@lannguyensi/harness 0.13.0 → 0.15.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +55 -0
- package/README.md +11 -1
- package/dist/cli/approve/understanding.d.ts +15 -0
- package/dist/cli/approve/understanding.js +26 -6
- package/dist/cli/approve/understanding.js.map +1 -1
- package/dist/cli/explain.js +11 -1
- package/dist/cli/explain.js.map +1 -1
- package/dist/cli/index.js +9 -2
- package/dist/cli/index.js.map +1 -1
- package/dist/cli/init/composer.d.ts +29 -0
- package/dist/cli/init/composer.js +377 -0
- package/dist/cli/init/composer.js.map +1 -0
- package/dist/cli/init/dependencies.d.ts +25 -0
- package/dist/cli/init/dependencies.js +100 -10
- package/dist/cli/init/dependencies.js.map +1 -1
- package/dist/cli/init/index.d.ts +18 -1
- package/dist/cli/init/index.js +17 -7
- package/dist/cli/init/index.js.map +1 -1
- package/dist/cli/init/interactive.d.ts +31 -2
- package/dist/cli/init/interactive.js +321 -79
- package/dist/cli/init/interactive.js.map +1 -1
- package/dist/cli/init/templates.d.ts +1 -1
- package/dist/cli/init/templates.js +60 -9
- package/dist/cli/init/templates.js.map +1 -1
- package/dist/cli/pack/hook-codex-pre-tool-use.d.ts +2 -0
- package/dist/cli/pack/hook-codex-pre-tool-use.js +35 -9
- package/dist/cli/pack/hook-codex-pre-tool-use.js.map +1 -1
- package/dist/cli/pack/hook-pre-tool-use.d.ts +1 -1
- package/dist/cli/pack/hook-pre-tool-use.js +80 -25
- package/dist/cli/pack/hook-pre-tool-use.js.map +1 -1
- package/dist/cli/validate/checks.d.ts +1 -1
- package/dist/cli/validate/checks.js +1 -7
- package/dist/cli/validate/checks.js.map +1 -1
- package/dist/io/harness-lock.js +1 -9
- package/dist/io/harness-lock.js.map +1 -1
- package/dist/policies/index.d.ts +1 -1
- package/dist/policies/index.js +1 -1
- package/dist/policies/index.js.map +1 -1
- package/dist/policies/ledger-client.js +3 -9
- package/dist/policies/ledger-client.js.map +1 -1
- package/dist/policies/producers.d.ts +12 -0
- package/dist/policies/producers.js +61 -0
- package/dist/policies/producers.js.map +1 -0
- package/dist/policies/requires.d.ts +23 -0
- package/dist/policies/requires.js +39 -0
- package/dist/policies/requires.js.map +1 -1
- package/dist/policy-packs/builtin/understanding-before-execution-runtime.d.ts +44 -6
- package/dist/policy-packs/builtin/understanding-before-execution-runtime.js +126 -10
- package/dist/policy-packs/builtin/understanding-before-execution-runtime.js.map +1 -1
- package/dist/runtime/expand-home.d.ts +14 -0
- package/dist/runtime/expand-home.js +54 -0
- package/dist/runtime/expand-home.js.map +1 -0
- package/dist/runtime/intercept.d.ts +8 -0
- package/dist/runtime/intercept.js +24 -1
- package/dist/runtime/intercept.js.map +1 -1
- package/dist/runtime/ledger-add.js +10 -3
- package/dist/runtime/ledger-add.js.map +1 -1
- package/dist/runtime/ledger-record.js +11 -10
- package/dist/runtime/ledger-record.js.map +1 -1
- package/dist/schema/index.d.ts +281 -101
- package/dist/schema/permission-profiles.d.ts +125 -125
- package/dist/schema/policies.d.ts +261 -0
- package/dist/schema/policies.js +50 -0
- package/dist/schema/policies.js.map +1 -1
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"harness-lock.js","sourceRoot":"","sources":["../../src/io/harness-lock.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAC9E,uEAAuE;AACvE,EAAE;AACF,oEAAoE;AACpE,6CAA6C;AAC7C,iEAAiE;AACjE,EAAE;AACF,0EAA0E;AAC1E,kEAAkE;AAClE,4EAA4E;AAC5E,4EAA4E;AAC5E,2EAA2E;AAC3E,mDAAmD;AACnD,2EAA2E;AAC3E,sBAAsB;AACtB,EAAE;AACF,8EAA8E;AAC9E,0EAA0E;AAC1E,6EAA6E;AAC7E,wEAAwE;AACxE,kCAAkC;AAClC,EAAE;AACF,6EAA6E;AAC7E,uEAAuE;AACvE,4EAA4E;AAC5E,kDAAkD;AAElD,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AACtC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,
|
|
1
|
+
{"version":3,"file":"harness-lock.js","sourceRoot":"","sources":["../../src/io/harness-lock.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAC9E,uEAAuE;AACvE,EAAE;AACF,oEAAoE;AACpE,6CAA6C;AAC7C,iEAAiE;AACjE,EAAE;AACF,0EAA0E;AAC1E,kEAAkE;AAClE,4EAA4E;AAC5E,4EAA4E;AAC5E,2EAA2E;AAC3E,mDAAmD;AACnD,2EAA2E;AAC3E,sBAAsB;AACtB,EAAE;AACF,8EAA8E;AAC9E,0EAA0E;AAC1E,6EAA6E;AAC7E,wEAAwE;AACxE,kCAAkC;AAClC,EAAE;AACF,6EAA6E;AAC7E,uEAAuE;AACvE,4EAA4E;AAC5E,kDAAkD;AAElD,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AACtC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAEvD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AA6BpD,MAAM,CAAC,MAAM,aAAa,GAAG,cAAc,CAAC;AAE5C,SAAS,SAAS,CAAC,KAAsB;IACvC,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACjE,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,YAAoB;IACpD,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;IAC1C,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;AACvE,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,eAAuB;IAC3D,oEAAoE;IACpE,sEAAsE;IACtE,mDAAmD;IACnD,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,eAAe,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IACzE,MAAM,KAAK,GAAG,OAAO;SAClB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;SACnD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;SAClB,IAAI,EAAE,CAAC;IACV,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QAC5B,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC,CAAC;QAC3D,OAAO,GAAG,CAAC,IAAI,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;IAClC,CAAC,CAAC,CAAC;IACH,OAAO;QACL,IAAI,EAAE,YAAY;QAClB,IAAI,EAAE,eAAe;QACrB,MAAM,EAAE,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnC,UAAU,EAAE,KAAK,CAAC,MAAM;KACzB,CAAC;AACJ,CAAC;AAED,SAAS,OAAO,CAAC,CAAY;IAC3B,OAAO,GAAG,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC;AAChC,CAAC;AAED,SAAS,WAAW,CAAC,CAAS,EAAE,CAAS;IACvC,oEAAoE;IACpE,kEAAkE;IAClE,yEAAyE;IACzE,wEAAwE;IACxE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACpC,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,OAAoB;IAChD,MAAM,MAAM,GAAG,CAAC,GAAG,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAChF,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IACnC,OAAO,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;AAChE,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,OAAe;IACvC,MAAM,GAAG,GAAgB,EAAE,CAAC;IAC5B,KAAK,MAAM,OAAO,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,IAAI;YAAE,SAAS;QACpB,IAAI,MAAe,CAAC;QACpB,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC5B,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CAAC,aAAa,aAAa,WAAW,IAAI,EAAE,CAAC,CAAC;QAC/D,CAAC;QACD,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,aAAa,aAAa,WAAW,IAAI,EAAE,CAAC,CAAC;QAC/D,CAAC;QACD,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACnB,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,WAAW,CAAC,CAAU;IAC7B,IAAI,CAAC,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC9C,MAAM,CAAC,GAAG,CAA4B,CAAC;IACvC,IAAI,CAAC,CAAC,IAAI,KAAK,OAAO,IAAI,CAAC,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC9C,OAAO,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,IAAI,OAAO,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC;IACpE,CAAC;IACD,IAAI,CAAC,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAC5B,OAAO,CACL,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ;YAC1B,OAAO,CAAC,CAAC,MAAM,KAAK,QAAQ;YAC5B,OAAO,CAAC,CAAC,UAAU,KAAK,QAAQ,CACjC,CAAC;IACJ,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,QAAgB,EAAE,OAAoB;IAC9D,eAAe,CAAC,QAAQ,EAAE,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC;AACpD,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,QAAgB;IACvC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IAC1C,OAAO,SAAS,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;AACtD,CAAC;AAUD,MAAM,UAAU,YAAY,CAAC,OAAoB;IAC/C,MAAM,OAAO,GAAmB,EAAE,CAAC;IACnC,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,IAAI,IAAI,GAAoB,IAAI,CAAC;QACjC,IAAI,CAAC;YACH,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAC7B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;YAC9C,SAAS;QACX,CAAC;QACD,IAAI,CAAC,CAAC,IAAI,KAAK,OAAO,IAAI,CAAC,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC9C,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;gBACnB,OAAO,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;gBAC9C,SAAS;YACX,CAAC;YACD,MAAM,OAAO,GAAG,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAC1C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC;gBAChC,OAAO,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;YAC7E,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxB,OAAO,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;gBAC9C,SAAS;YACX,CAAC;YACD,MAAM,OAAO,GAAG,qBAAqB,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAC9C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC;gBAChC,OAAO,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;YAC7E,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAOD,wEAAwE;AACxE,4EAA4E;AAC5E,8EAA8E;AAC9E,0CAA0C;AAC1C,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC;IACjC,MAAM;IACN,KAAK;IACL,QAAQ;IACR,SAAS;IACT,MAAM;IACN,IAAI;IACJ,KAAK;IACL,MAAM;IACN,KAAK;CACN,CAAC,CAAC;AAEH,SAAS,aAAa,CAAC,KAAa;IAClC,OAAO,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;AACtD,CAAC;AAED,MAAM,UAAU,yBAAyB,CACvC,QAAkB,EAClB,OAAyB,EAAE;IAE3B,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,MAAM,QAAQ,GAAG,CAAC,CAAS,EAAE,EAAE;QAC7B,IAAI,aAAa,CAAC,CAAC,CAAC;YAAE,OAAO;QAC7B,MAAM,QAAQ,GAAG,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