@oobe-protocol-labs/sap-mcp-server 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.env.example +159 -0
- package/CHANGELOG.md +55 -0
- package/LICENSE +21 -0
- package/README.md +223 -0
- package/config.example.json +64 -0
- package/config.schema.json +370 -0
- package/config.secure-example.json +100 -0
- package/dist/adapters/index.d.ts +6 -0
- package/dist/adapters/index.d.ts.map +1 -0
- package/dist/adapters/index.js +6 -0
- package/dist/adapters/index.js.map +1 -0
- package/dist/adapters/mcp/errors.d.ts +7 -0
- package/dist/adapters/mcp/errors.d.ts.map +1 -0
- package/dist/adapters/mcp/errors.js +10 -0
- package/dist/adapters/mcp/errors.js.map +1 -0
- package/dist/adapters/mcp/index.d.ts +8 -0
- package/dist/adapters/mcp/index.d.ts.map +1 -0
- package/dist/adapters/mcp/index.js +8 -0
- package/dist/adapters/mcp/index.js.map +1 -0
- package/dist/adapters/mcp/prompt-response.d.ts +13 -0
- package/dist/adapters/mcp/prompt-response.d.ts.map +1 -0
- package/dist/adapters/mcp/prompt-response.js +7 -0
- package/dist/adapters/mcp/prompt-response.js.map +1 -0
- package/dist/adapters/mcp/resource-response.d.ts +8 -0
- package/dist/adapters/mcp/resource-response.d.ts.map +1 -0
- package/dist/adapters/mcp/resource-response.js +7 -0
- package/dist/adapters/mcp/resource-response.js.map +1 -0
- package/dist/adapters/mcp/sdk-compat.d.ts +191 -0
- package/dist/adapters/mcp/sdk-compat.d.ts.map +1 -0
- package/dist/adapters/mcp/sdk-compat.js +606 -0
- package/dist/adapters/mcp/sdk-compat.js.map +1 -0
- package/dist/adapters/mcp/tool-response.d.ts +32 -0
- package/dist/adapters/mcp/tool-response.d.ts.map +1 -0
- package/dist/adapters/mcp/tool-response.js +27 -0
- package/dist/adapters/mcp/tool-response.js.map +1 -0
- package/dist/adapters/solana/commitment.d.ts +9 -0
- package/dist/adapters/solana/commitment.d.ts.map +1 -0
- package/dist/adapters/solana/commitment.js +14 -0
- package/dist/adapters/solana/commitment.js.map +1 -0
- package/dist/adapters/solana/connection.d.ts +10 -0
- package/dist/adapters/solana/connection.d.ts.map +1 -0
- package/dist/adapters/solana/connection.js +13 -0
- package/dist/adapters/solana/connection.js.map +1 -0
- package/dist/adapters/solana/index.d.ts +7 -0
- package/dist/adapters/solana/index.d.ts.map +1 -0
- package/dist/adapters/solana/index.js +7 -0
- package/dist/adapters/solana/index.js.map +1 -0
- package/dist/adapters/solana/public-key.d.ts +9 -0
- package/dist/adapters/solana/public-key.d.ts.map +1 -0
- package/dist/adapters/solana/public-key.js +11 -0
- package/dist/adapters/solana/public-key.js.map +1 -0
- package/dist/cli.d.ts +29 -0
- package/dist/cli.d.ts.map +1 -0
- package/dist/cli.js +269 -0
- package/dist/cli.js.map +1 -0
- package/dist/config/defaults.d.ts +28 -0
- package/dist/config/defaults.d.ts.map +1 -0
- package/dist/config/defaults.js +28 -0
- package/dist/config/defaults.js.map +1 -0
- package/dist/config/env.d.ts +297 -0
- package/dist/config/env.d.ts.map +1 -0
- package/dist/config/env.js +563 -0
- package/dist/config/env.js.map +1 -0
- package/dist/config/index.d.ts +7 -0
- package/dist/config/index.d.ts.map +1 -0
- package/dist/config/index.js +7 -0
- package/dist/config/index.js.map +1 -0
- package/dist/config/mcp-client-injection.d.ts +113 -0
- package/dist/config/mcp-client-injection.d.ts.map +1 -0
- package/dist/config/mcp-client-injection.js +453 -0
- package/dist/config/mcp-client-injection.js.map +1 -0
- package/dist/config/paths.d.ts +37 -0
- package/dist/config/paths.d.ts.map +1 -0
- package/dist/config/paths.js +93 -0
- package/dist/config/paths.js.map +1 -0
- package/dist/config/profiles.d.ts +85 -0
- package/dist/config/profiles.d.ts.map +1 -0
- package/dist/config/profiles.js +346 -0
- package/dist/config/profiles.js.map +1 -0
- package/dist/config/schema.d.ts +9 -0
- package/dist/config/schema.d.ts.map +1 -0
- package/dist/config/schema.js +8 -0
- package/dist/config/schema.js.map +1 -0
- package/dist/config/secure-config.d.ts +607 -0
- package/dist/config/secure-config.d.ts.map +1 -0
- package/dist/config/secure-config.js +526 -0
- package/dist/config/secure-config.js.map +1 -0
- package/dist/config/setup.d.ts +42 -0
- package/dist/config/setup.d.ts.map +1 -0
- package/dist/config/setup.js +173 -0
- package/dist/config/setup.js.map +1 -0
- package/dist/config/wizard.d.ts +15 -0
- package/dist/config/wizard.d.ts.map +1 -0
- package/dist/config/wizard.js +1176 -0
- package/dist/config/wizard.js.map +1 -0
- package/dist/config-cli.d.ts +21 -0
- package/dist/config-cli.d.ts.map +1 -0
- package/dist/config-cli.js +679 -0
- package/dist/config-cli.js.map +1 -0
- package/dist/core/constants.d.ts +78 -0
- package/dist/core/constants.d.ts.map +1 -0
- package/dist/core/constants.js +78 -0
- package/dist/core/constants.js.map +1 -0
- package/dist/core/errors.d.ts +188 -0
- package/dist/core/errors.d.ts.map +1 -0
- package/dist/core/errors.js +337 -0
- package/dist/core/errors.js.map +1 -0
- package/dist/core/guards.d.ts +41 -0
- package/dist/core/guards.d.ts.map +1 -0
- package/dist/core/guards.js +93 -0
- package/dist/core/guards.js.map +1 -0
- package/dist/core/index.d.ts +11 -0
- package/dist/core/index.d.ts.map +1 -0
- package/dist/core/index.js +10 -0
- package/dist/core/index.js.map +1 -0
- package/dist/core/logger.d.ts +64 -0
- package/dist/core/logger.d.ts.map +1 -0
- package/dist/core/logger.js +159 -0
- package/dist/core/logger.js.map +1 -0
- package/dist/core/result.d.ts +49 -0
- package/dist/core/result.d.ts.map +1 -0
- package/dist/core/result.js +61 -0
- package/dist/core/result.js.map +1 -0
- package/dist/core/types.d.ts +147 -0
- package/dist/core/types.d.ts.map +1 -0
- package/dist/core/types.js +8 -0
- package/dist/core/types.js.map +1 -0
- package/dist/index.d.ts +18 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +15 -0
- package/dist/index.js.map +1 -0
- package/dist/payments/http-adapter.d.ts +76 -0
- package/dist/payments/http-adapter.d.ts.map +1 -0
- package/dist/payments/http-adapter.js +126 -0
- package/dist/payments/http-adapter.js.map +1 -0
- package/dist/payments/index.d.ts +12 -0
- package/dist/payments/index.d.ts.map +1 -0
- package/dist/payments/index.js +9 -0
- package/dist/payments/index.js.map +1 -0
- package/dist/payments/json-rpc.d.ts +49 -0
- package/dist/payments/json-rpc.d.ts.map +1 -0
- package/dist/payments/json-rpc.js +53 -0
- package/dist/payments/json-rpc.js.map +1 -0
- package/dist/payments/monetization-gate.d.ts +49 -0
- package/dist/payments/monetization-gate.d.ts.map +1 -0
- package/dist/payments/monetization-gate.js +398 -0
- package/dist/payments/monetization-gate.js.map +1 -0
- package/dist/payments/oobe-facilitator-server.d.ts +71 -0
- package/dist/payments/oobe-facilitator-server.d.ts.map +1 -0
- package/dist/payments/oobe-facilitator-server.js +409 -0
- package/dist/payments/oobe-facilitator-server.js.map +1 -0
- package/dist/payments/pay-sh-spec.d.ts +44 -0
- package/dist/payments/pay-sh-spec.d.ts.map +1 -0
- package/dist/payments/pay-sh-spec.js +218 -0
- package/dist/payments/pay-sh-spec.js.map +1 -0
- package/dist/payments/pricing.d.ts +60 -0
- package/dist/payments/pricing.d.ts.map +1 -0
- package/dist/payments/pricing.js +272 -0
- package/dist/payments/pricing.js.map +1 -0
- package/dist/payments/usage-ledger.d.ts +84 -0
- package/dist/payments/usage-ledger.d.ts.map +1 -0
- package/dist/payments/usage-ledger.js +126 -0
- package/dist/payments/usage-ledger.js.map +1 -0
- package/dist/policy/bento-policy-engine.d.ts +71 -0
- package/dist/policy/bento-policy-engine.d.ts.map +1 -0
- package/dist/policy/bento-policy-engine.js +218 -0
- package/dist/policy/bento-policy-engine.js.map +1 -0
- package/dist/policy/default-policies.d.ts +9 -0
- package/dist/policy/default-policies.d.ts.map +1 -0
- package/dist/policy/default-policies.js +69 -0
- package/dist/policy/default-policies.js.map +1 -0
- package/dist/policy/hybrid-policy-engine.d.ts +95 -0
- package/dist/policy/hybrid-policy-engine.d.ts.map +1 -0
- package/dist/policy/hybrid-policy-engine.js +297 -0
- package/dist/policy/hybrid-policy-engine.js.map +1 -0
- package/dist/policy/index.d.ts +10 -0
- package/dist/policy/index.d.ts.map +1 -0
- package/dist/policy/index.js +10 -0
- package/dist/policy/index.js.map +1 -0
- package/dist/policy/local-policy-engine.d.ts +119 -0
- package/dist/policy/local-policy-engine.d.ts.map +1 -0
- package/dist/policy/local-policy-engine.js +318 -0
- package/dist/policy/local-policy-engine.js.map +1 -0
- package/dist/policy/permission-checks.d.ts +19 -0
