@letterblack/lbe-core 1.3.4 → 1.3.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (78) hide show
  1. package/.githooks/pre-commit +2 -0
  2. package/.githooks/pre-push +2 -0
  3. package/CHANGELOG.md +81 -0
  4. package/LICENSE +1 -1
  5. package/README.md +158 -170
  6. package/RELEASE_WORKSPACE_RULES.md +179 -0
  7. package/Release-README.md +67 -0
  8. package/WORKSPACE.md +422 -0
  9. package/_proof.mjs +246 -0
  10. package/assets/runtime-boundary.svg +36 -36
  11. package/bin/lbe.js +12 -0
  12. package/config/identity.config.json +3 -0
  13. package/config/policy.default.json +24 -0
  14. package/dist/cli/lbe.js +4431 -0
  15. package/dist/hooks/register.cjs +505 -0
  16. package/dist/state/appendCentral.cjs +87 -0
  17. package/dist/state/index.cjs +101 -0
  18. package/exec/cli.js +472 -0
  19. package/exec/index.js +2 -0
  20. package/index.js +24 -0
  21. package/npm-pack.json +0 -0
  22. package/package.json +77 -45
  23. package/release/README.md +216 -0
  24. package/release/TRUST.md +90 -0
  25. package/release/exec-README.md +215 -0
  26. package/release/exec-types.d.ts +50 -0
  27. package/release-exec/LICENSE +1 -0
  28. package/release-exec/README.md +215 -0
  29. package/release-exec/assets/lbe-gates.jpg +0 -0
  30. package/release-exec/assets/lbe-gates.png +0 -0
  31. package/release-exec/assets/runtime-boundary.svg +36 -0
  32. package/release-exec/assets/story-allow.jpg +0 -0
  33. package/release-exec/assets/story-allow.png +0 -0
  34. package/release-exec/assets/story-deny.jpg +0 -0
  35. package/release-exec/assets/story-deny.png +0 -0
  36. package/release-exec/dist/cli.js +2841 -0
  37. package/release-exec/dist/index.js +1835 -0
  38. package/release-exec/dist/lbe_engine.wasm +0 -0
  39. package/{dist → release-exec/dist}/wasm.lock.json +4 -5
  40. package/release-exec/hooks/register.cjs +473 -0
  41. package/release-exec/package.json +35 -0
  42. package/release-exec/types.d.ts +50 -0
  43. package/runtime/engine.js +322 -0
  44. package/runtime/lbe_engine.wasm +0 -0
  45. package/src/cli/commands/assertConsumer.js +198 -0
  46. package/src/cli/commands/auditVerify.js +36 -0
  47. package/src/cli/commands/dryrun.js +175 -0
  48. package/src/cli/commands/health.js +153 -0
  49. package/src/cli/commands/init.js +306 -0
  50. package/src/cli/commands/integrityCheck.js +57 -0
  51. package/src/cli/commands/logs.js +53 -0
  52. package/src/cli/commands/openState.js +44 -0
  53. package/src/cli/commands/policyAdd.js +8 -0
  54. package/src/cli/commands/policyMode.js +7 -0
  55. package/src/cli/commands/policySign.js +72 -0
  56. package/src/cli/commands/proof.js +102 -0
  57. package/src/cli/commands/run.js +342 -0
  58. package/src/cli/commands/status.js +73 -0
  59. package/src/cli/commands/verify.js +144 -0
  60. package/src/cli/main.js +181 -0
  61. package/src/cli/parseArgs.js +115 -0
  62. package/src/exec/localExecutor.js +289 -0
  63. package/src/hooks/register.cjs +505 -0
  64. package/src/state/appendCentral.cjs +87 -0
  65. package/src/state/fileIndex.js +140 -0
  66. package/src/state/index.cjs +101 -0
  67. package/src/state/index.js +65 -0
  68. package/src/state/intentRegistry.js +84 -0
  69. package/src/state/migration.js +112 -0
  70. package/src/state/proofRunner.js +246 -0
  71. package/src/state/stateRoot.js +40 -0
  72. package/src/state/targetRegistry.js +109 -0
  73. package/src/state/workspaceId.js +40 -0
  74. package/src/state/workspaceRegistry.js +65 -0
  75. package/types.d.ts +175 -2
  76. package/dist/cli.js +0 -141
  77. package/dist/index.js +0 -52
  78. /package/dist/{lbe_engine.wasm → cli/lbe_engine.wasm} +0 -0
package/dist/cli.js DELETED
@@ -1,141 +0,0 @@
1
- #!/usr/bin/env node
2
- // @letterblack/lbe-sdk v1.3.3
3
- import fs from 'node:fs';
4