QAC7C,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;YAAE,OAAO;QACvC,IAAI,aAAa,CAAC,QAAQ,CAAC;YAAE,OAAO;QACpC,IAAI,MAAM,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC;YACH,MAAM,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;QACT,CAAC;QACD,IAAI,CAAC,MAAM;YAAE,OAAO;QACpB,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC;YAAE,OAAO;QAC/B,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACnB,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACrB,CAAC,CAAC;IAEF,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;QAC/B,MAAM,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC7C,IAAI,GAAG;YAAE,QAAQ,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;QACnC,IAAI,CAAC,CAAC,OAAO,KAAK,KAAK;YAAE,SAAS;QAClC,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC3E,KAAK,MAAM,CAAC,IAAI,IAAI;YAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;IACpC,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,CAAC,MAAM,IAAI,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,KAAK,KAAK,EAAE,CAAC;QACvE,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO;YAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC9D,CAAC;IAED,KAAK,MAAM,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACtD,KAAK,MAAM,GAAG,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YACpD,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;YAClF,IAAI,CAAC;gBACH,IAAI,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC;oBACpC,QAAQ,CAAC,SAAS,CAAC,CAAC;oBACpB,MAAM;gBACR,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,sBAAsB;YACxB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,QAAkB,EAClB,OAAyB,EAAE;IAE3B,MAAM,OAAO,GAAgB,EAAE,CAAC;IAEhC,KAAK,MAAM,OAAO,IAAI,yBAAyB,CAAC,QAAQ,EAAE,IAAI,CAAC,EAAE,CAAC;QAChE,OAAO,CAAC,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC,CAAC;IAC3C,CAAC;IAED,KAAK,MAAM,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;QAC9C,IAAI,QAAQ,GAAG,UAAU,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACnC,IAAI,CAAC,IAAI,CAAC,WAAW;gBAAE,SAAS;YAChC,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAChE,CAAC;QACD,IAAI,KAAK,GAAG,KAAK,CAAC;QAClB,IAAI,CAAC;YACH,KAAK,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;QAC9C,CAAC;QAAC,MAAM,CAAC;YACP,oBAAoB;QACtB,CAAC;QACD,IAAI,CAAC,KAAK;YAAE,SAAS;QACrB,OAAO,CAAC,IAAI,CAAC,qBAAqB,CAAC,QAAQ,CAAC,CAAC,CAAC;IAChD,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}
|
package/dist/policies/index.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export { evaluateRequires, RequiresEvaluationError, type EvaluateRequiresOptions, type LedgerEntry, type RequiresEvaluation, type RequiresTrace, } from "./requires.js";
|
|
1
|
+
export { buildRecordHint, evaluateRequires, RequiresEvaluationError, type EvaluateRequiresOptions, type LedgerEntry, type RequiresEvaluation, type RequiresTrace, } from "./requires.js";
|
|
2
2
|
export { parseDurationSeconds, InvalidDurationError } from "./duration.js";
|
|
3
3
|
export { parseLedgerTimestamp } from "./timestamp.js";
|
|
4
4
|
export { queryLedgerByTag, type LedgerClientOptions, type LedgerQueryResult, type QueryLedgerOptions, } from "./ledger-client.js";
|
package/dist/policies/index.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export { evaluateRequires, RequiresEvaluationError, } from "./requires.js";
|
|
1
|
+
export { buildRecordHint, evaluateRequires, RequiresEvaluationError, } from "./requires.js";
|
|
2
2
|
export { parseDurationSeconds, InvalidDurationError } from "./duration.js";
|
|
3
3
|
export { parseLedgerTimestamp } from "./timestamp.js";
|
|
4
4
|
export { queryLedgerByTag, } from "./ledger-client.js";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/policies/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,gBAAgB,EAChB,uBAAuB,GAKxB,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AAC3E,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AACtD,OAAO,EACL,gBAAgB,GAIjB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,sBAAsB,EACtB,sBAAsB,EACtB,eAAe,EACf,kBAAkB,EAClB,mBAAmB,GASpB,MAAM,cAAc,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/policies/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,eAAe,EACf,gBAAgB,EAChB,uBAAuB,GAKxB,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AAC3E,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AACtD,OAAO,EACL,gBAAgB,GAIjB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,sBAAsB,EACtB,sBAAsB,EACtB,eAAe,EACf,kBAAkB,EAClB,mBAAmB,GASpB,MAAM,cAAc,CAAC"}
|
|
@@ -9,16 +9,10 @@
|
|
|
9
9
|
// evidence ledger is unreachable, policy evaluation defaults to
|
|
10
10
|
// enforcement: warn-equivalent behaviour".
|
|
11
11
|
import { spawn } from "node:child_process";
|
|
12
|
+
import { expandHome } from "../runtime/expand-home.js";
|
|
12
13
|
import { POLICY_DECISION_TYPE } from "../runtime/ledger-record.js";
|
|
13
14
|
import { VERSION } from "../version.js";
|
|
14
15
|
const DEFAULT_TIMEOUT_MS = 5_000;
|
|
15
|
-
function expandHomePath(p) {
|
|
16
|
-
if (p === "~")
|
|
17
|
-
return process.env.HOME ?? "";
|
|
18
|
-
if (p.startsWith("~/"))
|
|
19
|
-
return `${process.env.HOME ?? ""}/${p.slice(2)}`;
|
|
20
|
-
return p;
|
|
21
|
-
}
|
|
22
16
|
function normaliseEntry(raw, bucketType) {
|
|
23
17
|
if (raw.id === undefined || raw.id === null)
|
|
24
18
|
return null;
|
|
@@ -90,8 +84,8 @@ function startSubprocess(opts) {
|
|
|
90
84
|
if (!list || list.length === 0) {
|
|
91
85
|
return { ok: false, reason: "grounding-mcp command is empty" };
|
|
92
86
|
}
|
|
93
|
-
const exe =
|
|
94
|
-
const args = list.slice(1).map(
|
|
87
|
+
const exe = expandHome(list[0]);
|
|
88
|
+
const args = list.slice(1).map((p) => expandHome(p));
|
|
95
89
|
const timeoutMs = opts.timeoutMs ?? DEFAULT_TIMEOUT_MS;
|
|
96
90
|
let child;
|
|
97
91
|
try {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ledger-client.js","sourceRoot":"","sources":["../../src/policies/ledger-client.ts"],"names":[],"mappings":"AAAA,6CAA6C;AAC7C,EAAE;AACF,oEAAoE;AACpE,uEAAuE;AACvE,gEAAgE;AAChE,0DAA0D;AAC1D,0EAA0E;AAC1E,wEAAwE;AACxE,gEAAgE;AAChE,2CAA2C;AAE3C,OAAO,EAAE,KAAK,EAAuC,MAAM,oBAAoB,CAAC;AAEhF,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAExC,MAAM,kBAAkB,GAAG,KAAK,CAAC;AAiDjC,SAAS,cAAc,CAAC,CAAS;IAC/B,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC;IAC7C,IAAI,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;IACzE,OAAO,CAAC,CAAC;AACX,CAAC;AAWD,SAAS,cAAc,CACrB,GAAmB,EACnB,UAAmB;IAEnB,IAAI,GAAG,CAAC,EAAE,KAAK,SAAS,IAAI,GAAG,CAAC,EAAE,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACzD,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACjD,MAAM,SAAS,GACb,OAAO,GAAG,CAAC,SAAS,KAAK,QAAQ;QAC/B,CAAC,CAAC,GAAG,CAAC,SAAS;QACf,CAAC,CAAC,OAAO,GAAG,CAAC,UAAU,KAAK,QAAQ;YAClC,CAAC,CAAC,GAAG,CAAC,UAAU;YAChB,CAAC,CAAC,SAAS,CAAC;IAClB,IAAI,SAAS,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IACzC,kEAAkE;IAClE,kEAAkE;IAClE,2CAA2C;IAC3C,MAAM,IAAI,GACR,UAAU,IAAI,CAAC,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IACtE,OAAO;QACL,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;QAClB,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,MAAM,EAAE,OAAO,GAAG,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;QAC/D,SAAS;QACT,GAAG,CAAC,IAAI,KAAK,SAAS,IAAI,EAAE,IAAI,EAAE,CAAC;KACpC,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,cAAc,GAA2B;IAC7C,KAAK,EAAE,MAAM;IACb,UAAU,EAAE,YAAY;IACxB,QAAQ,EAAE,UAAU;IACpB,QAAQ,EAAE,SAAS;IACnB,eAAe,EAAE,oBAAoB;CACtC,CAAC;AAEF,SAAS,cAAc,CAAC,OAAgB;IACtC,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACzD,MAAM,IAAI,GAAG,OAAgC,CAAC;IAC9C,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;IAC7B,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACtE,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,OAAO,GAAG,OAAkC,CAAC;IACnD,MAAM,GAAG,GAAkB,EAAE,CAAC;IAC9B,KAAK,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;QAC/D,MAAM,GAAG,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;QAC/B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;YAAE,SAAS;QAClC,KAAK,MAAM,GAAG,IAAI,GAAG,EAAE,CAAC;YACtB,MAAM,IAAI,GAAG,cAAc,CAAC,GAAqB,EAAE,IAAI,CAAC,CAAC;YACzD,IAAI,IAAI;gBAAE,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAoBD,SAAS,eAAe,CACtB,IAAyB;IAEzB,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC;IAC7B,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,gCAAgC,EAAE,CAAC;IACjE,CAAC;IACD,MAAM,GAAG,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC,CAAE,CAAC,CAAC;IACrC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAC/C,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,kBAAkB,CAAC;IAEvD,IAAI,KAAqC,CAAC;IAC1C,IAAI,CAAC;QACH,KAAK,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE;YACvB,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE;YAC/C,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,+BAAgC,GAAa,CAAC,OAAO,EAAE;SAChE,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;IAChC,IAAI,SAAS,GAAG,EAAE,CAAC;IACnB,IAAI,aAAa,GAAG,KAAK,CAAC;IAC1B,IAAI,aAAa,GAAG,KAAK,CAAC;IAC1B,IAAI,QAAQ,GAAkB,IAAI,CAAC;IACnC,IAAI,UAAU,GAA0B,IAAI,CAAC;IAC7C,MAAM,OAAO,GAAG,IAAI,GAAG,EAA2B,CAAC;IACnD,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAC;IAEzC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;QACxC,SAAS,CAAC,KAAK,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IACH,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