- package/dist/policy/permission-checks.d.ts.map +1 -0
- package/dist/policy/permission-checks.js +60 -0
- package/dist/policy/permission-checks.js.map +1 -0
- package/dist/policy/policy-engine.d.ts +57 -0
- package/dist/policy/policy-engine.d.ts.map +1 -0
- package/dist/policy/policy-engine.js +162 -0
- package/dist/policy/policy-engine.js.map +1 -0
- package/dist/policy/policy-types.d.ts +46 -0
- package/dist/policy/policy-types.d.ts.map +1 -0
- package/dist/policy/policy-types.js +5 -0
- package/dist/policy/policy-types.js.map +1 -0
- package/dist/policy/risk-level.d.ts +18 -0
- package/dist/policy/risk-level.d.ts.map +1 -0
- package/dist/policy/risk-level.js +46 -0
- package/dist/policy/risk-level.js.map +1 -0
- package/dist/policy/spending-limits.d.ts +17 -0
- package/dist/policy/spending-limits.d.ts.map +1 -0
- package/dist/policy/spending-limits.js +40 -0
- package/dist/policy/spending-limits.js.map +1 -0
- package/dist/prompts/context/sap-agent-context.prompt.d.ts +64 -0
- package/dist/prompts/context/sap-agent-context.prompt.d.ts.map +1 -0
- package/dist/prompts/context/sap-agent-context.prompt.js +336 -0
- package/dist/prompts/context/sap-agent-context.prompt.js.map +1 -0
- package/dist/prompts/developer/debug-sap-error.prompt.d.ts +13 -0
- package/dist/prompts/developer/debug-sap-error.prompt.d.ts.map +1 -0
- package/dist/prompts/developer/debug-sap-error.prompt.js +78 -0
- package/dist/prompts/developer/debug-sap-error.prompt.js.map +1 -0
- package/dist/prompts/developer/generate-sap-integration.prompt.d.ts +13 -0
- package/dist/prompts/developer/generate-sap-integration.prompt.d.ts.map +1 -0
- package/dist/prompts/developer/generate-sap-integration.prompt.js +132 -0
- package/dist/prompts/developer/generate-sap-integration.prompt.js.map +1 -0
- package/dist/prompts/developer/index.d.ts +6 -0
- package/dist/prompts/developer/index.d.ts.map +1 -0
- package/dist/prompts/developer/index.js +6 -0
- package/dist/prompts/developer/index.js.map +1 -0
- package/dist/prompts/execution-proof/explain-proof-of-execution.prompt.d.ts +13 -0
- package/dist/prompts/execution-proof/explain-proof-of-execution.prompt.d.ts.map +1 -0
- package/dist/prompts/execution-proof/explain-proof-of-execution.prompt.js +97 -0
- package/dist/prompts/execution-proof/explain-proof-of-execution.prompt.js.map +1 -0
- package/dist/prompts/execution-proof/index.d.ts +6 -0
- package/dist/prompts/execution-proof/index.d.ts.map +1 -0
- package/dist/prompts/execution-proof/index.js +6 -0
- package/dist/prompts/execution-proof/index.js.map +1 -0
- package/dist/prompts/execution-proof/verify-execution-proof.prompt.d.ts +13 -0
- package/dist/prompts/execution-proof/verify-execution-proof.prompt.d.ts.map +1 -0
- package/dist/prompts/execution-proof/verify-execution-proof.prompt.js +95 -0
- package/dist/prompts/execution-proof/verify-execution-proof.prompt.js.map +1 -0
- package/dist/prompts/index.d.ts +5 -0
- package/dist/prompts/index.d.ts.map +1 -0
- package/dist/prompts/index.js +5 -0
- package/dist/prompts/index.js.map +1 -0
- package/dist/prompts/payments/create-paid-api.prompt.d.ts +13 -0
- package/dist/prompts/payments/create-paid-api.prompt.d.ts.map +1 -0
- package/dist/prompts/payments/create-paid-api.prompt.js +142 -0
- package/dist/prompts/payments/create-paid-api.prompt.js.map +1 -0
- package/dist/prompts/payments/explain-x402-settlement.prompt.d.ts +13 -0
- package/dist/prompts/payments/explain-x402-settlement.prompt.d.ts.map +1 -0
- package/dist/prompts/payments/explain-x402-settlement.prompt.js +83 -0
- package/dist/prompts/payments/explain-x402-settlement.prompt.js.map +1 -0
- package/dist/prompts/payments/index.d.ts +6 -0
- package/dist/prompts/payments/index.d.ts.map +1 -0
- package/dist/prompts/payments/index.js +6 -0
- package/dist/prompts/payments/index.js.map +1 -0
- package/dist/prompts/register-prompts.d.ts +10 -0
- package/dist/prompts/register-prompts.d.ts.map +1 -0
- package/dist/prompts/register-prompts.js +40 -0
- package/dist/prompts/register-prompts.js.map +1 -0
- package/dist/prompts/registry/analyze-sap-agent.prompt.d.ts +13 -0
- package/dist/prompts/registry/analyze-sap-agent.prompt.d.ts.map +1 -0
- package/dist/prompts/registry/analyze-sap-agent.prompt.js +85 -0
- package/dist/prompts/registry/analyze-sap-agent.prompt.js.map +1 -0
- package/dist/prompts/registry/index.d.ts +6 -0
- package/dist/prompts/registry/index.d.ts.map +1 -0
- package/dist/prompts/registry/index.js +6 -0
- package/dist/prompts/registry/index.js.map +1 -0
- package/dist/prompts/registry/register-sap-agent.prompt.d.ts +13 -0
- package/dist/prompts/registry/register-sap-agent.prompt.d.ts.map +1 -0
- package/dist/prompts/registry/register-sap-agent.prompt.js +152 -0
- package/dist/prompts/registry/register-sap-agent.prompt.js.map +1 -0
- package/dist/remote/auth/index.d.ts +86 -0
- package/dist/remote/auth/index.d.ts.map +1 -0
- package/dist/remote/auth/index.js +152 -0
- package/dist/remote/auth/index.js.map +1 -0
- package/dist/remote/server.d.ts +140 -0
- package/dist/remote/server.d.ts.map +1 -0
- package/dist/remote/server.js +412 -0
- package/dist/remote/server.js.map +1 -0
- package/dist/resources/current/sap-current-config.resource.d.ts +30 -0
- package/dist/resources/current/sap-current-config.resource.d.ts.map +1 -0
- package/dist/resources/current/sap-current-config.resource.js +142 -0
- package/dist/resources/current/sap-current-config.resource.js.map +1 -0
- package/dist/resources/execution-proof/index.d.ts +5 -0
- package/dist/resources/execution-proof/index.d.ts.map +1 -0
- package/dist/resources/execution-proof/index.js +5 -0
- package/dist/resources/execution-proof/index.js.map +1 -0
- package/dist/resources/execution-proof/sap-execution-record.resource.d.ts +13 -0
- package/dist/resources/execution-proof/sap-execution-record.resource.d.ts.map +1 -0
- package/dist/resources/execution-proof/sap-execution-record.resource.js +75 -0
- package/dist/resources/execution-proof/sap-execution-record.resource.js.map +1 -0
- package/dist/resources/index.d.ts +5 -0
- package/dist/resources/index.d.ts.map +1 -0
- package/dist/resources/index.js +5 -0
- package/dist/resources/index.js.map +1 -0
- package/dist/resources/memory/index.d.ts +5 -0
- package/dist/resources/memory/index.d.ts.map +1 -0
- package/dist/resources/memory/index.js +5 -0
- package/dist/resources/memory/index.js.map +1 -0
- package/dist/resources/memory/sap-memory.resource.d.ts +13 -0
- package/dist/resources/memory/sap-memory.resource.d.ts.map +1 -0
- package/dist/resources/memory/sap-memory.resource.js +77 -0
- package/dist/resources/memory/sap-memory.resource.js.map +1 -0
- package/dist/resources/profile/sap-active-profile.resource.d.ts +51 -0
- package/dist/resources/profile/sap-active-profile.resource.d.ts.map +1 -0
- package/dist/resources/profile/sap-active-profile.resource.js +119 -0
- package/dist/resources/profile/sap-active-profile.resource.js.map +1 -0
- package/dist/resources/register-resources.d.ts +10 -0
- package/dist/resources/register-resources.d.ts.map +1 -0
- package/dist/resources/register-resources.js +33 -0
- package/dist/resources/register-resources.js.map +1 -0
- package/dist/resources/registry/index.d.ts +6 -0
- package/dist/resources/registry/index.d.ts.map +1 -0
- package/dist/resources/registry/index.js +6 -0
- package/dist/resources/registry/index.js.map +1 -0
- package/dist/resources/registry/sap-agent.resource.d.ts +13 -0
- package/dist/resources/registry/sap-agent.resource.d.ts.map +1 -0
- package/dist/resources/registry/sap-agent.resource.js +75 -0
- package/dist/resources/registry/sap-agent.resource.js.map +1 -0
- package/dist/resources/registry/sap-global-registry.resource.d.ts +13 -0
- package/dist/resources/registry/sap-global-registry.resource.d.ts.map +1 -0
- package/dist/resources/registry/sap-global-registry.resource.js +71 -0
- package/dist/resources/registry/sap-global-registry.resource.js.map +1 -0
- package/dist/resources/reputation/index.d.ts +5 -0
- package/dist/resources/reputation/index.d.ts.map +1 -0
- package/dist/resources/reputation/index.js +5 -0
- package/dist/resources/reputation/index.js.map +1 -0
- package/dist/resources/reputation/sap-reputation.resource.d.ts +13 -0
- package/dist/resources/reputation/sap-reputation.resource.d.ts.map +1 -0
- package/dist/resources/reputation/sap-reputation.resource.js +75 -0
- package/dist/resources/reputation/sap-reputation.resource.js.map +1 -0
- package/dist/resources/stats/sap-network-stats.resource.d.ts +14 -0
- package/dist/resources/stats/sap-network-stats.resource.d.ts.map +1 -0
