@oobe-protocol-labs/sap-mcp-server 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.env.example +159 -0
- package/CHANGELOG.md +55 -0
- package/LICENSE +21 -0
- package/README.md +223 -0
- package/config.example.json +64 -0
- package/config.schema.json +370 -0
- package/config.secure-example.json +100 -0
- package/dist/adapters/index.d.ts +6 -0
- package/dist/adapters/index.d.ts.map +1 -0
- package/dist/adapters/index.js +6 -0
- package/dist/adapters/index.js.map +1 -0
- package/dist/adapters/mcp/errors.d.ts +7 -0
- package/dist/adapters/mcp/errors.d.ts.map +1 -0
- package/dist/adapters/mcp/errors.js +10 -0
- package/dist/adapters/mcp/errors.js.map +1 -0
- package/dist/adapters/mcp/index.d.ts +8 -0
- package/dist/adapters/mcp/index.d.ts.map +1 -0
- package/dist/adapters/mcp/index.js +8 -0
- package/dist/adapters/mcp/index.js.map +1 -0
- package/dist/adapters/mcp/prompt-response.d.ts +13 -0
- package/dist/adapters/mcp/prompt-response.d.ts.map +1 -0
- package/dist/adapters/mcp/prompt-response.js +7 -0
- package/dist/adapters/mcp/prompt-response.js.map +1 -0
- package/dist/adapters/mcp/resource-response.d.ts +8 -0
- package/dist/adapters/mcp/resource-response.d.ts.map +1 -0
- package/dist/adapters/mcp/resource-response.js +7 -0
- package/dist/adapters/mcp/resource-response.js.map +1 -0
- package/dist/adapters/mcp/sdk-compat.d.ts +191 -0
- package/dist/adapters/mcp/sdk-compat.d.ts.map +1 -0
- package/dist/adapters/mcp/sdk-compat.js +606 -0
- package/dist/adapters/mcp/sdk-compat.js.map +1 -0
- package/dist/adapters/mcp/tool-response.d.ts +32 -0
- package/dist/adapters/mcp/tool-response.d.ts.map +1 -0
- package/dist/adapters/mcp/tool-response.js +27 -0
- package/dist/adapters/mcp/tool-response.js.map +1 -0
- package/dist/adapters/solana/commitment.d.ts +9 -0
- package/dist/adapters/solana/commitment.d.ts.map +1 -0
- package/dist/adapters/solana/commitment.js +14 -0
- package/dist/adapters/solana/commitment.js.map +1 -0
- package/dist/adapters/solana/connection.d.ts +10 -0
- package/dist/adapters/solana/connection.d.ts.map +1 -0
- package/dist/adapters/solana/connection.js +13 -0
- package/dist/adapters/solana/connection.js.map +1 -0
- package/dist/adapters/solana/index.d.ts +7 -0
- package/dist/adapters/solana/index.d.ts.map +1 -0
- package/dist/adapters/solana/index.js +7 -0
- package/dist/adapters/solana/index.js.map +1 -0
- package/dist/adapters/solana/public-key.d.ts +9 -0
- package/dist/adapters/solana/public-key.d.ts.map +1 -0
- package/dist/adapters/solana/public-key.js +11 -0
- package/dist/adapters/solana/public-key.js.map +1 -0
- package/dist/cli.d.ts +29 -0
- package/dist/cli.d.ts.map +1 -0
- package/dist/cli.js +269 -0
- package/dist/cli.js.map +1 -0
- package/dist/config/defaults.d.ts +28 -0
- package/dist/config/defaults.d.ts.map +1 -0
- package/dist/config/defaults.js +28 -0
- package/dist/config/defaults.js.map +1 -0
- package/dist/config/env.d.ts +297 -0
- package/dist/config/env.d.ts.map +1 -0
- package/dist/config/env.js +563 -0
- package/dist/config/env.js.map +1 -0
- package/dist/config/index.d.ts +7 -0
- package/dist/config/index.d.ts.map +1 -0
- package/dist/config/index.js +7 -0
- package/dist/config/index.js.map +1 -0
- package/dist/config/mcp-client-injection.d.ts +113 -0
- package/dist/config/mcp-client-injection.d.ts.map +1 -0
- package/dist/config/mcp-client-injection.js +453 -0
- package/dist/config/mcp-client-injection.js.map +1 -0
- package/dist/config/paths.d.ts +37 -0
- package/dist/config/paths.d.ts.map +1 -0
- package/dist/config/paths.js +93 -0
- package/dist/config/paths.js.map +1 -0
- package/dist/config/profiles.d.ts +85 -0
- package/dist/config/profiles.d.ts.map +1 -0
- package/dist/config/profiles.js +346 -0
- package/dist/config/profiles.js.map +1 -0
- package/dist/config/schema.d.ts +9 -0
- package/dist/config/schema.d.ts.map +1 -0
