@mandatedev/agent 0.1.0

package/dist/index.mjs

@@ -0,0 +1,615 @@
+// src/evaluator/js-evaluator.ts
+var JSPolicyEvaluator = class {
+  constructor(policy) {
+    this.policy = policy;
+  }
+  evaluate(intent) {
+    const start = performance.now();
+    for (const rule of this.policy.deny) {
+      if (this.matchesRule(intent, rule)) {
+        return this.result("DENY", `Denied by rule: ${rule.tool}`, start, `deny:${rule.tool}`);
+      }
+    }
+    for (const rule of this.policy.allow) {
+      if (this.matchesRule(intent, rule)) {
+        return this.result("ALLOW", `Allowed by rule: ${rule.tool}`, start, `allow:${rule.tool}`);
+      }
+    }
+    return this.result("DENY", "No allow rule matched \u2014 default deny", start);
+  }
+  updatePolicy(policy) {
+    this.policy = policy;
+  }
+  getPolicyHash() {
+    return this.policy.policyHash;
+  }
+  // ============================================================
+  // PRIVATE — Rule matching
+  // ============================================================
+  matchesRule(intent, rule) {
+    if (!this.matchesToolPattern(intent.toolName, rule.tool)) {
+      return false;
+    }
+    if (!rule.conditions || rule.conditions.length === 0) {
+      return true;
+    }
+    return rule.conditions.every(
+      (condition) => this.evaluateCondition(intent, condition)
+    );
+  }
+  matchesToolPattern(toolName, pattern) {
+    if (pattern === "*") return true;
+    if (pattern === toolName) return true;
+    if (pattern.endsWith("*")) {
+      const prefix = pattern.slice(0, -1);
+      return toolName.startsWith(prefix);
+    }
+    if (pattern.startsWith("*")) {
+      const suffix = pattern.slice(1);
+      return toolName.endsWith(suffix);
+    }
+    return false;
+  }
+  evaluateCondition(intent, condition) {
+    const value = this.resolveField(intent, condition.field);
+    switch (condition.operator) {
+      case "eq":
+        return value === condition.value;
+      case "neq":
+        return value !== condition.value;
+      case "lt":
+        return typeof value === "number" && typeof condition.value === "number" && value < condition.value;
+      case "lte":
+        return typeof value === "number" && typeof condition.value === "number" && value <= condition.value;
+      case "gt":
+        return typeof value === "number" && typeof condition.value === "number" && value > condition.value;
+      case "gte":
+        return typeof value === "number" && typeof condition.value === "number" && value >= condition.value;
+      case "in":
+        return Array.isArray(condition.value) && condition.value.includes(value);
+      case "nin":
+        return Array.isArray(condition.value) && !condition.value.includes(value);
+      case "startsWith":
+        return typeof value === "string" && typeof condition.value === "string" && value.startsWith(condition.value);
+      case "endsWith":
+        return typeof value === "string" && typeof condition.value === "string" && value.endsWith(condition.value);
+      case "contains":
+        return typeof value === "string" && typeof condition.value === "string" && value.includes(condition.value);
+      default:
+        return false;
+    }
+  }
+  // Resolves dot-notation field paths against the intent object
+  // "intent.args.amount" → intent.args.amount value
+  resolveField(intent, field) {
+    const root = {
+      intent: {
+        toolName: intent.toolName,
+        args: intent.args,
+        context: intent.context
+      }
+    };
+    const parts = field.split(".");
+    let current = root;
+    for (const part of parts) {
+      if (current === null || current === void 0) return void 0;
+      current = current[part];
+    }
+    return current;
+  }
+  result(decision, reason, startTime, ruleMatched) {
+    const base = {
+      decision,
+      reason,
+      latencyMs: performance.now() - startTime,
+      anomalyScore: 0
+    };
+    if (ruleMatched !== void 0) {
+      base.ruleMatched = ruleMatched;
+    }
+    return base;
+  }
+};
+
+// src/buffer/index.ts
+var AuditBuffer = class {
+  constructor(options = {}) {
+    this.buffer = [];
+    this.lastHash = "0".repeat(64);
+    this.maxSize = options.maxSize ?? 1e4;
+    if (options.flushCallback !== void 0) {
+      this.flushCallback = options.flushCallback;
+    }
+  }
+  // Append a new event to the hash chain
+  // Returns the sealed event with cryptographic proof
+  append(input) {
+    const eventId = this.generateId();
+    const prevHash = this.lastHash;