- package/dist/resources/stats/sap-network-stats.resource.js +86 -0
- package/dist/resources/stats/sap-network-stats.resource.js.map +1 -0
- package/dist/resources/tool-schema/index.d.ts +5 -0
- package/dist/resources/tool-schema/index.d.ts.map +1 -0
- package/dist/resources/tool-schema/index.js +5 -0
- package/dist/resources/tool-schema/index.js.map +1 -0
- package/dist/resources/tool-schema/sap-tool-schema.resource.d.ts +13 -0
- package/dist/resources/tool-schema/sap-tool-schema.resource.d.ts.map +1 -0
- package/dist/resources/tool-schema/sap-tool-schema.resource.js +75 -0
- package/dist/resources/tool-schema/sap-tool-schema.resource.js.map +1 -0
- package/dist/sap/index.d.ts +7 -0
- package/dist/sap/index.d.ts.map +1 -0
- package/dist/sap/index.js +6 -0
- package/dist/sap/index.js.map +1 -0
- package/dist/sap/sap-client-manager.d.ts +54 -0
- package/dist/sap/sap-client-manager.d.ts.map +1 -0
- package/dist/sap/sap-client-manager.js +129 -0
- package/dist/sap/sap-client-manager.js.map +1 -0
- package/dist/sap/sap-errors.d.ts +13 -0
- package/dist/sap/sap-errors.d.ts.map +1 -0
- package/dist/sap/sap-errors.js +23 -0
- package/dist/sap/sap-errors.js.map +1 -0
- package/dist/sap/sap-types.d.ts +69 -0
- package/dist/sap/sap-types.d.ts.map +1 -0
- package/dist/sap/sap-types.js +5 -0
- package/dist/sap/sap-types.js.map +1 -0
- package/dist/schemas/common.schema.d.ts +42 -0
- package/dist/schemas/common.schema.d.ts.map +1 -0
- package/dist/schemas/common.schema.js +36 -0
- package/dist/schemas/common.schema.js.map +1 -0
- package/dist/schemas/developer.schema.d.ts +31 -0
- package/dist/schemas/developer.schema.d.ts.map +1 -0
- package/dist/schemas/developer.schema.js +19 -0
- package/dist/schemas/developer.schema.js.map +1 -0
- package/dist/schemas/execution-proof.schema.d.ts +44 -0
- package/dist/schemas/execution-proof.schema.d.ts.map +1 -0
- package/dist/schemas/execution-proof.schema.js +26 -0
- package/dist/schemas/execution-proof.schema.js.map +1 -0
- package/dist/schemas/identity.schema.d.ts +34 -0
- package/dist/schemas/identity.schema.d.ts.map +1 -0
- package/dist/schemas/identity.schema.js +21 -0
- package/dist/schemas/identity.schema.js.map +1 -0
- package/dist/schemas/index.d.ts +15 -0
- package/dist/schemas/index.d.ts.map +1 -0
- package/dist/schemas/index.js +15 -0
- package/dist/schemas/index.js.map +1 -0
- package/dist/schemas/memory.schema.d.ts +34 -0
- package/dist/schemas/memory.schema.d.ts.map +1 -0
- package/dist/schemas/memory.schema.js +21 -0
- package/dist/schemas/memory.schema.js.map +1 -0
- package/dist/schemas/payments.schema.d.ts +37 -0
- package/dist/schemas/payments.schema.d.ts.map +1 -0
- package/dist/schemas/payments.schema.js +22 -0
- package/dist/schemas/payments.schema.js.map +1 -0
- package/dist/schemas/registry.schema.d.ts +65 -0
- package/dist/schemas/registry.schema.d.ts.map +1 -0
- package/dist/schemas/registry.schema.js +34 -0
- package/dist/schemas/registry.schema.js.map +1 -0
- package/dist/schemas/reputation.schema.d.ts +31 -0
- package/dist/schemas/reputation.schema.d.ts.map +1 -0
- package/dist/schemas/reputation.schema.js +20 -0
- package/dist/schemas/reputation.schema.js.map +1 -0
- package/dist/schemas/settlement.schema.d.ts +50 -0
- package/dist/schemas/settlement.schema.d.ts.map +1 -0
- package/dist/schemas/settlement.schema.js +29 -0
- package/dist/schemas/settlement.schema.js.map +1 -0
- package/dist/schemas/tool-schema.schema.d.ts +56 -0
- package/dist/schemas/tool-schema.schema.d.ts.map +1 -0
- package/dist/schemas/tool-schema.schema.js +26 -0
- package/dist/schemas/tool-schema.schema.js.map +1 -0
- package/dist/schemas/transaction.schema.d.ts +34 -0
- package/dist/schemas/transaction.schema.d.ts.map +1 -0
- package/dist/schemas/transaction.schema.js +20 -0
- package/dist/schemas/transaction.schema.js.map +1 -0
- package/dist/security/approval-required.d.ts +9 -0
- package/dist/security/approval-required.d.ts.map +1 -0
- package/dist/security/approval-required.js +10 -0
- package/dist/security/approval-required.js.map +1 -0
- package/dist/security/index.d.ts +9 -0
- package/dist/security/index.d.ts.map +1 -0
- package/dist/security/index.js +9 -0
- package/dist/security/index.js.map +1 -0
- package/dist/security/private-key-guard.d.ts +11 -0
- package/dist/security/private-key-guard.d.ts.map +1 -0
- package/dist/security/private-key-guard.js +22 -0
- package/dist/security/private-key-guard.js.map +1 -0
- package/dist/security/prompt-injection-notes.d.ts +13 -0
- package/dist/security/prompt-injection-notes.d.ts.map +1 -0
- package/dist/security/prompt-injection-notes.js +23 -0
- package/dist/security/prompt-injection-notes.js.map +1 -0
- package/dist/security/tool-permissions.d.ts +30 -0
- package/dist/security/tool-permissions.d.ts.map +1 -0
- package/dist/security/tool-permissions.js +270 -0
- package/dist/security/tool-permissions.js.map +1 -0
- package/dist/security/unsafe-action-guard.d.ts +28 -0
- package/dist/security/unsafe-action-guard.d.ts.map +1 -0
- package/dist/security/unsafe-action-guard.js +175 -0
- package/dist/security/unsafe-action-guard.js.map +1 -0
- package/dist/server/create-server.d.ts +12 -0
- package/dist/server/create-server.d.ts.map +1 -0
- package/dist/server/create-server.js +57 -0
- package/dist/server/create-server.js.map +1 -0
- package/dist/server/index.d.ts +7 -0
- package/dist/server/index.d.ts.map +1 -0
- package/dist/server/index.js +7 -0
- package/dist/server/index.js.map +1 -0
- package/dist/server/register-capabilities.d.ts +10 -0
- package/dist/server/register-capabilities.d.ts.map +1 -0
- package/dist/server/register-capabilities.js +23 -0
- package/dist/server/register-capabilities.js.map +1 -0
- package/dist/server/server-metadata.d.ts +32 -0
- package/dist/server/server-metadata.d.ts.map +1 -0
- package/dist/server/server-metadata.js +32 -0
- package/dist/server/server-metadata.js.map +1 -0
- package/dist/session/agent-session.d.ts +25 -0
- package/dist/session/agent-session.d.ts.map +1 -0
- package/dist/session/agent-session.js +35 -0
- package/dist/session/agent-session.js.map +1 -0
- package/dist/session/delegated-session.d.ts +20 -0
- package/dist/session/delegated-session.d.ts.map +1 -0
- package/dist/session/delegated-session.js +47 -0
- package/dist/session/delegated-session.js.map +1 -0
- package/dist/session/index.d.ts +10 -0
- package/dist/session/index.d.ts.map +1 -0
- package/dist/session/index.js +9 -0
- package/dist/session/index.js.map +1 -0
- package/dist/session/redis-session-store.d.ts +89 -0
- package/dist/session/redis-session-store.d.ts.map +1 -0
- package/dist/session/redis-session-store.js +219 -0
- package/dist/session/redis-session-store.js.map +1 -0
- package/dist/session/session-limits.d.ts +20 -0
- package/dist/session/session-limits.d.ts.map +1 -0
- package/dist/session/session-limits.js +55 -0
- package/dist/session/session-limits.js.map +1 -0
- package/dist/session/session-permissions.d.ts +37 -0
- package/dist/session/session-permissions.d.ts.map +1 -0
- package/dist/session/session-permissions.js +58 -0
- package/dist/session/session-permissions.js.map +1 -0
- package/dist/session/session-store.d.ts +38 -0
- package/dist/session/session-store.d.ts.map +1 -0
- package/dist/session/session-store.js +62 -0
- package/dist/session/session-store.js.map +1 -0
- package/dist/session/session-types.d.ts +33 -0
- package/dist/session/session-types.d.ts.map +1 -0
- package/dist/session/session-types.js +5 -0
- package/dist/session/session-types.js.map +1 -0
- package/dist/signer/external-signer.d.ts +16 -0
- package/dist/signer/external-signer.d.ts.map +1 -0
- package/dist/signer/external-signer.js +128 -0
- package/dist/signer/external-signer.js.map +1 -0
- package/dist/signer/index.d.ts +9 -0
- package/dist/signer/index.d.ts.map +1 -0
- package/dist/signer/index.js +8 -0
- package/dist/signer/index.js.map +1 -0
- package/dist/signer/load-keypair.d.ts +15 -0
- package/dist/signer/load-keypair.d.ts.map +1 -0
- package/dist/signer/load-keypair.js +39 -0
- package/dist/signer/load-keypair.js.map +1 -0
- package/dist/signer/local-keypair-signer.d.ts +11 -0
- package/dist/signer/local-keypair-signer.d.ts.map +1 -0
- package/dist/signer/local-keypair-signer.js +46 -0
- package/dist/signer/local-keypair-signer.js.map +1 -0
- package/dist/signer/signer-resolver.d.ts +10 -0
- package/dist/signer/signer-resolver.d.ts.map +1 -0
- package/dist/signer/signer-resolver.js +63 -0
- package/dist/signer/signer-resolver.js.map +1 -0