- package/dist/config/schema.js +8 -0
- package/dist/config/schema.js.map +1 -0
- package/dist/config/secure-config.d.ts +607 -0
- package/dist/config/secure-config.d.ts.map +1 -0
- package/dist/config/secure-config.js +526 -0
- package/dist/config/secure-config.js.map +1 -0
- package/dist/config/setup.d.ts +42 -0
- package/dist/config/setup.d.ts.map +1 -0
- package/dist/config/setup.js +173 -0
- package/dist/config/setup.js.map +1 -0
- package/dist/config/wizard.d.ts +15 -0
- package/dist/config/wizard.d.ts.map +1 -0
- package/dist/config/wizard.js +1176 -0
- package/dist/config/wizard.js.map +1 -0
- package/dist/config-cli.d.ts +21 -0
- package/dist/config-cli.d.ts.map +1 -0
- package/dist/config-cli.js +679 -0
- package/dist/config-cli.js.map +1 -0
- package/dist/core/constants.d.ts +78 -0
- package/dist/core/constants.d.ts.map +1 -0
- package/dist/core/constants.js +78 -0
- package/dist/core/constants.js.map +1 -0
- package/dist/core/errors.d.ts +188 -0
- package/dist/core/errors.d.ts.map +1 -0
- package/dist/core/errors.js +337 -0
- package/dist/core/errors.js.map +1 -0
- package/dist/core/guards.d.ts +41 -0
- package/dist/core/guards.d.ts.map +1 -0
- package/dist/core/guards.js +93 -0
- package/dist/core/guards.js.map +1 -0
- package/dist/core/index.d.ts +11 -0
- package/dist/core/index.d.ts.map +1 -0
- package/dist/core/index.js +10 -0
- package/dist/core/index.js.map +1 -0
- package/dist/core/logger.d.ts +64 -0
- package/dist/core/logger.d.ts.map +1 -0
- package/dist/core/logger.js +159 -0
- package/dist/core/logger.js.map +1 -0
- package/dist/core/result.d.ts +49 -0
- package/dist/core/result.d.ts.map +1 -0
- package/dist/core/result.js +61 -0
- package/dist/core/result.js.map +1 -0
- package/dist/core/types.d.ts +147 -0
- package/dist/core/types.d.ts.map +1 -0
- package/dist/core/types.js +8 -0
- package/dist/core/types.js.map +1 -0
- package/dist/index.d.ts +18 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +15 -0
- package/dist/index.js.map +1 -0
- package/dist/payments/http-adapter.d.ts +76 -0
- package/dist/payments/http-adapter.d.ts.map +1 -0
- package/dist/payments/http-adapter.js +126 -0
- package/dist/payments/http-adapter.js.map +1 -0
- package/dist/payments/index.d.ts +12 -0
- package/dist/payments/index.d.ts.map +1 -0
- package/dist/payments/index.js +9 -0
- package/dist/payments/index.js.map +1 -0
- package/dist/payments/json-rpc.d.ts +49 -0
- package/dist/payments/json-rpc.d.ts.map +1 -0
- package/dist/payments/json-rpc.js +53 -0
- package/dist/payments/json-rpc.js.map +1 -0
- package/dist/payments/monetization-gate.d.ts +49 -0
- package/dist/payments/monetization-gate.d.ts.map +1 -0
- package/dist/payments/monetization-gate.js +398 -0
- package/dist/payments/monetization-gate.js.map +1 -0
- package/dist/payments/oobe-facilitator-server.d.ts +71 -0
- package/dist/payments/oobe-facilitator-server.d.ts.map +1 -0
- package/dist/payments/oobe-facilitator-server.js +409 -0
- package/dist/payments/oobe-facilitator-server.js.map +1 -0
- package/dist/payments/pay-sh-spec.d.ts +44 -0
- package/dist/payments/pay-sh-spec.d.ts.map +1 -0
- package/dist/payments/pay-sh-spec.js +218 -0
- package/dist/payments/pay-sh-spec.js.map +1 -0
- package/dist/payments/pricing.d.ts +60 -0
- package/dist/payments/pricing.d.ts.map +1 -0
- package/dist/payments/pricing.js +272 -0
- package/dist/payments/pricing.js.map +1 -0
- package/dist/payments/usage-ledger.d.ts +84 -0
- package/dist/payments/usage-ledger.d.ts.map +1 -0
- package/dist/payments/usage-ledger.js +126 -0
- package/dist/payments/usage-ledger.js.map +1 -0
- package/dist/policy/bento-policy-engine.d.ts +71 -0
- package/dist/policy/bento-policy-engine.d.ts.map +1 -0
- package/dist/policy/bento-policy-engine.js +218 -0
- package/dist/policy/bento-policy-engine.js.map +1 -0
- package/dist/policy/default-policies.d.ts +9 -0
