npm - @mondaydotcomorg/atp-compiler - Versions diffs - 0.19.4 → 0.19.5 - Mend

@mondaydotcomorg/atp-compiler 0.19.4 → 0.19.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (394) hide show

package/dist/provenance/src/policies/builder.js DELETED Viewed

@@ -1,77 +0,0 @@
-/**
- * Helper class to build policy rules fluently
- */
-export class RuleBuilder {
-    rule = {
-        action: 'log',
-        conditions: [],
-    };
-    constructor(action = 'log') {
-        this.rule.action = action;
-    }
-    action(action) {
-        this.rule.action = action;
-        return this;
-    }
-    id(id) {
-        this.rule.id = id;
-        return this;
-    }
-    reason(reason) {
-        this.rule.reason = reason;
-        return this;
-    }
-    condition(field, operator, value) {
-        this.rule.conditions.push({ field, operator, value });
-        return this;
-    }
-    build() {
-        return this.rule;
-    }
-}
-/**
- * Helper class to build declarative policies fluently
- */
-export class PolicyBuilder {
-    config;
-    constructor(id) {
-        this.config = {
-            id,
-            scope: {},
-            rules: [],
-        };
-    }
-    description(desc) {
-        this.config.description = desc;
-        return this;
-    }
-    scopeTool(toolNamePattern) {
-        this.config.scope.toolName = toolNamePattern;
-        return this;
-    }
-    scopeApiGroup(apiGroupPattern) {
-        this.config.scope.apiGroup = apiGroupPattern;
-        return this;
-    }
-    /**
-     * Add a rule using a builder callback
-     * @example
-     * .addRule(r => r.action('block').condition('args.amount', 'matches', '>1000'))
-     */
-    addRule(buildFn) {
-        const builder = new RuleBuilder();
-        this.config.rules.push(buildFn(builder).build());
-        return this;
-    }
-    /**
-     * Add a fully formed rule object
-     */
-    addRuleObject(rule) {
-        this.config.rules.push(rule);
-        return this;
-    }
-    build() {
-        return this.config;
-    }
-}
-//# sourceMappingURL=builder.js.map

package/dist/provenance/src/policies/builder.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"builder.js","sourceRoot":"","sources":["../../../../../provenance/src/policies/builder.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,MAAM,OAAO,WAAW;IACf,IAAI,GAAe;QAC1B,MAAM,EAAE,KAAK;QACb,UAAU,EAAE,EAAE;KACd,CAAC;IAEF,YAAY,SAAuB,KAAK;QACvC,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IAC3B,CAAC;IAED,MAAM,CAAC,MAAoB;QAC1B,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAC1B,OAAO,IAAI,CAAC;IACb,CAAC;IAED,EAAE,CAAC,EAAU;QACZ,IAAI,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC;IACb,CAAC;IAED,MAAM,CAAC,MAAc;QACpB,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAC1B,OAAO,IAAI,CAAC;IACb,CAAC;IAED,SAAS,CAAC,KAAa,EAAE,QAAkB,EAAE,KAAU;QACtD,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;QACtD,OAAO,IAAI,CAAC;IACb,CAAC;IAED,KAAK;QACJ,OAAO,IAAI,CAAC,IAAI,CAAC;IAClB,CAAC;CACD;AAED;;GAEG;AACH,MAAM,OAAO,aAAa;IACjB,MAAM,CAA0B;IAExC,YAAY,EAAU;QACrB,IAAI,CAAC,MAAM,GAAG;YACb,EAAE;YACF,KAAK,EAAE,EAAE;YACT,KAAK,EAAE,EAAE;SACT,CAAC;IACH,CAAC;IAED,WAAW,CAAC,IAAY;QACvB,IAAI,CAAC,MAAM,CAAC,WAAW,GAAG,IAAI,CAAC;QAC/B,OAAO,IAAI,CAAC;IACb,CAAC;IAED,SAAS,CAAC,eAAuB;QAChC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,GAAG,eAAe,CAAC;QAC7C,OAAO,IAAI,CAAC;IACb,CAAC;IAED,aAAa,CAAC,eAAuB;QACpC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,GAAG,eAAe,CAAC;QAC7C,OAAO,IAAI,CAAC;IACb,CAAC;IAED;;;;OAIG;IACH,OAAO,CAAC,OAA8C;QACrD,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;QAClC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;QACjD,OAAO,IAAI,CAAC;IACb,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,IAAgB;QAC7B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7B,OAAO,IAAI,CAAC;IACb,CAAC;IAED,KAAK;QACJ,OAAO,IAAI,CAAC,MAAM,CAAC;IACpB,CAAC;CACD"}