- package/dist/signer/signer-types.d.ts +35 -0
- package/dist/signer/signer-types.d.ts.map +1 -0
- package/dist/signer/signer-types.js +5 -0
- package/dist/signer/signer-types.js.map +1 -0
- package/dist/signer/signing-proxy.d.ts +45 -0
- package/dist/signer/signing-proxy.d.ts.map +1 -0
- package/dist/signer/signing-proxy.js +300 -0
- package/dist/signer/signing-proxy.js.map +1 -0
- package/dist/tools/client-sdk-tools.d.ts +22 -0
- package/dist/tools/client-sdk-tools.d.ts.map +1 -0
- package/dist/tools/client-sdk-tools.js +220 -0
- package/dist/tools/client-sdk-tools.js.map +1 -0
- package/dist/tools/index.d.ts +11 -0
- package/dist/tools/index.d.ts.map +1 -0
- package/dist/tools/index.js +17 -0
- package/dist/tools/index.js.map +1 -0
- package/dist/tools/profile-tools.d.ts +12 -0
- package/dist/tools/profile-tools.d.ts.map +1 -0
- package/dist/tools/profile-tools.js +250 -0
- package/dist/tools/profile-tools.js.map +1 -0
- package/dist/tools/register-tools.d.ts +12 -0
- package/dist/tools/register-tools.d.ts.map +1 -0
- package/dist/tools/register-tools.js +36 -0
- package/dist/tools/register-tools.js.map +1 -0
- package/dist/tools/sap-network-stats.tool.d.ts +14 -0
- package/dist/tools/sap-network-stats.tool.d.ts.map +1 -0
- package/dist/tools/sap-network-stats.tool.js +101 -0
- package/dist/tools/sap-network-stats.tool.js.map +1 -0
- package/dist/tools/sap-sdk-tools.d.ts +15 -0
- package/dist/tools/sap-sdk-tools.d.ts.map +1 -0
- package/dist/tools/sap-sdk-tools.js +1515 -0
- package/dist/tools/sap-sdk-tools.js.map +1 -0
- package/dist/tools/sap-sns-tools.d.ts +35 -0
- package/dist/tools/sap-sns-tools.d.ts.map +1 -0
- package/dist/tools/sap-sns-tools.js +626 -0
- package/dist/tools/sap-sns-tools.js.map +1 -0
- package/dist/tools/skills-tools.d.ts +12 -0
- package/dist/tools/skills-tools.d.ts.map +1 -0
- package/dist/tools/skills-tools.js +273 -0
- package/dist/tools/skills-tools.js.map +1 -0
- package/dist/tools/transaction-tools.d.ts +14 -0
- package/dist/tools/transaction-tools.d.ts.map +1 -0
- package/dist/tools/transaction-tools.js +297 -0
- package/dist/tools/transaction-tools.js.map +1 -0
- package/dist/transports/http.d.ts +40 -0
- package/dist/transports/http.d.ts.map +1 -0
- package/dist/transports/http.js +212 -0
- package/dist/transports/http.js.map +1 -0
- package/dist/transports/index.d.ts +6 -0
- package/dist/transports/index.d.ts.map +1 -0
- package/dist/transports/index.js +6 -0
- package/dist/transports/index.js.map +1 -0
- package/dist/transports/stdio.d.ts +14 -0
- package/dist/transports/stdio.d.ts.map +1 -0
- package/dist/transports/stdio.js +32 -0
- package/dist/transports/stdio.js.map +1 -0
- package/dist/tui/components.d.ts +59 -0
- package/dist/tui/components.d.ts.map +1 -0
- package/dist/tui/components.js +82 -0
- package/dist/tui/components.js.map +1 -0
- package/dist/tui/config-wizard.d.ts +12 -0
- package/dist/tui/config-wizard.d.ts.map +1 -0
- package/dist/tui/config-wizard.js +348 -0
- package/dist/tui/config-wizard.js.map +1 -0
- package/dist/tui/wizard-save.d.ts +51 -0
- package/dist/tui/wizard-save.d.ts.map +1 -0
- package/dist/tui/wizard-save.js +148 -0
- package/dist/tui/wizard-save.js.map +1 -0
- package/docs/00_README.md +45 -0
- package/docs/01_PRODUCT_OVERVIEW.md +69 -0
- package/docs/02_ARCHITECTURE_AND_REQUEST_FLOW.md +120 -0
- package/docs/03_CONFIGURATION_AND_WIZARD.md +143 -0
- package/docs/04_LOCAL_STDIO_USAGE.md +118 -0
- package/docs/05_REMOTE_VPS_DEPLOYMENT.md +136 -0
- package/docs/06_PAYMENTS_X402_AND_PAYSH.md +162 -0
- package/docs/07_ENDPOINTS_AND_CLIENTS.md +114 -0
- package/docs/08_SECURITY_POLICY_AND_SIGNING.md +134 -0
- package/docs/09_TOOLS_SKILLS_AND_AGENT_GUIDE.md +72 -0
- package/docs/10_OPERATIONS_RELEASE_AND_PM2.md +90 -0
- package/docs/11_CODE_QUALITY_AUDIT.md +49 -0
- package/ecosystem.config.example.cjs +55 -0
- package/package.json +132 -0
- package/skills/README.md +146 -0
- package/skills/sap-agent-registry/SKILL.md +39 -0
- package/skills/sap-agentkit/SKILL.md +40 -0
- package/skills/sap-defi/SKILL.md +51 -0
- package/skills/sap-discovery-indexing/SKILL.md +33 -0
- package/skills/sap-escrow-settlement/SKILL.md +37 -0
- package/skills/sap-ledger-session/SKILL.md +24 -0
- package/skills/sap-market-data/SKILL.md +36 -0
- package/skills/sap-mcp/SKILL.md +202 -0
- package/skills/sap-mcp/TOOL_REFERENCE.md +184 -0
- package/skills/sap-memory-vault/SKILL.md +29 -0
- package/skills/sap-nft-metaplex/SKILL.md +38 -0
- package/skills/sap-operations/SKILL.md +97 -0
- package/skills/sap-payments-x402/SKILL.md +47 -0
- package/skills/sap-reputation-attestation/SKILL.md +30 -0
- package/skills/sap-sns/SKILL.md +51 -0
- package/skills/sap-social-gaming/SKILL.md +30 -0
- package/skills/sap-solana-token/SKILL.md +32 -0
- package/skills/sap-staking/SKILL.md +24 -0
- package/skills/sap-tool-registry/SKILL.md +29 -0
|
@@ -0,0 +1,126 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @name PaymentUsageLedger
|
|
3
|
+
* @description Append-only JSONL audit ledger for remote MCP payment decisions and settlements.
|
|
4
|
+
*/
|
|
5
|
+
import { createHash } from 'crypto';
|
|
6
|
+
import { mkdir, appendFile } from 'fs/promises';
|
|
7
|
+
import { dirname, join } from 'path';
|
|
8
|
+
import { getDataDir } from '../config/env.js';
|
|
9
|
+
/**
|
|
10
|
+
* @name UsageLedger
|
|
11
|
+
* @description Writes MCP payment events to an append-only local JSONL ledger.
|
|
12
|
+
*/
|
|
13
|
+
export class UsageLedger {
|
|
14
|
+
ledgerPath;
|
|
15
|
+
constructor(ledgerPath = join(getDataDir(), 'payments', 'usage-ledger.jsonl')) {
|
|
16
|
+
this.ledgerPath = ledgerPath;
|
|
17
|
+
}
|
|
18
|
+
/**
|
|
19
|
+
* @name append
|
|
20
|
+
* @description Appends one payment audit event to the JSONL ledger.
|
|
21
|
+
*/
|
|
22
|
+
async append(event) {
|
|
23
|
+
await mkdir(dirname(this.ledgerPath), { recursive: true });
|
|
24
|
+
await appendFile(this.ledgerPath, `${JSON.stringify(event)}\n`, 'utf-8');
|
|
25
|
+
}
|
|
26
|
+
/**
|
|
27
|
+
* @name recordDecision
|
|
28
|
+
* @description Records that a request requires payment.
|
|
29
|
+
*/
|
|
30
|
+
async recordDecision(metadata, decision) {
|
|
31
|
+
if (!decision.required) {
|
|
32
|
+
return;
|
|
33
|
+
}
|
|
34
|
+
await this.append({
|
|
35
|
+
event: 'payment_required',
|
|
36
|
+
timestamp: new Date().toISOString(),
|
|
37
|
+
requestHash: metadata.requestHash,
|
|
38
|
+
method: metadata.method,
|
|
39
|
+
path: metadata.path,
|
|
40
|
+
toolNames: decision.toolNames,
|
|
41
|
+
priceUsd: decision.priceUsd,
|
|
42
|
+
paymentHeaderPresent: metadata.paymentHeaderPresent,
|
|
43
|
+
remoteAddress: metadata.remoteAddress,
|
|
44
|
+
userAgent: metadata.userAgent,
|
|
45
|
+
});
|
|
46
|
+
}
|
|
47
|
+
/**
|
|
48
|
+
* @name recordVerified
|
|
49
|
+
* @description Records that an x402 payment was accepted before handler execution.
|
|
50
|
+
*/
|
|
51
|
+
async recordVerified(metadata, decision) {
|
|
52
|
+
if (!decision.required) {
|
|
53
|
+
return;
|
|
54
|
+
}
|
|
55
|
+
await this.append({
|
|
56
|
+
event: 'payment_verified',
|
|
57
|
+
timestamp: new Date().toISOString(),
|
|
58
|
+
requestHash: metadata.requestHash,
|
|
59
|
+
method: metadata.method,
|
|
60
|
+
path: metadata.path,
|
|
61
|
+
toolNames: decision.toolNames,
|
|
62
|
+
priceUsd: decision.priceUsd,
|
|
63
|
+
paymentHeaderPresent: metadata.paymentHeaderPresent,
|
|
64
|
+
remoteAddress: metadata.remoteAddress,
|
|
65
|
+
userAgent: metadata.userAgent,
|
|
66
|
+
});
|
|
67
|
+
}
|
|
68
|
+
/**
|
|
69
|
+
* @name recordCanceled
|
|
70
|
+
* @description Records that a verified payment was canceled because MCP execution did not complete successfully.
|
|
71
|
+
*/
|
|
72
|
+
async recordCanceled(metadata, decision, reason, errorMessage) {
|
|
73
|
+
if (!decision.required) {
|
|
74
|
+
return;
|
|
75
|
+
}
|
|
76
|
+
await this.append({
|
|
77
|
+
event: 'payment_canceled',
|
|
78
|
+
timestamp: new Date().toISOString(),
|
|
79
|
+
requestHash: metadata.requestHash,
|
|
80
|
+
method: metadata.method,
|
|
81
|
+
path: metadata.path,
|
|
82
|
+
toolNames: decision.toolNames,
|
|
83
|
+
priceUsd: decision.priceUsd,
|
|
84
|
+
paymentHeaderPresent: metadata.paymentHeaderPresent,
|
|
85
|
+
remoteAddress: metadata.remoteAddress,
|
|
86
|
+
userAgent: metadata.userAgent,
|
|
87
|
+
errorReason: reason,
|
|
88
|
+
errorMessage,
|
|
89
|
+
});
|
|
90
|
+
}
|
|
91
|
+
/**
|
|
92
|
+
* @name recordSettlement
|
|
93
|
+
* @description Records successful or failed x402 settlement without storing payment payload bytes.