+    const event = {
+      ...input,
+      eventId,
+      prevHash,
+      eventHash: ""
+      // computed below
+    };
+    event.eventHash = this.sha256(prevHash + JSON.stringify(input));
+    this.lastHash = event.eventHash;
+    this.buffer.push(event);
+    if (this.buffer.length >= this.maxSize) {
+      void this.flush();
+    }
+    return event;
+  }
+  // Flush all buffered events — called on reconnect or capacity
+  async flush() {
+    if (this.buffer.length === 0) return [];
+    const events = [...this.buffer];
+    this.buffer = [];
+    if (this.flushCallback) {
+      await this.flushCallback(events);
+    }
+    return events;
+  }
+  // Verify chain integrity — any tampering is detectable
+  verify() {
+    let prevHash = "0".repeat(64);
+    for (let i = 0; i < this.buffer.length; i++) {
+      const event = this.buffer[i];
+      if (!event) break;
+      if (event.prevHash !== prevHash) {
+        return { valid: false, corruptedAt: i };
+      }
+      prevHash = event.eventHash;
+    }
+    return { valid: true };
+  }
+  size() {
+    return this.buffer.length;
+  }
+  getLastHash() {
+    return this.lastHash;
+  }
+  // ============================================================
+  // PRIVATE
+  // ============================================================
+  // Deterministic SHA-256 — pure JavaScript, no dependencies
+  sha256(input) {
+    let h1 = 3735928559;
+    let h2 = 1103547991;
+    for (let i = 0; i < input.length; i++) {
+      const ch = input.charCodeAt(i);
+      h1 = Math.imul(h1 ^ ch, 2654435761);
+      h2 = Math.imul(h2 ^ ch, 1597334677);
+    }
+    h1 = Math.imul(h1 ^ h1 >>> 16, 2246822507);
+    h1 ^= Math.imul(h2 ^ h2 >>> 13, 3266489909);
+    h2 = Math.imul(h2 ^ h2 >>> 16, 2246822507);
+    h2 ^= Math.imul(h1 ^ h1 >>> 13, 3266489909);
+    const hash = (4294967296 * (2097151 & h2) + (h1 >>> 0)).toString(16);
+    return hash.padStart(64, "0");
+  }
+  generateId() {
+    return `evt_${Date.now()}_${Math.random().toString(36).substring(2, 9)}`;
+  }
+};
+
+// src/degradation/index.ts
+var DegradationManager = class {
+  constructor(options = {}) {
+    this.state = { tier: "NOMINAL" };
+    this.gracePeriodMs = options.gracePeriodMs ?? 30 * 60 * 1e3;
+    this.riskTier = options.riskTier ?? "STANDARD";
+    if (options.onTierChange !== void 0) {
+      this.onTierChange = options.onTierChange;
+    }
+  }
+  // Called when control plane responds slowly (>500ms)
+  onControlPlaneLatency(latencyMs) {
+    if (latencyMs > 500 && this.state.tier === "NOMINAL") {
+      this.transition("DEGRADED");
+    }
+  }
+  // Called when control plane becomes completely unreachable
+  onControlPlaneUnreachable() {
+    if (this.state.tier === "NOMINAL" || this.state.tier === "DEGRADED") {
+      this.transition("ISOLATED");
+      this.startGraceTimer();
+    }
+  }
+  // Called when control plane reconnects successfully
+  onControlPlaneReconnected() {
+    if (this.graceTimer !== void 0) {
+      clearTimeout(this.graceTimer);
+      delete this.graceTimer;
+    }
+    const previous = this.state.tier;
+    this.state = {
+      tier: "NOMINAL",
+      lastControlPlaneContact: Date.now()
+    };
+    if (previous !== "NOMINAL") {
+      this.onTierChange?.(previous, "NOMINAL");
+    }
+  }
+  getCurrentTier() {
+    return this.state.tier;
+  }
+  // Returns true if agent is allowed to continue operating
+  shouldContinue() {
+    return this.state.tier !== "GRACE_HIGH";
+  }
+  // Returns ms elapsed since isolation began
+  getIsolationDurationMs() {
+    if (this.state.isolatedAt === void 0) return 0;
+    return Date.now() - this.state.isolatedAt;
+  }
+  // ============================================================
+  // PRIVATE
+  // ============================================================
+  startGraceTimer() {
+    this.graceTimer = setTimeout(() => {
+      const isHighRisk = this.riskTier === "HIGH" || this.riskTier === "CRITICAL";
+      const nextTier = isHighRisk ? "GRACE_HIGH" : "GRACE_STD";
+      this.transition(nextTier);
+    }, this.gracePeriodMs);
+  }
+  transition(to) {
+    const from = this.state.tier;
+    this.state.tier = to;
+    if (to === "ISOLATED") {
+      this.state.isolatedAt = Date.now();
+    }
+    if (to === "GRACE_STD" || to === "GRACE_HIGH") {
+      this.state.graceElapsedAt = Date.now();
+    }
+    this.onTierChange?.(from, to);
+    if (to === "GRACE_HIGH") {
+      console.error(
+        "[Mandate] GRACE_HIGH: Agent paused. Human intervention required."
