npm - @lelu-auth/lelu - Versions diffs - 0.1.0 - Mend

@lelu-auth/lelu 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

package/LICENSE +21 -0
package/README.md +55 -0
package/dist/client-BD9h8CBT.d.mts +235 -0
package/dist/client-BD9h8CBT.d.ts +235 -0
package/dist/express/index.d.mts +31 -0
package/dist/express/index.d.ts +31 -0
package/dist/express/index.js +277 -0
package/dist/express/index.js.map +1 -0
package/dist/express/index.mjs +275 -0
package/dist/express/index.mjs.map +1 -0
package/dist/index.d.mts +104 -0
package/dist/index.d.ts +104 -0
package/dist/index.js +306 -0
package/dist/index.js.map +1 -0
package/dist/index.mjs +296 -0
package/dist/index.mjs.map +1 -0
package/dist/langchain/index.d.mts +110 -0
package/dist/langchain/index.d.ts +110 -0
package/dist/langchain/index.js +159 -0
package/dist/langchain/index.js.map +1 -0
package/dist/langchain/index.mjs +156 -0
package/dist/langchain/index.mjs.map +1 -0
package/dist/react/index.d.mts +52 -0
package/dist/react/index.d.ts +52 -0
package/dist/react/index.js +670 -0
package/dist/react/index.js.map +1 -0
package/dist/react/index.mjs +666 -0
package/dist/react/index.mjs.map +1 -0
package/package.json +95 -0

package/dist/langchain/index.js ADDED Viewed

@@ -0,0 +1,159 @@
+'use strict';
+var openai = require('openai');
+// src/langchain/secure-tool.ts
+var SecureTool = class {
+  name;
+  description;
+  opts;
+  constructor(opts) {
+    this.opts = opts;
+    this.name = opts.name;
+    this.description = opts.description;
+  }
+  /**
+   * invoke — LangChain StructuredTool / DynamicTool compatible entry point.
+   *
+   * 1. Calls Lelu `agentAuthorize` with the confidence score
+   * 2a. Allowed → runs the wrapped tool function
+   * 2b. Requires human review → returns structured "pending" message
+   * 2c. Denied → returns structured refusal string (LLM can self-correct)
+   */
+  async invoke(input) {
+    const result = await this._check(input);
+    if (result.allowed) {
+      return result.output;
+    }
+    if (this.opts.throwOnDeny) {
+      throw new Error(`[Lelu] Tool "${this.name}" denied: ${result.reason}`);
+    }
+    return result.output;
+  }
+  /** call — alias for older LangChain versions. */
+  async call(input) {
+    return this.invoke(input);
+  }
+  /**
+   * Check authorization and run the tool if permitted.
+   * Returns a full ToolCallResult for programmatic consumers.
+   */
+  async checkAndCall(input) {
+    return this._check(input);
+  }
+  async _check(input) {
+    const { actor, requiredPermission, client, func, throwOnDeny } = this.opts;
+    const confidence = this.opts.confidence ?? 1;
+    const actingFor = this.opts.actingFor ?? "";
+    let decision;
+    try {
+      decision = await client.agentAuthorize({
+        actor,
+        action: requiredPermission,
+        context: {
+          confidence,
+          actingFor
+        }
+      });
+    } catch (err) {
+      const msg = `[Lelu] Authorization check failed for "${this.name}": ${String(err)}`;
+      if (throwOnDeny) throw new Error(msg);
+      return {
+        allowed: false,
+        output: msg,
+        requiresHumanReview: false,
+        reason: String(err)
+      };
+    }
+    if (decision.requiresHumanReview) {
+      const msg = `[Lelu] Action "${this.name}" is queued for human review. Reason: ${decision.reason}. Please wait for approval before proceeding.`;
+      return {
+        allowed: false,
+        output: msg,
+        requiresHumanReview: true,
+        reason: decision.reason
+      };
+    }
+    if (!decision.allowed) {
+      const msg = `[Lelu] Action "${this.name}" was denied. Reason: ${decision.reason}. Downgraded scope: ${decision.downgradedScope ?? "none"}.`;
+      return {
+        allowed: false,
+        output: msg,
+        requiresHumanReview: false,
+        reason: decision.reason
+      };
+    }
+    const output = await func(input);
+    return {
+      allowed: true,
+      output,
+      requiresHumanReview: false,
+      reason: decision.reason
+    };
+  }
+};
+var SemanticPolicyGenerator = class {
+  openai;
+  constructor(apiKey) {
+    this.openai = new openai.OpenAI({ apiKey });
+  }
+  /**
+   * Converts a natural language description into a deterministic Rego policy.
+   *
+   * @param description Natural language description of the policy (e.g., "Don't let the bot refund more than $50 unless approved by a finance manager.")
+   * @param packageName The Rego package name (default: "lelu.authz")
+   * @returns The generated Rego policy string
+   */
+  async generateRegoPolicy(description, packageName = "lelu.authz") {
+    const prompt = `
+You are an expert in Open Policy Agent (OPA) Rego policies.
+Your task is to convert the following natural language description into a valid, deterministic Rego policy for the Lelu Auth Permission Engine.
+The policy must output an object with the following structure:
+{
+  "allowed": bool,
+  "reason": string,
+  "downgraded_scope": string (optional),
+  "requires_human_review": bool (optional)
+}
+The input to the policy will be an object with the following structure:
+{
+  "kind": "agent" | "human",
+  "actor": string,
+  "action": string,
+  "resource": map[string]any,
+  "confidence": number (0.0 to 1.0),
+  "acting_for": string,
+  "scope": string
+}
+Natural Language Description:
+"${description}"
+Package Name:
+package ${packageName}
+Requirements:
+1. Output ONLY valid Rego code.