|
|
94
|
+
*/
|
|
95
|
+
async recordSettlement(metadata, decision, settlement) {
|
|
96
|
+
if (!decision.required) {
|
|
97
|
+
return;
|
|
98
|
+
}
|
|
99
|
+
await this.append({
|
|
100
|
+
event: settlement.success ? 'payment_settled' : 'payment_failed',
|
|
101
|
+
timestamp: new Date().toISOString(),
|
|
102
|
+
requestHash: metadata.requestHash,
|
|
103
|
+
method: metadata.method,
|
|
104
|
+
path: metadata.path,
|
|
105
|
+
toolNames: decision.toolNames,
|
|
106
|
+
priceUsd: decision.priceUsd,
|
|
107
|
+
paymentHeaderPresent: metadata.paymentHeaderPresent,
|
|
108
|
+
remoteAddress: metadata.remoteAddress,
|
|
109
|
+
userAgent: metadata.userAgent,
|
|
110
|
+
transaction: settlement.transaction,
|
|
111
|
+
network: settlement.network,
|
|
112
|
+
amount: settlement.amount,
|
|
113
|
+
payer: settlement.payer,
|
|
114
|
+
errorReason: settlement.errorReason,
|
|
115
|
+
errorMessage: settlement.errorMessage,
|
|
116
|
+
});
|
|
117
|
+
}
|
|
118
|
+
}
|
|
119
|
+
/**
|
|
120
|
+
* @name hashRequestBody
|
|
121
|
+
* @description Computes a deterministic SHA-256 hash for request correlation without persisting raw arguments.
|
|
122
|
+
*/
|
|
123
|
+
export function hashRequestBody(body) {
|
|
124
|
+
return createHash('sha256').update(body).digest('hex');
|
|
125
|
+
}
|
|
126
|
+
//# sourceMappingURL=usage-ledger.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"usage-ledger.js","sourceRoot":"","sources":["../../src/payments/usage-ledger.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AACpC,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAErC,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAkD9C;;;GAGG;AACH,MAAM,OAAO,WAAW;IACL,UAAU,CAAS;IAEpC,YAAmB,UAAU,GAAG,IAAI,CAAC,UAAU,EAAE,EAAE,UAAU,EAAE,oBAAoB,CAAC;QAClF,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,MAAM,CAAC,KAAyB;QAC3C,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC3D,MAAM,UAAU,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC3E,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,cAAc,CAAC,QAAgC,EAAE,QAAyB;QACrF,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACvB,OAAO;QACT,CAAC;QAED,MAAM,IAAI,CAAC,MAAM,CAAC;YAChB,KAAK,EAAE,kBAAkB;YACzB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW,EAAE,QAAQ,CAAC,WAAW;YACjC,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,IAAI,EAAE,QAAQ,CAAC,IAAI;YACnB,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,QAAQ,EAAE,QAAQ,CAAC,QAAQ;YAC3B,oBAAoB,EAAE,QAAQ,CAAC,oBAAoB;YACnD,aAAa,EAAE,QAAQ,CAAC,aAAa;YACrC,SAAS,EAAE,QAAQ,CAAC,SAAS;SAC9B,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,cAAc,CAAC,QAAgC,EAAE,QAAyB;QACrF,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACvB,OAAO;QACT,CAAC;QAED,MAAM,IAAI,CAAC,MAAM,CAAC;YAChB,KAAK,EAAE,kBAAkB;YACzB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW,EAAE,QAAQ,CAAC,WAAW;YACjC,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,IAAI,EAAE,QAAQ,CAAC,IAAI;YACnB,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,QAAQ,EAAE,QAAQ,CAAC,QAAQ;YAC3B,oBAAoB,EAAE,QAAQ,CAAC,oBAAoB;YACnD,aAAa,EAAE,QAAQ,CAAC,aAAa;YACrC,SAAS,EAAE,QAAQ,CAAC,SAAS;SAC9B,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,cAAc,CACzB,QAAgC,EAChC,QAAyB,EACzB,MAAc,EACd,YAAqB;QAErB,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACvB,OAAO;QACT,CAAC;QAED,MAAM,IAAI,CAAC,MAAM,CAAC;YAChB,KAAK,EAAE,kBAAkB;YACzB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW,EAAE,QAAQ,CAAC,WAAW;YACjC,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,IAAI,EAAE,QAAQ,CAAC,IAAI;YACnB,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,QAAQ,EAAE,QAAQ,CAAC,QAAQ;YAC3B,oBAAoB,EAAE,QAAQ,CAAC,oBAAoB;YACnD,aAAa,EAAE,QAAQ,CAAC,aAAa;YACrC,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,WAAW,EAAE,MAAM;YACnB,YAAY;SACb,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,gBAAgB,CAC3B,QAAgC,EAChC,QAAyB,EACzB,UAA0B;QAE1B,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACvB,OAAO;QACT,CAAC;QAED,MAAM,IAAI,CAAC,MAAM,CAAC;YAChB,KAAK,EAAE,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,gBAAgB;YAChE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW,EAAE,QAAQ,CAAC,WAAW;YACjC,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,IAAI,EAAE,QAAQ,CAAC,IAAI;YACnB,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,QAAQ,EAAE,QAAQ,CAAC,QAAQ;YAC3B,oBAAoB,EAAE,QAAQ,CAAC,oBAAoB;YACnD,aAAa,EAAE,QAAQ,CAAC,aAAa;YACrC,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,WAAW,EAAE,UAAU,CAAC,WAAW;YACnC,OAAO,EAAE,UAAU,CAAC,OAAO;YAC3B,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,KAAK,EAAE,UAAU,CAAC,KAAK;YACvB,WAAW,EAAE,UAAU,CAAC,WAAW;YACnC,YAAY,EAAE,UAAU,CAAC,YAAY;SACtC,CAAC,CAAC;IACL,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,IAAY;IAC1C,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACzD,CAAC"}
|
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Bento Policy Engine
|
|
3
|
+
*
|
|
4
|
+
* Cloud-based policy engine using Bento Guard SDK
|
|
5
|
+
* Provides AI intent scoring, escalation, and strike system
|
|
6
|
+
*
|
|
7
|
+
* Optional integration - only used if API key is provided
|
|
8
|
+
*
|
|
9
|
+
* Note: @bentoguard/sdk is an optional dependency.
|
|
10
|
+
* Install with: npm install @bentoguard/sdk
|
|
11
|
+
*/
|
|
12
|
+
import type { PolicyDecision, PolicyContext } from './local-policy-engine.js';
|
|
13
|
+
type BentoModuleLoader = () => Promise<unknown>;
|
|
14
|
+
/**
|
|
15
|
+
* @name setBentoModuleLoaderForTests
|
|
16
|
+
* @description Overrides the Bento SDK loader for deterministic integration tests.
|
|
17
|
+
* @param loader - Test-controlled module loader.
|
|
18
|
+
* @returns Cleanup function that restores the previous loader.
|
|
19
|
+
*/
|
|
20
|
+
export declare function setBentoModuleLoaderForTests(loader: BentoModuleLoader): () => void;
|
|
21
|
+
export interface BentoConfig {
|
|
22
|
+
/** Bento API key from dashboard */
|
|
23
|
+
apiKey: string;
|
|
24
|
+
/** Agent ID registered on Bento dashboard */
|
|
25
|
+
agentId: string;
|
|
26
|
+
/** Bento API endpoint (optional, defaults to production) */
|
|
27
|
+
endpoint?: string;
|
|
28
|
+
}
|
|
29
|
+
export declare class BentoPolicyEngine {
|
|
30
|
+
private client;
|
|
31
|
+
private config;
|
|
32
|
+
private protectFn;
|
|
33
|
+
private initialized;
|
|
34
|
+
constructor(config: BentoConfig);
|
|
35
|
+
/**
|
|
36
|
+
* Initialize Bento SDK lazily (ESM compatible)
|
|
37
|
+
*/
|
|
38
|
+
private initialize;
|
|
39
|
+
/**
|
|
40
|
+
* Validate action using Bento's AI-powered policy engine
|
|
41
|
+
*/
|
|
42
|
+
validateAction(context: PolicyContext): Promise<PolicyDecision>;
|
|
43
|
+
/**
|
|
44
|
+
* Map Bento verdict to our PolicyDecision format
|
|
45
|
+
*/
|
|
46
|
+
private mapVerdictToDecision;
|
|
47
|
+
/**
|
|
48
|
+
* Get agent status from Bento
|
|
49
|
+
*/
|
|
50
|
+
getAgentStatus(): Promise<{
|
|
51
|
+
active: boolean;
|
|
52
|
+
strikeCount: number;
|
|
53
|
+
reputation: number;
|
|
54
|
+
}>;
|
|
55
|
+
/**
|
|
56
|
+
* Check if Bento is available (ping test)
|
|
57
|
+
*/
|
|
58
|
+
isAvailable(): Promise<boolean>;
|
|
59
|
+
}
|
|
60
|
+
/**
|
|
61
|
+
* Error thrown when Bento service is unavailable
|
|
62
|
+
*/
|
|
63
|
+
export declare class BentoUnavailableError extends Error {
|
|
64
|
+
constructor(message: string);
|
|
65
|
+
}
|
|
66
|
+
/**
|
|
67
|
+
* Create Bento config from environment variables
|
|
68
|
+
*/
|
|
69
|
+
export declare function createBentoConfigFromEnv(): BentoConfig | null;
|
|
70
|
+
export {};
|
|
71
|
+
//# sourceMappingURL=bento-policy-engine.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"bento-policy-engine.d.ts","sourceRoot":"","sources":["../../src/policy/bento-policy-engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAqC9E,KAAK,iBAAiB,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC;AAiBhD;;;;;GAKG;AACH,wBAAgB,4BAA4B,CAAC,MAAM,EAAE,iBAAiB,GAAG,MAAM,IAAI,CAMlF;AAED,MAAM,WAAW,WAAW;IAC1B,mCAAmC;IACnC,MAAM,EAAE,MAAM,CAAC;IACf,6CAA6C;IAC7C,OAAO,EAAE,MAAM,CAAC;IAChB,4DAA4D;IAC5D,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,MAAM,CAAoC;IAClD,OAAO,CAAC,MAAM,CAAc;IAC5B,OAAO,CAAC,SAAS,CAAqC;IACtD,OAAO,CAAC,WAAW,CAAkB;gBAEzB,MAAM,EAAE,WAAW;IAK/B;;OAEG;YACW,UAAU;IAuBxB;;OAEG;IACG,cAAc,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC;IAiCrE;;OAEG;IACH,OAAO,CAAC,oBAAoB;IA4D5B;;OAEG;IACG,cAAc,IAAI,OAAO,CAAC;QAC9B,MAAM,EAAE,OAAO,CAAC;QAChB,WAAW,EAAE,MAAM,CAAC;QACpB,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;IAuBF;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC;CAQtC;AAED;;GAEG;AACH,qBAAa,qBAAsB,SAAQ,KAAK;gBAClC,OAAO,EAAE,MAAM;CAI5B;AAED;;GAEG;AACH,wBAAgB,wBAAwB,IAAI,WAAW,GAAG,IAAI,CAc7D"}
|
|
@@ -0,0 +1,218 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Bento Policy Engine
|
|
3
|
+
*
|
|
4
|
+
* Cloud-based policy engine using Bento Guard SDK
|
|
5
|
+
* Provides AI intent scoring, escalation, and strike system
|
|
6
|
+
*
|
|
7
|
+
* Optional integration - only used if API key is provided
|
|
8
|
+
*
|
|
9
|
+
* Note: @bentoguard/sdk is an optional dependency.
