@mindpal/protocol 0.0.2-alpha

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md ADDED
@@ -0,0 +1,60 @@
1
+ # @mindpal/protocol
2
+
3
+ **MindPal Agent OS 协议层标准定义包**
4
+
5
+ 智能体操作系统的协议基座,定义了 Skill RPC、协作消息、设备握手、审计系统和状态机的标准类型、接口和工具函数。
6
+
7
+ ## 特性
8
+
9
+ - **零依赖** — 仅 TypeScript 类型 + 纯函数工具,无任何外部 npm 依赖
10
+ - **协议级抽象** — 纯接口/类型/常量/工具函数,不包含业务逻辑
11
+ - **独立可用** — 每个子模块可单独导入,支持 tree-shaking
12
+
13
+ ## 安装
14
+
15
+ ```bash
16
+ pnpm add @mindpal/protocol
17
+ ```
18
+
19
+ ## 模块概览
20
+
21
+ | 子模块 | 导入路径 | 说明 |
22
+ |--------|---------|------|
23
+ | Skill RPC | `@mindpal/protocol/skill-rpc` | JSON-RPC 2.0 over stdio 协议:请求/响应/通知类型、序列化、版本协商 |
24
+ | Skill Manifest | `@mindpal/protocol/skill-manifest` | Skill 清单定义与校验:内置/外部 Manifest、工具声明 |
25
+ | Collab Message | `@mindpal/protocol/collab-message` | 多智能体协作协议:5层消息类型、共识投票、能力发现、辩论 |
26
+ | Device Handshake | `@mindpal/protocol/device-handshake` | 设备握手安全协议:ECDH密钥交换类型、安全策略、会话状态 |
27
+ | Audit Event | `@mindpal/protocol/audit-event` | 审计事件标准:事件输入接口、错误分类、摘要生成 |
28
+ | State Machine | `@mindpal/protocol/state-machine` | 统一运行时状态机:Step/Run/Collab/Agent 状态转换表 |
29
+ | Errors | `@mindpal/protocol/errors` | 标准错误码集合:RPC错误码、协议错误码、审计错误分类 |
30
+
31
+ ## 使用示例
32
+
33
+ ```typescript
34
+ // 统一入口导入
35
+ import { createRpcRequest, SKILL_RPC_METHODS, transitionStep } from "@mindpal/protocol";
36
+
37
+ // 创建 Skill RPC 请求
38
+ const req = createRpcRequest("req-1", SKILL_RPC_METHODS.EXECUTE, {
39
+ requestId: "r1",
40
+ input: { text: "hello" },
41
+ inputDigest: { sha256_8: "abc12345", bytes: 5 },
42
+ });
43
+
44
+ // 状态转换
45
+ const newStatus = transitionStep("pending", "running"); // "running"
46
+
47
+ // 子模块独立导入
48
+ import { validateManifest } from "@mindpal/protocol/skill-manifest";
49
+ import type { CollabMessageEnvelope } from "@mindpal/protocol/collab-message";
50
+
51
+ const result = validateManifest({
52
+ identity: { name: "example.skill", version: "1.0.0" },
53
+ entry: "index.js",
54
+ });
55
+ console.log(result.valid); // true
56
+ ```
57
+
58
+ ## 许可证
59
+
60
+ MIT
@@ -0,0 +1,113 @@
1
+ /**
2
+ * 审计事件协议类型定义
3
+ *
4
+ * 定义审计系统的标准类型、接口和纯工具函数。
5
+ * 不包含任何数据库操作或 Node.js 运行时依赖。
6
+ */
7
+ import { type RegistryEntry } from './registry.js';
8
+ /** 最小化查询接口,pg.Pool / pg.PoolClient 均满足 */
9
+ export interface AuditQueryable {
10
+ query(sql: string, params?: unknown[]): Promise<{
11
+ rows: any[];
12
+ rowCount: number | null;
13
+ }>;
14
+ }
15
+ /** 可获取事务客户端的连接池接口(pg.Pool 满足) */
16
+ export interface AuditPoolLike extends AuditQueryable {
17
+ connect(): Promise<AuditClientLike>;
18
+ }
19
+ /** 事务客户端接口(pg.PoolClient 满足) */
20
+ export interface AuditClientLike extends AuditQueryable {
21
+ release(): void;
22
+ }
23
+ /** 统一审计事件输入,API 与 Worker 共用(简单外部接口) */
24
+ export interface AuditEventInput {
25
+ tenantId: string;
26
+ action: string;
27
+ resourceType: string;
28
+ resourceId?: string;
29
+ subject: string;
30
+ outcome: "success" | "failure" | "denied";
31
+ details?: Record<string, unknown>;
32
+ traceId?: string;
33
+ timestamp?: string;
34
+ }
35
+ /** 审计写入器抽象(可由 API / Worker 各自实现) */
36
+ export interface AuditWriter {
37
+ write(event: AuditEventInput): Promise<void>;
38
+ writeBatch(events: AuditEventInput[]): Promise<void>;
39
+ }
40
+ /** 详细审计事件输入,包含所有可选字段(API / Worker 内部使用) */
41
+ export type DetailedAuditEventInput = {
42
+ subjectId?: string;
43
+ tenantId?: string;
44
+ spaceId?: string;
45
+ resourceType: string;
46
+ action: string;
47
+ toolRef?: string;
48
+ workflowRef?: string;
49
+ policyDecision?: unknown;
50
+ inputDigest?: unknown;
51
+ outputDigest?: unknown;
52
+ idempotencyKey?: string;
53
+ result: "success" | "denied" | "error";
54
+ traceId: string;
55
+ requestId?: string;
56
+ runId?: string;
57
+ stepId?: string;
58
+ policySnapshotRef?: string;
59
+ errorCategory?: string;
60
+ latencyMs?: number;
61
+ outboxId?: string;
62
+ timestamp?: string;
63
+ /** P3-3: 人类可读的自然语言摘要 */
64
+ humanSummary?: string;
65
+ };
66
+ export declare const AUDIT_ERROR_CATEGORIES: readonly ["policy_violation", "validation_error", "rate_limited", "upstream_error", "internal_error"];
67
+ export type AuditErrorCategory = (typeof AUDIT_ERROR_CATEGORIES)[number];
68
+ export declare const BUILTIN_ERROR_CATEGORY_ALIASES: RegistryEntry<string>[];
69
+ export declare const errorCategoryAliasRegistry: import("./registry.js").TypeRegistry<string>;
70
+ export declare function normalizeAuditErrorCategory(input: unknown): AuditErrorCategory | null;
71
+ export declare const BUILTIN_HIGH_RISK_ACTIONS: RegistryEntry[];
72
+ export declare const highRiskActionRegistry: import("./registry.js").TypeRegistry<unknown>;
73
+ /** @deprecated 使用 highRiskActionRegistry 替代 */
74
+ export declare const HIGH_RISK_AUDIT_ACTIONS: Set<string>;
75
+ /** 检查操作是否为高风险 */
76
+ export declare function isHighRiskAction(resourceType: string, action: string): boolean;
77
+ export declare function isHighRiskAuditAction(params: {
78
+ resourceType?: string | null;
79
+ action?: string | null;
80
+ }): boolean;
81
+ export declare class AuditContractError extends Error {
82
+ errorCode: string;
83
+ httpStatus: number;
84
+ details?: unknown;
85
+ constructor(params: {