+2. Do not include markdown formatting (like \`\`\`rego).
+3. Ensure the default state is deny (default allowed = false).
+4. Include comments explaining the logic.
+`;
+    const response = await this.openai.chat.completions.create({
+      model: "gpt-4-turbo-preview",
+      messages: [
+        { role: "system", content: "You are a Rego policy generation assistant. Output only raw Rego code." },
+        { role: "user", content: prompt }
+      ],
+      temperature: 0.1
+    });
+    const regoCode = response.choices[0]?.message.content?.trim() || "";
+    return regoCode.replace(/^```rego\n/, "").replace(/\n```$/, "");
+  }
+};
+exports.SecureTool = SecureTool;
+exports.SemanticPolicyGenerator = SemanticPolicyGenerator;
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/langchain/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/langchain/secure-tool.ts","../../src/langchain/SemanticPolicyGenerator.ts"],"names":["OpenAI"],"mappings":";;;;;AA2FO,IAAM,aAAN,MAAiB;AAAA,EACb,IAAA;AAAA,EACA,WAAA;AAAA,EAEQ,IAAA;AAAA,EAEjB,YAAY,IAAA,EAAyB;AACnC,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,OAAO,IAAA,CAAK,IAAA;AACjB,IAAA,IAAA,CAAK,cAAc,IAAA,CAAK,WAAA;AAAA,EAC1B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,OAAO,KAAA,EAAgC;AAC3C,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,MAAA,CAAO,KAAK,CAAA;AACtC,IAAA,IAAI,OAAO,OAAA,EAAS;AAClB,MAAA,OAAO,MAAA,CAAO,MAAA;AAAA,IAChB;AACA,IAAA,IAAI,IAAA,CAAK,KAAK,WAAA,EAAa;AACzB,MAAA,MAAM,IAAI,MAAM,CAAA,aAAA,EAAgB,IAAA,CAAK,IAAI,CAAA,UAAA,EAAa,MAAA,CAAO,MAAM,CAAA,CAAE,CAAA;AAAA,IACvE;AACA,IAAA,OAAO,MAAA,CAAO,MAAA;AAAA,EAChB;AAAA;AAAA,EAGA,MAAM,KAAK,KAAA,EAAgC;AACzC,IAAA,OAAO,IAAA,CAAK,OAAO,KAAK,CAAA;AAAA,EAC1B;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,aAAa,KAAA,EAAwC;AACzD,IAAA,OAAO,IAAA,CAAK,OAAO,KAAK,CAAA;AAAA,EAC1B;AAAA,EAEA,MAAc,OAAO,KAAA,EAAwC;AAC3D,IAAA,MAAM,EAAE,KAAA,EAAO,kBAAA,EAAoB,QAAQ,IAAA,EAAM,WAAA,KAAgB,IAAA,CAAK,IAAA;AACtE,IAAA,MAAM,UAAA,GAAa,IAAA,CAAK,IAAA,CAAK,UAAA,IAAc,CAAA;AAC3C,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,IAAA,CAAK,SAAA,IAAa,EAAA;AAEzC,IAAA,IAAI,QAAA;AACJ,IAAA,IAAI;AACF,MAAA,QAAA,GAAW,MAAM,OAAO,cAAA,CAAe;AAAA,QACrC,KAAA;AAAA,QACA,MAAA,EAAQ,kBAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACP,UAAA;AAAA,UACA;AAAA;AACF,OACD,CAAA;AAAA,IACH,SAAS,GAAA,EAAK;AACZ,MAAA,MAAM,MAAM,CAAA,uCAAA,EAA0C,IAAA,CAAK,IAAI,CAAA,GAAA,EAAM,MAAA,CAAO,GAAG,CAAC,CAAA,CAAA;AAChF,MAAA,IAAI,WAAA,EAAa,MAAM,IAAI,KAAA,CAAM,GAAG,CAAA;AACpC,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,KAAA;AAAA,QACT,MAAA,EAAQ,GAAA;AAAA,QACR,mBAAA,EAAqB,KAAA;AAAA,QACrB,MAAA,EAAQ,OAAO,GAAG;AAAA,OACpB;AAAA,IACF;AAGA,IAAA,IAAI,SAAS,mBAAA,EAAqB;AAChC,MAAA,MAAM,MACJ,CAAA,eAAA,EAAkB,IAAA,CAAK,IAAI,CAAA,sCAAA,EAChB,SAAS,MAAM,CAAA,6CAAA,CAAA;AAC5B,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,KAAA;AAAA,QACT,MAAA,EAAQ,GAAA;AAAA,QACR,mBAAA,EAAqB,IAAA;AAAA,QACrB,QAAQ,QAAA,CAAS;AAAA,OACnB;AAAA,IACF;AAGA,IAAA,IAAI,CAAC,SAAS,OAAA,EAAS;AACrB,MAAA,MAAM,GAAA,GACJ,CAAA,eAAA,EAAkB,IAAA,CAAK,IAAI,CAAA,sBAAA,EAChB,SAAS,MAAM,CAAA,oBAAA,EACL,QAAA,CAAS,eAAA,IAAmB,MAAM,CAAA,CAAA,CAAA;AACzD,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,KAAA;AAAA,QACT,MAAA,EAAQ,GAAA;AAAA,QACR,mBAAA,EAAqB,KAAA;AAAA,QACrB,QAAQ,QAAA,CAAS;AAAA,OACnB;AAAA,IACF;AAGA,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,KAAK,CAAA;AAC/B,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,IAAA;AAAA,MACT,MAAA;AAAA,MACA,mBAAA,EAAqB,KAAA;AAAA,MACrB,QAAQ,QAAA,CAAS;AAAA,KACnB;AAAA,EACF;AACF;ACnMO,IAAM,0BAAN,MAA8B;AAAA,EAC3B,MAAA;AAAA,EAER,YAAY,MAAA,EAAgB;AAC1B,IAAA,IAAA,CAAK,MAAA,GAAS,IAAIA,aAAA,CAAO,EAAE,QAAQ,CAAA;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,kBAAA,CAAmB,WAAA,EAAqB,WAAA,GAAsB,YAAA,EAA+B;AACjG,IAAA,MAAM,MAAA,GAAS;AAAA;AAAA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AAAA;AAAA,CAAA,EAwBhB,WAAW,CAAA;;AAAA;AAAA,QAAA,EAGJ,WAAW;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,CAAA;AASjB,IAAA,MAAM,WAAW,MAAM,IAAA,CAAK,MAAA,CAAO,IAAA,CAAK,YAAY,MAAA,CAAO;AAAA,MACzD,KAAA,EAAO,qBAAA;AAAA,MACP,QAAA,EAAU;AAAA,QACR,EAAE,IAAA,EAAM,QAAA,EAAU,OAAA,EAAS,wEAAA,EAAyE;AAAA,QACpG,EAAE,IAAA,EAAM,MAAA,EAAQ,OAAA,EAAS,MAAA;AAAO,OAClC;AAAA,MACA,WAAA,EAAa;AAAA,KACd,CAAA;AAED,IAAA,MAAM,QAAA,GAAW,SAAS,OAAA,CAAQ,CAAC,GAAG,OAAA,CAAQ,OAAA,EAAS,MAAK,IAAK,EAAA;AAGjE,IAAA,OAAO,SAAS,OAAA,CAAQ,YAAA,EAAc,EAAE,CAAA,CAAE,OAAA,CAAQ,UAAU,EAAE,CAAA;AAAA,EAChE;AACF","file":"index.js","sourcesContent":["/**\n * SecureTool — LangChain tool wrapper with Confidence-Aware Auth\n *\n * Intercepts every tool call and gates it through the Lelu engine before\n * execution. Returns a structured refusal string when denied so the LLM can\n * self-correct, queue for human review, or escalate.