|
|
10
|
+
* Install with: npm install @bentoguard/sdk
|
|
11
|
+
*/
|
|
12
|
+
let bentoModuleLoader = () => import('@bentoguard/sdk');
|
|
13
|
+
/**
|
|
14
|
+
* @name isBentoModule
|
|
15
|
+
* @description Validates the optional Bento SDK module shape after dynamic import.
|
|
16
|
+
* @param value - Imported module namespace.
|
|
17
|
+
* @returns True when the module exposes BentoClient and protect.
|
|
18
|
+
*/
|
|
19
|
+
function isBentoModule(value) {
|
|
20
|
+
return Boolean(value)
|
|
21
|
+
&& typeof value === 'object'
|
|
22
|
+
&& typeof value.BentoClient === 'function'
|
|
23
|
+
&& typeof value.protect === 'function';
|
|
24
|
+
}
|
|
25
|
+
/**
|
|
26
|
+
* @name setBentoModuleLoaderForTests
|
|
27
|
+
* @description Overrides the Bento SDK loader for deterministic integration tests.
|
|
28
|
+
* @param loader - Test-controlled module loader.
|
|
29
|
+
* @returns Cleanup function that restores the previous loader.
|
|
30
|
+
*/
|
|
31
|
+
export function setBentoModuleLoaderForTests(loader) {
|
|
32
|
+
const previousLoader = bentoModuleLoader;
|
|
33
|
+
bentoModuleLoader = loader;
|
|
34
|
+
return () => {
|
|
35
|
+
bentoModuleLoader = previousLoader;
|
|
36
|
+
};
|
|
37
|
+
}
|
|
38
|
+
export class BentoPolicyEngine {
|
|
39
|
+
client = null;
|
|
40
|
+
config;
|
|
41
|
+
protectFn = null;
|
|
42
|
+
initialized = false;
|
|
43
|
+
constructor(config) {
|
|
44
|
+
this.config = config;
|
|
45
|
+
// Don't await in constructor - use lazy initialization
|
|
46
|
+
}
|
|
47
|
+
/**
|
|
48
|
+
* Initialize Bento SDK lazily (ESM compatible)
|
|
49
|
+
*/
|
|
50
|
+
async initialize() {
|
|
51
|
+
if (this.initialized)
|
|
52
|
+
return;
|
|
53
|
+
try {
|
|
54
|
+
// Use dynamic import() for ESM compatibility while keeping the SDK optional.
|
|
55
|
+
const bentoModule = await bentoModuleLoader();
|
|
56
|
+
if (!isBentoModule(bentoModule)) {
|
|
57
|
+
throw new Error('Bento SDK does not expose BentoClient and protect');
|
|
58
|
+
}
|
|
59
|
+
this.client = new bentoModule.BentoClient({
|
|
60
|
+
apiKey: this.config.apiKey,
|
|
61
|
+
agentId: this.config.agentId,
|
|
62
|
+
});
|
|
63
|
+
this.protectFn = bentoModule.protect;
|
|
64
|
+
this.initialized = true;
|
|
65
|
+
}
|
|
66
|
+
catch (_error) {
|
|
67
|
+
throw new Error('Bento Guard SDK not installed. Install with: npm install @bentoguard/sdk');
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
/**
|
|
71
|
+
* Validate action using Bento's AI-powered policy engine
|
|
72
|
+
*/
|
|
73
|
+
async validateAction(context) {
|
|
74
|
+
try {
|
|
75
|
+
// Lazy initialization
|
|
76
|
+
await this.initialize();
|
|
77
|
+
if (!this.client || !this.protectFn) {
|
|
78
|
+
throw new Error('Bento SDK not initialized');
|
|
79
|
+
}
|
|
80
|
+
const result = await this.protectFn(this.client, {
|
|
81
|
+
action: `sap:${context.toolName}`,
|
|
82
|
+
context: {
|
|
83
|
+
args: context.args,
|
|
84
|
+
amount: context.amount,
|
|
85
|
+
programId: context.programId,
|
|
86
|
+
destination: context.destination,
|
|
87
|
+
user: context.user,
|
|
88
|
+
},
|
|
89
|
+
metadata: {
|
|
90
|
+
timestamp: context.timestamp ?? Date.now(),
|
|
91
|
+
agentId: this.config.agentId,
|
|
92
|
+
},
|
|
93
|
+
});
|
|
94
|
+
return this.mapVerdictToDecision(result);
|
|
95
|
+
}
|
|
96
|
+
catch (error) {
|
|
97
|
+
// Bento service unavailable - return decision to fallback
|
|
98
|
+
throw new BentoUnavailableError(`Bento Guard unavailable: ${error instanceof Error ? error.message : String(error)}`);
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
/**
|
|
102
|
+
* Map Bento verdict to our PolicyDecision format
|
|
103
|
+
*/
|
|
104
|
+
mapVerdictToDecision(result) {
|
|
105
|
+
const verdict = result.verdict; // 'ALLOW' | 'BLOCKED' | 'ESCALATED'
|
|
106
|
+
switch (verdict) {
|
|
107
|
+
case 'ALLOW':
|
|
108
|
+
return {
|
|
109
|
+
allowed: true,
|
|
110
|
+
reason: result.reasoning || 'Bento policy check passed',
|
|
111
|
+
rule: 'bento-allow',
|
|
112
|
+
metadata: {
|
|
113
|
+
provider: 'bento',
|
|
114
|
+
verdict,
|
|
115
|
+
strikeCount: result.strikeCount,
|
|
116
|
+
intentScore: result.intentScore,
|
|
117
|
+
},
|
|
118
|
+
};
|
|
119
|
+
case 'BLOCKED':
|
|
120
|
+
return {
|
|
121
|
+
allowed: false,
|
|
122
|
+
blocked: true,
|
|
123
|
+
reason: result.reasoning || 'Blocked by Bento policy',
|
|
124
|
+
rule: 'bento-block',
|
|
125
|
+
metadata: {
|
|
126
|
+
provider: 'bento',
|
|
127
|
+
verdict,
|
|
128
|
+
strikeCount: result.strikeCount,
|
|
129
|
+
intentScore: result.intentScore,
|
|
130
|
+
},
|
|
131
|
+
};
|
|
132
|
+
case 'ESCALATED':
|
|
133
|
+
return {
|
|
134
|
+
allowed: false,
|
|
135
|
+
escalated: true,
|
|
136
|
+
reason: result.reasoning || 'Requires human approval',
|
|
137
|
+
rule: 'bento-escalate',
|
|
138
|
+
metadata: {
|
|
139
|
+
provider: 'bento',
|
|
140
|
+
verdict,
|
|
141
|
+
strikeCount: result.strikeCount,
|
|
142
|
+
intentScore: result.intentScore,
|
|
143
|
+
escalationType: 'human-review',
|
|
144
|
+
},
|
|
145
|
+
};
|
|
146
|
+
default:
|
|
147
|
+
return {
|
|
148
|
+
allowed: false,
|
|
149
|
+
blocked: true,
|
|
150
|
+
reason: `Unknown Bento verdict: ${verdict}`,
|
|
151
|
+
rule: 'bento-unknown-verdict',
|
|
152
|
+
metadata: {
|
|
153
|
+
provider: 'bento',
|
|
154
|
+
verdict,
|
|
155
|
+
},
|
|
156
|
+
};
|
|
157
|
+
}
|
|
158
|
+
}
|
|
159
|
+
/**
|
|
160
|
+
* Get agent status from Bento
|
|
161
|
+
*/
|
|
162
|
+
async getAgentStatus() {
|
|
163
|
+
try {
|
|
164
|
+
await this.initialize();
|
|
165
|
+
if (!this.client) {
|
|
166
|
+
throw new Error('Bento SDK not initialized');
|
|
167
|
+
}
|
|
168
|
+
if (typeof this.client.getAgentStatus === 'function') {
|
|
169
|
+
return this.client.getAgentStatus();
|
|
170
|
+
}
|
|
171
|
+
if (typeof this.client.status === 'function') {
|
|
172
|
+
return this.client.status();
|
|
173
|
+
}
|
|
174
|
+
throw new Error('Installed Bento SDK does not expose an agent status API');
|
|
175
|
+
}
|
|
176
|
+
catch (error) {
|
|
177
|
+
throw new BentoUnavailableError(`Cannot fetch agent status: ${error instanceof Error ? error.message : String(error)}`);
|
|
178
|
+
}
|
|
179
|
+
}
|
|
180
|
+
/**
|
|
181
|
+
* Check if Bento is available (ping test)
|
|
182
|
+
*/
|
|
183
|
+
async isAvailable() {
|
|
184
|
+
try {
|
|
185
|
+
await this.getAgentStatus();
|
|
186
|
+
return true;
|
|
187
|
+
}
|
|
188
|
+
catch {
|
|
189
|
+
return false;
|
|
190
|
+
}
|
|
191
|
+
}
|
|
192
|
+
}
|
|
193
|
+
/**
|
|
194
|
+
* Error thrown when Bento service is unavailable
|