package/dist/provenance/src/policies/declarative.d.ts DELETED Viewed

@@ -1,47 +0,0 @@
-import type { SecurityPolicy, PolicyAction } from '../types.js';
-export type Operator = 'equals' | 'notEquals' | 'contains' | 'notContains' | 'startsWith' | 'notStartsWith' | 'endsWith' | 'notEndsWith' | 'matches' | 'in' | 'notIn';
-export interface Condition {
-    /**
-     * Field to check.
-     * - "args.paramName": Value of a tool argument
-     * - "provenance.args.paramName.source.type": Provenance metadata
-     * - "provenance.args.paramName.readers": Reader permissions
-     */
-    field: string;
-    operator: Operator;
-    value: any;
-}
-export interface PolicyRule {
-    id?: string;
-    /** Action to take if conditions match */
-    action: PolicyAction;
-    /** Conditions (implicit AND) - all must match for the rule to trigger */
-    conditions: Condition[];
-    /** Custom reason message */
-    reason?: string;
-}
-export interface DeclarativePolicyConfig {
-    id: string;
-    description?: string;
-    scope: {
-        /** Regex pattern or exact match for tool name */
-        toolName?: string;
-        /** Regex pattern or exact match for API group */
-        apiGroup?: string;
-    };
-    /** Rules are evaluated in order. First match wins. */
-    rules: PolicyRule[];
-}
-export interface PolicyConfiguration {
-    version: string;
-    policies: DeclarativePolicyConfig[];
-}
-/**
- * Create a SecurityPolicy from a declarative configuration
- */
-export declare function createDeclarativePolicy(config: DeclarativePolicyConfig): SecurityPolicy;
-/**
- * Load policies from a full configuration object or array of policy configs
- */
-export declare function loadDeclarativePolicies(config: PolicyConfiguration | DeclarativePolicyConfig[]): SecurityPolicy[];
-//# sourceMappingURL=declarative.d.ts.map

package/dist/provenance/src/policies/declarative.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"declarative.d.ts","sourceRoot":"","sources":["../../../../../provenance/src/policies/declarative.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAoC,YAAY,EAAE,MAAM,aAAa,CAAC;AAElG,MAAM,MAAM,QAAQ,GACjB,QAAQ,GACR,WAAW,GACX,UAAU,GACV,aAAa,GACb,YAAY,GACZ,eAAe,GACf,UAAU,GACV,aAAa,GACb,SAAS,GACT,IAAI,GACJ,OAAO,CAAC;AAEX,MAAM,WAAW,SAAS;IACzB;;;;;OAKG;IACH,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,QAAQ,CAAC;IACnB,KAAK,EAAE,GAAG,CAAC;CACX;AAED,MAAM,WAAW,UAAU;IAC1B,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,yCAAyC;IACzC,MAAM,EAAE,YAAY,CAAC;IACrB,yEAAyE;IACzE,UAAU,EAAE,SAAS,EAAE,CAAC;IACxB,4BAA4B;IAC5B,MAAM,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,uBAAuB;IACvC,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE;QACN,iDAAiD;QACjD,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,iDAAiD;QACjD,QAAQ,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,sDAAsD;IACtD,KAAK,EAAE,UAAU,EAAE,CAAC;CACpB;AAED,MAAM,WAAW,mBAAmB;IACnC,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,uBAAuB,EAAE,CAAC;CACpC;AAuID;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,uBAAuB,GAAG,cAAc,CAyCvF;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CACtC,MAAM,EAAE,mBAAmB,GAAG,uBAAuB,EAAE,GACrD,cAAc,EAAE,CAKlB"}