86
+ errorCode: string;
87
+ message: string;
88
+ httpStatus?: number;
89
+ details?: unknown;
90
+ });
91
+ }
92
+ /**
93
+ * P3-3: 自动生成 humanSummary
94
+ * 当调用方未提供时,根据审计事件属性自动生成可读摘要
95
+ */
96
+ export declare function generateHumanSummary(e: DetailedAuditEventInput): string;
97
+ export declare function withPolicySnapshotRef(policyDecision: unknown, policySnapshotRef: string | null): {} | null;
98
+ export interface InsertAuditEventOptions {
99
+ /**
100
+ * 跳过哈希链写入(即使 tenantId 存在)。
101
+ * 适用于 Worker SIEM 等场景,不需要事务性哈希链。
102
+ */
103
+ skipHashChain?: boolean;
104
+ }
105
+ /** 设备端审计证据引用(截图、录屏等工件) */
106
+ export interface AuditEvidenceRef {
107
+ artifactId: string;
108
+ storageRef: string;
109
+ hash: string;
110
+ mimeType?: string;
111
+ sizeBytes?: number;
112
+ }
113
+ //# sourceMappingURL=audit-event.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"audit-event.d.ts","sourceRoot":"","sources":["../src/audit-event.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAgC,KAAK,aAAa,EAAE,MAAM,eAAe,CAAC;AAIjF,0CAA0C;AAC1C,MAAM,WAAW,cAAc;IAC7B,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;QAAE,IAAI,EAAE,GAAG,EAAE,CAAC;QAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CAAC,CAAC;CAC3F;AAED,iCAAiC;AACjC,MAAM,WAAW,aAAc,SAAQ,cAAc;IACnD,OAAO,IAAI,OAAO,CAAC,eAAe,CAAC,CAAC;CACrC;AAED,gCAAgC;AAChC,MAAM,WAAW,eAAgB,SAAQ,cAAc;IACrD,OAAO,IAAI,IAAI,CAAC;CACjB;AAID,uCAAuC;AACvC,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,SAAS,GAAG,SAAS,GAAG,QAAQ,CAAC;IAC1C,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,oCAAoC;AACpC,MAAM,WAAW,WAAW;IAC1B,KAAK,CAAC,KAAK,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7C,UAAU,CAAC,MAAM,EAAE,eAAe,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACtD;AAID,2CAA2C;AAC3C,MAAM,MAAM,uBAAuB,GAAG;IACpC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,MAAM,EAAE,SAAS,GAAG,QAAQ,GAAG,OAAO,CAAC;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,wBAAwB;IACxB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAIF,eAAO,MAAM,sBAAsB,uGAMzB,CAAC;AAEX,MAAM,MAAM,kBAAkB,GAAG,CAAC,OAAO,sBAAsB,CAAC,CAAC,MAAM,CAAC,CAAC;AAMzE,eAAO,MAAM,8BAA8B,EAAE,aAAa,CAAC,MAAM,CAAC,EASjE,CAAC;AAEF,eAAO,MAAM,0BAA0B,8CAAyD,CAAC;AAEjG,wBAAgB,2BAA2B,CAAC,KAAK,EAAE,OAAO,GAAG,kBAAkB,GAAG,IAAI,CASrF;AAID,eAAO,MAAM,yBAAyB,EAAE,aAAa,EAMpD,CAAC;AAEF,eAAO,MAAM,sBAAsB,+CAA4C,CAAC;AAEhF,+CAA+C;AAC/C,eAAO,MAAM,uBAAuB,aAA4D,CAAC;AAEjG,iBAAiB;AACjB,wBAAgB,gBAAgB,CAAC,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAE9E;AAED,wBAAgB,qBAAqB,CAAC,MAAM,EAAE;IAAE,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CAAE,GAAG,OAAO,CAK/G;AAID,qBAAa,kBAAmB,SAAQ,KAAK;IAC3C,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,OAAO,CAAC;gBAEN,MAAM,EAAE;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,UAAU,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,OAAO,CAAA;KAAE;CAOnG;AAID;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,CAAC,EAAE,uBAAuB,GAAG,MAAM,CAWvE;AAID,wBAAgB,qBAAqB,CAAC,cAAc,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,GAAG,IAAI,aAS9F;AAID,MAAM,WAAW,uBAAuB;IACtC;;;OAGG;IACH,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAID,0BAA0B;AAC1B,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB"}
@@ -0,0 +1,117 @@
1
+ "use strict";
2
+ /**
3
+ * 审计事件协议类型定义
4
+ *
5
+ * 定义审计系统的标准类型、接口和纯工具函数。
6
+ * 不包含任何数据库操作或 Node.js 运行时依赖。
7
+ */
8
+ Object.defineProperty(exports, "__esModule", { value: true });
9
+ exports.AuditContractError = exports.HIGH_RISK_AUDIT_ACTIONS = exports.highRiskActionRegistry = exports.BUILTIN_HIGH_RISK_ACTIONS = exports.errorCategoryAliasRegistry = exports.BUILTIN_ERROR_CATEGORY_ALIASES = exports.AUDIT_ERROR_CATEGORIES = void 0;
10
+ exports.normalizeAuditErrorCategory = normalizeAuditErrorCategory;
11
+ exports.isHighRiskAction = isHighRiskAction;
12
+ exports.isHighRiskAuditAction = isHighRiskAuditAction;
13
+ exports.generateHumanSummary = generateHumanSummary;
14
+ exports.withPolicySnapshotRef = withPolicySnapshotRef;
15
+ const registry_js_1 = require("./registry.js");
16
+ // ─── 审计错误分类 ──────────────────────────────────────────
17
+ exports.AUDIT_ERROR_CATEGORIES = [
18
+ "policy_violation",
19
+ "validation_error",
20
+ "rate_limited",
21
+ "upstream_error",
22
+ "internal_error",
23
+ ];
24
+ const AUDIT_ERROR_CATEGORY_SET = new Set(exports.AUDIT_ERROR_CATEGORIES);
25
+ // ─── 错误分类别名注册表 ──────────────────────────────────────────
26
+ exports.BUILTIN_ERROR_CATEGORY_ALIASES = [
27
+ (0, registry_js_1.builtInEntry)('internal', 'audit.error_alias', 'internal_error'),
28
+ (0, registry_js_1.builtInEntry)('upstream', 'audit.error_alias', 'upstream_error'),
29
+ (0, registry_js_1.builtInEntry)('invalid_input', 'audit.error_alias', 'validation_error'),
30
+ (0, registry_js_1.builtInEntry)('bad_request', 'audit.error_alias', 'validation_error'),
31
+ (0, registry_js_1.builtInEntry)('throttled', 'audit.error_alias', 'rate_limited'),
32
+ (0, registry_js_1.builtInEntry)('rate_limit', 'audit.error_alias', 'rate_limited'),
33
+ (0, registry_js_1.builtInEntry)('policy', 'audit.error_alias', 'policy_violation'),
34
+ (0, registry_js_1.builtInEntry)('validation', 'audit.error_alias', 'validation_error'),
35
+ ];
36