|
195
|
+
*/
|
|
196
|
+
export class BentoUnavailableError extends Error {
|
|
197
|
+
constructor(message) {
|
|
198
|
+
super(message);
|
|
199
|
+
this.name = 'BentoUnavailableError';
|
|
200
|
+
}
|
|
201
|
+
}
|
|
202
|
+
/**
|
|
203
|
+
* Create Bento config from environment variables
|
|
204
|
+
*/
|
|
205
|
+
export function createBentoConfigFromEnv() {
|
|
206
|
+
const apiKey = process.env.SAP_MCP_BENTO_API_KEY;
|
|
207
|
+
const agentId = process.env.SAP_MCP_BENTO_AGENT_ID || 'sap-mcp-server';
|
|
208
|
+
const endpoint = process.env.SAP_MCP_BENTO_ENDPOINT;
|
|
209
|
+
if (!apiKey) {
|
|
210
|
+
return null; // Bento not configured
|
|
211
|
+
}
|
|
212
|
+
return {
|
|
213
|
+
apiKey,
|
|
214
|
+
agentId,
|
|
215
|
+
endpoint,
|
|
216
|
+
};
|
|
217
|
+
}
|
|
218
|
+
//# sourceMappingURL=bento-policy-engine.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"bento-policy-engine.js","sourceRoot":"","sources":["../../src/policy/bento-policy-engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAyCH,IAAI,iBAAiB,GAAsB,GAAG,EAAE,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;AAE3E;;;;;GAKG;AACH,SAAS,aAAa,CAAC,KAAc;IACnC,OAAO,OAAO,CAAC,KAAK,CAAC;WAChB,OAAO,KAAK,KAAK,QAAQ;WACzB,OAAQ,KAA8B,CAAC,WAAW,KAAK,UAAU;WACjE,OAAQ,KAA8B,CAAC,OAAO,KAAK,UAAU,CAAC;AACrE,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,4BAA4B,CAAC,MAAyB;IACpE,MAAM,cAAc,GAAG,iBAAiB,CAAC;IACzC,iBAAiB,GAAG,MAAM,CAAC;IAC3B,OAAO,GAAG,EAAE;QACV,iBAAiB,GAAG,cAAc,CAAC;IACrC,CAAC,CAAC;AACJ,CAAC;AAWD,MAAM,OAAO,iBAAiB;IACpB,MAAM,GAA+B,IAAI,CAAC;IAC1C,MAAM,CAAc;IACpB,SAAS,GAAgC,IAAI,CAAC;IAC9C,WAAW,GAAY,KAAK,CAAC;IAErC,YAAY,MAAmB;QAC7B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,uDAAuD;IACzD,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,UAAU;QACtB,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAE7B,IAAI,CAAC;YACH,6EAA6E;YAC7E,MAAM,WAAW,GAAY,MAAM,iBAAiB,EAAE,CAAC;YACvD,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,EAAE,CAAC;gBAChC,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;YACvE,CAAC;YAED,IAAI,CAAC,MAAM,GAAG,IAAI,WAAW,CAAC,WAAW,CAAC;gBACxC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;gBAC1B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;aAC7B,CAAC,CAAC;YACH,IAAI,CAAC,SAAS,GAAG,WAAW,CAAC,OAAO,CAAC;YACrC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QAC1B,CAAC;QAAC,OAAO,MAAM,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CACb,0EAA0E,CAC3E,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,OAAsB;QACzC,IAAI,CAAC;YACH,sBAAsB;YACtB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;YAExB,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;gBACpC,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;YAC/C,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE;gBAC/C,MAAM,EAAE,OAAO,OAAO,CAAC,QAAQ,EAAE;gBACjC,OAAO,EAAE;oBACP,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,IAAI,EAAE,OAAO,CAAC,IAAI;iBACnB;gBACD,QAAQ,EAAE;oBACR,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE;oBAC1C,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;iBAC7B;aACF,CAAC,CAAC;YAEH,OAAO,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC;QAC3C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,0DAA0D;YAC1D,MAAM,IAAI,qBAAqB,CAC7B,4BAA4B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACrF,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACK,oBAAoB,CAAC,MAA2B;QACtD,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,oCAAoC;QAEpE,QAAQ,OAAO,EAAE,CAAC;YAChB,KAAK,OAAO;gBACV,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,MAAM,EAAE,MAAM,CAAC,SAAS,IAAI,2BAA2B;oBACvD,IAAI,EAAE,aAAa;oBACnB,QAAQ,EAAE;wBACR,QAAQ,EAAE,OAAO;wBACjB,OAAO;wBACP,WAAW,EAAE,MAAM,CAAC,WAAW;wBAC/B,WAAW,EAAE,MAAM,CAAC,WAAW;qBAChC;iBACF,CAAC;YAEJ,KAAK,SAAS;gBACZ,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE,IAAI;oBACb,MAAM,EAAE,MAAM,CAAC,SAAS,IAAI,yBAAyB;oBACrD,IAAI,EAAE,aAAa;oBACnB,QAAQ,EAAE;wBACR,QAAQ,EAAE,OAAO;wBACjB,OAAO;wBACP,WAAW,EAAE,MAAM,CAAC,WAAW;wBAC/B,WAAW,EAAE,MAAM,CAAC,WAAW;qBAChC;iBACF,CAAC;YAEJ,KAAK,WAAW;gBACd,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,SAAS,EAAE,IAAI;oBACf,MAAM,EAAE,MAAM,CAAC,SAAS,IAAI,yBAAyB;oBACrD,IAAI,EAAE,gBAAgB;oBACtB,QAAQ,EAAE;wBACR,QAAQ,EAAE,OAAO;wBACjB,OAAO;wBACP,WAAW,EAAE,MAAM,CAAC,WAAW;wBAC/B,WAAW,EAAE,MAAM,CAAC,WAAW;wBAC/B,cAAc,EAAE,cAAc;qBAC/B;iBACF,CAAC;YAEJ;gBACE,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE,IAAI;oBACb,MAAM,EAAE,0BAA0B,OAAO,EAAE;oBAC3C,IAAI,EAAE,uBAAuB;oBAC7B,QAAQ,EAAE;wBACR,QAAQ,EAAE,OAAO;wBACjB,OAAO;qBACR;iBACF,CAAC;QACN,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc;QAKlB,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;YACxB,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACjB,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;YAC/C,CAAC;YAED,IAAI,OAAO,IAAI,CAAC,MAAM,CAAC,cAAc,KAAK,UAAU,EAAE,CAAC;gBACrD,OAAO,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;YACtC,CAAC;YAED,IAAI,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;gBAC7C,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YAC9B,CAAC;YAED,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;QAC7E,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,qBAAqB,CAC7B,8BAA8B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACvF,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW;QACf,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,qBAAsB,SAAQ,KAAK;IAC9C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,wBAAwB;IACtC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;IACjD,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,IAAI,gBAAgB,CAAC;IACvE,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC;IAEpD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,IAAI,CAAC,CAAC,uBAAuB;IACtC,CAAC;IAED,OAAO;QACL,MAAM;QACN,OAAO;QACP,QAAQ;KACT,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Default policies for SAP MCP Server
|
|
3
|
+
*/
|
|
4
|
+
import type { Policy } from './policy-types.js';
|
|
5
|
+
/**
|
|
6
|
+
* Shared default policies definition used by the SAP MCP runtime.
|
|
7
|
+
*/
|
|
8
|
+
export declare const defaultPolicies: Policy[];
|
|
9
|
+
//# sourceMappingURL=default-policies.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"default-policies.d.ts","sourceRoot":"","sources":["../../src/policy/default-policies.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAEhD;;GAEG;AACH,eAAO,MAAM,eAAe,EAAE,MAAM,EA6DnC,CAAC"}
|
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Default policies for SAP MCP Server
|
|
3
|
+
*/
|
|
4
|
+
/**
|
|
5
|
+
* Shared default policies definition used by the SAP MCP runtime.