package/dist/provenance/src/policies/declarative.js DELETED Viewed

@@ -1,170 +0,0 @@
-/**
- * Resolve a value from a path in the arguments or provenance
- */
-function resolveValue(path, args, getProvenance) {
-    const parts = path.split('.');
-    const root = parts.shift();
-    if (root === 'args') {
-        let current = args;
-        for (const part of parts) {
-            if (current === null || current === undefined) {
-                return undefined;
-            }
-            current = current[part];
-        }
-        return current;
-    }
-    if (root === 'provenance' && parts[0] === 'args') {
-        parts.shift(); // remove 'args'
-        const argName = parts.shift(); // get argument name
-        if (!argName)
-            return undefined;
-        const argValue = args[argName];
-        // Better approach:
-        // 1. Traverse args until we find the object.
-        // 2. Get provenance of that object.
-        // 3. Traverse provenance metadata.
-        let remainingParts = [...parts];
-        // We don't know where the split is.
-        // Let's try to find standard metadata keys in the path.
-        const metadataKeys = ['source', 'readers', 'dependencies', 'id', 'context'];
-        let splitIndex = -1;
-        for (let i = 0; i < remainingParts.length; i++) {
-            if (metadataKeys.includes(remainingParts[i])) {
-                splitIndex = i;
-                break;
-            }
-        }
-        if (splitIndex === -1) {
-            return undefined;
-        }
-        // Traverse to the value that should have provenance
-        let valuePath = remainingParts.slice(0, splitIndex);
-        let metaPath = remainingParts.slice(splitIndex);
-        let currentVal = argValue;
-        for (const part of valuePath) {
-            if (currentVal === null || currentVal === undefined)
-                return undefined;
-            currentVal = currentVal[part];
-        }
-        const metadata = getProvenance(currentVal);
-        if (!metadata)
-            return undefined;
-        // Now traverse metadata
-        let currentMeta = metadata;
-        for (const part of metaPath) {
-            if (currentMeta === null || currentMeta === undefined)
-                return undefined;
-            currentMeta = currentMeta[part];
-        }
-        return currentMeta;
-    }
-    return undefined;
-}
-function evaluateCondition(actual, operator, expected) {
-    switch (operator) {
-        case 'equals':
-            return actual === expected;
-        case 'notEquals':
-            return actual !== expected;
-        case 'contains':
-            return Array.isArray(actual) || typeof actual === 'string'
-                ? actual.includes(expected)
-                : false;
-        case 'notContains':
-            return Array.isArray(actual) || typeof actual === 'string'
-                ? !actual.includes(expected)
-                : true;
-        case 'startsWith':
-            return typeof actual === 'string' ? actual.startsWith(expected) : false;
-        case 'notStartsWith':
-            return typeof actual === 'string' ? !actual.startsWith(expected) : true;
-        case 'endsWith':
-            return typeof actual === 'string' ? actual.endsWith(expected) : false;
-        case 'notEndsWith':
-            return typeof actual === 'string' ? !actual.endsWith(expected) : true;
-        case 'matches':
-            if (typeof actual === 'string') {
-                return new RegExp(expected).test(actual);
-            }
-            if (typeof actual === 'number' && typeof expected === 'string') {
-                const match = expected.match(/^([<>]=?|==|!=)(\d+(?:\.\d+)?)$/);
-                if (match) {
-                    const [, op, value] = match;
-                    const numValue = parseFloat(value);
-                    switch (op) {
-                        case '>':
-                            return actual > numValue;
-                        case '>=':
-                            return actual >= numValue;
-                        case '<':
-                            return actual < numValue;
-                        case '<=':
-                            return actual <= numValue;
-                        case '==':
-                            return actual === numValue;
-                        case '!=':
-                            return actual !== numValue;
-                    }
-                }
-            }
-            return false;
-        case 'in':
-            return Array.isArray(expected) ? expected.includes(actual) : false;
-        case 'notIn':
-            return Array.isArray(expected) ? !expected.includes(actual) : true;
-        default:
-            return false;
-    }
-}
-/**
- * Create a SecurityPolicy from a declarative configuration
- */
-export function createDeclarativePolicy(config) {
-    return {
-        name: config.id,
-        description: config.description,
-        check: async (toolName, args, getProvenance) => {
-            if (config.scope.toolName) {
-                const toolRegex = new RegExp(`^${config.scope.toolName}$`);
-                if (!toolRegex.test(toolName)) {
-                    return { action: 'log' };
-                }
-            }
-            if (config.scope.apiGroup) {
-                // Note: apiGroup is matched against the toolName prefix (e.g., "payment" from "payment.transfer")
-                // The SecurityPolicy interface doesn't receive apiGroup separately, but we can extract it from toolName
-                const extractedGroup = toolName.split('.')[0] || '';
-                const groupRegex = new RegExp(`^${config.scope.apiGroup}$`);
-                if (!groupRegex.test(extractedGroup)) {
-                    return { action: 'log' };
-                }
-            }
-            for (const rule of config.rules) {
-                const allMatch = rule.conditions.every((condition) => {
-                    const actualValue = resolveValue(condition.field, args, getProvenance);
-                    return evaluateCondition(actualValue, condition.operator, condition.value);
-                });
-                if (allMatch) {
-                    return {
-                        action: rule.action,
-                        reason: rule.reason || `Matched rule ${rule.id || 'unknown'} in policy ${config.id}`,
-                        policy: config.id,
-                        context: { ruleId: rule.id, conditions: rule.conditions },
-                    };
-                }
-            }
-            return { action: 'log' };
-        },
-    };
-}
-/**
- * Load policies from a full configuration object or array of policy configs
- */
-export function loadDeclarativePolicies(config) {
-    if (Array.isArray(config)) {
-        return config.map(createDeclarativePolicy);
-    }
-    return config.policies.map(createDeclarativePolicy);
-}
-//# sourceMappingURL=declarative.js.map

