@oked/sdk 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +107 -0
- package/dist/classify.d.ts +17 -0
- package/dist/classify.js +454 -0
- package/dist/config.d.ts +18 -0
- package/dist/config.js +36 -0
- package/dist/degraded.d.ts +19 -0
- package/dist/degraded.js +25 -0
- package/dist/describe.d.ts +23 -0
- package/dist/describe.js +899 -0
- package/dist/errors.d.ts +20 -0
- package/dist/errors.js +28 -0
- package/dist/index.d.ts +41 -0
- package/dist/index.js +268 -0
- package/dist/kinds.d.ts +10 -0
- package/dist/kinds.js +9 -0
- package/dist/rules.d.ts +97 -0
- package/dist/rules.js +105 -0
- package/dist/types.d.ts +59 -0
- package/dist/types.js +1 -0
- package/package.json +51 -0
package/dist/degraded.js
ADDED
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
/** Severity ordering for risk tiers. Higher = more dangerous. */
|
|
2
|
+
export const TIER_ORDER = {
|
|
3
|
+
safe: 0,
|
|
4
|
+
warning: 1,
|
|
5
|
+
review: 2,
|
|
6
|
+
high_stakes: 3,
|
|
7
|
+
};
|
|
8
|
+
/**
|
|
9
|
+
* Decide what to do with a sensitive action when the OKed backend is
|
|
10
|
+
* unreachable (NOT when the user explicitly denied — that is always honored,
|
|
11
|
+
* and NOT for auth errors — those always deny).
|
|
12
|
+
*
|
|
13
|
+
* strictFailClosed === true -> "deny" (original fail-safe: deny everything)
|
|
14
|
+
* otherwise -> "deny" iff tier is high_stakes,
|
|
15
|
+
* "allow" for every lower tier.
|
|
16
|
+
*
|
|
17
|
+
* Rationale: a single backend outage should not mass-abort every user's
|
|
18
|
+
* agent, but an irreversible action (rm -rf, payments, drops, force-push)
|
|
19
|
+
* must never slip through unsupervised because of a network blip.
|
|
20
|
+
*/
|
|
21
|
+
export function degradedDecision(tier, opts) {
|
|
22
|
+
if (opts.strictFailClosed)
|
|
23
|
+
return "deny";
|
|
24
|
+
return tier === "high_stakes" ? "deny" : "allow";
|
|
25
|
+
}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Context translation - converts raw tool calls into human-readable
|
|
3
|
+
* approvals. Output is a sentence-shaped Rendered value: title + optional
|
|
4
|
+
* subline + optional body (quoted block) + optional footnote.
|
|
5
|
+
*
|
|
6
|
+
* Surfaces (Telegram, dashboard) consume Title/Subline/Body/Footnote keys
|
|
7
|
+
* from the `fields` payload. `describe()` returns just the title for
|
|
8
|
+
* backwards-compatible single-line consumers (audit logs, SMS).
|
|
9
|
+
*/
|
|
10
|
+
import type { OperationKind } from "./kinds.js";
|
|
11
|
+
export interface Rendered {
|
|
12
|
+
title: string;
|
|
13
|
+
target?: string;
|
|
14
|
+
annotation?: string;
|
|
15
|
+
subline?: string;
|
|
16
|
+
body?: string;
|
|
17
|
+
footnote?: string;
|
|
18
|
+
kind: OperationKind;
|
|
19
|
+
}
|
|
20
|
+
export declare function describe(toolName: string, toolInput: Record<string, unknown>): string;
|
|
21
|
+
export declare function describeFields(toolName: string, toolInput: Record<string, unknown>): Record<string, string> | null;
|
|
22
|
+
export declare const SQL_KEYWORDS_RE: RegExp;
|
|
23
|
+
export declare function findSqlInCommand(cmd: string): string | null;
|