\n *\n * Usage:\n * ```typescript\n * import { SecureTool } from 'lelu/langchain';\n *\n * const refundTool = new SecureTool({\n * name: 'process_refund',\n * description: 'Processes a customer refund',\n * actor: 'invoice_bot',\n * requiredPermission: 'invoice:refund',\n * client: leluClient,\n * func: async (input) => {\n * // your tool implementation\n * return `Refund processed for ${input}`;\n * },\n * });\n * ```\n */\n\nimport { LeluClient } from \"../client.js\";\n\n// ─── Minimal LangChain-compatible interface ───────────────────────────────────\n\n/** Minimal interface a wrapped tool must expose. */\nexport interface ToolLike {\n name: string;\n description: string;\n /** LangChain StructuredTool / DynamicTool use `invoke`. */\n invoke?: (input: string, ...args: unknown[]) => Promise<string>;\n /** Older LangChain versions use `call`. */\n call?: (input: string, ...args: unknown[]) => Promise<string>;\n}\n\n// ─── Options ──────────────────────────────────────────────────────────────────\n\nexport interface SecureToolOptions {\n /** Unique tool name (used as the action in authz request). */\n name: string;\n /** Human-readable description forwarded to the LLM. */\n description: string;\n /** The Lelu agent scope / actor name. */\n actor: string;\n /** The permission string being checked (e.g. \"invoice:refund\"). */\n requiredPermission: string;\n /** Configured LeluClient. */\n client: LeluClient;\n /** The actual tool function to execute when authorized. */\n func: (input: string) => Promise<string>;\n /**\n * Optional: LLM confidence score for this invocation (0.0–1.0).\n * If omitted, defaults to 1.0 (full confidence assumed).\n */\n confidence?: number;\n /**\n * Optional: the human user the agent is acting on behalf of.\n */\n actingFor?: string;\n /**\n * Optional: if true, throw an error when denied instead of returning\n * a structured refusal string. Default: false (silent fail, structured msg).\n */\n throwOnDeny?: boolean;\n}\n\n// ─── Result ───────────────────────────────────────────────────────────────────\n\nexport interface ToolCallResult {\n allowed: boolean;\n output: string;\n requiresHumanReview: boolean;\n reviewId?: string;\n reason: string;\n}\n\n// ─── SecureTool ───────────────────────────────────────────────────────────────\n\n/**\n * SecureTool wraps a tool function with Lelu's Confidence-Aware Auth gate.\n *\n * Implements the LangChain Tool interface (name + description + invoke)\n * so it can be dropped into any LangChain agent tool array:\n * ```typescript\n * const agent = await createOpenAIFunctionsAgent({ tools: [refundTool] });\n * ```\n */\nexport class SecureTool {\n readonly name: string;\n readonly description: string;\n\n private readonly opts: SecureToolOptions;\n\n constructor(opts: SecureToolOptions) {\n this.opts = opts;\n this.name = opts.name;\n this.description = opts.description;\n }\n\n /**\n * invoke — LangChain StructuredTool / DynamicTool compatible entry point.\n *\n * 1. Calls Lelu `agentAuthorize` with the confidence score\n * 2a. Allowed → runs the wrapped tool function\n * 2b. Requires human review → returns structured \"pending\" message\n * 2c. Denied → returns structured refusal string (LLM can self-correct)\n */\n async invoke(input: string): Promise<string> {\n const result = await this._check(input);\n if (result.allowed) {\n return result.output;\n }\n if (this.opts.throwOnDeny) {\n throw new Error(`[Lelu] Tool \"${this.name}\" denied: ${result.reason}`);\n }\n return result.output; // structured refusal or pending message\n }\n\n /** call — alias for older LangChain versions. */\n async call(input: string): Promise<string> {\n return this.invoke(input);\n }\n\n /**\n * Check authorization and run the tool if permitted.\n * Returns a full ToolCallResult for programmatic consumers.\n */\n async checkAndCall(input: string): Promise<ToolCallResult> {\n return this._check(input);\n }\n\n private async _check(input: string): Promise<ToolCallResult> {\n const { actor, requiredPermission, client, func, throwOnDeny } = this.opts;\n const confidence = this.opts.confidence ?? 