package/dist/provenance/src/policies/declarative.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"declarative.js","sourceRoot":"","sources":["../../../../../provenance/src/policies/declarative.ts"],"names":[],"mappings":"AAuDA;;GAEG;AACH,SAAS,YAAY,CACpB,IAAY,EACZ,IAA6B,EAC7B,aAA4D;IAE5D,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9B,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,EAAE,CAAC;IAE3B,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;QACrB,IAAI,OAAO,GAAQ,IAAI,CAAC;QACxB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YAC1B,IAAI,OAAO,KAAK,IAAI,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;gBAC/C,OAAO,SAAS,CAAC;YAClB,CAAC;YACD,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QACzB,CAAC;QACD,OAAO,OAAO,CAAC;IAChB,CAAC;IAED,IAAI,IAAI,KAAK,YAAY,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,MAAM,EAAE,CAAC;QAClD,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,gBAAgB;QAC/B,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,oBAAoB;QACnD,IAAI,CAAC,OAAO;YAAE,OAAO,SAAS,CAAC;QAE/B,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;QAE/B,mBAAmB;QACnB,6CAA6C;QAC7C,oCAAoC;QACpC,mCAAmC;QAEnC,IAAI,cAAc,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC;QAEhC,oCAAoC;QACpC,wDAAwD;QACxD,MAAM,YAAY,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE,cAAc,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;QAC5E,IAAI,UAAU,GAAG,CAAC,CAAC,CAAC;QACpB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,cAAc,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAChD,IAAI,YAAY,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAE,CAAC,EAAE,CAAC;gBAC/C,UAAU,GAAG,CAAC,CAAC;gBACf,MAAM;YACP,CAAC;QACF,CAAC;QAED,IAAI,UAAU,KAAK,CAAC,CAAC,EAAE,CAAC;YACvB,OAAO,SAAS,CAAC;QAClB,CAAC;QAED,oDAAoD;QACpD,IAAI,SAAS,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;QACpD,IAAI,QAAQ,GAAG,cAAc,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAEhD,IAAI,UAAU,GAAG,QAAQ,CAAC;QAC1B,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;YAC9B,IAAI,UAAU,KAAK,IAAI,IAAI,UAAU,KAAK,SAAS;gBAAE,OAAO,SAAS,CAAC;YACtE,UAAU,GAAI,UAAkB,CAAC,IAAI,CAAC,CAAC;QACxC,CAAC;QAED,MAAM,QAAQ,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC;QAC3C,IAAI,CAAC,QAAQ;YAAE,OAAO,SAAS,CAAC;QAEhC,wBAAwB;QACxB,IAAI,WAAW,GAAQ,QAAQ,CAAC;QAChC,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;YAC7B,IAAI,WAAW,KAAK,IAAI,IAAI,WAAW,KAAK,SAAS;gBAAE,OAAO,SAAS,CAAC;YACxE,WAAW,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;QACjC,CAAC;QACD,OAAO,WAAW,CAAC;IACpB,CAAC;IAED,OAAO,SAAS,CAAC;AAClB,CAAC;AAED,SAAS,iBAAiB,CAAC,MAAW,EAAE,QAAkB,EAAE,QAAa;IACxE,QAAQ,QAAQ,EAAE,CAAC;QAClB,KAAK,QAAQ;YACZ,OAAO,MAAM,KAAK,QAAQ,CAAC;QAC5B,KAAK,WAAW;YACf,OAAO,MAAM,KAAK,QAAQ,CAAC;QAC5B,KAAK,UAAU;YACd,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,OAAO,MAAM,KAAK,QAAQ;gBACzD,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAC3B,CAAC,CAAC,KAAK,CAAC;QACV,KAAK,aAAa;YACjB,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,OAAO,MAAM,KAAK,QAAQ;gBACzD,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAC5B,CAAC,CAAC,IAAI,CAAC;QACT,KAAK,YAAY;YAChB,OAAO,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;QACzE,KAAK,eAAe;YACnB,OAAO,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACzE,KAAK,UAAU;YACd,OAAO,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;QACvE,KAAK,aAAa;YACjB,OAAO,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACvE,KAAK,SAAS;YACb,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;gBAChC,OAAO,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC1C,CAAC;YACD,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBAChE,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;gBAChE,IAAI,KAAK,EAAE,CAAC;oBACX,MAAM,CAAC,EAAE,EAAE,EAAE,KAAK,CAAC,GAAG,KAAK,CAAC;oBAC5B,MAAM,QAAQ,GAAG,UAAU,CAAC,KAAM,CAAC,CAAC;oBACpC,QAAQ,EAAE,EAAE,CAAC;wBACZ,KAAK,GAAG;4BACP,OAAO,MAAM,GAAG,QAAQ,CAAC;wBAC1B,KAAK,IAAI;4BACR,OAAO,MAAM,IAAI,QAAQ,CAAC;wBAC3B,KAAK,GAAG;4BACP,OAAO,MAAM,GAAG,QAAQ,CAAC;wBAC1B,KAAK,IAAI;4BACR,OAAO,MAAM,IAAI,QAAQ,CAAC;wBAC3B,KAAK,IAAI;4BACR,OAAO,MAAM,KAAK,QAAQ,CAAC;wBAC5B,KAAK,IAAI;4BACR,OAAO,MAAM,KAAK,QAAQ,CAAC;oBAC7B,CAAC;gBACF,CAAC;YACF,CAAC;YACD,OAAO,KAAK,CAAC;QACd,KAAK,IAAI;YACR,OAAO,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;QACpE,KAAK,OAAO;YACX,OAAO,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACpE;YACC,OAAO,KAAK,CAAC;IACf,CAAC;AACF,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB,CAAC,MAA+B;IACtE,OAAO;QACN,IAAI,EAAE,MAAM,CAAC,EAAE;QACf,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,aAAa,EAAE,EAAE;YAC9C,IAAI,MAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;gBAC3B,MAAM,SAAS,GAAG,IAAI,MAAM,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC;gBAC3D,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC/B,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;gBAC1B,CAAC;YACF,CAAC;YAED,IAAI,MAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;gBAC3B,kGAAkG;gBAClG,wGAAwG;gBACxG,MAAM,cAAc,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gBACpD,MAAM,UAAU,GAAG,IAAI,MAAM,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC;gBAC5D,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC;oBACtC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;gBAC1B,CAAC;YACF,CAAC;YAED,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;gBACjC,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,SAAS,EAAE,EAAE;oBACpD,MAAM,WAAW,GAAG,YAAY,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,aAAa,CAAC,CAAC;oBACvE,OAAO,iBAAiB,CAAC,WAAW,EAAE,SAAS,CAAC,QAAQ,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;gBAC5E,CAAC,CAAC,CAAC;gBAEH,IAAI,QAAQ,EAAE,CAAC;oBACd,OAAO;wBACN,MAAM,EAAE,IAAI,CAAC,MAAM;wBACnB,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,gBAAgB,IAAI,CAAC,EAAE,IAAI,SAAS,cAAc,MAAM,CAAC,EAAE,EAAE;wBACpF,MAAM,EAAE,MAAM,CAAC,EAAE;wBACjB,OAAO,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE;qBACzD,CAAC;gBACH,CAAC;YACF,CAAC;YAED,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;QAC1B,CAAC;KACD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB,CACtC,MAAuD;IAEvD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,OAAO,MAAM,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;AACrD,CAAC"}