+ exports.errorCategoryAliasRegistry = (0, registry_js_1.createRegistry)(exports.BUILTIN_ERROR_CATEGORY_ALIASES);
37
+ function normalizeAuditErrorCategory(input) {
38
+ const raw = String(input ?? "").trim().toLowerCase();
39
+ if (!raw)
40
+ return null;
41
+ if (AUDIT_ERROR_CATEGORY_SET.has(raw))
42
+ return raw;
43
+ const aliasEntry = exports.errorCategoryAliasRegistry.get(raw);
44
+ if (aliasEntry?.value && AUDIT_ERROR_CATEGORY_SET.has(aliasEntry.value)) {
45
+ return aliasEntry.value;
46
+ }
47
+ return "internal_error";
48
+ }
49
+ // ─── 高风险审计动作 ──────────────────────────────────────────
50
+ exports.BUILTIN_HIGH_RISK_ACTIONS = [
51
+ (0, registry_js_1.builtInEntry)('audit:siem.destination.write', 'audit.high_risk'),
52
+ (0, registry_js_1.builtInEntry)('audit:siem.destination.test', 'audit.high_risk'),
53
+ (0, registry_js_1.builtInEntry)('audit:siem.destination.backfill', 'audit.high_risk'),
54
+ (0, registry_js_1.builtInEntry)('audit:siem.dlq.clear', 'audit.high_risk'),
55
+ (0, registry_js_1.builtInEntry)('audit:siem.dlq.requeue', 'audit.high_risk'),
56
+ ];
57
+ exports.highRiskActionRegistry = (0, registry_js_1.createRegistry)(exports.BUILTIN_HIGH_RISK_ACTIONS);
58
+ /** @deprecated 使用 highRiskActionRegistry 替代 */
59
+ exports.HIGH_RISK_AUDIT_ACTIONS = new Set(exports.BUILTIN_HIGH_RISK_ACTIONS.map(e => e.id));
60
+ /** 检查操作是否为高风险 */
61
+ function isHighRiskAction(resourceType, action) {
62
+ return exports.highRiskActionRegistry.has(`${resourceType}.${action}`) || exports.highRiskActionRegistry.has(action);
63
+ }
64
+ function isHighRiskAuditAction(params) {
65
+ const resourceType = String(params.resourceType ?? "").trim();
66
+ const action = String(params.action ?? "").trim();
67
+ if (!resourceType || !action)
68
+ return false;
69
+ return exports.highRiskActionRegistry.has(`${resourceType}:${action}`);
70
+ }
71
+ // ─── 审计契约错误 ──────────────────────────────────────────
72
+ class AuditContractError extends Error {
73
+ errorCode;
74
+ httpStatus;
75
+ details;
76
+ constructor(params) {
77
+ super(params.message);
78
+ this.name = "AuditContractError";
79
+ this.errorCode = params.errorCode;
80
+ this.httpStatus = params.httpStatus ?? 409;
81
+ this.details = params.details;
82
+ }
83
+ }
84
+ exports.AuditContractError = AuditContractError;
85
+ // ─── humanSummary 自动生成 ──────────────────────────────────
86
+ /**
87
+ * P3-3: 自动生成 humanSummary
88
+ * 当调用方未提供时,根据审计事件属性自动生成可读摘要
89
+ */
90
+ function generateHumanSummary(e) {
91
+ const parts = [];
92
+ const subject = e.subjectId ? `用户 ${e.subjectId.slice(0, 8)}` : "系统";
93
+ const resultText = e.result === "success" ? "成功" : e.result === "denied" ? "被拒绝" : "失败";
94
+ parts.push(`${subject}对 ${e.resourceType} 执行 ${e.action} 操作,结果: ${resultText}`);
95
+ if (e.toolRef)
96
+ parts.push(`工具: ${e.toolRef}`);
97
+ if (e.latencyMs)
98
+ parts.push(`耗时: ${e.latencyMs}ms`);
99
+ if (e.errorCategory)
100
+ parts.push(`错误类型: ${e.errorCategory}`);
101
+ return parts.join(" | ");
102
+ }
103
+ // ─── policySnapshotRef 合并 ──────────────────────────────────
104
+ function withPolicySnapshotRef(policyDecision, policySnapshotRef) {
105
+ if (!policySnapshotRef)
106
+ return policyDecision ?? null;
107
+ if (policyDecision && typeof policyDecision === "object" && !Array.isArray(policyDecision)) {
108
+ const base = policyDecision;
109
+ if (typeof base.policySnapshotRef === "string" && base.policySnapshotRef.trim())
110
+ return base;
111
+ if (typeof base.snapshotRef === "string" && base.snapshotRef.trim())
112
+ return { ...base, policySnapshotRef: base.snapshotRef };
113
+ return { ...base, policySnapshotRef };
114
+ }
115
+ return { policySnapshotRef };
116
+ }
117
+ //# sourceMappingURL=audit-event.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"audit-event.js","sourceRoot":"","sources":["../src/audit-event.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAoGH,kEASC;AAkBD,4CAEC;AAED,sDAKC;AAwBD,oDAWC;AAID,sDASC;AAtLD,+CAAiF;AAqEjF,wDAAwD;AAE3C,QAAA,sBAAsB,GAAG;IACpC,kBAAkB;IAClB,kBAAkB;IAClB,cAAc;IACd,gBAAgB;IAChB,gBAAgB;CACR,CAAC;AAIX,MAAM,wBAAwB,GAAG,IAAI,GAAG,CAAS,8BAAsB,CAAC,CAAC;AAEzE,2DAA2D;AAE9C,QAAA,8BAA8B,GAA4B;IACrE,IAAA,0BAAY,EAAC,UAAU,EAAE,mBAAmB,EAAE,gBAAgB,CAAC;IAC/D,IAAA,0BAAY,EAAC,UAAU,EAAE,mBAAmB,EAAE,gBAAgB,CAAC;IAC/D,IAAA,0BAAY,EAAC,eAAe,EAAE,mBAAmB,EAAE,kBAAkB,CAAC;IACtE,IAAA,0BAAY,EAAC,aAAa,EAAE,mBAAmB,EAAE,kBAAkB,CAAC;IACpE,IAAA,0BAAY,EAAC,WAAW,EAAE,mBAAmB,EAAE,cAAc,CAAC;IAC9D,IAAA,0BAAY,EAAC,YAAY,EAAE,mBAAmB,EAAE,cAAc,CAAC;IAC/D,IAAA,0BAAY,EAAC,QAAQ,EAAE,mBAAmB,EAAE,kBAAkB,CAAC;IAC/D,IAAA,0BAAY,EAAC,YAAY,EAAE,mBAAmB,EAAE,kBAAkB,CAAC;CACpE,CAAC;AAEW,QAAA,0BAA0B,GAAG,IAAA,4BAAc,EAAS,sCAA8B,CAAC,CAAC;AAEjG,SAAgB,2BAA2B,CAAC,KAAc;IACxD,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACrD,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACtB,IAAI,wBAAwB,CAAC,GAAG,CAAC,GAAG,CAAC;QAAE,OAAO,GAAyB,CAAC;IACxE,MAAM,UAAU,GAAG,kCAA0B,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACvD,IAAI,UAAU,EAAE,KAAK,IAAI,wBAAwB,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QACxE,OAAO,UAAU,CAAC,KAA2B,CAAC;IAChD,CAAC;IACD,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED,yDAAyD;AAE5C,QAAA,yBAAyB,GAAoB;IACxD,IAAA,0BAAY,