1.0;\n const actingFor = this.opts.actingFor ?? \"\";\n\n let decision;\n try {\n decision = await client.agentAuthorize({\n actor,\n action: requiredPermission,\n context: {\n confidence,\n actingFor,\n },\n });\n } catch (err) {\n const msg = `[Lelu] Authorization check failed for \"${this.name}\": ${String(err)}`;\n if (throwOnDeny) throw new Error(msg);\n return {\n allowed: false,\n output: msg,\n requiresHumanReview: false,\n reason: String(err),\n };\n }\n\n // Human review required — queue and return pending message.\n if (decision.requiresHumanReview) {\n const msg =\n `[Lelu] Action \"${this.name}\" is queued for human review. ` +\n `Reason: ${decision.reason}. Please wait for approval before proceeding.`;\n return {\n allowed: false,\n output: msg,\n requiresHumanReview: true,\n reason: decision.reason,\n };\n }\n\n // Hard deny — return structured refusal.\n if (!decision.allowed) {\n const msg =\n `[Lelu] Action \"${this.name}\" was denied. ` +\n `Reason: ${decision.reason}. ` +\n `Downgraded scope: ${decision.downgradedScope ?? \"none\"}.`;\n return {\n allowed: false,\n output: msg,\n requiresHumanReview: false,\n reason: decision.reason,\n };\n }\n\n // Authorized — run the tool.\n const output = await func(input);\n return {\n allowed: true,\n output,\n requiresHumanReview: false,\n reason: decision.reason,\n };\n }\n}\n","import { OpenAI } from 'openai';\n\nexport class SemanticPolicyGenerator {\n private openai: OpenAI;\n\n constructor(apiKey: string) {\n this.openai = new OpenAI({ apiKey });\n }\n\n /**\n * Converts a natural language description into a deterministic Rego policy.\n * \n * @param description Natural language description of the policy (e.g., \"Don't let the bot refund more than $50 unless approved by a finance manager.\")\n * @param packageName The Rego package name (default: \"lelu.authz\")\n * @returns The generated Rego policy string\n */\n async generateRegoPolicy(description: string, packageName: string = \"lelu.authz\"): Promise<string> {\n const prompt = `\nYou are an expert in Open Policy Agent (OPA) Rego policies.\nYour task is to convert the following natural language description into a valid, deterministic Rego policy for the Lelu Auth Permission Engine.\n\nThe policy must output an object with the following structure:\n{\n \"allowed\": bool,\n \"reason\": string,\n \"downgraded_scope\": string (optional),\n \"requires_human_review\": bool (optional)\n}\n\nThe input to the policy will be an object with the following structure:\n{\n \"kind\": \"agent\" | \"human\",\n \"actor\": string,\n \"action\": string,\n \"resource\": map[string]any,\n \"confidence\": number (0.0 to 1.0),\n \"acting_for\": string,\n \"scope\": string\n}\n\nNatural Language Description:\n\"${description}\"\n\nPackage Name:\npackage ${packageName}\n\nRequirements:\n1. Output ONLY valid Rego code.\n2. Do not include markdown formatting (like \\`\\`\\`rego).\n3. Ensure the default state is deny (default allowed = false).\n4. Include comments explaining the logic.\n`;\n\n const response = await this.openai.chat.completions.create({\n model: \"gpt-4-turbo-preview\",\n messages: [\n { role: \"system\", content: \"You are a Rego policy generation assistant. Output only raw Rego code.\" },\n { role: \"user\", content: prompt }\n ],\n temperature: 0.1,\n });\n\n const regoCode = response.choices[0]?.message.content?.trim() || \"\";\n \n // Strip markdown code blocks if the LLM accidentally included them\n return regoCode.replace(/^```rego\\n/, '').replace(/\\n```$/, '');\n }\n}\n"]}

package/dist/langchain/index.mjs ADDED Viewed

@@ -0,0 +1,156 @@
+import { OpenAI } from 'openai';
+// src/langchain/secure-tool.ts
+var SecureTool = class {
+  name;
+  description;
+  opts;
+  constructor(opts) {
+    this.opts = opts;
+    this.name = opts.name;
+    this.description = opts.description;
+  }
+  /**
+   * invoke — LangChain StructuredTool / DynamicTool compatible entry point.
+   *
+   * 1. Calls Lelu `agentAuthorize` with the confidence score
+   * 2a. Allowed → runs the wrapped tool function
+   * 2b. Requires human review → returns structured "pending" message
+   * 2c. Denied → returns structured refusal string (LLM can self-correct)
+   */
+  async invoke(input) {
+    const result = await this._check(input);
+    if (result.allowed) {
+      return result.output;
+    }
+    if (this.opts.throwOnDeny) {
+      throw new Error(`[Lelu] Tool "${this.name}" denied: ${result.reason}`);
+    }
+    return result.output;
+  }
+  /** call — alias for older LangChain versions. */
+  async call(input) {
+    return this.invoke(input);
+  }
+  /**
+   * Check authorization and run the tool if permitted.
+   * Returns a full ToolCallResult for programmatic consumers.