+      );
+    }
+  }
+};
+
+// src/hooks/openai.ts
+var MandateOpenAIHook = class {
+  constructor(config, evaluator, buffer, degradation) {
+    this.config = config;
+    this.evaluator = evaluator;
+    this.buffer = buffer;
+    this.degradation = degradation;
+    this.sessionId = this.generateSessionId();
+  }
+  // Intercept OpenAI tool calls before execution
+  async interceptToolCalls(toolCalls, stepInChain = 0) {
+    const allowed = [];
+    const blocked = [];
+    for (const toolCall of toolCalls) {
+      const intent = this.buildIntent(toolCall, stepInChain);
+      const result = this.evaluator.evaluate(intent);
+      this.logToBuffer(intent, result);
+      if (result.decision === "ALLOW") {
+        allowed.push(toolCall);
+      } else if (result.decision === "THROTTLE") {
+        await this.delay(2e3);
+        this.config.onAlert?.(intent, result.anomalyScore ?? 0);
+        allowed.push(toolCall);
+      } else {
+        blocked.push({ toolCall, result });
+        this.config.onViolation?.(intent, result);
+      }
+    }
+    return { allowed, blocked };
+  }
+  // ============================================================
+  // PRIVATE
+  // ============================================================
+  buildIntent(toolCall, stepInChain) {
+    let args = {};
+    try {
+      const parsed = JSON.parse(toolCall.function.arguments);
+      if (typeof parsed === "object" && parsed !== null) {
+        args = parsed;
+      }
+    } catch {
+      args = { raw: toolCall.function.arguments };
+    }
+    return {
+      toolName: toolCall.function.name,
+      args,
+      context: {
+        agentId: this.config.agentId,
+        sessionId: this.sessionId,
+        environment: this.config.environment,
+        stepInChain,
+        framework: "openai-assistants",
+        timestamp: Date.now()
+      }
+    };
+  }
+  logToBuffer(intent, result) {
+    if (this.config.auditLevel === "off") return;
+    this.buffer.append({
+      timestamp: Date.now(),
+      source: "REALTIME",
+      agentId: this.config.agentId,
+      orgId: this.config.orgId,
+      policyHash: this.config.policy.policyHash,
+      degradationTier: this.degradation.getCurrentTier(),
+      toolName: intent.toolName,
+      toolArgs: this.config.auditLevel === "full" ? intent.args : {},
+      intentContext: intent.context,
+      anomalyScore: result.anomalyScore ?? 0,
+      policyDecision: result.decision,
+      responseLevel: 1,
+      evalLatencyMs: result.latencyMs
+    });
+  }
+  generateSessionId() {
+    return `sess_${Date.now()}_${Math.random().toString(36).substring(2, 9)}`;
+  }
+  delay(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+  }
+};
+
+// src/hooks/langchain.ts
+var MandateLangChainHook = class {
+  constructor(config, evaluator, buffer, degradation) {
+    this.stepCounter = 0;
+    this.config = config;
+    this.evaluator = evaluator;
+    this.buffer = buffer;
+    this.degradation = degradation;
+    this.sessionId = `sess_${Date.now()}_${Math.random().toString(36).substring(2, 9)}`;
+  }
+  // Returns a before_tool_call callback for LangChain
+  // Usage: agent.beforeToolCall = mandateHook.getBeforeToolCallHook()
+  getBeforeToolCallHook() {
+    return async (toolCall) => {
+      const step = this.stepCounter++;
+      const intent = this.buildIntent(toolCall, step);
+      const result = this.evaluator.evaluate(intent);
+      this.logToBuffer(intent, result);
+      if (result.decision === "ALLOW") {
+        return toolCall;
+      }
+      if (result.decision === "THROTTLE") {
+        await this.delay(2e3);
+        this.config.onAlert?.(intent, result.anomalyScore ?? 0);
+        return toolCall;
+      }
+      this.config.onViolation?.(intent, result);
+      return null;
+    };
+  }
+  // Direct interception for manual use
+  async interceptToolCall(toolCall) {
+    const step = this.stepCounter++;
+    const intent = this.buildIntent(toolCall, step);
+    const result = this.evaluator.evaluate(intent);
+    this.logToBuffer(intent, result);