;QAC3B,yDAAyD;IAC3D,CAAC,CAAC,CAAC;IACH,IAAI,UAAU,GAAiB,IAAI,CAAC;IACpC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;QAC/B,sEAAsE;QACtE,0EAA0E;QAC1E,0EAA0E;QAC1E,wBAAwB;QACxB,UAAU,GAAG,GAAG,CAAC;QACjB,aAAa,GAAG,IAAI,CAAC;QACrB,aAAa,GAAG,IAAI,CAAC;IACvB,CAAC,CAAC,CAAC;IACH,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE;QAChC,aAAa,GAAG,IAAI,CAAC;QACrB,QAAQ,GAAG,IAAI,CAAC;QAChB,UAAU,GAAG,MAAM,CAAC;IACtB,CAAC,CAAC,CAAC;IACH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;QACrB,qEAAqE;QACrE,mEAAmE;QACnE,0EAA0E;QAC1E,aAAa,GAAG,IAAI,CAAC;IACvB,CAAC,CAAC,CAAC;IACH,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;QACxC,SAAS,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACpC,IAAI,EAAE,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACjC,OAAO,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC;YACjB,MAAM,IAAI,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;YAC3C,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YACpC,IAAI,IAAI,EAAE,CAAC;gBACT,IAAI,CAAC;oBACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAoB,CAAC;oBAChD,IAAI,OAAO,GAAG,CAAC,EAAE,KAAK,QAAQ,EAAE,CAAC;wBAC/B,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;wBACpC,IAAI,OAAO,EAAE,CAAC;4BACZ,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;4BACvB,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;wBACvB,CAAC;oBACH,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,2BAA2B;gBAC7B,CAAC;YACH,CAAC;YACD,EAAE,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,WAAW,GAAG,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,EAAE;QAClD,IAAI,aAAa,EAAE,CAAC;YAClB,OAAO,CAAC,MAAM,CAAC,CAAC;YAChB,OAAO;QACT,CAAC;QACD,MAAM,IAAI,GAAG,GAAS,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACzC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEH,SAAS,cAAc;QACrB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,MAAM,CAAC,GAAG,UAAU,CAAC,GAAG,EAAE;gBACxB,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;gBACjB,OAAO,CAAC,SAAS,CAAC,CAAC;YACrB,CAAC,EAAE,SAAS,CAAC,CAAC;YACd,CAAC,CAAC,KAAK,EAAE,CAAC;YACV,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAChB,CAAC,CAAC,CAAC;IACL,CAAC;IAED,SAAS,IAAI,CACX,EAAU,EACV,MAAc,EACd,MAA+B;QAE/B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;YACjC,IAAI,CAAC;gBACH,IAAI,CAAC,aAAa,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,SAAS,IAAI,KAAK,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;oBACrE,KAAK,CAAC,KAAK,CAAC,KAAK,CACf,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,IAAI,CAC9D,CAAC;gBACJ,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,kEAAkE;YACpE,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED,SAAS,IAAI,CACX,EAAU,EACV,MAAc,EACd,MAA+B;QAE/B,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,WAAW,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC;IACjF,CAAC;IAED,SAAS,MAAM,CAAC,MAAc,EAAE,SAAkC,EAAE;QAClE,IAAI,CAAC;YACH,IAAI,CAAC,aAAa,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,SAAS,IAAI,KAAK,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;gBACrE,KAAK,CAAC,KAAK,CAAC,KAAK,CACf,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,IAAI,CAC1D,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,iBAAiB;QACnB,CAAC;IACH,CAAC;IAED,SAAS,OAAO;QACd,KAAK,MAAM,CAAC,IAAI,MAAM;YAAE,YAAY,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,CAAC,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,aAAa;YAAE,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC5C,CAAC;IAED,OAAO;QACL,EAAE,EAAE,IAAI;QACR,GAAG,EAAE;YACH,KAAK;YACL,SAAS;YACT,OAAO;YACP,IAAI;YACJ,MAAM;YACN,MAAM,EAAE,GAAG,EAAE,CAAC,aAAa;YAC3B,QAAQ,EAAE,GAAG,EAAE,CAAC,QAAQ;YACxB,UAAU,EAAE,GAAG,EAAE,CAAC,UAAU;YAC5B,UAAU,EAAE,GAAG,EAAE,CAAC,UAAU;YAC5B,OAAO;SACR;KACF,CAAC;AACJ,CAAC;AAED;;;;;;;;;;GAUG;AACH,KAAK,UAAU,uBAAuB,CACpC,GAAe,EACf,UAAkB;IAElB,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC;IACxC,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,EAAE,YAAY,EAAE,EAAE,CAAC,CAAC;IACnD,IAAI,MAAM,KAAK,MAAM,IAAI,MAAM,KAAK,SAAS;QAAE,OAAO,QAAQ,CAAC;IAC/D,IAAI,MAAM,CAAC,KAAK;QAAE,OAAO,QAAQ,CAAC;IAClC,MAAM,CAAC,GAAG,MAAM,CAAC,MAAyC,CAAC;IAC3D,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC;QAAE,OAAO,QAAQ,CAAC;IACnD,KAAK,MAAM,IAAI,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;QAC3B,MAAM,CAAC,GAAG,IAAiD,CAAC;QAC5D,IAAI,CAAC,CAAC,IAAI,KAAK,gBAAgB;YAAE,SAAS;QAC1C,MAAM,MAAM,GAAG,CAAC,CAAC,WAAmD,CAAC;QACrE,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;YAC3E,OAAO,QAAQ,CAAC;QAClB,CAAC;QACD,OAAO,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,UAAqC,CAAC,CAAC,CAAC;IAC5E,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,cAAc,CAAC,GAAe;IACrC,MAAM,GAAG,GAAG,GAAG,CAAC,UAAU,EAAE,CAAC;IAC7B,IAAI,GAAG;QAAE,OAAO,iBAAiB,GAAG,CAAC,OAAO,EAAE,CAAC;IAC/C,MAAM,IAAI,GAAG,GAAG,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,IAAI,EAAE,IAAI,aAAa,CAAC;IACnF,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;IAC5B,MAAM,GAAG,GAAG,GAAG,CAAC,UAAU,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAI,KAAK,IAAI,CAAC,CAAC,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,GAAG,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC;IACjF,OAAO,GAAG,MAAM,KAAK,IAAI,EAAE,CAAC;AAC9B,CAAC;AAED,SAAS,kBAAkB,CAAC,MAAe;IACzC,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACvD,MAAM,CAAC,GAAG,MAA4D,CAAC;IACvE,IAAI,CAAC,CAAC,iBAAiB,IAAI,OAAO,CAAC,CAAC,iBAAiB,KAAK,QAAQ,EAAE,CAAC;QACnE,OAAO,CAAC,CAAC,iBAAiB,CAAC;IAC7B,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,KAAK,MAAM,KAAK,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;YAC9B,MAAM,CAAC,GAAG,KAA2C,CAAC;YACtD,IAAI,CAAC,CAAC,IAAI,KAAK,MAAM,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACpD,IAAI,CAAC;oBACH,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;gBAC5B,CAAC;gBAAC,MAAM,CAAC;oBACP,4BAA4B;gBAC9B,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,IAAwB;IAExB,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,kBAAkB,CAAC;IACvD,MAAM,KAAK,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IACpC,IAAI,CAAC,KAAK,CAAC,EAAE;QAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC;IAEjE,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC;IACtB,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,EAAE,YAAY,EAAE;YACjD,eAAe,EAAE,YAAY;YAC7B,YAAY,EAAE,EAAE;YAChB,UAAU,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,OAAO,EAAE;SAC3D,CAAC,CAAC;QACH,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;YAC1B,OAAO;gBACL,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,iBAAiB,cAAc,CAAC,GAAG,CAAC,EAAE;aAC/C,CAAC;QACJ,CAAC;QACD,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YAC7B,OAAO;gBACL,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,+BAA+B,SAAS,IAAI;aACrD,CAAC;QACJ,CAAC;QACD,IAAI,UAAU,CAAC,KAAK,EAAE,CAAC;YACrB,OAAO;gBACL,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,mCACN,UAAU,CAAC,KAAK,CAAC,OAAO,IAAI,SAC9B,EAAE;aACH,CAAC;QACJ,CAAC;QAED,GAAG,CAAC,MAAM,CAAC,2BAA2B,CAAC,CAAC;QAExC,kEAAkE;QAClE,oEAAoE;QACpE,gEAAgE;QAChE,kEAAkE;QAClE,kEAAkE;QAClE,6BAA6B;QAC7B,MAAM,WAAW,GACf,IAAI,CAAC,QAAQ,KAAK,SAAS,IAAI,IAAI,CAAC,aAAa,KAAK,SAAS,CAAC;QAClE,MAAM,aAAa,GAAG,WAAW;YAC/B,CAAC,CAAC,MAAM,uBAAuB,CAAC,GAAG,EAAE,SAAS,CAAC;YAC/C,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC;QAC3B,MAAM,QAAQ,GAA4B,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC;QACxE,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,IAAI,aAAa,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;YACjE,QAAQ,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QACpC,CAAC;QACD,IAAI,IAAI,CAAC,aAAa,KAAK,SAAS,IAAI,aAAa,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;YAC3E,QAAQ,CAAC,aAAa,GAAG,IAAI,CAAC,aAAa,CAAC;QAC9C,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,EAAE,YAAY,EAAE;YACjD,IAAI,EAAE,gBAAgB;YACtB,SAAS,EAAE,QAAQ;SACpB,CAAC,CAAC;QACH,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;YAC1B,OAAO;gBACL,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,iBAAiB,cAAc,CAAC,GAAG,CAAC,EAAE;aAC/C,CAAC;QACJ,CAAC;QACD,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YAC7B,OAAO;gBACL,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,+BAA+B,SAAS,IAAI;aACrD,CAAC;QACJ,CAAC;QACD,IAAI,UAAU,CAAC,KAAK,EAAE,CAAC;YACrB,OAAO;gBACL,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,yBAAyB,UAAU,CAAC,KAAK,CAAC,OAAO,IAAI,SAAS,EAAE;aACzE,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,kBAAkB,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACtD,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;YACrB,OAAO;gBACL,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,8CAA8C;aACvD,CAAC;QACJ,CAAC;QACD,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;QACxC,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;YACrB,OAAO;gBACL,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,gDAAgD;aACzD,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;IACjC,CAAC;YAAS,CAAC;QACT,GAAG,CAAC,OAAO,EAAE,CAAC;IAChB,CAAC;AACH,CAAC"}
|
|
1
|
+