package/dist/provenance/src/policies/dynamic.d.ts DELETED Viewed

@@ -1,39 +0,0 @@
-import type { SecurityPolicy, PolicyResult, ProvenanceMetadata } from '../types.js';
-import { type DeclarativePolicyConfig } from './declarative.js';
-/**
- * A dynamic registry that manages multiple policies and acts as a single SecurityPolicy.
- * This allows policies to be updated at runtime (e.g. from a UI or database) without restarting the server.
- */
-export declare class DynamicPolicyRegistry implements SecurityPolicy {
-    name: string;
-    description: string;
-    private policies;
-    constructor(initialPolicies?: SecurityPolicy[]);
-    /**
-     * Add or update a policy
-     */
-    addPolicy(policy: SecurityPolicy): void;
-    /**
-     * Remove a policy by name
-     */
-    removePolicy(name: string): void;
-    /**
-     * clear all policies
-     */
-    clear(): void;
-    /**
-     * Load policies from declarative configurations (JSON)
-     * This is useful for loading policies saved from a UI
-     */
-    loadFromConfigs(configs: DeclarativePolicyConfig[], replace?: boolean): void;
-    /**
-     * Get all registered policies
-     */
-    getPolicies(): SecurityPolicy[];
-    /**
-     * Implementation of the SecurityPolicy check interface.
-     * Delegates to all registered policies.
-     */
-    check(toolName: string, args: Record<string, unknown>, getProvenance: (value: unknown) => ProvenanceMetadata | null): Promise<PolicyResult>;
-}
-//# sourceMappingURL=dynamic.d.ts.map

package/dist/provenance/src/policies/dynamic.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"dynamic.d.ts","sourceRoot":"","sources":["../../../../../provenance/src/policies/dynamic.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,YAAY,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AACpF,OAAO,EAA2B,KAAK,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AAEzF;;;GAGG;AACH,qBAAa,qBAAsB,YAAW,cAAc;IAC3D,IAAI,SAA6B;IACjC,WAAW,SAAyD;IAEpE,OAAO,CAAC,QAAQ,CAA0C;gBAE9C,eAAe,GAAE,cAAc,EAAO;IAMlD;;OAEG;IACH,SAAS,CAAC,MAAM,EAAE,cAAc,GAAG,IAAI;IAIvC;;OAEG;IACH,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAIhC;;OAEG;IACH,KAAK,IAAI,IAAI;IAIb;;;OAGG;IACH,eAAe,CAAC,OAAO,EAAE,uBAAuB,EAAE,EAAE,OAAO,UAAQ,GAAG,IAAI;IAU1E;;OAEG;IACH,WAAW,IAAI,cAAc,EAAE;IAI/B;;;OAGG;IACG,KAAK,CACV,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,aAAa,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,kBAAkB,GAAG,IAAI,GAC1D,OAAO,CAAC,YAAY,CAAC;CAuBxB"}