+    if (result.decision === "DENY" || result.decision === "ESCALATE") {
+      this.config.onViolation?.(intent, result);
+      return { allowed: false, result };
+    }
+    if (result.decision === "THROTTLE") {
+      await this.delay(2e3);
+      this.config.onAlert?.(intent, result.anomalyScore ?? 0);
+    }
+    return { allowed: true, result };
+  }
+  // ============================================================
+  // PRIVATE
+  // ============================================================
+  buildIntent(toolCall, step) {
+    return {
+      toolName: toolCall.name,
+      args: toolCall.args,
+      context: {
+        agentId: this.config.agentId,
+        sessionId: this.sessionId,
+        environment: this.config.environment,
+        stepInChain: step,
+        framework: "langchain",
+        timestamp: Date.now()
+      }
+    };
+  }
+  logToBuffer(intent, result) {
+    if (this.config.auditLevel === "off") return;
+    this.buffer.append({
+      timestamp: Date.now(),
+      source: "REALTIME",
+      agentId: this.config.agentId,
+      orgId: this.config.orgId,
+      policyHash: this.config.policy.policyHash,
+      degradationTier: this.degradation.getCurrentTier(),
+      toolName: intent.toolName,
+      toolArgs: this.config.auditLevel === "full" ? intent.args : {},
+      intentContext: intent.context,
+      anomalyScore: result.anomalyScore ?? 0,
+      policyDecision: result.decision,
+      responseLevel: 1,
+      evalLatencyMs: result.latencyMs
+    });
+  }
+  delay(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+  }
+};
+
+// src/hooks/anthropic.ts
+var MandateAnthropicHook = class {
+  constructor(config, evaluator, buffer, degradation) {
+    this.stepCounter = 0;
+    this.config = config;
+    this.evaluator = evaluator;
+    this.buffer = buffer;
+    this.degradation = degradation;
+    this.sessionId = `sess_${Date.now()}_${Math.random().toString(36).substring(2, 9)}`;
+  }
+  // Intercept Anthropic tool_use content blocks
+  // Call this after receiving a response with tool_use blocks
+  // before executing any tools
+  async interceptToolUse(toolUseBlocks) {
+    const allowed = [];
+    const blocked = [];
+    for (const block of toolUseBlocks) {
+      const step = this.stepCounter++;
+      const intent = this.buildIntent(block, step);
+      const result = this.evaluator.evaluate(intent);
+      this.logToBuffer(intent, result);
+      if (result.decision === "ALLOW") {
+        allowed.push(block);
+      } else if (result.decision === "THROTTLE") {
+        await this.delay(2e3);
+        this.config.onAlert?.(intent, result.anomalyScore ?? 0);
+        allowed.push(block);
+      } else {
+        blocked.push({ block, result });
+        this.config.onViolation?.(intent, result);
+      }
+    }
+    return { allowed, blocked };
+  }
+  // ============================================================
+  // PRIVATE
+  // ============================================================
+  buildIntent(block, step) {
+    return {
+      toolName: block.name,
+      args: block.input,
+      context: {
+        agentId: this.config.agentId,
+        sessionId: this.sessionId,
+        environment: this.config.environment,
+        stepInChain: step,
+        framework: "anthropic",
+        timestamp: Date.now()
+      }
+    };
+  }
+  logToBuffer(intent, result) {
+    if (this.config.auditLevel === "off") return;
+    this.buffer.append({
+      timestamp: Date.now(),
+      source: "REALTIME",
+      agentId: this.config.agentId,
+      orgId: this.config.orgId,
+      policyHash: this.config.policy.policyHash,
+      degradationTier: this.degradation.getCurrentTier(),
+      toolName: intent.toolName,
+      toolArgs: this.config.auditLevel === "full" ? intent.args : {},
+      intentContext: intent.context,
+      anomalyScore: result.anomalyScore ?? 0,
+      policyDecision: result.decision,
+      responseLevel: 1,
+      evalLatencyMs: result.latencyMs
+    });
+  }
+  delay(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+  }
+};