{"version":3,"file":"ledger-client.js","sourceRoot":"","sources":["../../src/policies/ledger-client.ts"],"names":[],"mappings":"AAAA,6CAA6C;AAC7C,EAAE;AACF,oEAAoE;AACpE,uEAAuE;AACvE,gEAAgE;AAChE,0DAA0D;AAC1D,0EAA0E;AAC1E,wEAAwE;AACxE,gEAAgE;AAChE,2CAA2C;AAE3C,OAAO,EAAE,KAAK,EAAuC,MAAM,oBAAoB,CAAC;AAEhF,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAExC,MAAM,kBAAkB,GAAG,KAAK,CAAC;AA0DjC,SAAS,cAAc,CACrB,GAAmB,EACnB,UAAmB;IAEnB,IAAI,GAAG,CAAC,EAAE,KAAK,SAAS,IAAI,GAAG,CAAC,EAAE,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACzD,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACjD,MAAM,SAAS,GACb,OAAO,GAAG,CAAC,SAAS,KAAK,QAAQ;QAC/B,CAAC,CAAC,GAAG,CAAC,SAAS;QACf,CAAC,CAAC,OAAO,GAAG,CAAC,UAAU,KAAK,QAAQ;YAClC,CAAC,CAAC,GAAG,CAAC,UAAU;YAChB,CAAC,CAAC,SAAS,CAAC;IAClB,IAAI,SAAS,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IACzC,kEAAkE;IAClE,kEAAkE;IAClE,2CAA2C;IAC3C,MAAM,IAAI,GACR,UAAU,IAAI,CAAC,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IACtE,OAAO;QACL,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;QAClB,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,MAAM,EAAE,OAAO,GAAG,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;QAC/D,SAAS;QACT,GAAG,CAAC,IAAI,KAAK,SAAS,IAAI,EAAE,IAAI,EAAE,CAAC;KACpC,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,cAAc,GAA2B;IAC7C,KAAK,EAAE,MAAM;IACb,UAAU,EAAE,YAAY;IACxB,QAAQ,EAAE,UAAU;IACpB,QAAQ,EAAE,SAAS;IACnB,eAAe,EAAE,oBAAoB;CACtC,CAAC;AAEF,SAAS,cAAc,CAAC,OAAgB;IACtC,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACzD,MAAM,IAAI,GAAG,OAAgC,CAAC;IAC9C,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;IAC7B,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACtE,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,OAAO,GAAG,OAAkC,CAAC;IACnD,MAAM,GAAG,GAAkB,EAAE,CAAC;IAC9B,KAAK,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;QAC/D,MAAM,GAAG,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;QAC/B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;YAAE,SAAS;QAClC,KAAK,MAAM,GAAG,IAAI,GAAG,EAAE,CAAC;YACtB,MAAM,IAAI,GAAG,cAAc,CAAC,GAAqB,EAAE,IAAI,CAAC,CAAC;YACzD,IAAI,IAAI;gBAAE,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAoBD,SAAS,eAAe,CACtB,IAAyB;IAEzB,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC;IAC7B,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,gCAAgC,EAAE,CAAC;IACjE,CAAC;IACD,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAE,CAAC,CAAC;IACjC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;IACrD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,kBAAkB,CAAC;IAEvD,IAAI,KAAqC,CAAC;IAC1C,IAAI,CAAC;QACH,KAAK,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE;YACvB,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE;YAC/C,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,+BAAgC,GAAa,CAAC,OAAO,EAAE;SAChE,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;IAChC,IAAI,SAAS,GAAG,EAAE,CAAC;IACnB,IAAI,aAAa,GAAG,KAAK,CAAC;IAC1B,IAAI,aAAa,GAAG,KAAK,CAAC;IAC1B,IAAI,QAAQ,GAAkB,IAAI,CAAC;IACnC,IAAI,UAAU,GAA0B,IAAI,CAAC;IAC7C,MAAM,OAAO,GAAG,IAAI,GAAG,EAA2B,CAAC;IACnD,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAC;IAEzC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;QACxC,SAAS,CAAC,KAAK,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IACH,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;QAC3B,yDAAyD;IAC3D,CAAC,CAAC,CAAC;IACH,IAAI,UAAU,GAAiB,IAAI,CAAC;IACpC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;QAC/B,sEAAsE;QACtE,0EAA0E;QAC1E,0EAA0E;QAC1E,wBAAwB;QACxB,UAAU,GAAG,GAAG,CAAC;QACjB,aAAa,GAAG,IAAI,CAAC;QACrB,aAAa,GAAG,IAAI,CAAC;IACvB,CAAC,CAAC,CAAC;IACH,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE;QAChC,aAAa,GAAG,IAAI,CAAC;QACrB,QAAQ,GAAG,IAAI,CAAC;QAChB,UAAU,GAAG,MAAM,CAAC;IACtB,CAAC,CAAC,CAAC;IACH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;QACrB,qEAAqE;QACrE,mEAAmE;QACnE,0EAA0E;QAC1E,aAAa,GAAG,IAAI,CAAC;IACvB,CAAC,CAAC,CAAC;IACH,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;QACxC,SAAS,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACpC,IAAI,EAAE,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACjC,OAAO,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC;YACjB,MAAM,IAAI,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;YAC3C,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YACpC,IAAI,IAAI,EAAE,CAAC;gBACT,IAAI,CAAC;oBACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAoB,CAAC;oBAChD,IAAI,OAAO,GAAG,CAAC,EAAE,KAAK,QAAQ,EAAE,CAAC;wBAC/B,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;wBACpC,IAAI,OAAO,EAAE,CAAC;4BACZ,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;4BACvB,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;wBACvB,CAAC;oBACH,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,2BAA2B;gBAC7B,CAAC;YACH,CAAC;YACD,EAAE,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,WAAW,GAAG,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,EAAE;QAClD,IAAI,aAAa,EAAE,CAAC;YAClB,OAAO,CAAC,MAAM,CAAC,CAAC;YAChB,OAAO;QACT,CAAC;QACD,MAAM,IAAI,GAAG,GAAS,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACzC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEH,SAAS,cAAc;QACrB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,MAAM,CAAC,GAAG,UAAU,CAAC,GAAG,EAAE;gBACxB,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;gBACjB,OAAO,CAAC,SAAS,CAAC,CAAC;YACrB,CAAC,EAAE,SAAS,CAAC,CAAC;YACd,CAAC,CAAC,KAAK,EAAE,CAAC;YACV,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAChB,CAAC,CAAC,CAAC;IACL,CAAC;IAED,SAAS,IAAI,CACX,EAAU,EACV,MAAc,EACd,MAA+B;QAE/B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;YACjC,IAAI,CAAC;gBACH,IAAI,CAAC,aAAa,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,SAAS,IAAI,KAAK,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;oBACrE,KAAK,CAAC,KAAK,CAAC,KAAK,CACf,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,IAAI,CAC9D,CAAC;gBACJ,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,kEAAkE;YACpE,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED,SAAS,IAAI,CACX,EAAU,EACV,MAAc,EACd,MAA+B;QAE/B,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,WAAW,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC;IACjF,CAAC;IAED,SAAS,MAAM,CAAC,MAAc,EAAE,SAAkC,EAAE;QAClE,IAAI,CAAC;YACH,IAAI,CAAC,aAAa,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,SAAS,IAAI,KAAK,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;gBACrE,KAAK,CAAC,KAAK,CAAC,KAAK,CACf,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,IAAI,CAC1D,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,iBAAiB;QACnB,CAAC;IACH,CAAC;IAED,SAAS,OAAO;QACd,KAAK,MAAM,CAAC,IAAI,MAAM;YAAE,YAAY,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,CAAC,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,aAAa;YAAE,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC5C,CAAC;IAED,OAAO;QACL,EAAE,EAAE,IAAI;QACR,GAAG,EAAE;YACH,KAAK;YACL,SAAS;YACT,OAAO;YACP,IAAI;YACJ,MAAM;YACN,MAAM,EAAE,GAAG,EAAE,CAAC,aAAa;YAC3B,QAAQ,EAAE,GAAG,EAAE,CAAC,QAAQ;YACxB,UAAU,EAAE,GAAG,EAAE,CAAC,UAAU;YAC5B,UAAU,EAAE,GAAG,EAAE,CAAC,UAAU;YAC5B,OAAO;SACR;KACF,CAAC;AACJ,CAAC;AAED;;;;;;;;;;GAUG;AACH,KAAK,UAAU,uBAAuB,CACpC,GAAe,EACf,UAAkB;IAElB,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC;IACxC,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,EAAE,YAAY,EAAE,EAAE,CAAC,CAAC;IACnD,IAAI,MAAM,KAAK,MAAM,IAAI,MAAM,KAAK,SAAS;QAAE,OAAO,QAAQ,CAAC;IAC/D,IAAI,MAAM,CAAC,KAAK;QAAE,OAAO,QAAQ,CAAC;IAClC,MAAM,CAAC,GAAG,MAAM,CAAC,MAAyC,CAAC;IAC3D,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC;QAAE,OAAO,QAAQ,CAAC;IACnD,KAAK,MAAM,IAAI,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;QAC3B,MAAM,CAAC,GAAG,IAAiD,CAAC;QAC5D,IAAI,CAAC,CAAC,IAAI,KAAK,gBAAgB;YAAE,SAAS;QAC1C,MAAM,MAAM,GAAG,CAAC,CAAC,WAAmD,CAAC;QACrE,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;YAC3E,OAAO,QAAQ,CAAC;QAClB,CAAC;QACD,OAAO,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,UAAqC,CAAC,CAAC,CAAC;IAC5E,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,cAAc,CAAC,GAAe;IACrC,MAAM,GAAG,GAAG,GAAG,CAAC,UAAU,EAAE,CAAC;IAC7B,IAAI,GAAG;QAAE,OAAO,iBAAiB,GAAG,CAAC,OAAO,EAAE,CAAC;IAC/C,MAAM,IAAI,GAAG,GAAG,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,IAAI,EAAE,IAAI,aAAa,CAAC;IACnF,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;IAC5B,MAAM,GAAG,GAAG,GAAG,CAAC,UAAU,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAI,KAAK,IAAI,CAAC,CAAC,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,GAAG,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC;IACjF,OAAO,GAAG,MAAM,KAAK,IAAI,EAAE,CAAC;AAC9B,CAAC;AAED,SAAS,kBAAkB,CAAC,MAAe;IACzC,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACvD,MAAM,CAAC,GAAG,MAA4D,CAAC;IACvE,IAAI,CAAC,CAAC,iBAAiB,IAAI,OAAO,CAAC,CAAC,iBAAiB,KAAK,QAAQ,EAAE,CAAC;QACnE,OAAO,CAAC,CAAC,iBAAiB,CAAC;IAC7B,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,KAAK,MAAM,KAAK,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;YAC9B,MAAM,CAAC,GAAG,KAA2C,CAAC;YACtD,IAAI,CAAC,CAAC,IAAI,KAAK,MAAM,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACpD,IAAI,CAAC;oBACH,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;gBAC5B,CAAC;gBAAC,MAAM,CAAC;oBACP,4BAA4B;gBAC9B,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,IAAwB;IAExB,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,kBAAkB,CAAC;IACvD,MAAM,KAAK,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IACpC,IAAI,CAAC,KAAK,CAAC,EAAE;QAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC;IAEjE,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC;IACtB,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,EAAE,YAAY,EAAE;YACjD,eAAe,EAAE,YAAY;YAC7B,YAAY,EAAE,EAAE;YAChB,UAAU,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,OAAO,EAAE;SAC3D,CAAC,CAAC;QACH,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