+   */
+  async checkAndCall(input) {
+    return this._check(input);
+  }
+  async _check(input) {
+    const { actor, requiredPermission, client, func, throwOnDeny } = this.opts;
+    const confidence = this.opts.confidence ?? 1;
+    const actingFor = this.opts.actingFor ?? "";
+    let decision;
+    try {
+      decision = await client.agentAuthorize({
+        actor,
+        action: requiredPermission,
+        context: {
+          confidence,
+          actingFor
+        }
+      });
+    } catch (err) {
+      const msg = `[Lelu] Authorization check failed for "${this.name}": ${String(err)}`;
+      if (throwOnDeny) throw new Error(msg);
+      return {
+        allowed: false,
+        output: msg,
+        requiresHumanReview: false,
+        reason: String(err)
+      };
+    }
+    if (decision.requiresHumanReview) {
+      const msg = `[Lelu] Action "${this.name}" is queued for human review. Reason: ${decision.reason}. Please wait for approval before proceeding.`;
+      return {
+        allowed: false,
+        output: msg,
+        requiresHumanReview: true,
+        reason: decision.reason
+      };
+    }
+    if (!decision.allowed) {
+      const msg = `[Lelu] Action "${this.name}" was denied. Reason: ${decision.reason}. Downgraded scope: ${decision.downgradedScope ?? "none"}.`;
+      return {
+        allowed: false,
+        output: msg,
+        requiresHumanReview: false,
+        reason: decision.reason
+      };
+    }
+    const output = await func(input);
+    return {
+      allowed: true,
+      output,
+      requiresHumanReview: false,
+      reason: decision.reason
+    };
+  }
+};
+var SemanticPolicyGenerator = class {
+  openai;
+  constructor(apiKey) {
+    this.openai = new OpenAI({ apiKey });
+  }
+  /**
+   * Converts a natural language description into a deterministic Rego policy.
+   *
+   * @param description Natural language description of the policy (e.g., "Don't let the bot refund more than $50 unless approved by a finance manager.")
+   * @param packageName The Rego package name (default: "lelu.authz")
+   * @returns The generated Rego policy string
+   */
+  async generateRegoPolicy(description, packageName = "lelu.authz") {
+    const prompt = `
+You are an expert in Open Policy Agent (OPA) Rego policies.
+Your task is to convert the following natural language description into a valid, deterministic Rego policy for the Lelu Auth Permission Engine.
+The policy must output an object with the following structure:
+{
+  "allowed": bool,
+  "reason": string,
+  "downgraded_scope": string (optional),
+  "requires_human_review": bool (optional)
+}
+The input to the policy will be an object with the following structure:
+{
+  "kind": "agent" | "human",
+  "actor": string,
+  "action": string,
+  "resource": map[string]any,
+  "confidence": number (0.0 to 1.0),
+  "acting_for": string,
+  "scope": string
+}
+Natural Language Description:
+"${description}"
+Package Name:
+package ${packageName}
+Requirements:
+1. Output ONLY valid Rego code.
+2. Do not include markdown formatting (like \`\`\`rego).
+3. Ensure the default state is deny (default allowed = false).
+4. Include comments explaining the logic.
+`;
+    const response = await this.openai.chat.completions.create({
+      model: "gpt-4-turbo-preview",
+      messages: [
+        { role: "system", content: "You are a Rego policy generation assistant. Output only raw Rego code." },
+        { role: "user", content: prompt }
+      ],
+      temperature: 0.1
+    });
+    const regoCode = response.choices[0]?.message.content?.trim() || "";
+    return regoCode.replace(/^```rego\n/, "").replace(/\n```$/, "");
+  }
+};
+export { SecureTool, SemanticPolicyGenerator };
+//# sourceMappingURL=index.mjs.map
+//# sourceMappingURL=index.mjs.map

package/dist/langchain/index.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/langchain/secure-tool.ts","../../src/langchain/SemanticPolicyGenerator.ts"],"names":[],"mappings":";;;AA2FO,IAAM,aAAN,MAAiB;AAAA,EACb,IAAA;AAAA,EACA,WAAA;AAAA,EAEQ,IAAA;AAAA,EAEjB,YAAY,IAAA,EAAyB;AACnC,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,OAAO,IAAA,CAAK,IAAA;AACjB,IAAA,IAAA,CAAK,cAAc,IAAA,CAAK,WAAA;AAAA,EAC1B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,OAAO,KAAA,EAAgC;AAC3C,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,MAAA,CAAO,KAAK,CAAA;AACtC,IAAA,IAAI,OAAO,OAAA,EAAS;AAClB,MAAA,OAAO,MAAA,CAAO,MAAA;AAAA,IAChB;AACA,IAAA,IAAI,IAAA,CAAK,KAAK,WAAA,EAAa;AACzB,MAAA,MAAM,IAAI,MAAM,CAAA,aAAA,EAAgB,IAAA,CAAK,IAAI,CAAA,UAAA,EAAa,MAAA,CAAO,MAAM,CAAA,CAAE,CAAA;AAAA,IACvE;AACA,IAAA,OAAO,MAAA,CAAO,MAAA;AAAA,EAChB;AAAA;AAAA,EAGA,MAAM,KAAK,KAAA,EAAgC;AACzC,IAAA,OAAO,IAAA,CAAK,OAAO,KAAK,CAAA;AAAA,EAC1B;