- import path from 'node:path';
5
- import { execute } from './index.js';
6
-
7
- const cmd = process.argv[2];
8
- const cwd = process.cwd();
9
- const policyFile = path.join(cwd, 'lbe.policy.json');
10
- const lbeDir = path.join(cwd, '.lbe');
11
-
12
- function readPolicy() {
13
- if (!fs.existsSync(policyFile)) return null;
14
- return JSON.parse(fs.readFileSync(policyFile, 'utf8'));
15
- }
16
-
17
- function writePolicy(p) {
18
- fs.writeFileSync(policyFile, JSON.stringify(p, null, 2) + '\n', 'utf8');
19
- }
20
-
21
- function ensurePolicy() {
22
- if (fs.existsSync(policyFile)) return readPolicy();
23
- const p = { version: 1, mode: 'observe', workspace: cwd, rules: [] };
24
- writePolicy(p);
25
- return p;
26
- }
27
-
28
- // ── lbe init ──────────────────────────────────────────────────────────────
29
- if (cmd === 'init') {
30
- fs.mkdirSync(lbeDir, { recursive: true });
31
- const policy = ensurePolicy();
32
- const isNew = policy.rules.length === 0 && policy.mode === 'observe';
33
-
34
- process.stdout.write('\n LBE initialised.\n\n');
35
- process.stdout.write(' mode: ' + policy.mode + '\n');
36
- process.stdout.write(' policy: lbe.policy.json\n');
37
- process.stdout.write(' audit log: .lbe/audit.jsonl\n\n');
38
- if (isNew) {
39
- process.stdout.write(' Observer mode is on — LBE is watching but not blocking.\n');
40
- process.stdout.write(' Run \'npx lbe enforce\' when you are ready to block actions.\n\n');
41
- }
42
- process.exit(0);
43
- }
44
-
45
- // ── lbe observe ───────────────────────────────────────────────────────────
46
- if (cmd === 'observe') {
47
- const policy = ensurePolicy();
48
- policy.mode = 'observe';
49
- writePolicy(policy);
50
- process.stdout.write('Observer mode on — LBE is watching silently. Nothing is blocked.\n');
51
- process.exit(0);
52
- }
53
-
54
- // ── lbe enforce ───────────────────────────────────────────────────────────
55
- if (cmd === 'enforce') {
56
- const policy = ensurePolicy();
57
- policy.mode = 'enforce';
58
- writePolicy(policy);
59
- process.stdout.write('Enforcement on — LBE will now block actions that violate policy.\n');
60
- process.exit(0);
61
- }
62
-
63
- // ── lbe policy ────────────────────────────────────────────────────────────
64
- if (cmd === 'policy') {
65
- const policy = readPolicy();
66
- if (!policy) {
67
- process.stdout.write('No policy yet. Run \'npx lbe init\' first.\n');
68
- process.exit(0);
69
- }
70
- process.stdout.write('\n mode: ' + policy.mode + '\n');
71
- process.stdout.write(' rules (' + policy.rules.length + '):\n\n');
72
- if (policy.rules.length === 0) {
73
- process.stdout.write(' No rules yet. LBE learns from your conversation.\n');
74
- }
75
- for (const r of policy.rules) {
76
- const label = r.effect === 'deny' ? ' block' : ' allow';
77
- process.stdout.write(label + ' ' + r.pattern + '\n');
78
- process.stdout.write(' from: ' + r.from + '\n\n');
79
- }
80
- process.exit(0);
81
- }
82
-
83
- // ── lbe status ────────────────────────────────────────────────────────────
84
- if (cmd === 'status') {
85
- const policy = readPolicy();
86
- process.stdout.write('runtime: ok\n');
87
- process.stdout.write('mode: ' + (policy?.mode ?? 'not initialised') + '\n');
88
- process.stdout.write('rules: ' + (policy?.rules?.length ?? 0) + '\n');
89
- const auditLog = path.join(lbeDir, 'audit.jsonl');
90
- if (fs.existsSync(auditLog)) {
91
- const lines = fs.readFileSync(auditLog, 'utf8').trim().split('\n').filter(Boolean);
92
- process.stdout.write('audit: ' + lines.length + ' entries\n');
93
- } else {
94
- process.stdout.write('audit: no entries yet\n');
95
- }
96
- process.exit(0);
97
- }
98
-
99
- // ── lbe execute ───────────────────────────────────────────────────────────
100
- if (cmd === 'execute') {
101
- async function readStdin() {
102
