CAAC,QAAQ,EACnB,oBAAoB,CACrB,CAAC;YAEF,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;YAChD,MAAM,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;YAEnC,MAAM,QAAQ,GAAG,MAAM,CAAC,cAAc,CACpC,UAAU,CAAC,OAAO,EAClB,cAAc,EACd,UAAU,CAAC,YAAY,EACvB,UAAU,CAAC,QAAQ,EACnB,oBAAoB,CACrB,CAAC;YAEF,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;YAC3D,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc;YAEvC,MAAM,QAAQ,GAAG,MAAM,CAAC,cAAc,CACpC,UAAU,CAAC,OAAO,EAClB,cAAc,EACd,UAAU,CAAC,YAAY,EACvB,UAAU,CAAC,QAAQ,EACnB,oBAAoB,CACrB,CAAC;YAEF,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,0BAA0B,EAAE,GAAG,EAAE;QACxC,UAAU,CAAC,GAAG,EAAE;YACd,MAAM,CAAC,YAAY,CAAC,kBAAkB,CAAC,CAAC;QAC1C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;YAC5D,mEAAmE;YACnE,MAAM,kBAAkB,GAAG;;;OAG1B,CAAC;YACF,MAAM,UAAU,GAAG,IAAI,YAAY,EAAE,CAAC;YACtC,UAAU,CAAC,YAAY,CAAC,kBAAkB,CAAC,CAAC;YAE5C,MAAM,QAAQ,GAAG,UAAU,CAAC,cAAc,CACxC,UAAU,CAAC,OAAO,EAClB,UAAU,EACV,UAAU,CAAC,YAAY,EACvB,UAAU,CAAC,QAAQ,EACnB,oBAAoB,EACpB,EAAE,WAAW,EAAE,YAAY,EAAE,CAC9B,CAAC;YAEF,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0DAA0D,EAAE,GAAG,EAAE;YAClE,MAAM,QAAQ,GAAG,MAAM,CAAC,cAAc,CACpC,UAAU,CAAC,OAAO,EAClB,UAAU,EACV,UAAU,CAAC,YAAY,EACvB,UAAU,CAAC,QAAQ,EACnB,oBAAoB,EACpB,EAAE,WAAW,EAAE,aAAa,EAAE,CAC/B,CAAC;YAEF,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;YAC5D,MAAM,QAAQ,GAAG,MAAM,CAAC,cAAc,CACpC,UAAU,CAAC,OAAO,EAClB,UAAU,EACV,UAAU,CAAC,YAAY,EACvB,UAAU,CAAC,QAAQ,EACnB,oBAAoB,EACpB,EAAE,CAAC,sBAAsB;aAC1B,CAAC;YAEF,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;QAChC,UAAU,CAAC,GAAG,EAAE;YACd,MAAM,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;YACrC,MAAM,QAAQ,GAAG,MAAM,CAAC,cAAc,CACpC,UAAU,CAAC,OAAO,EAClB,MAAM,EACN,UAAU,CAAC,YAAY,EACvB,UAAU,CAAC,QAAQ,EACnB,oBAAoB,EACpB;gBACE,WAAW,EAAE,YAAY;gBACzB,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,EAAE;gBACT,OAAO,EAAE,IAAI;aACd,CACF,CAAC;YAEF,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;YAClD,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC,EAAE,MAAM,EAAE,EAAE,cAAc,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;YACnE,MAAM,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;YAErC,MAAM,UAAU,GAA4B,EAAE,CAAC;YAC/C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC5B,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC;YAClC,CAAC;YAED,MAAM,CAAC,GAAG,EAAE;gBACV,MAAM,CAAC,cAAc,CACnB,UAAU,CAAC,OAAO,EAClB,MAAM,EACN,UAAU,CAAC,YAAY,EACvB,UAAU,CAAC,QAAQ,EACnB,oBAAoB,EACpB,UAAU,CACX,CAAC;YACJ,CAAC,CAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACrD,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC,EAAE,MAAM,EAAE,EAAE,eAAe,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;YACtE,MAAM,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;YAErC,MAAM,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAEnC,MAAM,CAAC,GAAG,EAAE;gBACV,MAAM,CAAC,cAAc,CACnB,UAAU,CAAC,OAAO,EAClB,MAAM,EACN,UAAU,CAAC,YAAY,EACvB,UAAU,CAAC,QAAQ,EACnB,oBAAoB,EACpB,EAAE,KAAK,EAAE,UAAU,EAAE,CACtB,CAAC;YACJ,CAAC,CAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;YAC7C,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC,EAAE,MAAM,EAAE,EAAE,eAAe,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;YACpE,MAAM,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;YAErC,MAAM,WAAW,GAAG;gBAClB,MAAM,EAAE;oBACN,MAAM,EAAE;wBACN,MAAM,EAAE;4BACN,MAAM,EAAE;gCACN,MAAM,EAAE,UAAU;6BACnB;yBACF;qBACF;iBACF;aACF,CAAC;YAEF,MAAM,CAAC,GAAG,EAAE;gBACV,MAAM,CAAC,cAAc,CACnB,UAAU,CAAC,OAAO,EAClB,MAAM,EACN,UAAU,CAAC,YAAY,EACvB,UAAU,CAAC,QAAQ,EACnB,oBAAoB,EACpB,WAAW,CACZ,CAAC;YACJ,CAAC,CAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC;gBAC9B,cAAc,EAAE,IAAI;gBACpB,MAAM,EAAE,EAAE,cAAc,EAAE,CAAC,EAAE;aAC9B,CAAC,CAAC;YACH,MAAM,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;YAErC,sCAAsC;YACtC,MAAM,QAAQ,GAAG,MAAM,CAAC,cAAc,CACpC,UAAU,CAAC,OAAO,EAClB,MAAM,EACN,UAAU,CAAC,YAAY,EACvB,UAAU,CAAC,QAAQ,EACnB,oBAAoB,EACpB,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,CACnD,CAAC;YAEF,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,uBAAuB,EAAE,GAAG,EAAE;QACrC,UAAU,CAAC,GAAG,EAAE;YACd,MAAM,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;YAC5C,MAAM,QAAQ,GAAG,MAAM,CAAC,cAAc,CACpC,UAAU,CAAC,OAAO,EAClB,MAAM,EACN,UAAU,CAAC,YAAY,EACvB,UAAU,CAAC,QAAQ,EACnB,oBAAoB,EACpB,EAAE,OAAO,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,WAAW,CAAC,EAAE,CAClD,CAAC;YAEF,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;YAC7C,MAAM,QAAQ,GAAG,MAAM,CAAC,cAAc,CACpC,UAAU,CAAC,OAAO,EAClB,MAAM,EACN,UAAU,CAAC,YAAY,EACvB,UAAU,CAAC,QAAQ,EACnB,oBAAoB,EACpB;gBACE,QAAQ,EAAE;oBACR,MAAM,EAAE,aAAa;oBACrB,IAAI,EAAE,IAAI;iBACX;aACF,CACF,CAAC;YAEF,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;YACrC,uEAAuE;YACvE,MAAM,QAAQ,GAAG,MAAM,CAAC,cAAc,CACpC,UAAU,CAAC,