EAAC,8BAA8B,EAAE,iBAAiB,CAAC;IAC/D,IAAA,0BAAY,EAAC,6BAA6B,EAAE,iBAAiB,CAAC;IAC9D,IAAA,0BAAY,EAAC,iCAAiC,EAAE,iBAAiB,CAAC;IAClE,IAAA,0BAAY,EAAC,sBAAsB,EAAE,iBAAiB,CAAC;IACvD,IAAA,0BAAY,EAAC,wBAAwB,EAAE,iBAAiB,CAAC;CAC1D,CAAC;AAEW,QAAA,sBAAsB,GAAG,IAAA,4BAAc,EAAC,iCAAyB,CAAC,CAAC;AAEhF,+CAA+C;AAClC,QAAA,uBAAuB,GAAG,IAAI,GAAG,CAAS,iCAAyB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AAEjG,iBAAiB;AACjB,SAAgB,gBAAgB,CAAC,YAAoB,EAAE,MAAc;IACnE,OAAO,8BAAsB,CAAC,GAAG,CAAC,GAAG,YAAY,IAAI,MAAM,EAAE,CAAC,IAAI,8BAAsB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;AACvG,CAAC;AAED,SAAgB,qBAAqB,CAAC,MAAgE;IACpG,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAC9D,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAClD,IAAI,CAAC,YAAY,IAAI,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC3C,OAAO,8BAAsB,CAAC,GAAG,CAAC,GAAG,YAAY,IAAI,MAAM,EAAE,CAAC,CAAC;AACjE,CAAC;AAED,wDAAwD;AAExD,MAAa,kBAAmB,SAAQ,KAAK;IAC3C,SAAS,CAAS;IAClB,UAAU,CAAS;IACnB,OAAO,CAAW;IAElB,YAAY,MAAsF;QAChG,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACtB,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;QACjC,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC;QAClC,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,GAAG,CAAC;QAC3C,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;IAChC,CAAC;CACF;AAZD,gDAYC;AAED,2DAA2D;AAE3D;;;GAGG;AACH,SAAgB,oBAAoB,CAAC,CAA0B;IAC7D,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,OAAO,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IACrE,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;IAExF,KAAK,CAAC,IAAI,CAAC,GAAG,OAAO,KAAK,CAAC,CAAC,YAAY,OAAO,CAAC,CAAC,MAAM,WAAW,UAAU,EAAE,CAAC,CAAC;IAChF,IAAI,CAAC,CAAC,OAAO;QAAE,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;IAC9C,IAAI,CAAC,CAAC,SAAS;QAAE,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC;IACpD,IAAI,CAAC,CAAC,aAAa;QAAE,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,aAAa,EAAE,CAAC,CAAC;IAE5D,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC3B,CAAC;AAED,8DAA8D;AAE9D,SAAgB,qBAAqB,CAAC,cAAuB,EAAE,iBAAgC;IAC7F,IAAI,CAAC,iBAAiB;QAAE,OAAO,cAAc,IAAI,IAAI,CAAC;IACtD,IAAI,cAAc,IAAI,OAAO,cAAc,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;QAC3F,MAAM,IAAI,GAAG,cAAyC,CAAC;QACvD,IAAI,OAAO,IAAI,CAAC,iBAAiB,KAAK,QAAQ,IAAI,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE;YAAE,OAAO,IAAI,CAAC;QAC7F,IAAI,OAAO,IAAI,CAAC,WAAW,KAAK,QAAQ,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE;YAAE,OAAO,EAAE,GAAG,IAAI,EAAE,iBAAiB,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC;QAC7H,OAAO,EAAE,GAAG,IAAI,EAAE,iBAAiB,EAAE,CAAC;IACxC,CAAC;IACD,OAAO,EAAE,iBAAiB,EAAE,CAAC;AAC/B,CAAC"}
@@ -0,0 +1,81 @@
1
+ /**
2
+ * deviceHandshakeSecurity — 设备握手安全协议类型定义
3
+ *
4
+ * 为设备代理 ↔ 服务端提供 V2 安全增强握手的协议层类型:
5
+ * - 安全策略类型(元数据驱动)
6
+ * - 握手安全扩展类型
7
+ * - 会话类型
8
+ * - 安全消息包装类型
9
+ *
10
+ * 注意:加密/签名/解密等运行时函数依赖 Node.js crypto 模块,
11
+ * 不包含在协议层中。请使用 @mindpal/shared/deviceHandshakeSecurity 获取完整实现。
12
+ */
13
+ import { type RegistryEntry } from './registry.js';
14
+ /** authLevel 注册表 */
15
+ export type AuthLevel = string;
16
+ export declare const BUILTIN_AUTH_LEVELS: RegistryEntry[];
17
+ export declare const authLevelRegistry: import("./registry.js").TypeRegistry<unknown>;
18
+ /** 服务端下发的安全策略(元数据驱动,类似 multimodalPolicy) */
19
+ export interface DeviceSecurityPolicy {
20
+ format: "deviceSecurity.v1";
21
+ authLevel: string;
22
+ requireNonce: boolean;
23
+ sessionTtlMs: number;
24
+ keyRotationIntervalMs: number;
25
+ replayWindowSize: number;
26
+ }
27
+ export declare const DEFAULT_SECURITY_POLICY: DeviceSecurityPolicy;
28
+ /** 设备端握手安全扩展(附加在现有 handshake 上) */
29
+ export interface HandshakeSecurityExt {
30
+ nonce: string;
31
+ timestamp: number;
32
+ ephemeralPubKey?: string;
33
+ deviceCert?: string;
34
+ hmac: string;
35
+ }
36
+ /** 服务端 ACK 安全扩展 */
37
+ export interface HandshakeAckSecurityExt {
38
+ sessionId: string;
39
+ serverNonce: string;
40
+ serverEphemeralPubKey?: string;
41
+ securityPolicy: DeviceSecurityPolicy;
42
+ tokenRefreshAt?: number;
43
+ hmac: string;
44
+ }
45
+ /**
46
+ * 设备会话状态接口(协议层定义)。
47
+ *
48
+ * 注意:运行时实现中 sessionKey/hmacKey 为 Buffer,replayWindow 为 Set<number>。
49
+ * 协议层使用宽松类型以保持零 Node.js 依赖。
50
+ */
51
+ export interface DeviceSessionState {
52
+ sessionId: string;
53
+ deviceId: string;
54
+ tenantId: string;
55
+ authLevel: string;
56
+ sessionKey: unknown;
57
+ hmacKey: unknown;
58
+ messageCounter: number;
59
+ replayWindow: Set<number>;
60
+ createdAt: number;
61
+ expiresAt: number;
62
+ }
63
+ export interface SecureDeviceMessage {
64
+ type: "secure.message";
65
+ sessionId: string;
66
+ seq: number;
67
+ ts: number;
68
+ enc: string;
69
+ iv: string;
70
+ tag: string;
71
+ hmac: string;
72
+ }
73
+ export interface SecurityPolicyProfile {
74
+ name: string;
75
+ policy: DeviceSecurityPolicy;
76
+ description?: string;
77
+ appliesTo?: string[];
78
+ }
79
+ export declare const BUILTIN_SECURITY_PROFILES: RegistryEntry<SecurityPolicyProfile>[];
80
+ export declare const securityProfileRegistry: import("./registry.js").TypeRegistry<SecurityPolicyProfile>;
81