package/dist/provenance/src/policies/dynamic.js DELETED Viewed

@@ -1,75 +0,0 @@
-import { createDeclarativePolicy } from './declarative.js';
-/**
- * A dynamic registry that manages multiple policies and acts as a single SecurityPolicy.
- * This allows policies to be updated at runtime (e.g. from a UI or database) without restarting the server.
- */
-export class DynamicPolicyRegistry {
-    name = 'dynamic-policy-registry';
-    description = 'Container for dynamically managed security policies';
-    policies = new Map();
-    constructor(initialPolicies = []) {
-        for (const policy of initialPolicies) {
-            this.policies.set(policy.name, policy);
-        }
-    }
-    /**
-     * Add or update a policy
-     */
-    addPolicy(policy) {
-        this.policies.set(policy.name, policy);
-    }
-    /**
-     * Remove a policy by name
-     */
-    removePolicy(name) {
-        this.policies.delete(name);
-    }
-    /**
-     * clear all policies
-     */
-    clear() {
-        this.policies.clear();
-    }
-    /**
-     * Load policies from declarative configurations (JSON)
-     * This is useful for loading policies saved from a UI
-     */
-    loadFromConfigs(configs, replace = false) {
-        if (replace) {
-            this.policies.clear();
-        }
-        for (const config of configs) {
-            const policy = createDeclarativePolicy(config);
-            this.policies.set(policy.name, policy);
-        }
-    }
-    /**
-     * Get all registered policies
-     */
-    getPolicies() {
-        return Array.from(this.policies.values());
-    }
-    /**
-     * Implementation of the SecurityPolicy check interface.
-     * Delegates to all registered policies.
-     */
-    async check(toolName, args, getProvenance) {
-        let requiresApproval = null;
-        for (const policy of this.policies.values()) {
-            const result = await policy.check(toolName, args, getProvenance);
-            if (result.action === 'block') {
-                return result;
-            }
-            if (result.action === 'approve') {
-                if (!requiresApproval) {
-                    requiresApproval = result;
-                }
-            }
-        }
-        if (requiresApproval) {
-            return requiresApproval;
-        }
-        return { action: 'log' };
-    }
-}
-//# sourceMappingURL=dynamic.js.map

package/dist/provenance/src/policies/dynamic.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"dynamic.js","sourceRoot":"","sources":["../../../../../provenance/src/policies/dynamic.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,uBAAuB,EAAgC,MAAM,kBAAkB,CAAC;AAEzF;;;GAGG;AACH,MAAM,OAAO,qBAAqB;IACjC,IAAI,GAAG,yBAAyB,CAAC;IACjC,WAAW,GAAG,qDAAqD,CAAC;IAE5D,QAAQ,GAAgC,IAAI,GAAG,EAAE,CAAC;IAE1D,YAAY,kBAAoC,EAAE;QACjD,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE,CAAC;YACtC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QACxC,CAAC;IACF,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,MAAsB;QAC/B,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,IAAY;QACxB,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,KAAK;QACJ,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC;IAED;;;OAGG;IACH,eAAe,CAAC,OAAkC,EAAE,OAAO,GAAG,KAAK;QAClE,IAAI,OAAO,EAAE,CAAC;YACb,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;QACvB,CAAC;QACD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC9B,MAAM,MAAM,GAAG,uBAAuB,CAAC,MAAM,CAAC,CAAC;YAC/C,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QACxC,CAAC;IACF,CAAC;IAED;;OAEG;IACH,WAAW;QACV,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3C,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,KAAK,CACV,QAAgB,EAChB,IAA6B,EAC7B,aAA4D;QAE5D,IAAI,gBAAgB,GAAwB,IAAI,CAAC;QAEjD,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC;YAC7C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,IAAI,EAAE,aAAa,CAAC,CAAC;YAEjE,IAAI,MAAM,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;gBAC/B,OAAO,MAAM,CAAC;YACf,CAAC;YAED,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;gBACjC,IAAI,CAAC,gBAAgB,EAAE,CAAC;oBACvB,gBAAgB,GAAG,MAAM,CAAC;gBAC3B,CAAC;YACF,CAAC;QACF,CAAC;QAED,IAAI,gBAAgB,EAAE,CAAC;YACtB,OAAO,gBAAgB,CAAC;QACzB,CAAC;QAED,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;IAC1B,CAAC;CACD"}