- package/dist/policy/default-policies.d.ts.map +1 -0
- package/dist/policy/default-policies.js +69 -0
- package/dist/policy/default-policies.js.map +1 -0
- package/dist/policy/hybrid-policy-engine.d.ts +95 -0
- package/dist/policy/hybrid-policy-engine.d.ts.map +1 -0
- package/dist/policy/hybrid-policy-engine.js +297 -0
- package/dist/policy/hybrid-policy-engine.js.map +1 -0
- package/dist/policy/index.d.ts +10 -0
- package/dist/policy/index.d.ts.map +1 -0
- package/dist/policy/index.js +10 -0
- package/dist/policy/index.js.map +1 -0
- package/dist/policy/local-policy-engine.d.ts +119 -0
- package/dist/policy/local-policy-engine.d.ts.map +1 -0
- package/dist/policy/local-policy-engine.js +318 -0
- package/dist/policy/local-policy-engine.js.map +1 -0
- package/dist/policy/permission-checks.d.ts +19 -0
- package/dist/policy/permission-checks.d.ts.map +1 -0
- package/dist/policy/permission-checks.js +60 -0
- package/dist/policy/permission-checks.js.map +1 -0
- package/dist/policy/policy-engine.d.ts +57 -0
- package/dist/policy/policy-engine.d.ts.map +1 -0
- package/dist/policy/policy-engine.js +162 -0
- package/dist/policy/policy-engine.js.map +1 -0
- package/dist/policy/policy-types.d.ts +46 -0
- package/dist/policy/policy-types.d.ts.map +1 -0
- package/dist/policy/policy-types.js +5 -0
- package/dist/policy/policy-types.js.map +1 -0
- package/dist/policy/risk-level.d.ts +18 -0
- package/dist/policy/risk-level.d.ts.map +1 -0
- package/dist/policy/risk-level.js +46 -0
- package/dist/policy/risk-level.js.map +1 -0
- package/dist/policy/spending-limits.d.ts +17 -0
- package/dist/policy/spending-limits.d.ts.map +1 -0
- package/dist/policy/spending-limits.js +40 -0
- package/dist/policy/spending-limits.js.map +1 -0
- package/dist/prompts/context/sap-agent-context.prompt.d.ts +64 -0
- package/dist/prompts/context/sap-agent-context.prompt.d.ts.map +1 -0
- package/dist/prompts/context/sap-agent-context.prompt.js +336 -0
- package/dist/prompts/context/sap-agent-context.prompt.js.map +1 -0
- package/dist/prompts/developer/debug-sap-error.prompt.d.ts +13 -0
- package/dist/prompts/developer/debug-sap-error.prompt.d.ts.map +1 -0
- package/dist/prompts/developer/debug-sap-error.prompt.js +78 -0
- package/dist/prompts/developer/debug-sap-error.prompt.js.map +1 -0
- package/dist/prompts/developer/generate-sap-integration.prompt.d.ts +13 -0
- package/dist/prompts/developer/generate-sap-integration.prompt.d.ts.map +1 -0
- package/dist/prompts/developer/generate-sap-integration.prompt.js +132 -0
- package/dist/prompts/developer/generate-sap-integration.prompt.js.map +1 -0
- package/dist/prompts/developer/index.d.ts +6 -0
- package/dist/prompts/developer/index.d.ts.map +1 -0
- package/dist/prompts/developer/index.js +6 -0
- package/dist/prompts/developer/index.js.map +1 -0
- package/dist/prompts/execution-proof/explain-proof-of-execution.prompt.d.ts +13 -0
- package/dist/prompts/execution-proof/explain-proof-of-execution.prompt.d.ts.map +1 -0
- package/dist/prompts/execution-proof/explain-proof-of-execution.prompt.js +97 -0
- package/dist/prompts/execution-proof/explain-proof-of-execution.prompt.js.map +1 -0
- package/dist/prompts/execution-proof/index.d.ts +6 -0
- package/dist/prompts/execution-proof/index.d.ts.map +1 -0
- package/dist/prompts/execution-proof/index.js +6 -0
- package/dist/prompts/execution-proof/index.js.map +1 -0
- package/dist/prompts/execution-proof/verify-execution-proof.prompt.d.ts +13 -0
- package/dist/prompts/execution-proof/verify-execution-proof.prompt.d.ts.map +1 -0
- package/dist/prompts/execution-proof/verify-execution-proof.prompt.js +95 -0
- package/dist/prompts/execution-proof/verify-execution-proof.prompt.js.map +1 -0
- package/dist/prompts/index.d.ts +5 -0
- package/dist/prompts/index.d.ts.map +1 -0
- package/dist/prompts/index.js +5 -0
- package/dist/prompts/index.js.map +1 -0