+ //# sourceMappingURL=device-handshake.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"device-handshake.d.ts","sourceRoot":"","sources":["../src/device-handshake.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAgC,KAAK,aAAa,EAAE,MAAM,eAAe,CAAC;AAIjF,oBAAoB;AACpB,MAAM,MAAM,SAAS,GAAG,MAAM,CAAC;AAE/B,eAAO,MAAM,mBAAmB,EAAE,aAAa,EAI9C,CAAC;AAEF,eAAO,MAAM,iBAAiB,+CAAsC,CAAC;AAErE,4CAA4C;AAC5C,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,mBAAmB,CAAC;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,OAAO,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED,eAAO,MAAM,uBAAuB,EAAE,oBAOrC,CAAC;AAIF,mCAAmC;AACnC,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,mBAAmB;AACnB,MAAM,WAAW,uBAAuB;IACtC,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,cAAc,EAAE,oBAAoB,CAAC;IACrC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,IAAI,EAAE,MAAM,CAAC;CACd;AAID;;;;;GAKG;AACH,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,OAAO,CAAC;IACpB,OAAO,EAAE,OAAO,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAID,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,gBAAgB,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,GAAG,EAAE,MAAM,CAAC;IACZ,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,CAAC;IACZ,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;CACd;AAID,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,oBAAoB,CAAC;IAC7B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB;AAED,eAAO,MAAM,yBAAyB,EAAE,aAAa,CAAC,qBAAqB,CAAC,EAM3E,CAAC;AAEF,eAAO,MAAM,uBAAuB,6DAAmE,CAAC"}
@@ -0,0 +1,39 @@
1
+ "use strict";
2
+ /**
3
+ * deviceHandshakeSecurity — 设备握手安全协议类型定义
4
+ *
5
+ * 为设备代理 ↔ 服务端提供 V2 安全增强握手的协议层类型:
6
+ * - 安全策略类型(元数据驱动)
7
+ * - 握手安全扩展类型
8
+ * - 会话类型
9
+ * - 安全消息包装类型
10
+ *
11
+ * 注意:加密/签名/解密等运行时函数依赖 Node.js crypto 模块,
12
+ * 不包含在协议层中。请使用 @mindpal/shared/deviceHandshakeSecurity 获取完整实现。
13
+ */
14
+ Object.defineProperty(exports, "__esModule", { value: true });
15
+ exports.securityProfileRegistry = exports.BUILTIN_SECURITY_PROFILES = exports.DEFAULT_SECURITY_POLICY = exports.authLevelRegistry = exports.BUILTIN_AUTH_LEVELS = void 0;
16
+ const registry_js_1 = require("./registry.js");
17
+ exports.BUILTIN_AUTH_LEVELS = [
18
+ (0, registry_js_1.builtInEntry)('token', 'device.auth'),
19
+ (0, registry_js_1.builtInEntry)('token+ecdh', 'device.auth'),
20
+ (0, registry_js_1.builtInEntry)('cert+ecdh', 'device.auth'),
21
+ ];
22
+ exports.authLevelRegistry = (0, registry_js_1.createRegistry)(exports.BUILTIN_AUTH_LEVELS);
23
+ exports.DEFAULT_SECURITY_POLICY = {
24
+ format: "deviceSecurity.v1",
25
+ authLevel: "token+ecdh",
26
+ requireNonce: true,
27
+ sessionTtlMs: 3_600_000, // 1 小时
28
+ keyRotationIntervalMs: 1_800_000, // 30 分钟
29
+ replayWindowSize: 256,
30
+ };
31
+ exports.BUILTIN_SECURITY_PROFILES = [
32
+ (0, registry_js_1.builtInEntry)('default', 'device.security_profile', {
33
+ name: 'default',
34
+ policy: exports.DEFAULT_SECURITY_POLICY,
35
+ description: 'Default security policy for general devices',
36
+ }),
37
+ ];
38
+ exports.securityProfileRegistry = (0, registry_js_1.createRegistry)(exports.BUILTIN_SECURITY_PROFILES);
39
+ //# sourceMappingURL=device-handshake.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"device-handshake.js","sourceRoot":"","sources":["../src/device-handshake.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;;AAEH,+CAAiF;AAOpE,QAAA,mBAAmB,GAAoB;IAClD,IAAA,0BAAY,EAAC,OAAO,EAAE,aAAa,CAAC;IACpC,IAAA,0BAAY,EAAC,YAAY,EAAE,aAAa,CAAC;IACzC,IAAA,0BAAY,EAAC,WAAW,EAAE,aAAa,CAAC;CACzC,CAAC;AAEW,QAAA,iBAAiB,GAAG,IAAA,4BAAc,EAAC,2BAAmB,CAAC,CAAC;AAYxD,QAAA,uBAAuB,GAAyB;IAC3D,MAAM,EAAE,mBAAmB;IAC3B,SAAS,EAAE,YAAY;IACvB,YAAY,EAAE,IAAI;IAClB,YAAY,EAAE,SAAS,EAAW,OAAO;IACzC,qBAAqB,EAAE,SAAS,EAAG,QAAQ;IAC3C,gBAAgB,EAAE,GAAG;CACtB,CAAC;AAkEW,QAAA,yBAAyB,GAA2C;IAC/E,IAAA,0BAAY,EAAC,SAAS,EAAE,yBAAyB,EAAE;QACjD,IAAI,EAAE,SAAS;QACf,MAAM,EAAE,+BAAuB;QAC/B,WAAW,EAAE,6CAA6C;KAC3D,CAAC;CACH,CAAC;AAEW,QAAA,uBAAuB,GAAG,IAAA,4BAAc,EAAwB,iCAAyB,CAAC,CAAC"}
@@ -0,0 +1,57 @@
1
+ /**
2
+ * 标准错误码集合
3
+ *
4
+ * 整合 Skill RPC 错误码和通用协议错误码,
5
+ * 提供统一的错误分类和错误码命名空间。
6
+ */
7
+ import { SKILL_RPC_ERRORS } from "./skill-rpc";
8
+ /**
9
+ * 跨层错误映射表 —— 将运行时错误分类统一映射到 HTTP 状态码和服务错误码。
10
+ * 键为 ErrorCategory / RPC 错误标识,值为 HTTP 响应信息。
11
+ */
12
+ export declare const ERROR_LAYER_MAP: Record<string, {
13
+ httpStatus: number;
14
+ serviceCode: string;
15
+ }>;
16
+ export { SKILL_RPC_ERRORS } from "./skill-rpc";
17
+ export { AUDIT_ERROR_CATEGORIES } from "./audit-event";
18
+ export type { AuditErrorCategory } from "./audit-event";
19
+ export declare const PROTOCOL_ERRORS: {
20
+ /** 协议版本不兼容 */
21
+ readonly VERSION_MISMATCH: "PROTOCOL_VERSION_MISMATCH";
22
+ /** 消息格式无效 */
23
+ readonly INVALID_MESSAGE: "PROTOCOL_INVALID_MESSAGE";
24
+ /** 握手失败 */
25
+ readonly HANDSHAKE_FAILED: "PROTOCOL_HANDSHAKE_FAILED";
26
+ /** 会话过期 */
27
+ readonly SESSION_EXPIRED: "PROTOCOL_SESSION_EXPIRED";
28
+ /** 重放攻击检测 */
29
+ readonly REPLAY_DETECTED: "PROTOCOL_REPLAY_DETECTED";
30
+ /** 签名验证失败 */
31
+ readonly SIGNATURE_INVALID: "PROTOCOL_SIGNATURE_INVALID";
32
+ /** 状态转换违规 */
33
+ readonly TRANSITION_VIOLATION: "PROTOCOL_TRANSITION_VIOLATION";
34
+ /** 共识未达成 */
35
+ readonly CONSENSUS_NOT_REACHED: "PROTOCOL_CONSENSUS_NOT_REACHED";
36
+ /** Manifest 校验失败 */
37
+ readonly MANIFEST_INVALID: "PROTOCOL_MANIFEST_INVALID";
38
+ };
39
+ export type ProtocolErrorCode = (typeof PROTOCOL_ERRORS)[keyof typeof PROTOCOL_ERRORS];
40
+ /** Skill RPC 错误码类型 */
41
+ export type SkillRpcErrorCode = (typeof SKILL_RPC_ERRORS)[keyof typeof SKILL_RPC_ERRORS];
42
+ /** 根据运行时错误分类查询 HTTP 状态码 */
43
+ export declare function getHttpStatusForError(category: string): number;
44
+ /** 根据运行时错误分类查询服务错误码 */
45
+ export declare function getServiceCodeForError(category: string): string;
46
+ /** JSON-RPC 2.0 标准错误码范围 */
47
+ export declare const JSONRPC_ERROR_RANGE: {
48
+ /** 标准错误码下限 */
49
+ readonly STANDARD_MIN: -32700;
50
+ /** 标准错误码上限 */
51
+ readonly STANDARD_MAX: -32600;
52
+ /** 服务器端保留范围下限 */
53
+ readonly SERVER_MIN: -32099;
54
+ /** 服务器端保留范围上限 */
55
+ readonly SERVER_MAX: -32000;
56
+ };
57
+ //# sourceMappingURL=errors.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAO/C;;;GAGG;AACH,eAAO,MAAM,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,CAuBvF,CAAC;AAMF,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAM/C,OAAO,EAAE,sBAAsB,EAAE,MAAM,eAAe,CAAC;AACvD,YAAY,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAMxD,eAAO,MAAM,eAAe;IAC1B,cAAc;;IAEd,aAAa;;IAEb,WAAW;;IAEX,WAAW;;IAEX,aAAa;;IAEb,aAAa;;IAEb,aAAa;;IAEb,YAAY;;IAEZ,oBAAoB;;CAEZ,CAAC;AAEX,MAAM,MAAM,iBAAiB,GAAG,CAAC,OAAO,eAAe,CAAC,CAAC,MAAM,OAAO,eAAe,CAAC,CAAC;AAEvF,sBAAsB;AACtB,MAAM,MAAM,iBAAiB,GAAG,CAAC,OAAO,gBAAgB,CAAC,CAAC,MAAM,OAAO,gBAAgB,CAAC,CAAC;AAEzF,2BAA2B;AAC3B,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAE9D;AAED,uBAAuB;AACvB,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAE/D;AAMD,2BAA2B;AAC3B,eAAO,MAAM,mBAAmB;IAC9B,cAAc;;IAEd,cAAc;;IAEd,iBAAiB;;IAEjB,iBAAiB;;CAET,CAAC"}
package/dist/errors.js ADDED
@@ -0,0 +1,98 @@
1
+ "use strict";
2
+ /**
3
+ * 标准错误码集合
4
+ *
5
+ * 整合 Skill RPC 错误码和通用协议错误码,
6
+ * 提供统一的错误分类和错误码命名空间。
7
+ */
8
+ Object.defineProperty(exports, "__esModule", { value: true });
9
+ exports.JSONRPC_ERROR_RANGE = exports.PROTOCOL_ERRORS = exports.AUDIT_ERROR_CATEGORIES = exports.SKILL_RPC_ERRORS = exports.ERROR_LAYER_MAP = void 0;
10
+ exports.getHttpStatusForError = getHttpStatusForError;
11
+ exports.getServiceCodeForError = getServiceCodeForError;
12
+ /* ================================================================== */
13
+ /* 跨层错误映射表 */
14
+ /* ================================================================== */
15
+ /**
16
+ * 跨层错误映射表 —— 将运行时错误分类统一映射到 HTTP 状态码和服务错误码。
17
+ * 键为 ErrorCategory / RPC 错误标识,值为 HTTP 响应信息。
18
+ */
19
+ exports.ERROR_LAYER_MAP = {
20
+ // ── 来自 @mindpal/shared errorCategory.ts ──
21
+ governance_denied: { httpStatus: 403, serviceCode: "GOVERNANCE_DENIED" },
22
+ governance_unavailable: { httpStatus: 503, serviceCode: "GOVERNANCE_UNAVAILABLE" },
23
+ input_validation_failed: { httpStatus: 400, serviceCode: "INPUT_VALIDATION_FAILED" },
24
+ tool_unavailable: { httpStatus: 503, serviceCode: "TOOL_UNAVAILABLE" },
25
+ step_timeout: { httpStatus: 504, serviceCode: "STEP_TIMEOUT" },
26
+ tool_execution_failed: { httpStatus: 502, serviceCode: "TOOL_EXECUTION_FAILED" },
27
+ interrupted: { httpStatus: 499, serviceCode: "INTERRUPTED" },
28
+ deadletter: { httpStatus: 500, serviceCode: "DEADLETTER" },
29
+ collab_error: { httpStatus: 502, serviceCode: "COLLAB_ERROR" },
30
+ // ── 来自 @mindpal/shared serviceError.ts ──
31
+ auth_failed: { httpStatus: 401, serviceCode: "AUTH_FAILED" },
32
+ policy_violation: { httpStatus: 403, serviceCode: "POLICY_VIOLATION" },
33
+ resource_exhausted: { httpStatus: 429, serviceCode: "RESOURCE_EXHAUSTED" },
34
+ invalid_request: { httpStatus: 400, serviceCode: "INVALID_REQUEST" },
35
+ not_found: { httpStatus: 404, serviceCode: "NOT_FOUND" },
36
+ internal: { httpStatus: 500, serviceCode: "INTERNAL" },
37
+ timeout: { httpStatus: 504, serviceCode: "TIMEOUT" },
38
+ // ── RPC 级错误 ──
39
+ tool_timeout: { httpStatus: 504, serviceCode: "TOOL_TIMEOUT" },
40
+ tool_not_found: { httpStatus: 404, serviceCode: "TOOL_NOT_FOUND" },
41
+ budget_exceeded: { httpStatus: 429, serviceCode: "BUDGET_EXCEEDED" },
42
+ };
43
+ /* ================================================================== */
44
+ /* Re-export Skill RPC Errors */
45
+ /* ================================================================== */
46
+ var skill_rpc_1 = require("./skill-rpc");
47
+ Object.defineProperty(exports, "SKILL_RPC_ERRORS", { enumerable: true, get: function () { return skill_rpc_1.SKILL_RPC_ERRORS; } });
48
+ /* ================================================================== */
49
+ /* Re-export Audit Error Categories */
50
+ /* ================================================================== */
51
+ var audit_event_1 = require("./audit-event");
52
+ Object.defineProperty(exports, "AUDIT_ERROR_CATEGORIES", { enumerable: true, get: function () { return audit_event_1.AUDIT_ERROR_CATEGORIES; } });
53
+ /* ================================================================== */
54
+ /* 通用协议错误码 */
55
+ /* ================================================================== */
56
+ exports.PROTOCOL_ERRORS = {
57
+ /** 协议版本不兼容 */
58
+ VERSION_MISMATCH: "PROTOCOL_VERSION_MISMATCH",
59
+ /** 消息格式无效 */
60
+ INVALID_MESSAGE: "PROTOCOL_INVALID_MESSAGE",
61
+ /** 握手失败 */