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,aAAa,KAAA,EAAwC;AACzD,IAAA,OAAO,IAAA,CAAK,OAAO,KAAK,CAAA;AAAA,EAC1B;AAAA,EAEA,MAAc,OAAO,KAAA,EAAwC;AAC3D,IAAA,MAAM,EAAE,KAAA,EAAO,kBAAA,EAAoB,QAAQ,IAAA,EAAM,WAAA,KAAgB,IAAA,CAAK,IAAA;AACtE,IAAA,MAAM,UAAA,GAAa,IAAA,CAAK,IAAA,CAAK,UAAA,IAAc,CAAA;AAC3C,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,IAAA,CAAK,SAAA,IAAa,EAAA;AAEzC,IAAA,IAAI,QAAA;AACJ,IAAA,IAAI;AACF,MAAA,QAAA,GAAW,MAAM,OAAO,cAAA,CAAe;AAAA,QACrC,KAAA;AAAA,QACA,MAAA,EAAQ,kBAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACP,UAAA;AAAA,UACA;AAAA;AACF,OACD,CAAA;AAAA,IACH,SAAS,GAAA,EAAK;AACZ,MAAA,MAAM,MAAM,CAAA,uCAAA,EAA0C,IAAA,CAAK,IAAI,CAAA,GAAA,EAAM,MAAA,CAAO,GAAG,CAAC,CAAA,CAAA;AAChF,MAAA,IAAI,WAAA,EAAa,MAAM,IAAI,KAAA,CAAM,GAAG,CAAA;AACpC,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,KAAA;AAAA,QACT,MAAA,EAAQ,GAAA;AAAA,QACR,mBAAA,EAAqB,KAAA;AAAA,QACrB,MAAA,EAAQ,OAAO,GAAG;AAAA,OACpB;AAAA,IACF;AAGA,IAAA,IAAI,SAAS,mBAAA,EAAqB;AAChC,MAAA,MAAM,MACJ,CAAA,eAAA,EAAkB,IAAA,CAAK,IAAI,CAAA,sCAAA,EAChB,SAAS,MAAM,CAAA,6CAAA,CAAA;AAC5B,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,KAAA;AAAA,QACT,MAAA,EAAQ,GAAA;AAAA,QACR,mBAAA,EAAqB,IAAA;AAAA,QACrB,QAAQ,QAAA,CAAS;AAAA,OACnB;AAAA,IACF;AAGA,IAAA,IAAI,CAAC,SAAS,OAAA,EAAS;AACrB,MAAA,MAAM,GAAA,GACJ,CAAA,eAAA,EAAkB,IAAA,CAAK,IAAI,CAAA,sBAAA,EAChB,SAAS,MAAM,CAAA,oBAAA,EACL,QAAA,CAAS,eAAA,IAAmB,MAAM,CAAA,CAAA,CAAA;AACzD,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,KAAA;AAAA,QACT,MAAA,EAAQ,GAAA;AAAA,QACR,mBAAA,EAAqB,KAAA;AAAA,QACrB,QAAQ,QAAA,CAAS;AAAA,OACnB;AAAA,IACF;AAGA,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,KAAK,CAAA;AAC/B,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,IAAA;AAAA,MACT,MAAA;AAAA,MACA,mBAAA,EAAqB,KAAA;AAAA,MACrB,QAAQ,QAAA,CAAS;AAAA,KACnB;AAAA,EACF;AACF;ACnMO,IAAM,0BAAN,MAA8B;AAAA,EAC3B,MAAA;AAAA,EAER,YAAY,MAAA,EAAgB;AAC1B,IAAA,IAAA,CAAK,MAAA,GAAS,IAAI,MAAA,CAAO,EAAE,QAAQ,CAAA;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,kBAAA,CAAmB,WAAA,EAAqB,WAAA,GAAsB,YAAA,EAA+B;AACjG,IAAA,MAAM,MAAA,GAAS;AAAA;AAAA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AAAA;AAAA,CAAA,EAwBhB,WAAW,CAAA;;AAAA;AAAA,QAAA,EAGJ,WAAW;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,CAAA;AASjB,IAAA,MAAM,WAAW,MAAM,IAAA,CAAK,MAAA,CAAO,IAAA,CAAK,YAAY,MAAA,CAAO;AAAA,MACzD,KAAA,EAAO,qBAAA;AAAA,MACP,QAAA,EAAU;AAAA,QACR,EAAE,IAAA,EAAM,QAAA,EAAU,OAAA,EAAS,wEAAA,EAAyE;AAAA,QACpG,EAAE,IAAA,EAAM,MAAA,EAAQ,OAAA,EAAS,MAAA;AAAO,OAClC;AAAA,MACA,WAAA,EAAa;AAAA,KACd,CAAA;AAED,IAAA,MAAM,QAAA,GAAW,SAAS,OAAA,CAAQ,CAAC,GAAG,OAAA,CAAQ,OAAA,EAAS,MAAK,IAAK,EAAA;AAGjE,IAAA,OAAO,SAAS,OAAA,CAAQ,YAAA,EAAc,EAAE,CAAA,CAAE,OAAA,CAAQ,UAAU,EAAE,CAAA;AAAA,EAChE;AACF","file":"index.mjs","sourcesContent":["/**\n * SecureTool — LangChain tool wrapper with Confidence-Aware Auth\n *\n * Intercepts every tool call and gates it through the Lelu engine before\n * execution. Returns a structured refusal string when denied so the LLM can\n * self-correct, queue for human review, or escalate.\n *\n * Usage:\n * ```typescript\n * import { SecureTool } from 'lelu/langchain';\n *\n * const refundTool = new SecureTool({\n * name: 'process_refund',\n * description: 'Processes a customer refund',\n * actor: 'invoice_bot',\n * requiredPermission: 'invoice:refund',\n * client: leluClient,\n * func: async (input) => {\n * // your tool implementation\n * return `Refund processed for ${input}`;\n * },\n * });\n * ```\n */\n\nimport { LeluClient } from \"../client.js\";\n\n// ─── Minimal LangChain-compatible interface ───────────────────────────────────\n\n/** Minimal interface a wrapped tool must expose. */\nexport interface ToolLike {\n name: string;\n description: string;\n /** LangChain StructuredTool / DynamicTool use `invoke`. */\n invoke?: (input: string, ...args: unknown[]) => Promise<string>;\n /** Older LangChain versions use `call`. */\n call?: (input: string, ...args: unknown[]) => Promise<string>;\n}\n\n// ─── Options ──────────────────────────────────────────────────────────────────\n\nexport interface SecureToolOptions {\n /** Unique tool name (used as the action in authz request). */\n name: string;\n /** Human-readable description forwarded to the LLM. */\n description: string;\n /** The Lelu agent scope / actor name. */\n actor: string;\n /** The permission string being checked (e.g. \"invoice:refund\"). */\n requiredPermission: string;\n /** Configured LeluClient. */\n client: LeluClient;\n /** The actual tool function to execute when authorized. */\n func: (input: string) => Promise<string>;\n /**\n * Optional: LLM confidence score for this invocation (0.0–1.0).\n * If omitted, defaults to 1.0 (full confidence assumed).\n */\n confidence?: number;\n /**\n * Optional: the human user the agent is acting on behalf of.