OAAO,EAClB,MAAM,EACN,UAAU,CAAC,YAAY,EACvB,UAAU,CAAC,QAAQ,EACnB,oBAAoB,EACpB,EAAE,CACH,CAAC;YAEF,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;YAC9C,MAAM,QAAQ,GAAG,MAAM,CAAC,cAAc,CACpC,UAAU,CAAC,OAAO,EAClB,MAAM,EACN,UAAU,CAAC,YAAY,EACvB,UAAU,CAAC,QAAQ,EACnB,oBAAoB,EACpB,EAAE,SAAS,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,CACzC,CAAC;YAEF,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;YAC9C,8DAA8D;YAC9D,MAAM,QAAQ,GAAG,MAAM,CAAC,cAAc,CACpC,UAAU,CAAC,OAAO,EAClB,MAAM,EACN,UAAU,CAAC,YAAY,EACvB,UAAU,CAAC,QAAQ,EACnB,oBAAoB,EACpB,EAAE,cAAc,EAAE,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,CAClC,CAAC;YAEF,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;QAC9B,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;YACxD,MAAM,aAAa,GAAG,oCAAoC,CAAC,CAAC,wBAAwB;YAEpF,MAAM,CAAC,GAAG,EAAE;gBACV,MAAM,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;gBACnC,MAAM,CAAC,cAAc,CACnB,UAAU,CAAC,OAAO,EAClB,MAAM,EACN,UAAU,CAAC,YAAY,EACvB,UAAU,CAAC,QAAQ,EACnB,oBAAoB,CACrB,CAAC;YACJ,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;YAEjB,iCAAiC;YACjC,MAAM,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;YACnC,MAAM,QAAQ,GAAG,MAAM,CAAC,cAAc,CACpC,UAAU,CAAC,OAAO,EAClB,MAAM,EACN,UAAU,CAAC,YAAY,EACvB,UAAU,CAAC,QAAQ,EACnB,oBAAoB,CACrB,CAAC;YAEF,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;QAC9B,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC/C,MAAM,CAAC,cAAc,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAChD,MAAM,CAAC,cAAc,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACvD,MAAM,CAAC,cAAc,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAChD,MAAM,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC9D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
package/dist/entities.gen.d.ts
CHANGED
|
@@ -8,6 +8,7 @@ export declare const EntityType: {
|
|
|
8
8
|
readonly FilePath: "FilePath";
|
|
9
9
|
readonly GitBranch: "GitBranch";
|
|
10
10
|
readonly HttpEndpoint: "HttpEndpoint";
|
|
11
|
+
readonly LlmPrompt: "LlmPrompt";
|
|
11
12
|
readonly Memory: "Memory";
|
|
12
13
|
readonly Model: "Model";
|
|
13
14
|
readonly Package: "Package";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"entities.gen.d.ts","sourceRoot":"","sources":["../src/entities.gen.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,eAAO,MAAM,UAAU
|
|
1
|
+
{"version":3,"file":"entities.gen.d.ts","sourceRoot":"","sources":["../src/entities.gen.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;;CAmBb,CAAC;AAEX,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,UAAU,CAAC,CAAC,MAAM,OAAO,UAAU,CAAC,CAAC;AAEtE;;GAEG;AACH,MAAM,WAAW,SAAS;IACtB,IAAI,EAAE,UAAU,GAAG,MAAM,CAAC;IAC1B,EAAE,EAAE,MAAM,CAAC;CACd;AAED;;GAEG;AACH,MAAM,WAAW,MAAM;IACnB,GAAG,EAAE,SAAS,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,OAAO,CAAC,EAAE,SAAS,EAAE,CAAC;CACzB;AAED;;;;GAIG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,UAAU,GAAG,MAAM,EAAE,EAAE,EAAE,MAAM,GAAG,SAAS,CAE7E;AAED;;GAEG;AACH,wBAAgB,SAAS,CAAC,IAAI,EAAE,UAAU,GAAG,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAMxG"}
|
package/dist/entities.gen.js
CHANGED
package/dist/entities.gen.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"entities.gen.js","sourceRoot":"","sources":["../src/entities.gen.ts"],"names":[],"mappings":"AAAA,2DAA2D;AAC3D,uCAAuC;AAEvC;;GAEG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG;IACtB,KAAK,EAAE,OAAO;IACd,QAAQ,EAAE,UAAU;IACpB,WAAW,EAAE,aAAa;IAC1B,QAAQ,EAAE,UAAU;IACpB,SAAS,EAAE,WAAW;IACtB,YAAY,EAAE,cAAc;IAC5B,MAAM,EAAE,QAAQ;IAChB,KAAK,EAAE,OAAO;IACd,OAAO,EAAE,SAAS;IAClB,UAAU,EAAE,YAAY;IACxB,QAAQ,EAAE,UAAU;IACpB,YAAY,EAAE,cAAc;IAC5B,OAAO,EAAE,SAAS;IAClB,MAAM,EAAE,QAAQ;IAChB,OAAO,EAAE,SAAS;IAClB,IAAI,EAAE,MAAM;IACZ,IAAI,EAAE,MAAM;CACN,CAAC;AAqBX;;;;GAIG;AACH,MAAM,UAAU,YAAY,CAAC,IAAyB,EAAE,EAAU;IAC9D,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;AACxB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,IAAyB,EAAE,EAAU,EAAE,KAA+B;IAC5F,OAAO;QACH,GAAG,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;QACjB,KAAK,EAAE,KAAK,IAAI,EAAE;QAClB,OAAO,EAAE,EAAE;KACd,CAAC;AACN,CAAC"}
|
|
1
|
+
{"version":3,"file":"entities.gen.js","sourceRoot":"","sources":["../src/entities.gen.ts"],"names":[],"mappings":"AAAA,2DAA2D;AAC3D,uCAAuC;AAEvC;;GAEG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG;IACtB,KAAK,EAAE,OAAO;IACd,QAAQ,EAAE,UAAU;IACpB,WAAW,EAAE,aAAa;IAC1B,QAAQ,EAAE,UAAU;IACpB,SAAS,EAAE,WAAW;IACtB,YAAY,EAAE,cAAc;IAC5B,SAAS,EAAE,WAAW;IACtB,MAAM,EAAE,QAAQ;IAChB,KAAK,EAAE,OAAO;IACd,OAAO,EAAE,SAAS;IAClB,UAAU,EAAE,YAAY;IACxB,QAAQ,EAAE,UAAU;IACpB,YAAY,EAAE,cAAc;IAC5B,OAAO,EAAE,SAAS;IAClB,MAAM,EAAE,QAAQ;IAChB,OAAO,EAAE,SAAS;IAClB,IAAI,EAAE,MAAM;IACZ,IAAI,EAAE,MAAM;CACN,CAAC;AAqBX;;;;GAIG;AACH,MAAM,UAAU,YAAY,CAAC,IAAyB,EAAE,EAAU;IAC9D,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;AACxB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,IAAyB,EAAE,EAAU,EAAE,KAA+B;IAC5F,OAAO;QACH,GAAG,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;QACjB,KAAK,EAAE,KAAK,IAAI,EAAE;QAClB,OAAO,EAAE,EAAE;KACd,CAAC;AACN,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -6,4 +6,8 @@ export * from './engine.js';