;YAC1B,OAAO;gBACL,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,iBAAiB,cAAc,CAAC,GAAG,CAAC,EAAE;aAC/C,CAAC;QACJ,CAAC;QACD,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YAC7B,OAAO;gBACL,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,+BAA+B,SAAS,IAAI;aACrD,CAAC;QACJ,CAAC;QACD,IAAI,UAAU,CAAC,KAAK,EAAE,CAAC;YACrB,OAAO;gBACL,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,mCACN,UAAU,CAAC,KAAK,CAAC,OAAO,IAAI,SAC9B,EAAE;aACH,CAAC;QACJ,CAAC;QAED,GAAG,CAAC,MAAM,CAAC,2BAA2B,CAAC,CAAC;QAExC,kEAAkE;QAClE,oEAAoE;QACpE,gEAAgE;QAChE,kEAAkE;QAClE,kEAAkE;QAClE,6BAA6B;QAC7B,MAAM,WAAW,GACf,IAAI,CAAC,QAAQ,KAAK,SAAS,IAAI,IAAI,CAAC,aAAa,KAAK,SAAS,CAAC;QAClE,MAAM,aAAa,GAAG,WAAW;YAC/B,CAAC,CAAC,MAAM,uBAAuB,CAAC,GAAG,EAAE,SAAS,CAAC;YAC/C,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC;QAC3B,MAAM,QAAQ,GAA4B,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC;QACxE,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,IAAI,aAAa,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;YACjE,QAAQ,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QACpC,CAAC;QACD,IAAI,IAAI,CAAC,aAAa,KAAK,SAAS,IAAI,aAAa,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;YAC3E,QAAQ,CAAC,aAAa,GAAG,IAAI,CAAC,aAAa,CAAC;QAC9C,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,EAAE,YAAY,EAAE;YACjD,IAAI,EAAE,gBAAgB;YACtB,SAAS,EAAE,QAAQ;SACpB,CAAC,CAAC;QACH,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;YAC1B,OAAO;gBACL,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,iBAAiB,cAAc,CAAC,GAAG,CAAC,EAAE;aAC/C,CAAC;QACJ,CAAC;QACD,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YAC7B,OAAO;gBACL,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,+BAA+B,SAAS,IAAI;aACrD,CAAC;QACJ,CAAC;QACD,IAAI,UAAU,CAAC,KAAK,EAAE,CAAC;YACrB,OAAO;gBACL,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,yBAAyB,UAAU,CAAC,KAAK,CAAC,OAAO,IAAI,SAAS,EAAE;aACzE,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,kBAAkB,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACtD,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;YACrB,OAAO;gBACL,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,8CAA8C;aACvD,CAAC;QACJ,CAAC;QACD,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;QACxC,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;YACrB,OAAO;gBACL,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,gDAAgD;aACzD,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;IACjC,CAAC;YAAS,CAAC;QACT,GAAG,CAAC,OAAO,EAAE,CAAC;IAChB,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import type { Producer } from "../schema/index.js";
|
|
2
|
+
/**
|
|
3
|
+
* Render the policy's producers list into a multi-line block suitable
|
|
4
|
+
* for appending to a deny envelope's `reason`. Returns the empty string
|
|
5
|
+
* when the list is undefined or empty, so callers can concat unconditionally.
|
|
6
|
+
*
|
|
7
|
+
* Format:
|
|
8
|
+
* To produce this tag:
|
|
9
|
+
* 1. [kind] <one-line summary> — <description>
|
|
10
|
+
* 2. ...
|
|
11
|
+
*/
|
|
12
|
+
export declare function renderProducers(producers: Producer[] | undefined, values: Record<string, string>): string;
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
// Phase 7 — render the policy `producers:` list into the deny-envelope
|
|
2
|
+
// reason. The schema (src/schema/policies.ts ProducerSchema) allows three
|
|
3
|
+
// kinds: bash / mcp / ask. Each is one concrete way for the agent to
|
|
4
|
+
// produce the ledger evidence that would unblock the gate.
|
|
5
|
+
//
|
|
6
|
+
// The renderer keeps the engine itself neutral on producer choice
|
|
7
|
+
// (policies opt in by declaring `producers:`; absent producers means no
|
|
8
|
+
// hint appended, same as today). When present, every entry's `${VAR}`
|
|
9
|
+
// templates are substituted against the same extract.values map the
|
|
10
|
+
// ledger_tag was resolved with, so the rendered text reflects the
|
|
11
|
+
// exact context the agent just hit.
|
|
12
|
+
//
|
|
13
|
+
// At-least-one-mcp is enforced at schema-validate time for the policy
|
|
14
|
+
// engine, so by the time the engine renders, the list is guaranteed to
|
|
15
|
+
// carry an ungated MCP recovery path (relevant when the agent is in a
|
|
16
|
+
// Bash lockout). Other consumers may enforce different constraints; the
|
|
17
|
+
// understanding-gate (src/cli/pack/hook-pre-tool-use.ts) requires
|
|
18
|
+
// at-least-one `ask` instead, because post-v0.14.0 its gate signal is a
|
|
19
|
+
// filesystem marker the mcp ledger_add path cannot write.
|
|
20
|
+
import { substituteTemplate } from "./extract.js";
|
|
21
|
+
function substituteAll(template, values) {
|
|
22
|
+
// Best-effort substitution: unresolved ${VARS} are left literal so the
|
|
23
|
+
// agent can still read what was expected (vs. silently dropping). The
|
|
24
|
+
// schema validator already guarantees ledger_tag's vars are declared;
|
|
25
|
+
// producer fields are free-form text and may reference any of the
|
|
26
|
+
// resolved values, so a stray ${UNKNOWN} stays visible.
|
|
27
|
+
return substituteTemplate(template, values).result;
|
|
28
|
+
}
|
|
29
|
+
function renderOne(p, values) {
|
|
30
|
+
switch (p.kind) {
|
|
31
|
+
case "bash":
|
|
32
|
+
return `[bash] \`${substituteAll(p.command, values)}\` — ${substituteAll(p.description, values)}`;
|
|
33
|
+
case "mcp":
|
|
34
|
+
return `[mcp] ${p.verb} example=${substituteAll(p.example, values)} — ${substituteAll(p.description, values)}`;
|
|
35
|
+
case "ask":
|
|
36
|
+
return `[ask] \`${substituteAll(p.command, values)}\` — ${substituteAll(p.description, values)}`;
|
|
37
|
+
default: {
|
|
38
|
+
// exhaustive guard: TS narrows ProducerSchema's discriminated union;
|
|
39
|
+
// a future kind that forgets to update this switch trips the compiler.
|
|
40
|
+
const _exhaustive = p;
|
|
41
|
+
return _exhaustive;
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
/**
|
|
46
|
+
* Render the policy's producers list into a multi-line block suitable
|
|
47
|
+
* for appending to a deny envelope's `reason`. Returns the empty string
|
|
48
|
+
* when the list is undefined or empty, so callers can concat unconditionally.
|
|
49
|
+
*
|
|
50
|
+
* Format:
|
|
51
|
+
* To produce this tag:
|
|
52
|
+
* 1. [kind] <one-line summary> — <description>
|
|
53
|
+
* 2. ...
|
|
54
|
+
*/
|
|
55
|
+
export function renderProducers(producers, values) {
|
|
56
|
+
if (!producers || producers.length === 0)
|
|
57
|
+
return "";
|
|
58
|
+
const lines = producers.map((p, i) => ` ${i + 1}. ${renderOne(p, values)}`);
|
|
59
|
+
return `\nTo produce this tag:\n${lines.join("\n")}`;
|
|
60
|
+
}
|
|
61
|
+
//# sourceMappingURL=producers.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"producers.js","sourceRoot":"","sources":["../../src/policies/producers.ts"],"names":[],"mappings":"AAAA,uEAAuE;AACvE,0EAA0E;AAC1E,qEAAqE;AACrE,2DAA2D;AAC3D,EAAE;AACF,kEAAkE;AAClE,wEAAwE;AACxE,sEAAsE;AACtE,oEAAoE;AACpE,kEAAkE;AAClE,oCAAoC;AACpC,EAAE;AACF,sEAAsE;AACtE,uEAAuE;AACvE,sEAAsE;AACtE,wEAAwE;AACxE,kEAAkE;AAClE,wEAAwE;AACxE,0DAA0D;AAG1D,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAElD,SAAS,aAAa,CACpB,QAAgB,EAChB,MAA8B;IAE9B,uEAAuE;IACvE,sEAAsE;IACtE,sEAAsE;IACtE,kEAAkE;IAClE,wDAAwD;IACxD,OAAO,kBAAkB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC;AACrD,CAAC;AAED,SAAS,SAAS,CAAC,CAAW,EAAE,MAA8B;IAC5D,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC;QACf,KAAK,MAAM;YACT,OAAO,YAAY,aAAa,CAAC,CAAC,CAAC,OAAO,EAAE,MAAM,CAAC,QAAQ,aAAa,CAAC,CAAC,CAAC,WAAW,EAAE,MAAM,CAAC,EAAE,CAAC;QACpG,KAAK,KAAK;YACR,OAAO,UAAU,CAAC,CAAC,IAAI,YAAY,aAAa,CAAC,CAAC,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,aAAa,CAAC,CAAC,CAAC,WAAW,EAAE,MAAM,CAAC,EAAE,CAAC;QAClH,KAAK,KAAK;YACR,OAAO,YAAY,aAAa,CAAC,CAAC,CAAC,OAAO,EAAE,MAAM,CAAC,QAAQ,aAAa,CAAC,CAAC,CAAC,WAAW,EAAE,MAAM,CAAC,EAAE,CAAC;QACpG,OAAO,CAAC,CAAC,CAAC;YACR,qEAAqE;YACrE,uEAAuE;YACvE,MAAM,WAAW,GAAU,CAAC,CAAC;YAC7B,OAAO,WAAW,CAAC;QACrB,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,eAAe,CAC7B,SAAiC,EACjC,MAA8B;IAE9B,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IACpD,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,SAAS,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;IAC7E,OAAO,2BAA2B,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;AACvD,CAAC"}
|
|
@@ -21,6 +21,20 @@ export interface RequiresEvaluation {
|
|
|
21
21
|
reason: string;
|
|
22
22
|
matchedCount: number;
|
|
23
23
|
traceData: RequiresTrace;
|
|
24
|
+
/**
|
|
25
|
+
* One-line "to satisfy" hint describing what evidence-ledger entry
|
|
26
|
+
* would unblock the gate, derived from the policy's `requires` spec
|
|
27
|
+
* with no runtime context. Names the content to log and (if a
|
|
28
|
+
* `within` window is declared) the freshness bound. Always omits the
|
|
29
|
+
* "how": the policy gate accepts ledger entries from any producer,
|
|
30
|
+
* and naming a specific recording verb in the deny path would
|
|
31
|
+
* advertise a self-service path to an agent that the operator may
|
|
32
|
+
* not want it to take (see agent-tasks/88ca4bb3). Set on both allow
|
|
33
|
+
* and deny so consumers can show the same satisfaction contract
|
|
34
|
+
* uniformly (e.g. `harness explain <policy>` displaying it on a
|
|
35
|
+
* green-path policy).