62
+ HANDSHAKE_FAILED: "PROTOCOL_HANDSHAKE_FAILED",
63
+ /** 会话过期 */
64
+ SESSION_EXPIRED: "PROTOCOL_SESSION_EXPIRED",
65
+ /** 重放攻击检测 */
66
+ REPLAY_DETECTED: "PROTOCOL_REPLAY_DETECTED",
67
+ /** 签名验证失败 */
68
+ SIGNATURE_INVALID: "PROTOCOL_SIGNATURE_INVALID",
69
+ /** 状态转换违规 */
70
+ TRANSITION_VIOLATION: "PROTOCOL_TRANSITION_VIOLATION",
71
+ /** 共识未达成 */
72
+ CONSENSUS_NOT_REACHED: "PROTOCOL_CONSENSUS_NOT_REACHED",
73
+ /** Manifest 校验失败 */
74
+ MANIFEST_INVALID: "PROTOCOL_MANIFEST_INVALID",
75
+ };
76
+ /** 根据运行时错误分类查询 HTTP 状态码 */
77
+ function getHttpStatusForError(category) {
78
+ return exports.ERROR_LAYER_MAP[category]?.httpStatus ?? 500;
79
+ }
80
+ /** 根据运行时错误分类查询服务错误码 */
81
+ function getServiceCodeForError(category) {
82
+ return exports.ERROR_LAYER_MAP[category]?.serviceCode ?? "INTERNAL";
83
+ }
84
+ /* ================================================================== */
85
+ /* 错误码范围常量 */
86
+ /* ================================================================== */
87
+ /** JSON-RPC 2.0 标准错误码范围 */
88
+ exports.JSONRPC_ERROR_RANGE = {
89
+ /** 标准错误码下限 */
90
+ STANDARD_MIN: -32700,
91
+ /** 标准错误码上限 */
92
+ STANDARD_MAX: -32600,
93
+ /** 服务器端保留范围下限 */
94
+ SERVER_MIN: -32099,
95
+ /** 服务器端保留范围上限 */
96
+ SERVER_MAX: -32000,
97
+ };
98
+ //# sourceMappingURL=errors.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAkFH,sDAEC;AAGD,wDAEC;AApFD,wEAAwE;AACxE,mEAAmE;AACnE,wEAAwE;AAExE;;;GAGG;AACU,QAAA,eAAe,GAAgE;IAC1F,4CAA4C;IAC5C,iBAAiB,EAAU,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,EAAE,mBAAmB,EAAE;IAChF,sBAAsB,EAAK,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,EAAE,wBAAwB,EAAE;IACrF,uBAAuB,EAAI,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,EAAE,yBAAyB,EAAE;IACtF,gBAAgB,EAAW,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,EAAE,kBAAkB,EAAE;IAC/E,YAAY,EAAe,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,EAAE,cAAc,EAAE;IAC3E,qBAAqB,EAAM,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,EAAE,uBAAuB,EAAE;IACpF,WAAW,EAAgB,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,EAAE,aAAa,EAAE;IAC1E,UAAU,EAAiB,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,EAAE,YAAY,EAAE;IACzE,YAAY,EAAe,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,EAAE,cAAc,EAAE;IAC3E,2CAA2C;IAC3C,WAAW,EAAgB,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,EAAE,aAAa,EAAE;IAC1E,gBAAgB,EAAW,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,EAAE,kBAAkB,EAAE;IAC/E,kBAAkB,EAAS,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,EAAE,oBAAoB,EAAE;IACjF,eAAe,EAAY,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,EAAE,iBAAiB,EAAE;IAC9E,SAAS,EAAkB,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,EAAE,WAAW,EAAE;IACxE,QAAQ,EAAmB,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,EAAE,UAAU,EAAE;IACvE,OAAO,EAAoB,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,EAAE,SAAS,EAAE;IACtE,gBAAgB;IAChB,YAAY,EAAe,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,EAAE,cAAc,EAAE;IAC3E,cAAc,EAAa,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,EAAE,gBAAgB,EAAE;IAC7E,eAAe,EAAY,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,EAAE,iBAAiB,EAAE;CAC/E,CAAC;AAEF,wEAAwE;AACxE,yEAAyE;AACzE,wEAAwE;AAExE,yCAA+C;AAAtC,6GAAA,gBAAgB,OAAA;AAEzB,wEAAwE;AACxE,yEAAyE;AACzE,wEAAwE;AAExE,6CAAuD;AAA9C,qHAAA,sBAAsB,OAAA;AAG/B,wEAAwE;AACxE,mEAAmE;AACnE,wEAAwE;AAE3D,QAAA,eAAe,GAAG;IAC7B,cAAc;IACd,gBAAgB,EAAE,2BAA2B;IAC7C,aAAa;IACb,eAAe,EAAE,0BAA0B;IAC3C,WAAW;IACX,gBAAgB,EAAE,2BAA2B;IAC7C,WAAW;IACX,eAAe,EAAE,0BAA0B;IAC3C,aAAa;IACb,eAAe,EAAE,0BAA0B;IAC3C,aAAa;IACb,iBAAiB,EAAE,4BAA4B;IAC/C,aAAa;IACb,oBAAoB,EAAE,+BAA+B;IACrD,YAAY;IACZ,qBAAqB,EAAE,gCAAgC;IACvD,oBAAoB;IACpB,gBAAgB,EAAE,2BAA2B;CACrC,CAAC;AAOX,2BAA2B;AAC3B,SAAgB,qBAAqB,CAAC,QAAgB;IACpD,OAAO,uBAAe,CAAC,QAAQ,CAAC,EAAE,UAAU,IAAI,GAAG,CAAC;AACtD,CAAC;AAED,uBAAuB;AACvB,SAAgB,sBAAsB,CAAC,QAAgB;IACrD,OAAO,uBAAe,CAAC,QAAQ,CAAC,EAAE,WAAW,IAAI,UAAU,CAAC;AAC9D,CAAC;AAED,wEAAwE;AACxE,mEAAmE;AACnE,wEAAwE;AAExE,2BAA2B;AACd,QAAA,mBAAmB,GAAG;IACjC,cAAc;IACd,YAAY,EAAE,CAAC,KAAK;IACpB,cAAc;IACd,YAAY,EAAE,CAAC,KAAK;IACpB,iBAAiB;IACjB,UAAU,EAAE,CAAC,KAAK;IAClB,iBAAiB;IACjB,UAAU,EAAE,CAAC,KAAK;CACV,CAAC"}
@@ -0,0 +1,21 @@
1
+ /**
2
+ * @mindpal/protocol — MindPal Agent OS 协议层标准定义
3
+ *
4
+ * 统一 re-export 所有协议模块,提供单一入口点。
5
+ */
6
+ export { createRegistry, builtInEntry, registryIds, } from "./registry";
7
+ export type { RegistryEntry, TypeRegistry, ValidationResult, } from "./registry";
8
+ export { SKILL_RPC_VERSION, SKILL_RPC_JSONRPC, DEVICE_PROTOCOL_VERSION, MIN_SUPPORTED_PROTOCOL_VERSION, PROTOCOL_VERSIONS, JSONRPC_STANDARD_ERRORS, BUILTIN_CUSTOM_ERRORS, skillErrorCodeRegistry, SKILL_RPC_ERRORS, SKILL_RPC_METHODS, BUILTIN_DEVICE_MODALITIES, modalityRegistry, BUILTIN_SKILL_RUNTIMES, runtimeRegistry, BUILTIN_SENSITIVITY_PROFILES, sensitivityProfileRegistry, isVersionCompatible, negotiateVersion, createRpcRequest, createRpcSuccess, createRpcError, createRpcNotification, serializeRpcMessage, parseRpcMessage, isRpcRequest, isRpcNotification, isRpcResponse, isRpcError, getRpcParseFailures, } from "./skill-rpc";
9