|
|
|
6
6
|
export * from './builder.js';
|
|
7
7
|
export * from './parser.js';
|
|
8
8
|
export * from './errors.js';
|
|
9
|
+
export { OVERWATCH_SCHEMA, PALISADE_SCHEMA, OVERWATCH_CONTEXT, PALISADE_CONTEXT, } from './service-schemas.gen.js';
|
|
10
|
+
export type { ContextAttribute, ActionContext, ServiceContext, } from './service-schemas.gen.js';
|
|
11
|
+
export { OverwatchContextKey } from './overwatch-context.gen.js';
|
|
12
|
+
export { PalisadeContextKey } from './palisade-context.gen.js';
|
|
9
13
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAMA,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC;AACjC,cAAc,iBAAiB,CAAC;AAGhC,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC;AAC7B,cAAc,aAAa,CAAC;AAC5B,cAAc,aAAa,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAMA,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC;AACjC,cAAc,iBAAiB,CAAC;AAGhC,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC;AAC7B,cAAc,aAAa,CAAC;AAC5B,cAAc,aAAa,CAAC;AAG5B,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,iBAAiB,EACjB,gBAAgB,GACjB,MAAM,0BAA0B,CAAC;AAClC,YAAY,EACV,gBAAgB,EAChB,aAAa,EACb,cAAc,GACf,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -12,4 +12,9 @@ export * from './engine.js';
|
|
|
12
12
|
export * from './builder.js';
|
|
13
13
|
export * from './parser.js';
|
|
14
14
|
export * from './errors.js';
|
|
15
|
+
// Service-specific schemas and context (inlined)
|
|
16
|
+
export { OVERWATCH_SCHEMA, PALISADE_SCHEMA, OVERWATCH_CONTEXT, PALISADE_CONTEXT, } from './service-schemas.gen.js';
|
|
17
|
+
// Service-specific context key enums
|
|
18
|
+
export { OverwatchContextKey } from './overwatch-context.gen.js';
|
|
19
|
+
export { PalisadeContextKey } from './palisade-context.gen.js';
|
|
15
20
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,2DAA2D;AAC3D,uCAAuC;AACvC,EAAE;AACF,sEAAsE;AACtE,oEAAoE;AAEpE,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC;AACjC,cAAc,iBAAiB,CAAC;AAEhC,0CAA0C;AAC1C,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC;AAC7B,cAAc,aAAa,CAAC;AAC5B,cAAc,aAAa,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,2DAA2D;AAC3D,uCAAuC;AACvC,EAAE;AACF,sEAAsE;AACtE,oEAAoE;AAEpE,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC;AACjC,cAAc,iBAAiB,CAAC;AAEhC,0CAA0C;AAC1C,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC;AAC7B,cAAc,aAAa,CAAC;AAC5B,cAAc,aAAa,CAAC;AAE5B,iDAAiD;AACjD,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,iBAAiB,EACjB,gBAAgB,GACjB,MAAM,0BAA0B,CAAC;AAOlC,qCAAqC;AACrC,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Context attribute keys for Overwatch Overwatch (Guardian) IDE security & policy enforcement.
|
|
3
|
+
*
|
|
4
|
+
* These constants correspond to the context attributes defined in the
|
|
5
|
+
* Overwatch Cedar schema and are used at policy evaluation time.
|
|
6
|
+
*/
|
|
7
|
+
export declare const OverwatchContextKey: {
|
|
8
|
+
readonly ContainsSecrets: "contains_secrets";
|
|
9
|
+
readonly Content: "content";
|
|
10
|
+
readonly Cwd: "cwd";
|
|
11
|
+
readonly Event: "event";
|
|
12
|
+
readonly HighestSeverity: "highest_severity";
|
|
13
|
+
readonly MaxThreatSeverity: "max_threat_severity";
|
|
14
|
+
readonly McpServer: "mcp_server";
|
|
15
|
+
readonly McpTool: "mcp_tool";
|
|
16
|
+
readonly Path: "path";
|
|
17
|
+
readonly PromptText: "prompt_text";
|
|
18
|
+
readonly ResponseContent: "response_content";
|
|
19
|
+
readonly Source: "source";
|
|
20
|
+
readonly ThreatCategories: "threat_categories";
|
|
21
|
+
readonly ThreatCount: "threat_count";
|
|
22
|
+
readonly ThreatTypes: "threat_types";
|
|
23
|
+
readonly ToolName: "tool_name";
|
|
24
|
+
readonly UserEmail: "user_email";
|
|
25
|
+
readonly WorkspaceRoot: "workspace_root";
|
|
26
|
+
readonly YaraThreats: "yara_threats";
|
|
27
|
+
};
|
|
28
|
+
export type OverwatchContextKey = (typeof OverwatchContextKey)[keyof typeof OverwatchContextKey];
|
|
29
|
+
//# sourceMappingURL=overwatch-context.gen.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"overwatch-context.gen.d.ts","sourceRoot":"","sources":["../src/overwatch-context.gen.ts"],"names":[],"mappings":"AAGA;;;;;GAKG;AACH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;CAoBtB,CAAC;AAEX,MAAM,MAAM,mBAAmB,GAAG,CAAC,OAAO,mBAAmB,CAAC,CAAC,MAAM,OAAO,mBAAmB,CAAC,CAAC"}
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
// Code generated by highflame-policy-codegen. DO NOT EDIT.