package/dist/provenance/src/policies/engine.d.ts DELETED Viewed

@@ -1,71 +0,0 @@
-/**
- * Security Policy Engine
- *
- */
-import type { SecurityPolicy } from '../types.js';
-export interface Logger {
-    debug: (msg: string, obj?: any) => void;
-    info: (msg: string, obj?: any) => void;
-    warn: (msg: string, obj?: any) => void;
-    error: (msg: string, obj?: any) => void;
-}
-export declare class SecurityPolicyEngine {
-    private policies;
-    private logger;
-    private approvalCallback?;
-    private customGetProvenance?;
-    constructor(policies: SecurityPolicy[], logger: Logger, customGetProvenance?: (value: unknown) => any);
-    /**
-     * Set a custom getProvenance function (e.g., for AST mode)
-     */
-    setGetProvenance(fn: (value: unknown) => any): void;
-    /**
-     * Set approval callback for policies that return action='approve'
-     */
-    setApprovalCallback(callback: (message: string, context: Record<string, unknown>) => Promise<boolean>): void;
-    checkTool(toolName: string, apiGroup: string, args: Record<string, unknown>): Promise<void>;
-    private normalizeAction;
-    private requestApproval;
-    private sanitizeArgs;
-}
-/**
- * Prevent data exfiltration - blocks sending private data to unauthorized recipients
- */
-export declare const preventDataExfiltration: SecurityPolicy;
-/**
- * Prevent data exfiltration (approval mode) - requires approval for risky sends
- */
-export declare const preventDataExfiltrationWithApproval: SecurityPolicy;
-/**
- * Require user origin - ensures sensitive operations only use user-provided data
- */
-export declare const requireUserOrigin: SecurityPolicy;
-/**
- * Require user origin (approval mode) - requires approval for non-user-originated critical operations
- */
-export declare const requireUserOriginWithApproval: SecurityPolicy;
-/**
- * Block LLM-generated recipients - prevents sending to LLM-extracted emails
- */
-export declare const blockLLMRecipients: SecurityPolicy;
-/**
- * Block LLM-generated recipients (approval mode) - requires approval for LLM-extracted emails
- */
-export declare const blockLLMRecipientsWithApproval: SecurityPolicy;
-/**
- * Audit sensitive data access - logs access without blocking
- */
-export declare const auditSensitiveAccess: SecurityPolicy;
-/**
- * Helper: Create custom policy
- */
-export declare function createCustomPolicy(name: string, description: string, checkFn: SecurityPolicy['check']): SecurityPolicy;
-/**
- * Get all built-in policies
- */
-export declare function getBuiltInPolicies(): SecurityPolicy[];
-/**
- * Get all built-in policies with approval variants
- */
-export declare function getBuiltInPoliciesWithApproval(): SecurityPolicy[];
-//# sourceMappingURL=engine.d.ts.map

package/dist/provenance/src/policies/engine.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../../../../../provenance/src/policies/engine.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,KAAK,EAAE,cAAc,EAAkD,MAAM,aAAa,CAAC;AASlG,MAAM,WAAW,MAAM;IACtB,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,GAAG,KAAK,IAAI,CAAC;IACxC,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,GAAG,KAAK,IAAI,CAAC;IACvC,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,GAAG,KAAK,IAAI,CAAC;IACvC,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,GAAG,KAAK,IAAI,CAAC;CACxC;AAED,qBAAa,oBAAoB;IAChC,OAAO,CAAC,QAAQ,CAAmB;IACnC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,gBAAgB,CAAC,CAGH;IACtB,OAAO,CAAC,mBAAmB,CAAC,CAA0B;gBAGrD,QAAQ,EAAE,cAAc,EAAE,EAC1B,MAAM,EAAE,MAAM,EACd,mBAAmB,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,GAAG;IAO9C;;OAEG;IACH,gBAAgB,CAAC,EAAE,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,GAAG,GAAG,IAAI;IAInD;;OAEG;IACH,mBAAmB,CAClB,QAAQ,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,GAC/E,IAAI;IAID,SAAS,CACd,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC3B,OAAO,CAAC,IAAI,CAAC;IA8EhB,OAAO,CAAC,eAAe;YAYT,eAAe;IAmC7B,OAAO,CAAC,YAAY;CAapB;AA+DD;;GAEG;AACH,eAAO,MAAM,uBAAuB,EAAE,cA0CrC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,mCAAmC,EAAE,cA0CjD,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,iBAAiB,EAAE,cAkC/B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,6BAA6B,EAAE,cAmC3C,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,kBAAkB,EAAE,cAyBhC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,8BAA8B,EAAE,cA0B5C,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,oBAAoB,EAAE,cAyBlC,CAAC;AAEF;;GAEG;AACH,wBAAgB,kBAAkB,CACjC,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,cAAc,CAAC,OAAO,CAAC,GAC9B,cAAc,CAEhB;AAED;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,cAAc,EAAE,CAErD;AAED;;GAEG;AACH,wBAAgB,8BAA8B,IAAI,cAAc,EAAE,CAOjE"}