|
|
36
|
+
*/
|
|
37
|
+
recordHint: string;
|
|
24
38
|
}
|
|
25
39
|
export interface RequiresTrace {
|
|
26
40
|
ledgerTag: string;
|
|
@@ -41,4 +55,13 @@ export interface EvaluateRequiresOptions {
|
|
|
41
55
|
export declare class RequiresEvaluationError extends Error {
|
|
42
56
|
constructor(message: string);
|
|
43
57
|
}
|
|
58
|
+
/**
|
|
59
|
+
* Build a one-line "to satisfy" hint from a `requires` spec. Exported so
|
|
60
|
+
* `harness explain <policy>` can show the same hint that `evaluateRequires`
|
|
61
|
+
* surfaces in its deny path, without having to fire an actual evaluation.
|
|
62
|
+
* `tag` is normally `requires.ledger_tag` after `${VAR}` substitution; the
|
|
63
|
+
* caller may also pass the un-substituted template (explain non-trace path)
|
|
64
|
+
* so the hint reads as a contract instead of a per-event message.
|
|
65
|
+
*/
|
|
66
|
+
export declare function buildRecordHint(requires: Requires, tag: string): string;
|
|
44
67
|
export declare function evaluateRequires(requires: Requires, ledgerEntries: LedgerEntry[], options?: EvaluateRequiresOptions): RequiresEvaluation;
|
|
@@ -51,6 +51,39 @@ function describeBound(c) {
|
|
|
51
51
|
return `≤${c.max}`;
|
|
52
52
|
return "?";
|
|
53
53
|
}
|
|
54
|
+
/**
|
|
55
|
+
* Build a one-line "to satisfy" hint from a `requires` spec. Exported so
|
|
56
|
+
* `harness explain <policy>` can show the same hint that `evaluateRequires`
|
|
57
|
+
* surfaces in its deny path, without having to fire an actual evaluation.
|
|
58
|
+
* `tag` is normally `requires.ledger_tag` after `${VAR}` substitution; the
|
|
59
|
+
* caller may also pass the un-substituted template (explain non-trace path)
|
|
60
|
+
* so the hint reads as a contract instead of a per-event message.
|
|
61
|
+
*/
|
|
62
|
+
export function buildRecordHint(requires, tag) {
|
|
63
|
+
const count = requires.count;
|
|
64
|
+
// count.max-only is a "too many" shape: the satisfying action is not
|
|
65
|
+
// recording but keeping the count at or below the bound. Recording
|
|
66
|
+
// more entries would deny harder, so the "record N entries..."
|
|
67
|
+
// phrasing the other shapes use is exactly wrong here. Branch to a
|
|
68
|
+
// bound-phrased hint (agent-tasks/aee9c085).
|
|
69
|
+
const onlyMax = count?.max !== undefined && count.min === undefined && count.exact === undefined;
|
|
70
|
+
if (onlyMax) {
|
|
71
|
+
const windowPhrase = requires.within !== undefined ? ` within ${requires.within}` : "";
|
|
72
|
+
return `keep evidence-ledger entries containing \`${tag}\` at or below ${count.max}${windowPhrase}`;
|
|
73
|
+
}
|
|
74
|
+
let countPhrase;
|
|
75
|
+
if (count?.exact !== undefined) {
|
|
76
|
+
countPhrase = `${count.exact} evidence-ledger entr${count.exact === 1 ? "y" : "ies"}`;
|
|
77
|
+
}
|
|
78
|
+
else if (count?.min !== undefined) {
|
|
79
|
+
countPhrase = `${count.min} evidence-ledger entr${count.min === 1 ? "y" : "ies"}`;
|
|
80
|
+
}
|
|
81
|
+
else {
|
|
82
|
+
countPhrase = "an evidence-ledger entry";
|
|
83
|
+
}
|
|
84
|
+
const windowPhrase = requires.within !== undefined ? ` within ${requires.within}` : "";
|
|
85
|
+
return `record ${countPhrase} containing \`${tag}\`${windowPhrase}`;
|
|
86
|
+
}
|
|
54
87
|
export function evaluateRequires(requires, ledgerEntries, options = {}) {
|
|
55
88
|
const now = options.now ?? new Date();
|
|
56
89
|
const evaluatedAt = now.toISOString();
|
|
@@ -93,6 +126,7 @@ export function evaluateRequires(requires, ledgerEntries, options = {}) {
|
|
|
93
126
|
countBound,
|
|
94
127
|
evaluatedAt,
|
|
95
128
|
};
|
|
129
|
+
const recordHint = buildRecordHint(requires, tag);
|
|
96
130
|
if (requires.count !== undefined) {
|
|
97
131
|
const c = requires.count;
|
|
98
132
|
const failsMin = c.min !== undefined && matchedCount < c.min;
|
|
@@ -112,6 +146,7 @@ export function evaluateRequires(requires, ledgerEntries, options = {}) {
|
|
|
112
146
|
reason,
|
|
113
147
|
matchedCount,
|
|
114
148
|
traceData: trace,
|
|
149
|
+
recordHint,
|
|
115
150
|
};
|
|
116
151
|
}
|
|
117
152
|
return {
|
|
@@ -119,6 +154,7 @@ export function evaluateRequires(requires, ledgerEntries, options = {}) {
|
|
|
119
154
|
reason: `${matchedCount} entries matched (count bound: ${describeBound(c)})`,
|
|
120
155
|
matchedCount,
|
|
121
156
|
traceData: trace,
|
|
157
|
+
recordHint,
|
|
122
158
|
};
|
|
123
159
|
}
|
|
124
160
|
if (matchedCount === 0) {
|
|
@@ -128,6 +164,7 @@ export function evaluateRequires(requires, ledgerEntries, options = {}) {
|
|
|
128
164
|
reason: `no matching entry within ${requires.within}`,
|
|
129
165
|
matchedCount,
|
|
130
166
|
traceData: trace,
|
|
167
|
+
recordHint,
|
|
131
168
|
};
|
|
132
169
|
}
|
|
133
170
|
return {
|
|
@@ -135,6 +172,7 @@ export function evaluateRequires(requires, ledgerEntries, options = {}) {
|
|
|
135
172
|
reason: `no matching ledger entry for tag \`${tag}\``,
|
|
136
173
|
matchedCount,
|
|
137
174
|
traceData: trace,
|
|
175
|
+
recordHint,
|
|
138
176
|
};
|
|
139
177
|
}
|
|
140
178
|
return {
|
|
@@ -142,6 +180,7 @@ export function evaluateRequires(requires, ledgerEntries, options = {}) {
|
|
|
142
180
|
reason: `${matchedCount} matching ledger entr${matchedCount === 1 ? "y" : "ies"} for tag \`${tag}\``,
|
|
143
181
|
matchedCount,
|
|
144
182
|
traceData: trace,
|
|
183
|
+
recordHint,
|
|
145
184
|
};
|
|
146
185
|
}
|
|
147
186
|
//# sourceMappingURL=requires.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"requires.js","sourceRoot":"","sources":["../../src/policies/requires.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AAC3E,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"requires.js","sourceRoot":"","sources":["../../src/policies/requires.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AAC3E,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AAuDtD,MAAM,OAAO,uBAAwB,SAAQ,KAAK;IAChD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;IACxC,CAAC;CACF;AAED,gEAAgE;AAChE,4EAA4E;AAC5E,gDAAgD;AAChD,SAAS,YAAY,CAAC,KAAkB,EAAE,GAAW;IACnD,6DAA6D;IAC7D,mEAAmE;IACnE,+DAA+D;IAC/D,6DAA6D;IAC7D,gDAAgD;IAChD,IAAI,KAAK,CAAC,IAAI,KAAK,oBAAoB;QAAE,OAAO,KAAK,CAAC;IACtD,+DAA+D;IAC/D,kEAAkE;IAClE,oEAAoE;IACpE,mEAAmE;IACnE,oEAAoE;IACpE,wCAAwC;IACxC,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,oBAAoB,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IACvE,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAC7C,IAAI,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAC5D,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,SAAS,CAAC,KAAkB;IACnC,MAAM,CAAC,GAAG,KAAK,CAAC,SAAS,CAAC;IAC1B,MAAM,EAAE,GAAG,CAAC,YAAY,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC;IACrE,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC;QACrB,MAAM,IAAI,uBAAuB,CAC/B,gBAAgB,KAAK,CAAC,EAAE,+BAA+B,MAAM,CAAC,CAAC,CAAC,EAAE,CACnE,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,aAAa,CAAC,CAAiC;IACtD,IAAI,CAAC,CAAC,KAAK,KAAK,SAAS;QAAE,OAAO,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAClD,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS;QAAE,OAAO,GAAG,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,GAAG,EAAE,CAAC;IAC5E,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS;QAAE,OAAO,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAC9C,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC;IAC5C,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,eAAe,CAAC,QAAkB,EAAE,GAAW;IAC7D,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC;IAC7B,qEAAqE;IACrE,mEAAmE;IACnE,+DAA+D;IAC/D,mEAAmE;IACnE,6CAA6C;IAC7C,MAAM,OAAO,GACX,KAAK,EAAE,GAAG,KAAK,SAAS,IAAI,KAAK,CAAC,GAAG,KAAK,SAAS,IAAI,KAAK,CAAC,KAAK,KAAK,SAAS,CAAC;IACnF,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,WAAW,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvF,OAAO,6CAA6C,GAAG,kBAAkB,KAAK,CAAC,GAAG,GAAG,YAAY,EAAE,CAAC;IACtG,CAAC;IACD,IAAI,WAAmB,CAAC;IACxB,IAAI,KAAK,EAAE,KAAK,KAAK,SAAS,EAAE,CAAC;QAC/B,WAAW,GAAG,GAAG,KAAK,CAAC,KAAK,wBAAwB,KAAK,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC;IACxF,CAAC;SAAM,IAAI,KAAK,EAAE,GAAG,KAAK,SAAS,EAAE,CAAC;QACpC,WAAW,GAAG,GAAG,KAAK,CAAC,GAAG,wBAAwB,KAAK,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC;IACpF,CAAC;SAAM,CAAC;QACN,WAAW,GAAG,0BAA0B,CAAC;IAC3C,CAAC;IACD,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,WAAW,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IACvF,OAAO,UAAU,WAAW,iBAAiB,GAAG,KAAK,YAAY,EAAE,CAAC;AACtE,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,QAAkB,EAClB,aAA4B,EAC5B,UAAmC,EAAE;IAErC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC;IACtC,MAAM,WAAW,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IACtC,MAAM,GAAG,GAAG,QAAQ,CAAC,UAAU,CAAC;IAEhC,IAAI,aAAa,GAAkB,IAAI,CAAC;IACxC,IAAI,QAAQ,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAClC,IAAI,CAAC;YACH,aAAa,GAAG,oBAAoB,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACxD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,oBAAoB,EAAE,CAAC;gBACxC,MAAM,IAAI,uBAAuB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACjD,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,IAAI,QAAQ,CAAC,KAAK,EAAE,GAAG,KAAK,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,EAAE,CAAC;QAClE,MAAM,IAAI,uBAAuB,CAC/B,yDAAyD,CAC1D,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;IAErE,IAAI,aAAa,GAAG,UAAU,CAAC;IAC/B,IAAI,aAAa,KAAK,IAAI,EAAE,CAAC;QAC3B,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,EAAE,GAAG,aAAa,GAAG,IAAI,CAAC;QACpD,aAAa,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC;IACnE,CAAC;IAED,MAAM,YAAY,GAAG,aAAa,CAAC,MAAM,CAAC;IAC1C,MAAM,eAAe,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IACvD,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK;QAC/B,CAAC,CAAC;YACE,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,KAAK,SAAS,IAAI,EAAE,GAAG,EAAE,QAAQ,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;YACpE,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,KAAK,SAAS,IAAI,EAAE,GAAG,EAAE,QAAQ,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;YACpE,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,KAAK,KAAK,SAAS,IAAI,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;SAC3E;QACH,CAAC,CAAC,IAAI,CAAC;IAET,MAAM,KAAK,GAAkB;QAC3B,SAAS,EAAE,GAAG;QACd,aAAa;QACb,YAAY,EAAE,aAAa,CAAC,MAAM;QAClC,eAAe;QACf,UAAU;QACV,WAAW;KACZ,CAAC;IACF,MAAM,UAAU,GAAG,eAAe,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IAElD,IAAI,QAAQ,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QACjC,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC;QACzB,MAAM,QAAQ,GAAG,CAAC,CAAC,GAAG,KAAK,SAAS,IAAI,YAAY,GAAG,CAAC,CAAC,GAAG,CAAC;QAC7D,MAAM,QAAQ,GAAG,CAAC,CAAC,GAAG,KAAK,SAAS,IAAI,YAAY,GAAG,CAAC,CAAC,GAAG,CAAC;QAC7D,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,KAAK,SAAS,IAAI,YAAY,KAAK,CAAC,CAAC,KAAK,CAAC;QACrE,IAAI,QAAQ,IAAI,QAAQ,IAAI,UAAU,EAAE,CAAC;YACvC,IAAI,MAAc,CAAC;YACnB,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,GAAG,GAAG,YAAY,uCAAuC,CAAC,CAAC,GAAG,EAAE,CAAC;YACzE,CAAC;iBAAM,CAAC;gBACN,MAAM,QAAQ,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,KAAM,CAAC,CAAC,CAAC,CAAC,CAAC,GAAI,CAAC;gBAChD,MAAM,GAAG,GAAG,YAAY,gBAAgB,QAAQ,gBAAgB,CAAC;YACnE,CAAC;YACD,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM;gBACN,YAAY;gBACZ,SAAS,EAAE,KAAK;gBAChB,UAAU;aACX,CAAC;QACJ,CAAC;QACD,OAAO;YACL,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,GAAG,YAAY,kCAAkC,aAAa,CAAC,CAAC,CAAC,GAAG;YAC5E,YAAY;YACZ,SAAS,EAAE,KAAK;YAChB,UAAU;SACX,CAAC;IACJ,CAAC;IAED,IAAI,YAAY,KAAK,CAAC,EAAE,CAAC;QACvB,IAAI,aAAa,KAAK,IAAI,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpD,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,4BAA4B,QAAQ,CAAC,MAAM,EAAE;gBACrD,YAAY;gBACZ,SAAS,EAAE,KAAK;gBAChB,UAAU;aACX,CAAC;QACJ,CAAC;QACD,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,sCAAsC,GAAG,IAAI;YACrD,YAAY;YACZ,SAAS,EAAE,KAAK;YAChB,UAAU;SACX,CAAC;IACJ,CAAC;IAED,OAAO;QACL,OAAO,EAAE,IAAI;QACb,MAAM,EAAE,GAAG,YAAY,wBAAwB,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,cAAc,GAAG,IAAI;QACpG,YAAY;QACZ,SAAS,EAAE,KAAK;QAChB,UAAU;KACX,CAAC;AACJ,CAAC"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { type LedgerEntry } from "../../policies/index.js";
|
|
2
2
|
export declare const APPROVED_LEDGER_TAG_PREFIX = "understanding-approved:";
|
|
3
|
-
export
|
|
3
|
+
export declare const APPROVAL_MARKER_DIRNAME = ".approvals";
|
|
4
|
+
export type ApprovalSource = "marker" | "ledger" | "persisted-report" | "none";
|
|
4
5
|
export interface ApprovalCheckResult {
|
|
5
6
|
approved: boolean;
|
|
6
7
|
source: ApprovalSource;
|
|
@@ -70,14 +71,51 @@ export interface PersistedReportApprovalCheck {
|
|
|
70
71
|
*/
|
|
71
72
|
export declare function isPolicyDecisionRow(e: LedgerEntry): boolean;
|
|
72
73
|
/**
|
|
73
|
-
* Match a ledger fetch against the per-session approval tag.
|
|
74
|
-
*
|
|
75
|
-
*
|
|
76
|
-
*
|
|
77
|
-
*
|
|
74
|
+
* Match a ledger fetch against the per-session approval tag. Kept for
|
|
75
|
+
* the audit / forensics path only: a ledger entry tagged
|
|
76
|
+
* `understanding-approved:<sid>` is no longer a sufficient signal to
|
|
77
|
+
* unblock the gate (agent-tasks/88ca4bb3: the agent has the same MCP
|
|
78
|
+
* surface and could self-write the row). Use `checkApprovalMarker`
|
|
79
|
+
* for the gate decision; this helper now serves `harness audit` /
|
|
80
|
+
* `harness explain --trace` style read paths that surface the
|
|
81
|
+
* historic ledger trail without granting approval power.
|
|
78
82
|
*/
|
|
79
83
|
export declare function matchLedgerEntries(entries: LedgerEntry[], sessionId: string): {
|
|
80
84
|
matched: boolean;
|
|
81
85
|
detail: string;
|
|
82
86
|
};
|
|
87
|
+
/** Filesystem path of the per-session approval marker. */
|
|
88
|
+
export declare function approvalMarkerPathFor(generatedDir: string, sessionId: string): string;
|
|
89
|
+
export interface ApprovalMarker {
|
|
90
|
+
approvedAt: string;
|
|
91
|
+
approvedBy: string;
|
|
92
|
+
}
|
|
93
|
+
/**
|
|
94
|
+
* Operator-side: write the marker file the gate consults. Atomic so a
|
|
95
|
+
* crash mid-write cannot leave a half-empty file the gate would accept
|
|
96
|
+
* as approved. Caller is `harness approve understanding`, which the
|
|
97
|
+
* operator runs from their un-hooked shell; if the agent could call
|
|
98
|
+
* this path the gate's value would collapse, so it lives behind the
|
|
99
|
+
* approve CLI rather than as a generally importable verb.
|
|
100
|
+
*/
|
|
101
|
+
export declare function writeApprovalMarker(generatedDir: string, sessionId: string, marker: ApprovalMarker): string;
|
|
102
|
+
export interface MarkerCheck {
|
|
103
|
+
matched: boolean;
|
|
104
|
+
detail: string;
|
|
105
|
+
marker: ApprovalMarker | null;
|
|
106
|
+
}
|
|
107
|
+
/**
|
|
108
|
+
* Gate-side: is the per-session marker file present and readable?
|
|
109
|
+
* Returns `matched: true` even if the marker JSON is malformed: the
|
|
110
|
+
* file's *existence* is the operator's intent. Corrupted contents
|
|
111
|
+
* surface as `marker: null` in the diagnostic but do not invalidate the
|
|
112
|
+
* approval, since invalidating on a parse error would hand a denial-
|
|
113
|
+
* of-service vector to anyone (including the agent) who could append a
|
|
114
|
+
* stray byte to the file. Edit / Write / Bash are gated, so writing
|
|
115
|
+
* stray bytes from inside Claude is not possible today, but the
|
|
116
|
+
* existence-only contract is the defensible boundary regardless.
|
|
117
|
+
*/
|
|
118
|
+
export declare function checkApprovalMarker(generatedDir: string, sessionId: string): MarkerCheck;
|
|
119
|
+
/** Clear the per-session marker (used by `harness approve --revoke` and tests). */
|
|
120
|
+
export declare function clearApprovalMarker(generatedDir: string, sessionId: string): void;
|
|
83
121
|
export declare function checkPersistedReport(reportsDir: string, sessionId: string): PersistedReportApprovalCheck;
|
|
@@ -3,21 +3,38 @@
|
|
|
3
3
|
// Two-source approval check that the harness-side PreToolUse blocker
|
|
4
4
|
// consults:
|
|
5
5
|
//
|
|
6
|
-
// 1.
|
|
7
|
-
//
|
|
6
|
+
// 1. Filesystem marker `<generatedDir>/.approvals/<sessionId>` written
|
|
7
|
+
// by `harness approve understanding` from the operator's shell.