|
|
2
|
+
// Source: schemas/overwatch/context.json
|
|
3
|
+
/**
|
|
4
|
+
* Context attribute keys for Overwatch Overwatch (Guardian) IDE security & policy enforcement.
|
|
5
|
+
*
|
|
6
|
+
* These constants correspond to the context attributes defined in the
|
|
7
|
+
* Overwatch Cedar schema and are used at policy evaluation time.
|
|
8
|
+
*/
|
|
9
|
+
export const OverwatchContextKey = {
|
|
10
|
+
ContainsSecrets: 'contains_secrets',
|
|
11
|
+
Content: 'content',
|
|
12
|
+
Cwd: 'cwd',
|
|
13
|
+
Event: 'event',
|
|
14
|
+
HighestSeverity: 'highest_severity',
|
|
15
|
+
MaxThreatSeverity: 'max_threat_severity',
|
|
16
|
+
McpServer: 'mcp_server',
|
|
17
|
+
McpTool: 'mcp_tool',
|
|
18
|
+
Path: 'path',
|
|
19
|
+
PromptText: 'prompt_text',
|
|
20
|
+
ResponseContent: 'response_content',
|
|
21
|
+
Source: 'source',
|
|
22
|
+
ThreatCategories: 'threat_categories',
|
|
23
|
+
ThreatCount: 'threat_count',
|
|
24
|
+
ThreatTypes: 'threat_types',
|
|
25
|
+
ToolName: 'tool_name',
|
|
26
|
+
UserEmail: 'user_email',
|
|
27
|
+
WorkspaceRoot: 'workspace_root',
|
|
28
|
+
YaraThreats: 'yara_threats',
|
|
29
|
+
};
|
|
30
|
+
//# sourceMappingURL=overwatch-context.gen.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"overwatch-context.gen.js","sourceRoot":"","sources":["../src/overwatch-context.gen.ts"],"names":[],"mappings":"AAAA,2DAA2D;AAC3D,yCAAyC;AAEzC;;;;;GAKG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,eAAe,EAAE,kBAAkB;IACnC,OAAO,EAAE,SAAS;IAClB,GAAG,EAAE,KAAK;IACV,KAAK,EAAE,OAAO;IACd,eAAe,EAAE,kBAAkB;IACnC,iBAAiB,EAAE,qBAAqB;IACxC,SAAS,EAAE,YAAY;IACvB,OAAO,EAAE,UAAU;IACnB,IAAI,EAAE,MAAM;IACZ,UAAU,EAAE,aAAa;IACzB,eAAe,EAAE,kBAAkB;IACnC,MAAM,EAAE,QAAQ;IAChB,gBAAgB,EAAE,mBAAmB;IACrC,WAAW,EAAE,cAAc;IAC3B,WAAW,EAAE,cAAc;IAC3B,QAAQ,EAAE,WAAW;IACrB,SAAS,EAAE,YAAY;IACvB,aAAa,EAAE,gBAAgB;IAC/B,WAAW,EAAE,cAAc;CACnB,CAAC"}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Context attribute keys for Palisade Palisade ML supply chain security & artifact scanning.
|
|
3
|
+
*
|
|
4
|
+
* These constants correspond to the context attributes defined in the
|
|
5
|
+
* Palisade Cedar schema and are used at policy evaluation time.
|
|
6
|
+
*/
|
|
7
|
+
export declare const PalisadeContextKey: {
|
|
8
|
+
readonly AdapterBaseDigestMismatch: "adapter_base_digest_mismatch";
|
|
9
|
+
readonly ArtifactFormat: "artifact_format";
|
|
10
|
+
readonly ArtifactSigned: "artifact_signed";
|
|
11
|
+
readonly Environment: "environment";
|
|
12
|
+
readonly FindingType: "finding_type";
|
|
13
|
+
readonly GgufSuspiciousMetadata: "gguf_suspicious_metadata";
|
|
14
|
+
readonly MatchCount: "match_count";
|
|
15
|
+
readonly MetadataCosaiLevelNumeric: "metadata_cosai_level_numeric";
|
|
16
|
+
readonly MetadataMaliciousPattern: "metadata_malicious_pattern";
|
|
17
|
+
readonly Path: "path";
|
|
18
|
+
readonly PickleExecPathDetected: "pickle_exec_path_detected";
|
|
19
|
+
readonly ProvenanceSigner: "provenance_signer";
|
|
20
|
+
readonly SafetensorsIntegrityViolation: "safetensors_integrity_violation";
|
|
21
|
+
readonly Severity: "severity";
|
|
22
|
+
readonly TokenizerAddedTokensCount: "tokenizer_added_tokens_count";
|
|
23
|
+
};
|
|
24
|
+
export type PalisadeContextKey = (typeof PalisadeContextKey)[keyof typeof PalisadeContextKey];
|
|
25
|
+
//# sourceMappingURL=palisade-context.gen.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"palisade-context.gen.d.ts","sourceRoot":"","sources":["../src/palisade-context.gen.ts"],"names":[],"mappings":"AAGA;;;;;GAKG;AACH,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;CAgBrB,CAAC;AAEX,MAAM,MAAM,kBAAkB,GAAG,CAAC,OAAO,kBAAkB,CAAC,CAAC,MAAM,OAAO,kBAAkB,CAAC,CAAC"}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
// Code generated by highflame-policy-codegen. DO NOT EDIT.
|
|
2
|
+
// Source: schemas/palisade/context.json
|
|
3
|
+
/**
|
|
4
|
+
* Context attribute keys for Palisade Palisade ML supply chain security & artifact scanning.
|
|
5
|
+
*
|
|
6
|
+
* These constants correspond to the context attributes defined in the
|
|
7
|
+
* Palisade Cedar schema and are used at policy evaluation time.