\n */\n actingFor?: string;\n /**\n * Optional: if true, throw an error when denied instead of returning\n * a structured refusal string. Default: false (silent fail, structured msg).\n */\n throwOnDeny?: boolean;\n}\n\n// ─── Result ───────────────────────────────────────────────────────────────────\n\nexport interface ToolCallResult {\n allowed: boolean;\n output: string;\n requiresHumanReview: boolean;\n reviewId?: string;\n reason: string;\n}\n\n// ─── SecureTool ───────────────────────────────────────────────────────────────\n\n/**\n * SecureTool wraps a tool function with Lelu's Confidence-Aware Auth gate.\n *\n * Implements the LangChain Tool interface (name + description + invoke)\n * so it can be dropped into any LangChain agent tool array:\n * ```typescript\n * const agent = await createOpenAIFunctionsAgent({ tools: [refundTool] });\n * ```\n */\nexport class SecureTool {\n readonly name: string;\n readonly description: string;\n\n private readonly opts: SecureToolOptions;\n\n constructor(opts: SecureToolOptions) {\n this.opts = opts;\n this.name = opts.name;\n this.description = opts.description;\n }\n\n /**\n * invoke — LangChain StructuredTool / DynamicTool compatible entry point.\n *\n * 1. Calls Lelu `agentAuthorize` with the confidence score\n * 2a. Allowed → runs the wrapped tool function\n * 2b. Requires human review → returns structured \"pending\" message\n * 2c. Denied → returns structured refusal string (LLM can self-correct)\n */\n async invoke(input: string): Promise<string> {\n const result = await this._check(input);\n if (result.allowed) {\n return result.output;\n }\n if (this.opts.throwOnDeny) {\n throw new Error(`[Lelu] Tool \"${this.name}\" denied: ${result.reason}`);\n }\n return result.output; // structured refusal or pending message\n }\n\n /** call — alias for older LangChain versions. */\n async call(input: string): Promise<string> {\n return this.invoke(input);\n }\n\n /**\n * Check authorization and run the tool if permitted.\n * Returns a full ToolCallResult for programmatic consumers.\n */\n async checkAndCall(input: string): Promise<ToolCallResult> {\n return this._check(input);\n }\n\n private async _check(input: string): Promise<ToolCallResult> {\n const { actor, requiredPermission, client, func, throwOnDeny } = this.opts;\n const confidence = this.opts.confidence ?? 1.0;\n const actingFor = this.opts.actingFor ?? \"\";\n\n let decision;\n try {\n decision = await client.agentAuthorize({\n actor,\n action: requiredPermission,\n context: {\n confidence,\n actingFor,\n },\n });\n } catch (err) {\n const msg = `[Lelu] Authorization check failed for \"${this.name}\": ${String(err)}`;\n if (throwOnDeny) throw new Error(msg);\n return {\n allowed: false,\n output: msg,\n requiresHumanReview: false,\n reason: String(err),\n };\n }\n\n // Human review required — queue and return pending message.\n if (decision.requiresHumanReview) {\n const msg =\n `[Lelu] Action \"${this.name}\" is queued for human review. ` +\n `Reason: ${decision.reason}. Please wait for approval before proceeding.`;\n return {\n allowed: false,\n output: msg,\n requiresHumanReview: true,\n reason: decision.reason,\n };\n }\n\n // Hard deny — return structured refusal.\n if (!decision.allowed) {\n const msg =\n `[Lelu] Action \"${this.name}\" was denied. ` +\n `Reason: ${decision.reason}. ` +\n `Downgraded scope: ${decision.downgradedScope ?? \"none\"}.`;\n return {\n allowed: false,\n output: msg,\n requiresHumanReview: false,\n reason: decision.reason,\n };\n }\n\n // Authorized — run the tool.\n const output = await func(input);\n return {\n allowed: true,\n output,\n requiresHumanReview: false,\n reason: decision.reason,\n };\n }\n}\n","import { OpenAI } from 'openai';\n\nexport class SemanticPolicyGenerator {\n private openai: OpenAI;\n\n constructor(apiKey: string) {\n this.openai = new OpenAI({ apiKey });\n }\n\n /**\n * Converts a natural language description into a deterministic Rego policy.\n * \n * @param description Natural language description of the policy (e.g., \"Don't let the bot refund more than $50 unless approved by a finance manager.\")\n * @param packageName The Rego package name (default: \"lelu.authz\")\n * @returns The generated Rego policy string\n */\n async generateRegoPolicy(description: string, packageName: string = \"lelu.authz\"): Promise<string> {\n const prompt = `\nYou are an expert in Open Policy Agent (OPA) Rego policies.\nYour task is to convert the following natural language description into a valid, deterministic Rego policy for the Lelu Auth Permission Engine.