- package/dist/prompts/payments/create-paid-api.prompt.d.ts +13 -0
- package/dist/prompts/payments/create-paid-api.prompt.d.ts.map +1 -0
- package/dist/prompts/payments/create-paid-api.prompt.js +142 -0
- package/dist/prompts/payments/create-paid-api.prompt.js.map +1 -0
- package/dist/prompts/payments/explain-x402-settlement.prompt.d.ts +13 -0
- package/dist/prompts/payments/explain-x402-settlement.prompt.d.ts.map +1 -0
- package/dist/prompts/payments/explain-x402-settlement.prompt.js +83 -0
- package/dist/prompts/payments/explain-x402-settlement.prompt.js.map +1 -0
- package/dist/prompts/payments/index.d.ts +6 -0
- package/dist/prompts/payments/index.d.ts.map +1 -0
- package/dist/prompts/payments/index.js +6 -0
- package/dist/prompts/payments/index.js.map +1 -0
- package/dist/prompts/register-prompts.d.ts +10 -0
- package/dist/prompts/register-prompts.d.ts.map +1 -0
- package/dist/prompts/register-prompts.js +40 -0
- package/dist/prompts/register-prompts.js.map +1 -0
- package/dist/prompts/registry/analyze-sap-agent.prompt.d.ts +13 -0
- package/dist/prompts/registry/analyze-sap-agent.prompt.d.ts.map +1 -0
- package/dist/prompts/registry/analyze-sap-agent.prompt.js +85 -0
- package/dist/prompts/registry/analyze-sap-agent.prompt.js.map +1 -0
- package/dist/prompts/registry/index.d.ts +6 -0
- package/dist/prompts/registry/index.d.ts.map +1 -0
- package/dist/prompts/registry/index.js +6 -0
- package/dist/prompts/registry/index.js.map +1 -0
- package/dist/prompts/registry/register-sap-agent.prompt.d.ts +13 -0
- package/dist/prompts/registry/register-sap-agent.prompt.d.ts.map +1 -0
- package/dist/prompts/registry/register-sap-agent.prompt.js +152 -0
- package/dist/prompts/registry/register-sap-agent.prompt.js.map +1 -0
- package/dist/remote/auth/index.d.ts +86 -0
- package/dist/remote/auth/index.d.ts.map +1 -0
- package/dist/remote/auth/index.js +152 -0
- package/dist/remote/auth/index.js.map +1 -0
- package/dist/remote/server.d.ts +140 -0
- package/dist/remote/server.d.ts.map +1 -0
- package/dist/remote/server.js +412 -0
- package/dist/remote/server.js.map +1 -0
- package/dist/resources/current/sap-current-config.resource.d.ts +30 -0
- package/dist/resources/current/sap-current-config.resource.d.ts.map +1 -0
- package/dist/resources/current/sap-current-config.resource.js +142 -0
- package/dist/resources/current/sap-current-config.resource.js.map +1 -0
- package/dist/resources/execution-proof/index.d.ts +5 -0
- package/dist/resources/execution-proof/index.d.ts.map +1 -0
- package/dist/resources/execution-proof/index.js +5 -0
- package/dist/resources/execution-proof/index.js.map +1 -0
- package/dist/resources/execution-proof/sap-execution-record.resource.d.ts +13 -0
- package/dist/resources/execution-proof/sap-execution-record.resource.d.ts.map +1 -0
- package/dist/resources/execution-proof/sap-execution-record.resource.js +75 -0
- package/dist/resources/execution-proof/sap-execution-record.resource.js.map +1 -0
- package/dist/resources/index.d.ts +5 -0
- package/dist/resources/index.d.ts.map +1 -0
- package/dist/resources/index.js +5 -0
- package/dist/resources/index.js.map +1 -0
- package/dist/resources/memory/index.d.ts +5 -0
- package/dist/resources/memory/index.d.ts.map +1 -0
- package/dist/resources/memory/index.js +5 -0
- package/dist/resources/memory/index.js.map +1 -0
- package/dist/resources/memory/sap-memory.resource.d.ts +13 -0
- package/dist/resources/memory/sap-memory.resource.d.ts.map +1 -0
- package/dist/resources/memory/sap-memory.resource.js +77 -0
- package/dist/resources/memory/sap-memory.resource.js.map +1 -0
- package/dist/resources/profile/sap-active-profile.resource.d.ts +51 -0
- package/dist/resources/profile/sap-active-profile.resource.d.ts.map +1 -0
- package/dist/resources/profile/sap-active-profile.resource.js +119 -0