|
|
8
|
+
*/
|
|
9
|
+
export const PalisadeContextKey = {
|
|
10
|
+
AdapterBaseDigestMismatch: 'adapter_base_digest_mismatch',
|
|
11
|
+
ArtifactFormat: 'artifact_format',
|
|
12
|
+
ArtifactSigned: 'artifact_signed',
|
|
13
|
+
Environment: 'environment',
|
|
14
|
+
FindingType: 'finding_type',
|
|
15
|
+
GgufSuspiciousMetadata: 'gguf_suspicious_metadata',
|
|
16
|
+
MatchCount: 'match_count',
|
|
17
|
+
MetadataCosaiLevelNumeric: 'metadata_cosai_level_numeric',
|
|
18
|
+
MetadataMaliciousPattern: 'metadata_malicious_pattern',
|
|
19
|
+
Path: 'path',
|
|
20
|
+
PickleExecPathDetected: 'pickle_exec_path_detected',
|
|
21
|
+
ProvenanceSigner: 'provenance_signer',
|
|
22
|
+
SafetensorsIntegrityViolation: 'safetensors_integrity_violation',
|
|
23
|
+
Severity: 'severity',
|
|
24
|
+
TokenizerAddedTokensCount: 'tokenizer_added_tokens_count',
|
|
25
|
+
};
|
|
26
|
+
//# sourceMappingURL=palisade-context.gen.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"palisade-context.gen.js","sourceRoot":"","sources":["../src/palisade-context.gen.ts"],"names":[],"mappings":"AAAA,2DAA2D;AAC3D,wCAAwC;AAExC;;;;;GAKG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,yBAAyB,EAAE,8BAA8B;IACzD,cAAc,EAAE,iBAAiB;IACjC,cAAc,EAAE,iBAAiB;IACjC,WAAW,EAAE,aAAa;IAC1B,WAAW,EAAE,cAAc;IAC3B,sBAAsB,EAAE,0BAA0B;IAClD,UAAU,EAAE,aAAa;IACzB,yBAAyB,EAAE,8BAA8B;IACzD,wBAAwB,EAAE,4BAA4B;IACtD,IAAI,EAAE,MAAM;IACZ,sBAAsB,EAAE,2BAA2B;IACnD,gBAAgB,EAAE,mBAAmB;IACrC,6BAA6B,EAAE,iCAAiC;IAChE,QAAQ,EAAE,UAAU;IACpB,yBAAyB,EAAE,8BAA8B;CACjD,CAAC"}
|
package/dist/schema.gen.d.ts
CHANGED
|
@@ -2,5 +2,5 @@
|
|
|
2
2
|
* Embedded Cedar schema for policy validation.
|
|
3
3
|
* This is the Highflame Cedar schema used across all services.
|
|
4
4
|
*/
|
|
5
|
-
export declare const CEDAR_SCHEMA = "// Highflame Cedar Schema\n// ======================\n// This is the SOURCE OF TRUTH for all entity types, actions, and their relationships\n// across the Highflame platform.\n//\n// All services (authz, Core, Guardian, Palisade) MUST use the types defined here.\n// The codegen tool parses this file and generates typed constants for Go, TypeScript,\n// and Python to ensure consistency.\n//\n// Usage:\n// - Policies are validated against this schema when created/updated\n// - Generated types prevent typos in application code\n// - Cedar CLI can validate: cedar validate --schema highflame.cedarschema --policies policy.cedar\n\n// =============================================================================\n// PRINCIPAL TYPES (Who is making the request)\n// =============================================================================\n\n// Human user or service account making requests\n// Well-known IDs: \"mcp_client\", \"threat_processor\"\nentity User {\n // User type: \"external\", \"internal\"\n user_type: String,\n};\n\n// AI agent or bot\nentity Agent {\n // Agent type: \"llm\", \"scanner\", \"bot\", \"coding_assistant\"\n agent_type: String,\n};\n\n// Security scanner service\n// Well-known IDs: \"ramparts\", \"palisade\"\nentity Scanner {\n // Scanner type: \"ramparts\", \"palisade\"\n scanner_type: String,\n // Scanner version\n version: String,\n};\n\n// Backend service account\nentity Service {\n // Service name\n service_name: String,\n // Environment: \"production\", \"staging\", \"development\"\n environment: String,\n};\n\n// =============================================================================\n// RESOURCE TYPES (What is being accessed)\n// =============================================================================\n\n// Generic resource\n// Well-known IDs: \"threat_analysis\", \"tools/list\", \"tools/call\", \"resources/list\",\n// \"resources/read\", \"prompts/list\", \"unknown\"\nentity Resource {};\n\n// LLM response data\n// Well-known IDs: \"response_data\"\nentity ResponseData {};\n\n// MCP tool that can be called\nentity Tool {\n // Tool name\n tool_name: String,\n // Risk level: \"safe\", \"moderate\", \"dangerous\"\n risk_level: String,\n // Category: \"file\", \"network\", \"shell\", \"api\"\n category: String,\n};\n\n// File system path\nentity FilePath {\n // Full path\n path: String,\n // File extension\n extension: String,\n // Whether file is sensitive (.env, credentials, etc.)\n is_sensitive: Bool,\n};\n\n// HTTP endpoint\nentity HttpEndpoint {\n // Hostname\n hostname: String,\n // Scheme: \"http\", \"https\"\n scheme: String,\n // Port number\n port: Long,\n // Whether endpoint is internal\n is_internal: Bool,\n};\n\n// MCP Server\nentity Server {\n // Server name\n server_name: String,\n};\n\n// ML model artifact (for Palisade)\nentity Artifact {\n // Format: \"safetensors\", \"pickle\", \"gguf\", \"onnx\"\n artifact_type: String,\n // Source URL or path\n source: String,\n // SHA256 hash\n hash: String,\n // Whether artifact is signed\n is_signed: Bool,\n};\n\n// Code repository\nentity Repository {\n // Repository URL\n url: String,\n};\n\n// Software package\nentity Package {\n // Package name\n name: String,\n // Package version\n version: String,\n};\n\n// Git branch (for branch protection policies)\nentity GitBranch {\n // Branch name (e.g., \"main\", \"develop\", \"feature/xyz\")\n branch_name: String,\n // Whether this is a protected branch\n is_protected: Bool,\n};\n\n// LLM Model (for model-specific policies)\nentity Model {\n // Model name (e.g., \"gpt-4\", \"claude-3-opus\")\n model_name: String,\n // Provider (e.g., \"openai\", \"anthropic\", \"google\")\n provider: String,\n // Whether model is in preview/beta\n is_preview: Bool,\n};\n\n// External API endpoint (for external service calls)\nentity ExternalAPI {\n // API name or identifier\n api_name: String,\n // Base URL or hostname\n base_url: String,\n // Whether the API is trusted/verified\n is_trusted: Bool,\n};\n\n// Agent memory or RAG storage\nentity Memory {\n // Memory type: \"short_term\", \"long_term\", \"rag\", \"vector_store\"\n memory_type: String,\n // Whether memory contains sensitive data\n is_sensitive: Bool,\n};\n\n// =============================================================================\n// ACTIONS - LLM/Guardrails\n// =============================================================================\n\n// Process an LLM prompt\n// Context: prompt_text, yara_threats, threat_count, max_threat_severity,\n// user_type, monitoring_enabled, injection_score, content_score\naction process_prompt appliesTo {\n principal: [User, Agent],\n resource: [Resource],\n};\n\n// Process an LLM response\n// Context: response_size_mb, contains_pii, pii_types, content_category\naction process_response appliesTo {\n principal: [User, Agent],\n resource: [ResponseData],\n};\n\n// Invoke an LLM model\n// Context: model_name, model_provider, is_preview_model, estimated_tokens,\n// max_tokens, temperature, top_p, is_streaming\naction invoke_model appliesTo {\n principal: [User, Agent, Service],\n resource: [Model, Resource],\n};\n\n// Filter content (apply content filtering policies)\n// Context: content_type, content_category, content_score, harm_categories,\n// language, is_harmful, filter_action\naction filter_content appliesTo {\n principal: [User, Agent, Service],\n resource: [Resource, ResponseData],\n};\n\n// =============================================================================\n// ACTIONS - MCP/Tool\n// =============================================================================\n\n// Call an MCP tool\n// Context: tool_name, tool_arguments, risk_level\naction call_tool appliesTo {\n principal: [User, Agent, Service],\n resource: [Tool, Resource],\n};\n\n// Connect to an MCP server\n// Context: server_name, server_url, transport_type\naction connect_server appliesTo {\n principal: [User, Agent, Service],\n resource: [Server, Resource],\n};\n\n// Access a server-specific resource\n// Context: tool_name, resource_name, prompt_name\naction access_server_resource appliesTo {\n principal: [User, Agent, Service],\n resource: [Resource],\n};\n\n// Skip guardrails for an operation\naction skip_guardrails appliesTo {\n principal: [User, Agent, Service],\n resource: [Resource],\n};\n\n// =============================================================================\n// ACTIONS - File System\n// =============================================================================\n\n// Read a file\n// Context: path, extension, is_sensitive\naction read_file appliesTo {\n principal: [User, Agent, Scanner],\n resource: [FilePath, Resource],\n};\n\n// Write a file\n// Context: path, extension, is_sensitive, file_size_bytes\naction write_file appliesTo {\n principal: [User, Agent],\n resource: [FilePath, Resource],\n};\n\n// Delete a file\n// Context: path, extension, is_sensitive\naction delete_file appliesTo {\n principal: [User, Agent],\n resource: [FilePath, Resource],\n};\n\n// =============================================================================\n// ACTIONS - HTTP/Network\n// =============================================================================\n\n// Make an HTTP request\n// Context: hostname, ip_address, scheme, port, method, is_internal\naction http_request appliesTo {\n principal: [User, Agent, Service],\n resource: [HttpEndpoint, Resource],\n};\n\n// Call an external API\n// Context: api_name, endpoint_path, method, is_trusted, request_size_bytes\naction call_external_api appliesTo {\n principal: [User, Agent, Service],\n resource: [ExternalAPI, HttpEndpoint, Resource],\n};\n\n// =============================================================================\n// ACTIONS - Code Execution\n// =============================================================================\n\n// Execute code in a sandbox or environment\n// Context: code_language, is_sandboxed, code_size_bytes, has_network_access,\n// has_filesystem_access, execution_timeout_ms\naction execute_code appliesTo {\n principal: [User, Agent],\n resource: [Resource],\n};\n\n// Run tests\n// Context: test_framework, test_count, is_sandboxed, code_language\naction run_tests appliesTo {\n principal: [User, Agent, Service],\n resource: [Repository, Resource],\n};\n\n// Run build process\n// Context: build_tool, is_sandboxed, code_language\naction run_build appliesTo {\n principal: [User, Agent, Service],\n resource: [Repository, Resource],\n};\n\n// =============================================================================\n// ACTIONS - Git Operations\n// =============================================================================\n\n// General git operation (use for policies that apply to all git actions)\n// Context: git_op, target_branch, source_branch, is_force, is_protected_branch,\n// changed_files_count, commit_message, remote_url\naction git_operation appliesTo {\n principal: [User, Agent],\n resource: [Repository, GitBranch, Resource],\n};\n\n// Clone a repository\n// Context: remote_url, is_shallow, depth\naction git_clone appliesTo {\n principal: [User, Agent],\n resource: [Repository, Resource],\n};\n\n// Create a commit\n// Context: commit_message, changed_files_count, author, is_amend\naction git_commit appliesTo {\n principal: [User, Agent],\n resource: [Repository, GitBranch, Resource],\n};\n\n// Push changes to remote\n// Context: target_branch, is_force_push, is_protected_branch, remote_url\naction git_push appliesTo {\n principal: [User, Agent],\n resource: [Repository, GitBranch, Resource],\n};\n\n// Pull changes from remote\n// Context: source_branch, remote_url, is_rebase\naction git_pull appliesTo {\n principal: [User, Agent],\n resource: [Repository, GitBranch, Resource],\n};\n\n// Merge branches\n// Context: source_branch, target_branch, is_protected_branch, merge_strategy\naction git_merge appliesTo {\n principal: [User, Agent],\n resource: [Repository, GitBranch, Resource],\n};\n\n// Checkout branch or commit\n// Context: target_branch, is_new_branch, commit_hash\naction git_checkout appliesTo {\n principal: [User, Agent],\n resource: [Repository, GitBranch, Resource],\n};\n\n// Reset changes (potentially destructive)\n// Context: reset_mode, target_commit, is_hard_reset\naction git_reset appliesTo {\n principal: [User, Agent],\n resource: [Repository, GitBranch, Resource],\n};\n\n// Rebase branch\n// Context: source_branch, target_branch, is_interactive\naction git_rebase appliesTo {\n principal: [User, Agent],\n resource: [Repository, GitBranch, Resource],\n};\n\n// =============================================================================\n// ACTIONS - Agent Orchestration\n// =============================================================================\n\n// Delegate task to another agent\n// Context: delegation_depth, parent_agent_id, task_type, is_autonomous\naction delegate_task appliesTo {\n principal: [Agent, Service],\n resource: [Resource],\n};\n\n// Spawn a subprocess or child process\n// Context: process_name, is_sandboxed, has_network_access, has_filesystem_access\naction spawn_subprocess appliesTo {\n principal: [User, Agent, Service],\n resource: [Resource],\n};\n\n// Access agent memory or RAG storage\n// Context: memory_type, operation (read, write, delete), is_sensitive\naction access_memory appliesTo {\n principal: [Agent, Service],\n resource: [Memory, Resource],\n};\n\n// =============================================================================\n// ACTIONS - Scanner\n// =============================================================================\n\n// Scan a target (MCP server, repository, etc.)