|
|
6
|
+
*/
|
|
7
|
+
export const defaultPolicies = [
|
|
8
|
+
{
|
|
9
|
+
id: 'readonly-default',
|
|
10
|
+
name: 'Read-Only Default',
|
|
11
|
+
description: 'Default policy for readonly mode - allows all read operations',
|
|
12
|
+
rules: [
|
|
13
|
+
{
|
|
14
|
+
id: 'allow-read',
|
|
15
|
+
condition: 'permission.endsWith(":read")',
|
|
16
|
+
action: 'allow',
|
|
17
|
+
},
|
|
18
|
+
{
|
|
19
|
+
id: 'deny-write',
|
|
20
|
+
condition: 'permission.endsWith(":write")',
|
|
21
|
+
action: 'deny',
|
|
22
|
+
},
|
|
23
|
+
{
|
|
24
|
+
id: 'deny-transaction',
|
|
25
|
+
condition: 'permission === "transaction:submit"',
|
|
26
|
+
action: 'deny',
|
|
27
|
+
},
|
|
28
|
+
],
|
|
29
|
+
enabled: true,
|
|
30
|
+
},
|
|
31
|
+
{
|
|
32
|
+
id: 'dev-default',
|
|
33
|
+
name: 'Development Default',
|
|
34
|
+
description: 'Default policy for local-dev-keypair mode - allows all operations with limits',
|
|
35
|
+
rules: [
|
|
36
|
+
{
|
|
37
|
+
id: 'allow-all',
|
|
38
|
+
condition: 'true',
|
|
39
|
+
action: 'allow',
|
|
40
|
+
maxAmountSol: 1.0,
|
|
41
|
+
},
|
|
42
|
+
{
|
|
43
|
+
id: 'require-approval-large',
|
|
44
|
+
condition: 'amountSol > 1.0',
|
|
45
|
+
action: 'require_approval',
|
|
46
|
+
},
|
|
47
|
+
],
|
|
48
|
+
enabled: true,
|
|
49
|
+
},
|
|
50
|
+
{
|
|
51
|
+
id: 'hosted-default',
|
|
52
|
+
name: 'Hosted API Default',
|
|
53
|
+
description: 'Default policy for hosted-api mode - restricted operations',
|
|
54
|
+
rules: [
|
|
55
|
+
{
|
|
56
|
+
id: 'allow-discovery',
|
|
57
|
+
condition: 'toolName.startsWith("sap_get_") || toolName.startsWith("sap_list_")',
|
|
58
|
+
action: 'allow',
|
|
59
|
+
},
|
|
60
|
+
{
|
|
61
|
+
id: 'deny-write',
|
|
62
|
+
condition: 'true',
|
|
63
|
+
action: 'deny',
|
|
64
|
+
},
|
|
65
|
+
],
|
|
66
|
+
enabled: true,
|
|
67
|
+
},
|
|
68
|
+
];
|
|
69
|
+
//# sourceMappingURL=default-policies.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"default-policies.js","sourceRoot":"","sources":["../../src/policy/default-policies.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH;;GAEG;AACH,MAAM,CAAC,MAAM,eAAe,GAAa;IACvC;QACE,EAAE,EAAE,kBAAkB;QACtB,IAAI,EAAE,mBAAmB;QACzB,WAAW,EAAE,+DAA+D;QAC5E,KAAK,EAAE;YACL;gBACE,EAAE,EAAE,YAAY;gBAChB,SAAS,EAAE,8BAA8B;gBACzC,MAAM,EAAE,OAAO;aAChB;YACD;gBACE,EAAE,EAAE,YAAY;gBAChB,SAAS,EAAE,+BAA+B;gBAC1C,MAAM,EAAE,MAAM;aACf;YACD;gBACE,EAAE,EAAE,kBAAkB;gBACtB,SAAS,EAAE,qCAAqC;gBAChD,MAAM,EAAE,MAAM;aACf;SACF;QACD,OAAO,EAAE,IAAI;KACd;IACD;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,qBAAqB;QAC3B,WAAW,EAAE,+EAA+E;QAC5F,KAAK,EAAE;YACL;gBACE,EAAE,EAAE,WAAW;gBACf,SAAS,EAAE,MAAM;gBACjB,MAAM,EAAE,OAAO;gBACf,YAAY,EAAE,GAAG;aAClB;YACD;gBACE,EAAE,EAAE,wBAAwB;gBAC5B,SAAS,EAAE,iBAAiB;gBAC5B,MAAM,EAAE,kBAAkB;aAC3B;SACF;QACD,OAAO,EAAE,IAAI;KACd;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,4DAA4D;QACzE,KAAK,EAAE;YACL;gBACE,EAAE,EAAE,iBAAiB;gBACrB,SAAS,EAAE,qEAAqE;gBAChF,MAAM,EAAE,OAAO;aAChB;YACD;gBACE,EAAE,EAAE,YAAY;gBAChB,SAAS,EAAE,MAAM;gBACjB,MAAM,EAAE,MAAM;aACf;SACF;QACD,OAAO,EAAE,IAAI;KACd;CACF,CAAC"}
|
|
@@ -0,0 +1,95 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @name HybridPolicyEngine
|
|
3
|
+
* @description Combines deterministic local guardrails with optional Bento Guard intent scoring.
|
|
4
|
+
*
|
|
5
|
+
* Flow:
|
|
6
|
+
* 1. Local deterministic guardrails always run in hybrid mode.
|
|
7
|
+
* 2. Bento runs only after local checks pass.
|
|
8
|
+
* 3. Bento outages follow the configured fail-open or fail-closed policy.
|
|
9
|
+
* 4. Local-only mode never depends on external services.
|
|
10
|
+
*/
|
|
11
|
+
import { PolicyConfig, PolicyDecision, PolicyContext } from './local-policy-engine.js';
|
|
12
|
+
import { BentoConfig } from './bento-policy-engine.js';
|
|
13
|
+
/**
|
|
14
|
+
* @name HybridPolicyConfig
|
|
15
|
+
* @description Runtime configuration for local, Bento-only, and hybrid policy enforcement.
|
|
16
|
+
*/
|
|
17
|
+
export interface HybridPolicyConfig {
|
|
18
|
+
/** Local policy configuration. */
|
|
19
|
+
local: PolicyConfig;
|
|
20
|
+
/** Optional Bento Guard configuration. */
|
|
21
|
+
bento?: BentoConfig | null;
|
|
22
|
+
/** Policy engine mode. */
|
|
23
|
+
mode: 'local-only' | 'bento-only' | 'hybrid';
|
|
24
|
+
/** Whether policy decisions should be written to the structured logger. */
|
|
25
|
+
logging?: boolean;
|
|
26
|
+
/** Whether Bento outages should allow locally approved requests. */
|
|
27
|
+
failOpen?: boolean;
|
|
28
|
+
}
|
|
29
|
+
/**
|
|
30
|
+
* @name HybridPolicyEngine
|
|
31
|
+
* @description Runtime service that validates tool calls through local and optional Bento policies.
|
|
32
|
+
*/
|
|
33
|
+
export declare class HybridPolicyEngine {
|
|
34
|
+
private localEngine;
|
|
35
|
+
private bentoEngine;
|
|
36
|
+
private config;
|
|
37
|
+
private bentoAvailable;
|
|
38
|
+
constructor(config: HybridPolicyConfig);
|
|
39
|
+
/**
|
|
40
|
+
* @name checkBentoAvailability
|
|
41
|
+
* @description Checks Bento Guard availability in the background without blocking server startup.
|
|
42
|
+
*/
|
|
43
|
+
private checkBentoAvailability;
|
|
44
|
+
/**
|
|
45
|
+
* @name validateToolCall
|
|
46
|
+
* @description Validates a tool call using the configured policy mode.
|
|
47
|
+
*/
|
|
48
|
+
validateToolCall(context: PolicyContext): Promise<PolicyDecision>;
|
|
49
|
+
/**
|
|
50
|
+
* @name validateWithBento
|
|
51
|
+
* @description Validates a tool call exclusively through Bento Guard.
|
|
52
|
+
*/
|
|
53
|
+
private validateWithBento;
|
|
54
|
+
/**
|
|
55
|
+
* @name validateWithLocal
|
|
56
|
+
* @description Validates a tool call exclusively through local deterministic policies.
|
|
57
|
+
*/
|
|
58
|
+
private validateWithLocal;
|
|
59
|
+
/**
|
|
60
|
+
* @name validateHybrid
|
|
61
|
+
* @description Runs local guardrails first and then Bento Guard when configured.
|
|
62
|
+
*/
|
|
63
|
+
private validateHybrid;
|
|
64
|
+
/**
|
|
65
|
+
* @name getEngineUsed
|
|
66
|
+
* @description Returns the policy engine that is expected to have produced the most recent decision.
|
|
67
|
+
*/
|
|
68
|
+
private getEngineUsed;
|
|
69
|
+
/**
|
|
70
|
+
* @name logDecision
|
|
71
|
+
* @description Writes a redacted policy decision to the structured logger.
|
|
72
|
+
*/
|
|
73
|
+
private logDecision;
|
|
74
|
+
/**
|
|
75
|
+
* @name getStatus
|
|
76
|
+
* @description Returns current hybrid policy health without exposing secrets.
|
|
77
|
+
*/
|
|
78
|
+
getStatus(): {
|
|
79
|
+
mode: string;
|
|
80
|
+
bentoConfigured: boolean;
|
|
81
|
+
bentoAvailable: boolean;
|
|
82
|
+
localEngineActive: boolean;
|
|
83
|
+
};
|
|
84
|
+
/**
|
|
85
|
+
* @name refreshBentoStatus
|
|
86
|
+
* @description Forces a Bento Guard availability refresh.
|
|
87
|
+
*/
|
|
88
|
+
refreshBentoStatus(): Promise<boolean>;
|
|
89
|
+
}
|
|
90
|
+
/**
|
|
91
|
+
* @name createHybridPolicyConfigFromEnv
|
|
92
|
+
* @description Creates hybrid policy configuration from SAP MCP environment variables.
|
|
93
|
+
*/
|
|
94
|
+
export declare function createHybridPolicyConfigFromEnv(): Promise<HybridPolicyConfig>;
|
|
95
|
+
//# sourceMappingURL=hybrid-policy-engine.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"hybrid-policy-engine.d.ts","sourceRoot":"","sources":["../../src/policy/hybrid-policy-engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAqB,YAAY,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAC1G,OAAO,EAAqB,WAAW,EAAyB,MAAM,0BAA0B,CAAC;AAGjG;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC,kCAAkC;IAClC,KAAK,EAAE,YAAY,CAAC;IACpB,0CAA0C;IAC1C,KAAK,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IAC3B,0BAA0B;IAC1B,IAAI,EAAE,YAAY,GAAG,YAAY,GAAG,QAAQ,CAAC;IAC7C,2EAA2E;IAC3E,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,oEAAoE;IACpE,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED;;;GAGG;AACH,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,WAAW,CAAoB;IACvC,OAAO,CAAC,WAAW,CAAkC;IACrD,OAAO,CAAC,MAAM,CAAqB;IACnC,OAAO,CAAC,cAAc,CAAkB;gBAErB,MAAM,EAAE,kBAAkB;IAoB7C;;;OAGG;YACW,sBAAsB;IAmBpC;;;OAGG;IACU,gBAAgB,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC;IAmE9E;;;OAGG;YACW,iBAAiB;IAQ/B;;;OAGG;YACW,iBAAiB;IAI/B;;;OAGG;YACW,cAAc;IAiE5B;;;OAGG;IACH,OAAO,CAAC,aAAa;IAcrB;;;OAGG;IACH,OAAO,CAAC,WAAW;IAwBnB;;;OAGG;IACI,SAAS,IAAI;QAClB,IAAI,EAAE,MAAM,CAAC;QACb,eAAe,EAAE,OAAO,CAAC;QACzB,cAAc,EAAE,OAAO,CAAC;QACxB,iBAAiB,EAAE,OAAO,CAAC;KAC5B;IASD;;;OAGG;IACU,kBAAkB,IAAI,OAAO,CAAC,OAAO,CAAC;CAIpD;AAED;;;GAGG;AACH,wBAAsB,+BAA+B,IAAI,OAAO,CAAC,kBAAkB,CAAC,CAwBnF"}
|