- package/dist/resources/profile/sap-active-profile.resource.js.map +1 -0
- package/dist/resources/register-resources.d.ts +10 -0
- package/dist/resources/register-resources.d.ts.map +1 -0
- package/dist/resources/register-resources.js +33 -0
- package/dist/resources/register-resources.js.map +1 -0
- package/dist/resources/registry/index.d.ts +6 -0
- package/dist/resources/registry/index.d.ts.map +1 -0
- package/dist/resources/registry/index.js +6 -0
- package/dist/resources/registry/index.js.map +1 -0
- package/dist/resources/registry/sap-agent.resource.d.ts +13 -0
- package/dist/resources/registry/sap-agent.resource.d.ts.map +1 -0
- package/dist/resources/registry/sap-agent.resource.js +75 -0
- package/dist/resources/registry/sap-agent.resource.js.map +1 -0
- package/dist/resources/registry/sap-global-registry.resource.d.ts +13 -0
- package/dist/resources/registry/sap-global-registry.resource.d.ts.map +1 -0
- package/dist/resources/registry/sap-global-registry.resource.js +71 -0
- package/dist/resources/registry/sap-global-registry.resource.js.map +1 -0
- package/dist/resources/reputation/index.d.ts +5 -0
- package/dist/resources/reputation/index.d.ts.map +1 -0
- package/dist/resources/reputation/index.js +5 -0
- package/dist/resources/reputation/index.js.map +1 -0
- package/dist/resources/reputation/sap-reputation.resource.d.ts +13 -0
- package/dist/resources/reputation/sap-reputation.resource.d.ts.map +1 -0
- package/dist/resources/reputation/sap-reputation.resource.js +75 -0
- package/dist/resources/reputation/sap-reputation.resource.js.map +1 -0
- package/dist/resources/stats/sap-network-stats.resource.d.ts +14 -0
- package/dist/resources/stats/sap-network-stats.resource.d.ts.map +1 -0
- package/dist/resources/stats/sap-network-stats.resource.js +86 -0
- package/dist/resources/stats/sap-network-stats.resource.js.map +1 -0
- package/dist/resources/tool-schema/index.d.ts +5 -0
- package/dist/resources/tool-schema/index.d.ts.map +1 -0
- package/dist/resources/tool-schema/index.js +5 -0
- package/dist/resources/tool-schema/index.js.map +1 -0
- package/dist/resources/tool-schema/sap-tool-schema.resource.d.ts +13 -0
- package/dist/resources/tool-schema/sap-tool-schema.resource.d.ts.map +1 -0
- package/dist/resources/tool-schema/sap-tool-schema.resource.js +75 -0
- package/dist/resources/tool-schema/sap-tool-schema.resource.js.map +1 -0
- package/dist/sap/index.d.ts +7 -0
- package/dist/sap/index.d.ts.map +1 -0
- package/dist/sap/index.js +6 -0
- package/dist/sap/index.js.map +1 -0
- package/dist/sap/sap-client-manager.d.ts +54 -0
- package/dist/sap/sap-client-manager.d.ts.map +1 -0
- package/dist/sap/sap-client-manager.js +129 -0
- package/dist/sap/sap-client-manager.js.map +1 -0
- package/dist/sap/sap-errors.d.ts +13 -0
- package/dist/sap/sap-errors.d.ts.map +1 -0
- package/dist/sap/sap-errors.js +23 -0
- package/dist/sap/sap-errors.js.map +1 -0
- package/dist/sap/sap-types.d.ts +69 -0
- package/dist/sap/sap-types.d.ts.map +1 -0
- package/dist/sap/sap-types.js +5 -0
- package/dist/sap/sap-types.js.map +1 -0
- package/dist/schemas/common.schema.d.ts +42 -0
- package/dist/schemas/common.schema.d.ts.map +1 -0
- package/dist/schemas/common.schema.js +36 -0
- package/dist/schemas/common.schema.js.map +1 -0
- package/dist/schemas/developer.schema.d.ts +31 -0
- package/dist/schemas/developer.schema.d.ts.map +1 -0
- package/dist/schemas/developer.schema.js +19 -0
- package/dist/schemas/developer.schema.js.map +1 -0
- package/dist/schemas/execution-proof.schema.d.ts +44 -0
- package/dist/schemas/execution-proof.schema.d.ts.map +1 -0
- package/dist/schemas/execution-proof.schema.js +26 -0
- package/dist/schemas/execution-proof.schema.js.map +1 -0
- package/dist/schemas/identity.schema.d.ts +34 -0
- package/dist/schemas/identity.schema.d.ts.map +1 -0
- package/dist/schemas/identity.schema.js +21 -0