\naction scan_target appliesTo {\n principal: [Scanner, Service],\n resource: [Resource, Repository, Server],\n};\n\n// Scan a software package\naction scan_package appliesTo {\n principal: [Scanner, Service],\n resource: [Package, Resource],\n};\n\n// =============================================================================\n// ACTIONS - Palisade/ML\n// =============================================================================\n\n// Scan an ML artifact\n// Context: environment, artifact_format, artifact_signed, severity, finding_type,\n// provenance_signer, pickle_exec_path_detected, metadata_malicious_pattern,\n// tokenizer_added_tokens_count, safetensors_integrity_violation,\n// gguf_suspicious_metadata, adapter_base_digest_mismatch,\n// metadata_cosai_level_numeric\naction scan_artifact appliesTo {\n principal: [Scanner, Service],\n resource: [Artifact, Resource],\n};\n\n// Validate artifact integrity\naction validate_integrity appliesTo {\n principal: [Scanner, Service],\n resource: [Artifact],\n};\n\n// Validate artifact provenance\naction validate_provenance appliesTo {\n principal: [Scanner, Service],\n resource: [Artifact],\n};\n\n// Quarantine an artifact\naction quarantine_artifact appliesTo {\n principal: [Scanner, Service],\n resource: [Artifact],\n};\n\n// Load an ML model\naction load_model appliesTo {\n principal: [User, Agent, Service],\n resource: [Artifact],\n};\n\n// Deploy an ML model\naction deploy_model appliesTo {\n principal: [User, Service],\n resource: [Artifact],\n};\n\n// =============================================================================\n// ACTIONS - Data Loss Prevention (DLP)\n// =============================================================================\n\n// Transfer data (for DLP policies)\n// Context: data_classification, destination_type, transfer_size_bytes,\n// contains_pii, pii_types, is_encrypted\naction transfer_data appliesTo {\n principal: [User, Agent, Service],\n resource: [Resource],\n};\n\n// Export data (for DLP policies)\n// Context: export_format, data_classification, destination_type, is_encrypted\naction export_data appliesTo {\n principal: [User, Agent, Service],\n resource: [Resource],\n};\n\n// =============================================================================\n// CONTEXT ATTRIBUTES REFERENCE (Documentation Only)\n// =============================================================================\n// Cedar context is dynamic and not enforced by schema, but these are the\n// standard attributes used across Highflame services:\n//\n// -----------------------------------------------------------------------------\n// GUARDRAILS/CORE\n// -----------------------------------------------------------------------------\n// tool_name: String - Name of tool being called\n// resource_name: String - Name of resource being accessed\n// prompt_name: String - Name of prompt\n// prompt_text: String - Raw prompt text (for injection detection)\n// response_size_mb: Long - Response size in megabytes\n// yara_threats: Set<String> - Set of detected YARA threat names\n// threat_count: Long - Number of threats detected\n// max_threat_severity: Long - Highest severity (0=INFO, 4=CRITICAL)\n// user_type: String - \"external\" or \"internal\"\n// monitoring_enabled: Bool - Whether monitoring is active\n// path: String - File path\n// hostname: String - HTTP hostname\n// ip_address: String - IP address (for SSRF detection)\n// scheme: String - HTTP scheme\n// port: Long - Port number\n//\n// -----------------------------------------------------------------------------\n// MODEL INVOCATION\n// -----------------------------------------------------------------------------\n// model_name: String - Name of the model (e.g., \"gpt-4\", \"claude-3-opus\")\n// model_provider: String - Provider name (e.g., \"openai\", \"anthropic\", \"google\", \"azure\", \"bedrock\")\n// is_preview_model: Bool - Whether model is in preview/beta\n// estimated_tokens: Long - Estimated input + output tokens\n// max_tokens: Long - Maximum tokens allowed for response\n// temperature: Long - Temperature setting (scaled by 100, e.g., 70 = 0.7)\n// top_p: Long - Top-p sampling (scaled by 100)\n// is_streaming: Bool - Whether response is streamed\n//\n// -----------------------------------------------------------------------------\n// CONTENT FILTERING\n// -----------------------------------------------------------------------------\n// content_type: String - Type of content (\"text\", \"code\", \"image\", \"audio\", \"video\")\n// content_category: String - Category (\"general\", \"adult\", \"violence\", \"hate\", etc.)\n// content_score: Long - Content risk score (0-100)\n// injection_score: Long - Prompt injection detection score (0-100)\n// jailbreak_score: Long - Jailbreak attempt detection score (0-100)\n// contains_pii: Bool - Whether content contains PII\n// pii_types: Set<String> - Types of PII detected (\"email\", \"phone\", \"ssn\", \"credit_card\", etc.)\n// language: String - Detected language code (e.g., \"en\", \"es\", \"zh\")\n// is_harmful: Bool - Whether content is harmful\n// harm_categories: Set<String> - Categories of harm (\"violence\", \"hate\", \"self_harm\", \"sexual\", etc.)\n// filter_action: String - Action to take (\"inspect\", \"mask\", \"redact\", \"replace\", \"anonymize\", \"reject\")\n// csam_detected: Bool - Whether CSAM was detected\n// hallucination_score: Long - Hallucination detection score (0-100)\n//\n// -----------------------------------------------------------------------------\n// RATE LIMITING\n// -----------------------------------------------------------------------------\n// concurrent_calls: Long - Current number of concurrent calls\n// requests_per_minute: Long - Current requests per minute\n// tokens_per_minute: Long - Current tokens per minute\n// rate_limit_bucket: String - Rate limit bucket identifier\n// is_rate_limited: Bool - Whether rate limit is exceeded\n//\n// -----------------------------------------------------------------------------\n// GIT OPERATIONS\n// -----------------------------------------------------------------------------\n// git_op: String - Type of git operation (\"clone\", \"commit\", \"push\", \"pull\", etc.)