\n\nThe policy must output an object with the following structure:\n{\n \"allowed\": bool,\n \"reason\": string,\n \"downgraded_scope\": string (optional),\n \"requires_human_review\": bool (optional)\n}\n\nThe input to the policy will be an object with the following structure:\n{\n \"kind\": \"agent\" | \"human\",\n \"actor\": string,\n \"action\": string,\n \"resource\": map[string]any,\n \"confidence\": number (0.0 to 1.0),\n \"acting_for\": string,\n \"scope\": string\n}\n\nNatural Language Description:\n\"${description}\"\n\nPackage Name:\npackage ${packageName}\n\nRequirements:\n1. Output ONLY valid Rego code.\n2. Do not include markdown formatting (like \\`\\`\\`rego).\n3. Ensure the default state is deny (default allowed = false).\n4. Include comments explaining the logic.\n`;\n\n const response = await this.openai.chat.completions.create({\n model: \"gpt-4-turbo-preview\",\n messages: [\n { role: \"system\", content: \"You are a Rego policy generation assistant. Output only raw Rego code.\" },\n { role: \"user\", content: prompt }\n ],\n temperature: 0.1,\n });\n\n const regoCode = response.choices[0]?.message.content?.trim() || \"\";\n \n // Strip markdown code blocks if the LLM accidentally included them\n return regoCode.replace(/^```rego\\n/, '').replace(/\\n```$/, '');\n }\n}\n"]}

package/dist/react/index.d.mts ADDED Viewed

@@ -0,0 +1,52 @@
+import React from 'react';
+interface ApprovalRequest {
+    id: string;
+    agentId: string;
+    action: string;
+    resource: Record<string, any>;
+    confidence: number;
+    reason: string;
+    timestamp: string;
+}
+interface LeluApprovalUIProps {
+    apiBaseUrl?: string;
+    onApprove?: (request: ApprovalRequest) => void;
+    onDeny?: (request: ApprovalRequest) => void;
+    pollIntervalMs?: number;
+}
+declare const LeluApprovalUI: React.FC<LeluApprovalUIProps>;
+interface AgentReputationDashboardProps {
+    apiBaseUrl?: string;
+    refreshIntervalMs?: number;
+}
+declare const AgentReputationDashboard: React.FC<AgentReputationDashboardProps>;
+interface UseAgentPermissionOptions {
+    /** Base URL of the Lelu engine.  Defaults to http://localhost:8080 */
+    baseUrl?: string;
+    /** API key forwarded to the engine */
+    apiKey?: string;
+    /** Scope override passed in the request */
+    scope?: string;
+}
+interface AgentPermissionState {
+    canExecute: boolean;
+    loading: boolean;
+    reason: string;
+    decision: "allowed" | "denied" | "human_review" | "";
+}
+/**
+ * React hook that checks whether an agent actor may perform an action.
+ *
+ * ```tsx
+ * const { canExecute, loading, reason } = useAgentPermission(
+ *   "agent-007", "files.read", 0.95,
+ *   { baseUrl: "http://localhost:8080", apiKey: process.env.NEXT_PUBLIC_LELU_KEY }
+ * );
+ * ```
+ */
+declare function useAgentPermission(actor: string, action: string, confidence?: number, opts?: UseAgentPermissionOptions): AgentPermissionState;
+export { type AgentPermissionState, AgentReputationDashboard, LeluApprovalUI, type UseAgentPermissionOptions, useAgentPermission };

package/dist/react/index.d.ts ADDED Viewed

@@ -0,0 +1,52 @@
+import React from 'react';
+interface ApprovalRequest {
+    id: string;
+    agentId: string;
+    action: string;
+    resource: Record<string, any>;
+    confidence: number;
+    reason: string;
+    timestamp: string;
+}
+interface LeluApprovalUIProps {
+    apiBaseUrl?: string;
+    onApprove?: (request: ApprovalRequest) => void;
+    onDeny?: (request: ApprovalRequest) => void;
+    pollIntervalMs?: number;
+}
+declare const LeluApprovalUI: React.FC<LeluApprovalUIProps>;
+interface AgentReputationDashboardProps {
+    apiBaseUrl?: string;
+    refreshIntervalMs?: number;
+}
+declare const AgentReputationDashboard: React.FC<AgentReputationDashboardProps>;
+interface UseAgentPermissionOptions {
+    /** Base URL of the Lelu engine.  Defaults to http://localhost:8080 */
+    baseUrl?: string;
+    /** API key forwarded to the engine */
+    apiKey?: string;
+    /** Scope override passed in the request */
+    scope?: string;
+}
+interface AgentPermissionState {
+    canExecute: boolean;
+    loading: boolean;
+    reason: string;
+    decision: "allowed" | "denied" | "human_review" | "";
+}
+/**
+ * React hook that checks whether an agent actor may perform an action.
+ *
+ * ```tsx
+ * const { canExecute, loading, reason } = useAgentPermission(
+ *   "agent-007", "files.read", 0.95,
+ *   { baseUrl: "http://localhost:8080", apiKey: process.env.NEXT_PUBLIC_LELU_KEY }
+ * );
+ * ```
+ */
+declare function useAgentPermission(actor: string, action: string, confidence?: number, opts?: UseAgentPermissionOptions): AgentPermissionState;
+export { type AgentPermissionState, AgentReputationDashboard, LeluApprovalUI, type UseAgentPermissionOptions, useAgentPermission };