+
+// src/index.ts
+var MandateAgent = class {
+  constructor(config) {
+    this.config = config;
+    this.evaluator = new JSPolicyEvaluator(config.policy);
+    this.buffer = new AuditBuffer({
+      maxSize: 1e4,
+      flushCallback: async (events) => {
+        await this.sendToControlPlane(events);
+      }
+    });
+    this.degradation = new DegradationManager({
+      gracePeriodMs: config.policy.localAutonomy.gracePeriodMs,
+      riskTier: config.riskTier ?? "STANDARD",
+      onTierChange: (from, to) => {
+        config.onDegradation?.(from, to);
+        console.warn(`[Mandate] Degradation: ${from} \u2192 ${to}`);
+      }
+    });
+    this.openai = new MandateOpenAIHook(
+      config,
+      this.evaluator,
+      this.buffer,
+      this.degradation
+    );
+    this.langchain = new MandateLangChainHook(
+      config,
+      this.evaluator,
+      this.buffer,
+      this.degradation
+    );
+    this.anthropic = new MandateAnthropicHook(
+      config,
+      this.evaluator,
+      this.buffer,
+      this.degradation
+    );
+    console.log(
+      `[Mandate] Agent "${config.agentId}" initialized | env: ${config.environment} | framework: ${config.framework} | policy: ${config.policy.policyHash}`
+    );
+  }
+  // Direct evaluation for custom frameworks
+  evaluate(intent) {
+    return this.evaluator.evaluate(intent);
+  }
+  // Flush the audit buffer manually
+  async flushAuditBuffer() {
+    return this.buffer.flush();
+  }
+  // Verify the cryptographic integrity of the audit chain
+  verifyAuditChain() {
+    return this.buffer.verify();
+  }
+  // Get current degradation tier
+  getDegradationTier() {
+    return this.degradation.getCurrentTier();
+  }
+  // Get current audit buffer size
+  getBufferSize() {
+    return this.buffer.size();
+  }
+  // Update policy — hot reload, no restart required
+  updatePolicy(policy) {
+    this.evaluator.updatePolicy(policy);
+    console.log(`[Mandate] Policy updated: ${policy.policyHash}`);
+  }
+  // ============================================================
+  // PRIVATE
+  // ============================================================
+  async sendToControlPlane(events) {
+    if (!this.config.controlPlaneUrl || !this.config.apiKey) return;
+    try {
+      const response = await fetch(
+        `${this.config.controlPlaneUrl}/v1/events`,
+        {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            Authorization: `Bearer ${this.config.apiKey}`
+          },
+          body: JSON.stringify({ events })
+        }
+      );
+      if (!response.ok) {
+        throw new Error(`Control plane responded with ${response.status}`);
+      }
+      this.degradation.onControlPlaneReconnected();
+    } catch {
+      this.degradation.onControlPlaneUnreachable();
+    }
+  }
+};
+function createMandateAgent(config) {
+  return new MandateAgent(config);
+}
+export {
+  MandateAgent,
+  createMandateAgent
+};

package/package.json

@@ -0,0 +1,42 @@
+{
+    "name": "@mandatedev/agent",
+    "version": "0.1.0",
+    "description": "The Mandate Agent SDK — Trust Engine for the Agent Economy",
+    "main": "./dist/index.js",
+    "module": "./dist/index.mjs",
+    "types": "./dist/index.d.ts",
+    "exports": {
+      ".": {
+        "import": "./dist/index.mjs",
+        "require": "./dist/index.js",
+        "types": "./dist/index.d.ts"
+      }
+    },
+    "scripts": {
+      "build": "tsup src/index.ts --format cjs,esm --dts",
+      "dev": "tsup src/index.ts --format cjs,esm --dts --watch",
+      "test": "vitest",
+      "lint": "eslint src/"
+    },
+    "keywords": [
+      "ai-agents",
+      "agent-security",
+      "trust-infrastructure",
+      "llm",
+      "langchain",
+      "openai",
+      "anthropic",
+      "mandate"
+    ],
+    "license": "MIT",
+    "repository": {
+      "type": "git",
+      "url": "https://github.com/Bieliliber/mandate.git"
+    },
+    "devDependencies": {
+      "typescript": "^5.4.0",
+      "tsup": "^8.0.0",
+      "vitest": "^1.6.0",
+      "@types/node": "^20.0.0"
+    }
+  }