+ export type { ProtocolVersion, ProtocolHandshake, ProtocolHandshakeAck, DeviceModality, DeviceMultimodalCapabilities, DeviceMultimodalPolicy, DeviceAttachment, DeviceMultimodalQuery, SkillRuntime, SensitivityProfile, SkillRpcRequest, SkillRpcSuccess, SkillRpcError, SkillRpcNotification, SkillRpcResponse, SkillRpcMessage, SkillModelConfig, SkillInitializeParams, SkillInitializeResult, SkillExecuteParams, SkillExecuteResult, SkillHeartbeatParams, SkillHeartbeatResult, SkillProgressNotification, SkillLogNotification, } from "./skill-rpc";
10
+ export { validateManifest, BUILTIN_SKILL_LAYERS, skillLayerRegistry, } from "./skill-manifest";
11
+ export type { SkillLayer, SkillToolDeclaration, ExtractionHint, BuiltinSkillManifest, ExternalSkillManifest, ManifestValidationResult, InferenceMode, ModelCapabilityTier, SkillModelRequirements, ThroughputMode, SkillPerformanceSLA, AcceleratorType, SkillComputeRequirements, } from "./skill-manifest";
12
+ export { toolNameFromRef, isToolAllowedForPolicy, } from "./toolPolicy";
13
+ export { DEFAULT_SECURITY_POLICY, BUILTIN_AUTH_LEVELS, authLevelRegistry, BUILTIN_SECURITY_PROFILES, securityProfileRegistry, } from "./device-handshake";
14
+ export type { DeviceSecurityPolicy, HandshakeSecurityExt, HandshakeAckSecurityExt, DeviceSessionState, SecureDeviceMessage, } from "./device-handshake";
15
+ export { AUDIT_ERROR_CATEGORIES, HIGH_RISK_AUDIT_ACTIONS, AuditContractError, normalizeAuditErrorCategory, isHighRiskAuditAction, generateHumanSummary, withPolicySnapshotRef, BUILTIN_ERROR_CATEGORY_ALIASES, errorCategoryAliasRegistry, BUILTIN_HIGH_RISK_ACTIONS, highRiskActionRegistry, } from "./audit-event";
16
+ export type { AuditQueryable, AuditPoolLike, AuditClientLike, AuditEventInput, AuditWriter, DetailedAuditEventInput, AuditErrorCategory, InsertAuditEventOptions, AuditEvidenceRef, } from "./audit-event";
17
+ export { STEP_STATUSES, STEP_TERMINAL, STEP_BLOCKING, STEP_STREAMING, STEP_TRANSITIONS, RUN_STATUSES, RUN_TERMINAL, RUN_TRANSITIONS, COLLAB_PHASES, COLLAB_TERMINAL, COLLAB_TRANSITIONS, AGENT_PHASES, AGENT_TRANSITIONS, AGENT_TERMINAL, transitionStep, transitionRun, transitionCollab, transitionAgent, tryTransitionStep, tryTransitionRun, tryTransitionCollab, tryTransitionAgent, isAgentTerminal, normalizeStepStatus, normalizeRunStatus, normalizeCollabPhase, checkStateInvariant, mapOrchestrationToAgent, mapAgentToOrchestration, } from "./state-machine";
18
+ export type { StepStatus, RunStatus, CollabPhase, AgentPhase, TransitionViolation, TransitionResult, StateInvariantViolation, } from "./state-machine";
19
+ export { PROTOCOL_ERRORS, JSONRPC_ERROR_RANGE, ERROR_LAYER_MAP, getHttpStatusForError, getServiceCodeForError, } from "./errors";
20
+ export type { ProtocolErrorCode, SkillRpcErrorCode, } from "./errors";
21
+ //# sourceMappingURL=index.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EACL,cAAc,EACd,YAAY,EACZ,WAAW,GACZ,MAAM,YAAY,CAAC;AAEpB,YAAY,EACV,aAAa,EACb,YAAY,EACZ,gBAAgB,GACjB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,iBAAiB,EACjB,iBAAiB,EACjB,uBAAuB,EACvB,8BAA8B,EAC9B,iBAAiB,EACjB,uBAAuB,EACvB,qBAAqB,EACrB,sBAAsB,EACtB,gBAAgB,EAChB,iBAAiB,EACjB,yBAAyB,EACzB,gBAAgB,EAChB,sBAAsB,EACtB,eAAe,EACf,4BAA4B,EAC5B,0BAA0B,EAC1B,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,EAChB,cAAc,EACd,qBAAqB,EACrB,mBAAmB,EACnB,eAAe,EACf,YAAY,EACZ,iBAAiB,EACjB,aAAa,EACb,UAAU,EACV,mBAAmB,GACpB,MAAM,aAAa,CAAC;AAErB,YAAY,EACV,eAAe,EACf,iBAAiB,EACjB,oBAAoB,EACpB,cAAc,EACd,4BAA4B,EAC5B,sBAAsB,EACtB,gBAAgB,EAChB,qBAAqB,EACrB,YAAY,EACZ,kBAAkB,EAClB,eAAe,EACf,eAAe,EACf,aAAa,EACb,oBAAoB,EACpB,gBAAgB,EAChB,eAAe,EACf,gBAAgB,EAChB,qBAAqB,EACrB,qBAAqB,EACrB,kBAAkB,EAClB,kBAAkB,EAClB,oBAAoB,EACpB,oBAAoB,EACpB,yBAAyB,EACzB,oBAAoB,GACrB,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,gBAAgB,EAChB,oBAAoB,EACpB,kBAAkB,GACnB,MAAM,kBAAkB,CAAC;AAE1B,YAAY,EACV,UAAU,EACV,oBAAoB,EACpB,cAAc,EACd,oBAAoB,EACpB,qBAAqB,EACrB,wBAAwB,EACxB,aAAa,EACb,mBAAmB,EACnB,sBAAsB,EACtB,cAAc,EACd,mBAAmB,EACnB,eAAe,EACf,wBAAwB,GACzB,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EACL,eAAe,EACf,sBAAsB,GACvB,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,uBAAuB,EACvB,mBAAmB,EACnB,iBAAiB,EACjB,yBAAyB,EACzB,uBAAuB,GACxB,MAAM,oBAAoB,CAAC;AAE5B,YAAY,EACV,oBAAoB,EACpB,oBAAoB,EACpB,uBAAuB,EACvB,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EACvB,kBAAkB,EAClB,2BAA2B,EAC3B,qBAAqB,EACrB,oBAAoB,EACpB,qBAAqB,EACrB,8BAA8B,EAC9B,0BAA0B,EAC1B,yBAAyB,EACzB,sBAAsB,GACvB,MAAM,eAAe,CAAC;AAEvB,YAAY,EACV,cAAc,EACd,aAAa,EACb,eAAe,EACf,eAAe,EACf,WAAW,EACX,uBAAuB,EACvB,kBAAkB,EAClB,uBAAuB,EACvB,gBAAgB,GACjB,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,aAAa,EACb,aAAa,EACb,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,eAAe,EACf,aAAa,EACb,eAAe,EACf,kBAAkB,EAClB,YAAY,EACZ,iBAAiB,EACjB,cAAc,EACd,cAAc,EACd,aAAa,EACb,gBAAgB,EAChB,eAAe,EACf,iBAAiB,EACjB,gBAAgB,EAChB,mBAAmB,EACnB,kBAAkB,EAClB,eAAe,EACf,mBAAmB,EACnB,kBAAkB,EAClB,oBAAoB,EACpB,mBAAmB,EACnB,uBAAuB,EACvB,uBAAuB,GACxB,MAAM,iBAAiB,CAAC;AAEzB,YAAY,EACV,UAAU,EACV,SAAS,EACT,WAAW,EACX,UAAU,EACV,mBAAmB,EACnB,gBAAgB,EAChB,uBAAuB,GACxB,MAAM,iBAAiB,CAAC;AAGzB,OAAO,EACL,eAAe,EACf,mBAAmB,EACnB,eAAe,EACf,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,UAAU,CAAC;AAElB,YAAY,EACV,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,UAAU,CAAC"}