\n// target_branch: String - Target branch name\n// source_branch: String - Source branch name\n// is_force_push: Bool - Whether this is a force push\n// is_protected_branch: Bool - Whether target is a protected branch\n// changed_files_count: Long - Number of files changed\n// commit_message: String - Commit message text\n// remote_url: String - Remote repository URL\n// is_shallow: Bool - Whether clone is shallow\n// depth: Long - Clone depth for shallow clones\n// is_amend: Bool - Whether commit is an amend\n// merge_strategy: String - Merge strategy (\"merge\", \"rebase\", \"squash\")\n// is_hard_reset: Bool - Whether reset is hard (destructive)\n// reset_mode: String - Reset mode (\"soft\", \"mixed\", \"hard\")\n// is_interactive: Bool - Whether operation is interactive\n//\n// -----------------------------------------------------------------------------\n// CODE EXECUTION\n// -----------------------------------------------------------------------------\n// code_language: String - Programming language (\"python\", \"javascript\", \"go\", etc.)\n// is_sandboxed: Bool - Whether code runs in a sandbox\n// code_size_bytes: Long - Size of code in bytes\n// has_network_access: Bool - Whether code has network access\n// has_filesystem_access: Bool - Whether code has filesystem access\n// execution_timeout_ms: Long - Execution timeout in milliseconds\n// test_framework: String - Test framework being used\n// test_count: Long - Number of tests being run\n// build_tool: String - Build tool being used\n//\n// -----------------------------------------------------------------------------\n// AGENT ORCHESTRATION\n// -----------------------------------------------------------------------------\n// delegation_depth: Long - Current delegation nesting depth\n// parent_agent_id: String - ID of parent agent (if delegated)\n// task_type: String - Type of task being performed\n// is_autonomous: Bool - Whether agent is operating autonomously\n// session_id: String - Agent session identifier\n// process_name: String - Name of subprocess being spawned\n//\n// -----------------------------------------------------------------------------\n// MEMORY/RAG\n// -----------------------------------------------------------------------------\n// memory_type: String - Type of memory (\"short_term\", \"long_term\", \"rag\", \"vector_store\")\n// memory_operation: String - Operation being performed (\"read\", \"write\", \"delete\", \"search\")\n// memory_is_sensitive: Bool - Whether memory contains sensitive data\n//\n// -----------------------------------------------------------------------------\n// DATA LOSS PREVENTION (DLP)\n// -----------------------------------------------------------------------------\n// data_classification: String - Classification level (\"public\", \"internal\", \"confidential\", \"restricted\")\n// destination_type: String - Where data is going (\"internal\", \"external\", \"cloud\", \"email\")\n// transfer_size_bytes: Long - Size of data being transferred\n// is_encrypted: Bool - Whether data is encrypted\n// export_format: String - Format of exported data (\"json\", \"csv\", \"pdf\", etc.)\n//\n// -----------------------------------------------------------------------------\n// PALISADE/ML\n// -----------------------------------------------------------------------------\n// environment: String - \"production\", \"development\", \"research\"\n// artifact_format: String - \"pickle\", \"safetensors\", \"gguf\", \"onnx\"\n// artifact_signed: Bool - Whether artifact has signature\n// severity: String - \"CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\", \"INFO\"\n// finding_type: String - Type of security finding\n// provenance_signer: String - Who signed (\"unknown\", \"unsigned\", or name)\n// pickle_exec_path_detected: Bool - RCE path found in pickle\n// metadata_malicious_pattern: Bool - Malicious pattern in metadata\n// tokenizer_added_tokens_count: Long - Number of added tokens\n// safetensors_integrity_violation: Bool - Safetensors integrity failed\n// gguf_suspicious_metadata: Bool - Suspicious GGUF metadata\n// adapter_base_digest_mismatch: Bool - LoRA adapter digest mismatch\n// metadata_cosai_level_numeric: Long - CoSAI maturity level (0-5)\n//\n";
|
|
5
|
+
export declare const CEDAR_SCHEMA = "// Highflame Cedar Schema - Entity and Action Definitions\n// =======================================================\n// This file defines all entity types and actions used across Highflame services.\n// Used for code generation (EntityType and ActionType constants).\n//\n// For policy validation, use service-specific schemas:\n// - schemas/overwatch/schema.cedarschema (Guardian IDE security)\n// - schemas/palisade/schema.cedarschema (ML supply chain security)\n\nnamespace Highflame {\n\n// =============================================================================\n// ENTITIES\n// =============================================================================\n\nentity User {\n user_type: String,\n};\n\nentity Agent {\n agent_type: String,\n};\n\nentity Scanner {\n scanner_type: String,\n};\n\nentity Service {\n service_type: String,\n};\n\nentity Resource {};\n\nentity LlmPrompt {\n prompt_type: String,\n};\n\nentity ResponseData {};\n\nentity Tool {\n tool_name: String,\n};\n\nentity FilePath {\n path: String,\n};\n\nentity HttpEndpoint {\n hostname: String,\n};\n\nentity Server {\n server_name: String,\n};\n\nentity Artifact {\n artifact_format: String,\n};\n\nentity Repository {\n repo_url: String,\n};\n\nentity Package {\n package_name: String,\n};\n\nentity GitBranch {\n branch_name: String,\n};\n\nentity Model {\n model_name: String,\n};\n\nentity ExternalAPI {\n api_name: String,\n};\n\nentity Memory {\n memory_type: String,\n};\n\n// =============================================================================\n// ACTIONS\n// =============================================================================\n\naction process_prompt;\naction process_response;\naction invoke_model;\naction filter_content;\naction call_tool;\naction connect_server;\naction access_server_resource;\naction skip_guardrails;\naction read_file;\naction write_file;\naction delete_file;\naction http_request;\naction call_external_api;\naction execute_code;\naction run_tests;\naction run_build;\naction git_operation;\naction git_clone;\naction git_commit;\naction git_push;\naction git_pull;\naction git_merge;\naction git_checkout;\naction git_reset;\naction git_rebase;\naction delegate_task;\naction spawn_subprocess;\naction access_memory;\naction scan_target;\naction scan_package;\naction scan_artifact;\naction validate_integrity;\naction validate_provenance;\naction quarantine_artifact;\naction load_model;\naction deploy_model;\naction transfer_data;\naction export_data;\n}\n";
|
|
6
6
|
//# sourceMappingURL=schema.gen.d.ts.map
|
package/dist/schema.gen.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"schema.gen.d.ts","sourceRoot":"","sources":["../src/schema.gen.ts"],"names":[],"mappings":"AAGA;;;GAGG;AACH,eAAO,MAAM,YAAY,
|
|
1
|
+
{"version":3,"file":"schema.gen.d.ts","sourceRoot":"","sources":["../src/schema.gen.ts"],"names":[],"mappings":"AAGA;;;GAGG;AACH,eAAO,MAAM,YAAY,y/EA8HxB,CAAC"}
|