- package/dist/schemas/identity.schema.js.map +1 -0
- package/dist/schemas/index.d.ts +15 -0
- package/dist/schemas/index.d.ts.map +1 -0
- package/dist/schemas/index.js +15 -0
- package/dist/schemas/index.js.map +1 -0
- package/dist/schemas/memory.schema.d.ts +34 -0
- package/dist/schemas/memory.schema.d.ts.map +1 -0
- package/dist/schemas/memory.schema.js +21 -0
- package/dist/schemas/memory.schema.js.map +1 -0
- package/dist/schemas/payments.schema.d.ts +37 -0
- package/dist/schemas/payments.schema.d.ts.map +1 -0
- package/dist/schemas/payments.schema.js +22 -0
- package/dist/schemas/payments.schema.js.map +1 -0
- package/dist/schemas/registry.schema.d.ts +65 -0
- package/dist/schemas/registry.schema.d.ts.map +1 -0
- package/dist/schemas/registry.schema.js +34 -0
- package/dist/schemas/registry.schema.js.map +1 -0
- package/dist/schemas/reputation.schema.d.ts +31 -0
- package/dist/schemas/reputation.schema.d.ts.map +1 -0
- package/dist/schemas/reputation.schema.js +20 -0
- package/dist/schemas/reputation.schema.js.map +1 -0
- package/dist/schemas/settlement.schema.d.ts +50 -0
- package/dist/schemas/settlement.schema.d.ts.map +1 -0
- package/dist/schemas/settlement.schema.js +29 -0
- package/dist/schemas/settlement.schema.js.map +1 -0
- package/dist/schemas/tool-schema.schema.d.ts +56 -0
- package/dist/schemas/tool-schema.schema.d.ts.map +1 -0
- package/dist/schemas/tool-schema.schema.js +26 -0
- package/dist/schemas/tool-schema.schema.js.map +1 -0
- package/dist/schemas/transaction.schema.d.ts +34 -0
- package/dist/schemas/transaction.schema.d.ts.map +1 -0
- package/dist/schemas/transaction.schema.js +20 -0
- package/dist/schemas/transaction.schema.js.map +1 -0
- package/dist/security/approval-required.d.ts +9 -0
- package/dist/security/approval-required.d.ts.map +1 -0
- package/dist/security/approval-required.js +10 -0
- package/dist/security/approval-required.js.map +1 -0
- package/dist/security/index.d.ts +9 -0
- package/dist/security/index.d.ts.map +1 -0
- package/dist/security/index.js +9 -0
- package/dist/security/index.js.map +1 -0
- package/dist/security/private-key-guard.d.ts +11 -0
- package/dist/security/private-key-guard.d.ts.map +1 -0
- package/dist/security/private-key-guard.js +22 -0
- package/dist/security/private-key-guard.js.map +1 -0
- package/dist/security/prompt-injection-notes.d.ts +13 -0
- package/dist/security/prompt-injection-notes.d.ts.map +1 -0
- package/dist/security/prompt-injection-notes.js +23 -0
- package/dist/security/prompt-injection-notes.js.map +1 -0
- package/dist/security/tool-permissions.d.ts +30 -0
- package/dist/security/tool-permissions.d.ts.map +1 -0
- package/dist/security/tool-permissions.js +270 -0
- package/dist/security/tool-permissions.js.map +1 -0
- package/dist/security/unsafe-action-guard.d.ts +28 -0
- package/dist/security/unsafe-action-guard.d.ts.map +1 -0
- package/dist/security/unsafe-action-guard.js +175 -0
- package/dist/security/unsafe-action-guard.js.map +1 -0
- package/dist/server/create-server.d.ts +12 -0
- package/dist/server/create-server.d.ts.map +1 -0
- package/dist/server/create-server.js +57 -0
- package/dist/server/create-server.js.map +1 -0
- package/dist/server/index.d.ts +7 -0
- package/dist/server/index.d.ts.map +1 -0
- package/dist/server/index.js +7 -0
- package/dist/server/index.js.map +1 -0
- package/dist/server/register-capabilities.d.ts +10 -0
- package/dist/server/register-capabilities.d.ts.map +1 -0
- package/dist/server/register-capabilities.js +23 -0
- package/dist/server/register-capabilities.js.map +1 -0
- package/dist/server/server-metadata.d.ts +32 -0
- package/dist/server/server-metadata.d.ts.map +1 -0
- package/dist/server/server-metadata.js +32 -0
- package/dist/server/server-metadata.js.map +1 -0
- package/dist/session/agent-session.d.ts +25 -0
- package/dist/session/agent-session.d.ts.map +1 -0