- const chunks = [];
103
- for await (const chunk of process.stdin) chunks.push(chunk);
104
- return Buffer.concat(chunks).toString('utf8');
105
- }
106
- let input = '';
107
- const inputFlag = process.argv.indexOf('--input');
108
- if (inputFlag >= 0) {
109
- const file = process.argv[inputFlag + 1];
110
- if (!file) { process.stderr.write('--input requires a file path\n'); process.exit(2); }
111
- input = fs.readFileSync(file, 'utf8');
112
- } else {
113
- input = await readStdin();
114
- }
115
- try {
116
- const output = execute(input);
117
- process.stdout.write(output + '\n');
118
- const parsed = JSON.parse(output);
119
- if (parsed?.result?.type === 'allowed') process.exit(0);
120
- if (parsed?.result?.type === 'denied') process.exit(1);
121
- process.exit(2);
122
- } catch (err) {
123
- process.stderr.write(String(err?.message || err) + '\n');
124
- process.exit(2);
125
- }
126
- }
127
-
128
- // ── usage ─────────────────────────────────────────────────────────────────
129
- if (!cmd) {
130
- process.stdout.write('\nUsage:\n');
131
- process.stdout.write(' npx lbe init Set up LBE in this project\n');
132
- process.stdout.write(' npx lbe status Show current mode and rule count\n');
133
- process.stdout.write(' npx lbe policy List all rules\n');
134
- process.stdout.write(' npx lbe observe Switch to observer mode (watch, never block)\n');
135
- process.stdout.write(' npx lbe enforce Switch to enforcement mode (block violations)\n');
136
- process.stdout.write(' npx lbe execute Run a raw JSON request (advanced)\n\n');
137
- process.exit(0);
138
- }
139
-
140
- process.stderr.write('Unknown command: ' + cmd + '\nRun \'npx lbe\' for usage.\n');
141
- process.exit(2);
package/dist/index.js DELETED
@@ -1,52 +0,0 @@
1
- // @letterblack/lbe-sdk v1.3.3
2
- import fs from 'node:fs';
3
- import path from 'node:path';
4
- import crypto from 'node:crypto';
5
- import { fileURLToPath } from 'node:url';
6
-
7
- const here = path.dirname(fileURLToPath(import.meta.url));
8
- const wasmPath = path.join(here, 'lbe_engine.wasm');
9
- const lockPath = path.join(here, 'wasm.lock.json');
10
- let instance;
11
-
12
- function hashFile(file) {
13
- return crypto.createHash('sha256').update(fs.readFileSync(file)).digest('hex');
14
- }
15
-
16
- function load() {
17
- if (instance) return instance;
18
- const lock = JSON.parse(fs.readFileSync(lockPath, 'utf8'));
19
- const actual = hashFile(wasmPath);
20
- if (actual !== lock.wasm_sha256) throw new Error('LBE WASM integrity check failed');
21
- const wasm = new WebAssembly.Instance(new WebAssembly.Module(fs.readFileSync(wasmPath)), {});
22
- if (typeof wasm.exports.lbe_execute !== 'function') throw new Error('LBE WASM missing execute entrypoint');
23
- instance = wasm;
24
- return instance;
25
- }
26
-
27
- function memory(wasm) {
28
- return new Uint8Array(wasm.exports.memory.buffer);
29
- }
30
-
31
- function readOut(wasm) {
32
- const mem = memory(wasm);
33
- const ptr = wasm.exports.lbe_out_ptr();
34
- const max = wasm.exports.lbe_buf_size();
35
- let end = ptr;
36
- while (mem[end] !== 0 && end - ptr < max) end++;
37
- return new TextDecoder().decode(mem.slice(ptr, end));
38
- }
39
-
40
- export function execute(input) {
41
- if (typeof input !== 'string') throw new TypeError('execute input must be a string');
42
- const wasm = load();
43
- const bytes = new TextEncoder().encode(input);
44
- const max = wasm.exports.lbe_buf_size();
45
- if (bytes.length + 1 > max) throw new Error('execute input exceeds WASM buffer');
46
- const mem = memory(wasm);
47
- const ptr = wasm.exports.lbe_in_ptr();
48
- mem.set(bytes, ptr);
49
- mem[ptr + bytes.length] = 0;
50
- wasm.exports.lbe_execute();
51
- return readOut(wasm);
52
- }
/package/dist/{lbe_engine.wasm → cli/lbe_engine.wasm} RENAMED
File without changes