|
|
8
|
+
// Canonical for harnessed sessions. Replaces the ledger-substring
|
|
9
|
+
// check that shipped through v0.13.0 (agent-tasks/88ca4bb3): the
|
|
10
|
+
// agent has direct MCP access to the same ledger that gate path
|
|
11
|
+
// consulted, so any agent could write `understanding-approved:<sid>`
|
|
12
|
+
// itself and self-approve. Edit / Write / Bash are all gated by
|
|
13
|
+
// this same PreToolUse hook, and the configured MCP servers do not
|
|
14
|
+
// expose filesystem writes, so the marker file is reachable only
|
|
15
|
+
// from a process the operator launched (their `!`-shell or any
|
|
16
|
+
// other un-hooked terminal). Operator-side: writeApprovalMarker
|
|
17
|
+
// below. Forensics: the ledger row is still written by
|
|
18
|
+
// `harness approve understanding`, for audit only.
|
|
8
19
|
// 2. Persisted JSON report under `.understanding-gate/reports/`
|
|
9
20
|
// (canonical for solo `@lannguyensi/understanding-gate` users).
|
|
10
21
|
// The package writes one file per session; the latest with
|
|
11
|
-
// `approvalStatus: "approved"` matching the session_id wins.
|
|
22
|
+
// `approvalStatus: "approved"` matching the session_id wins. The
|
|
23
|
+
// report is flipped to "approved" by `harness approve`; the
|
|
24
|
+
// agent's Stop hook only writes `pending` reports and cannot flip
|
|
25
|
+
// them (Edit/Write/Bash gated), so this source is also operator-
|
|
26
|
+
// authored.
|
|
12
27
|
//
|
|
13
28
|
// Either source approves. The persisted-report fallback is what makes a
|
|
14
29
|
// solo user without grounding-mcp wired still able to approve via the
|
|
15
|
-
// package's CLI; the
|
|
30
|
+
// package's CLI; the marker path is what makes a harnessed session see
|
|
16
31
|
// the approval immediately on the next tool call.
|
|
17
32
|
import * as fs from "node:fs";
|
|
18
33
|
import * as path from "node:path";
|
|
34
|
+
import { atomicWriteFile } from "../../io/atomic-write.js";
|
|
19
35
|
import { POLICY_DECISION_TYPE } from "../../runtime/ledger-record.js";
|
|
20
36
|
export const APPROVED_LEDGER_TAG_PREFIX = "understanding-approved:";
|
|
37
|
+
export const APPROVAL_MARKER_DIRNAME = ".approvals";
|
|
21
38
|
const DEFAULT_REPORTS_DIRNAME = ".understanding-gate";
|
|
22
39
|
const REPORTS_SUBDIR = "reports";
|
|
23
40
|
/**
|
|
@@ -160,11 +177,14 @@ export function isPolicyDecisionRow(e) {
|
|
|
160
177
|
return false;
|
|
161
178
|
}
|
|
162
179
|
/**
|
|
163
|
-
* Match a ledger fetch against the per-session approval tag.
|
|
164
|
-
*
|
|
165
|
-
*
|
|
166
|
-
*
|
|
167
|
-
*
|
|
180
|
+
* Match a ledger fetch against the per-session approval tag. Kept for
|
|
181
|
+
* the audit / forensics path only: a ledger entry tagged
|
|
182
|
+
* `understanding-approved:<sid>` is no longer a sufficient signal to
|
|
183
|
+
* unblock the gate (agent-tasks/88ca4bb3: the agent has the same MCP
|
|
184
|
+
* surface and could self-write the row). Use `checkApprovalMarker`
|
|
185
|
+
* for the gate decision; this helper now serves `harness audit` /
|
|
186
|
+
* `harness explain --trace` style read paths that surface the
|
|
187
|
+
* historic ledger trail without granting approval power.
|
|
168
188
|
*/
|
|
169
189
|
export function matchLedgerEntries(entries, sessionId) {
|
|
170
190
|
const wanted = approvedLedgerTagFor(sessionId);
|
|
@@ -176,7 +196,7 @@ export function matchLedgerEntries(entries, sessionId) {
|
|
|
176
196
|
if (typeof e.content === "string" && e.content.includes(wanted)) {
|
|
177
197
|
return {
|
|
178
198
|
matched: true,
|
|
179
|
-
detail: `
|
|
199
|
+
detail: `audit: ledger tag ${wanted} present at ${e.createdAt} (no longer satisfies the gate; see harness.generated/${APPROVAL_MARKER_DIRNAME}/${sessionId})`,
|
|
180
200
|
};
|
|
181
201
|
}
|
|
182
202
|
}
|
|
@@ -185,6 +205,102 @@ export function matchLedgerEntries(entries, sessionId) {
|
|
|
185
205
|
detail: `no ledger entry matched ${wanted} (scanned ${scanned} non-policy_decision row(s))`,
|
|
186
206
|
};
|
|
187
207
|
}
|
|
208
|
+
/** Filesystem path of the per-session approval marker. */
|
|
209
|
+
export function approvalMarkerPathFor(generatedDir, sessionId) {
|
|
210
|
+
return path.join(generatedDir, APPROVAL_MARKER_DIRNAME, sessionId);
|
|
211
|
+
}
|
|
212
|
+
/**
|
|
213
|
+
* Operator-side: write the marker file the gate consults. Atomic so a
|
|
214
|
+
* crash mid-write cannot leave a half-empty file the gate would accept
|
|
215
|
+
* as approved. Caller is `harness approve understanding`, which the
|
|
216
|
+
* operator runs from their un-hooked shell; if the agent could call
|
|
217
|
+
* this path the gate's value would collapse, so it lives behind the
|
|
218
|
+
* approve CLI rather than as a generally importable verb.
|
|
219
|
+
*/
|
|
220
|
+
export function writeApprovalMarker(generatedDir, sessionId, marker) {
|
|
221
|
+
const filePath = approvalMarkerPathFor(generatedDir, sessionId);
|
|
222
|
+
atomicWriteFile(filePath, `${JSON.stringify(marker, null, 2)}\n`);
|
|
223
|
+
return filePath;
|
|
224
|
+
}
|
|
225
|
+
/**
|
|
226
|
+
* Gate-side: is the per-session marker file present and readable?
|
|
227
|
+
* Returns `matched: true` even if the marker JSON is malformed: the
|
|
228
|
+
* file's *existence* is the operator's intent. Corrupted contents
|
|
229
|
+
* surface as `marker: null` in the diagnostic but do not invalidate the
|
|
230
|
+
* approval, since invalidating on a parse error would hand a denial-
|
|
231
|
+
* of-service vector to anyone (including the agent) who could append a
|
|
232
|
+
* stray byte to the file. Edit / Write / Bash are gated, so writing
|
|
233
|
+
* stray bytes from inside Claude is not possible today, but the
|
|
234
|
+
* existence-only contract is the defensible boundary regardless.
|
|
235
|
+
*/
|
|
236
|
+
export function checkApprovalMarker(generatedDir, sessionId) {
|
|
237
|
+
const filePath = approvalMarkerPathFor(generatedDir, sessionId);
|
|
238
|
+
let stat;
|
|
239
|
+
try {
|
|
240
|
+
// lstatSync (NOT statSync): defense-in-depth against a symlink at
|
|
241
|
+
// the marker path pointing at an arbitrary target the agent
|
|
242
|
+
// controls. In today's threat model the agent has no Edit / Write
|
|
243
|
+
// / Bash path to plant such a symlink (the same PreToolUse hook
|
|
244
|
+
// gates all three), but the gate's contract is to assume the
|
|
245
|
+
// agent is hostile, so the lstat reject is cheap insurance
|
|
246
|
+
// (agent-tasks/d39f160e).
|
|
247
|
+
stat = fs.lstatSync(filePath);
|
|
248
|
+
}
|
|
249
|
+
catch {
|
|
250
|
+
return {
|
|
251
|
+
matched: false,
|
|
252
|
+
detail: `no approval marker at ${filePath}`,
|
|
253
|
+
marker: null,
|
|
254
|
+
};
|
|
255
|
+
}
|
|
256
|
+
if (stat.isSymbolicLink()) {
|
|
257
|
+
return {
|
|
258
|
+
matched: false,
|
|
259
|
+
detail: `approval marker is a symlink, refusing for safety: ${filePath}`,
|
|
260
|
+
marker: null,
|
|
261
|
+
};
|
|
262
|
+
}
|
|
263
|
+
if (!stat.isFile()) {
|
|
264
|
+
return {
|
|
265
|
+
matched: false,
|
|
266
|
+
detail: `approval marker path is not a regular file: ${filePath}`,
|
|
267
|
+
marker: null,
|
|
268
|
+
};
|
|
269
|
+
}
|
|
270
|
+
let marker = null;
|
|
271
|
+
try {
|
|
272
|
+
const raw = fs.readFileSync(filePath, "utf8");
|
|
273
|
+
const parsed = safeJsonParse(raw);
|
|
274
|
+
if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) {
|
|
275
|
+
const obj = parsed;
|
|
276
|
+
const approvedAt = typeof obj["approvedAt"] === "string" ? obj["approvedAt"] : "";
|
|
277
|
+
const approvedBy = typeof obj["approvedBy"] === "string" ? obj["approvedBy"] : "";
|
|
278
|
+
if (approvedAt.length > 0 && approvedBy.length > 0) {
|
|
279
|
+
marker = { approvedAt, approvedBy };
|
|
280
|
+
}
|
|
281
|
+
}
|
|
282
|
+
}
|
|
283
|
+
catch {
|
|
284
|
+
/* keep marker:null; existence already satisfied the gate */
|
|
285
|
+
}
|
|
286
|
+
const provenance = marker
|
|
287
|
+
? `approved at ${marker.approvedAt} by ${marker.approvedBy}`
|
|
288
|
+
: "marker present, body unreadable (existence still satisfies the gate)";
|
|
289
|
+
return {
|
|
290
|
+
matched: true,
|
|
291
|
+
detail: `approved via marker ${path.basename(filePath)}: ${provenance}`,
|
|
292
|
+
marker,
|
|
293
|
+
};
|
|
294
|
+
}
|
|
295
|
+
/** Clear the per-session marker (used by `harness approve --revoke` and tests). */
|
|
296
|
+
export function clearApprovalMarker(generatedDir, sessionId) {
|
|
297
|
+
try {
|
|
298
|
+
fs.rmSync(approvalMarkerPathFor(generatedDir, sessionId));
|
|
299
|
+
}
|
|
300
|
+
catch {
|
|
301
|
+
/* already gone */
|
|
302
|
+
}
|
|
303
|
+
}
|
|
188
304
|
export function checkPersistedReport(reportsDir, sessionId) {
|
|
189
305
|
const reports = listPersistedReports(reportsDir);
|
|
190
306
|
if (reports.length === 0) {
|