- package/dist/session/agent-session.js +35 -0
- package/dist/session/agent-session.js.map +1 -0
- package/dist/session/delegated-session.d.ts +20 -0
- package/dist/session/delegated-session.d.ts.map +1 -0
- package/dist/session/delegated-session.js +47 -0
- package/dist/session/delegated-session.js.map +1 -0
- package/dist/session/index.d.ts +10 -0
- package/dist/session/index.d.ts.map +1 -0
- package/dist/session/index.js +9 -0
- package/dist/session/index.js.map +1 -0
- package/dist/session/redis-session-store.d.ts +89 -0
- package/dist/session/redis-session-store.d.ts.map +1 -0
- package/dist/session/redis-session-store.js +219 -0
- package/dist/session/redis-session-store.js.map +1 -0
- package/dist/session/session-limits.d.ts +20 -0
- package/dist/session/session-limits.d.ts.map +1 -0
- package/dist/session/session-limits.js +55 -0
- package/dist/session/session-limits.js.map +1 -0
- package/dist/session/session-permissions.d.ts +37 -0
- package/dist/session/session-permissions.d.ts.map +1 -0
- package/dist/session/session-permissions.js +58 -0
- package/dist/session/session-permissions.js.map +1 -0
- package/dist/session/session-store.d.ts +38 -0
- package/dist/session/session-store.d.ts.map +1 -0
- package/dist/session/session-store.js +62 -0
- package/dist/session/session-store.js.map +1 -0
- package/dist/session/session-types.d.ts +33 -0
- package/dist/session/session-types.d.ts.map +1 -0
- package/dist/session/session-types.js +5 -0
- package/dist/session/session-types.js.map +1 -0
- package/dist/signer/external-signer.d.ts +16 -0
- package/dist/signer/external-signer.d.ts.map +1 -0
- package/dist/signer/external-signer.js +128 -0
- package/dist/signer/external-signer.js.map +1 -0
- package/dist/signer/index.d.ts +9 -0
- package/dist/signer/index.d.ts.map +1 -0
- package/dist/signer/index.js +8 -0
- package/dist/signer/index.js.map +1 -0
- package/dist/signer/load-keypair.d.ts +15 -0
- package/dist/signer/load-keypair.d.ts.map +1 -0
- package/dist/signer/load-keypair.js +39 -0
- package/dist/signer/load-keypair.js.map +1 -0
- package/dist/signer/local-keypair-signer.d.ts +11 -0
- package/dist/signer/local-keypair-signer.d.ts.map +1 -0
- package/dist/signer/local-keypair-signer.js +46 -0
- package/dist/signer/local-keypair-signer.js.map +1 -0
- package/dist/signer/signer-resolver.d.ts +10 -0
- package/dist/signer/signer-resolver.d.ts.map +1 -0
- package/dist/signer/signer-resolver.js +63 -0
- package/dist/signer/signer-resolver.js.map +1 -0
- package/dist/signer/signer-types.d.ts +35 -0
- package/dist/signer/signer-types.d.ts.map +1 -0
- package/dist/signer/signer-types.js +5 -0
- package/dist/signer/signer-types.js.map +1 -0
- package/dist/signer/signing-proxy.d.ts +45 -0
- package/dist/signer/signing-proxy.d.ts.map +1 -0
- package/dist/signer/signing-proxy.js +300 -0
- package/dist/signer/signing-proxy.js.map +1 -0
- package/dist/tools/client-sdk-tools.d.ts +22 -0
- package/dist/tools/client-sdk-tools.d.ts.map +1 -0
- package/dist/tools/client-sdk-tools.js +220 -0
- package/dist/tools/client-sdk-tools.js.map +1 -0
- package/dist/tools/index.d.ts +11 -0
- package/dist/tools/index.d.ts.map +1 -0
- package/dist/tools/index.js +17 -0
- package/dist/tools/index.js.map +1 -0
- package/dist/tools/profile-tools.d.ts +12 -0
- package/dist/tools/profile-tools.d.ts.map +1 -0
- package/dist/tools/profile-tools.js +250 -0
- package/dist/tools/profile-tools.js.map +1 -0
- package/dist/tools/register-tools.d.ts +12 -0
- package/dist/tools/register-tools.d.ts.map +1 -0
- package/dist/tools/register-tools.js +36 -0
- package/dist/tools/register-tools.js.map +1 -0
- package/dist/tools/sap-network-stats.tool.d.ts +14 -0
- package/dist/tools/sap-network-stats.tool.d.ts.map +1 -0
- package/dist/tools/sap-network-stats.tool.js +101 -0
- package/dist/tools/sap-network-stats.tool.js.map +1 -0
- package/dist/tools/sap-sdk-tools.d.ts +15 -0
- package/dist/tools/sap-sdk-tools.d.ts.map +1 -0
- package/dist/tools/sap-sdk-tools.js +1515 -0
- package/dist/tools/sap-sdk-tools.js.map +1 -0
- package/dist/tools/sap-sns-tools.d.ts +35 -0
- package/dist/tools/sap-sns-tools.d.ts.map +1 -0
- package/dist/tools/sap-sns-tools.js +626 -0
- package/dist/tools/sap-sns-tools.js.map +1 -0
- package/dist/tools/skills-tools.d.ts +12 -0
- package/dist/tools/skills-tools.d.ts.map +1 -0
- package/dist/tools/skills-tools.js +273 -0
- package/dist/tools/skills-tools.js.map +1 -0
- package/dist/tools/transaction-tools.d.ts +14 -0
- package/dist/tools/transaction-tools.d.ts.map +1 -0
- package/dist/tools/transaction-tools.js +297 -0
- package/dist/tools/transaction-tools.js.map +1 -0
- package/dist/transports/http.d.ts +40 -0
- package/dist/transports/http.d.ts.map +1 -0
- package/dist/transports/http.js +212 -0
- package/dist/transports/http.js.map +1 -0
- package/dist/transports/index.d.ts +6 -0
- package/dist/transports/index.d.ts.map +1 -0
- package/dist/transports/index.js +6 -0
- package/dist/transports/index.js.map +1 -0
- package/dist/transports/stdio.d.ts +14 -0
- package/dist/transports/stdio.d.ts.map +1 -0
- package/dist/transports/stdio.js +32 -0
- package/dist/transports/stdio.js.map +1 -0
- package/dist/tui/components.d.ts +59 -0
- package/dist/tui/components.d.ts.map +1 -0
- package/dist/tui/components.js +82 -0
- package/dist/tui/components.js.map +1 -0
- package/dist/tui/config-wizard.d.ts +12 -0
- package/dist/tui/config-wizard.d.ts.map +1 -0
- package/dist/tui/config-wizard.js +348 -0
- package/dist/tui/config-wizard.js.map +1 -0
- package/dist/tui/wizard-save.d.ts +51 -0
- package/dist/tui/wizard-save.d.ts.map +1 -0
- package/dist/tui/wizard-save.js +148 -0
- package/dist/tui/wizard-save.js.map +1 -0
- package/docs/00_README.md +45 -0
- package/docs/01_PRODUCT_OVERVIEW.md +69 -0
- package/docs/02_ARCHITECTURE_AND_REQUEST_FLOW.md +120 -0
- package/docs/03_CONFIGURATION_AND_WIZARD.md +143 -0
- package/docs/04_LOCAL_STDIO_USAGE.md +118 -0
- package/docs/05_REMOTE_VPS_DEPLOYMENT.md +136 -0
- package/docs/06_PAYMENTS_X402_AND_PAYSH.md +162 -0
- package/docs/07_ENDPOINTS_AND_CLIENTS.md +114 -0
- package/docs/08_SECURITY_POLICY_AND_SIGNING.md +134 -0
- package/docs/09_TOOLS_SKILLS_AND_AGENT_GUIDE.md +72 -0
- package/docs/10_OPERATIONS_RELEASE_AND_PM2.md +90 -0
- package/docs/11_CODE_QUALITY_AUDIT.md +49 -0
- package/ecosystem.config.example.cjs +55 -0
- package/package.json +132 -0
- package/skills/README.md +146 -0
- package/skills/sap-agent-registry/SKILL.md +39 -0
- package/skills/sap-agentkit/SKILL.md +40 -0
- package/skills/sap-defi/SKILL.md +51 -0
- package/skills/sap-discovery-indexing/SKILL.md +33 -0
- package/skills/sap-escrow-settlement/SKILL.md +37 -0
- package/skills/sap-ledger-session/SKILL.md +24 -0
- package/skills/sap-market-data/SKILL.md +36 -0
- package/skills/sap-mcp/SKILL.md +202 -0
- package/skills/sap-mcp/TOOL_REFERENCE.md +184 -0
- package/skills/sap-memory-vault/SKILL.md +29 -0
- package/skills/sap-nft-metaplex/SKILL.md +38 -0
- package/skills/sap-operations/SKILL.md +97 -0
- package/skills/sap-payments-x402/SKILL.md +47 -0
- package/skills/sap-reputation-attestation/SKILL.md +30 -0
- package/skills/sap-sns/SKILL.md +51 -0
- package/skills/sap-social-gaming/SKILL.md +30 -0
- package/skills/sap-solana-token/SKILL.md +32 -0
- package/skills/sap-staking/SKILL.md +24 -0
- package/skills/sap-tool-registry/SKILL.md +29 -0
|
@@ -0,0 +1,297 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @name HybridPolicyEngine
|
|
3
|
+
* @description Combines deterministic local guardrails with optional Bento Guard intent scoring.
|
|
4
|
+
*
|
|
5
|
+
* Flow:
|
|
6
|
+
* 1. Local deterministic guardrails always run in hybrid mode.
|
|
7
|
+
* 2. Bento runs only after local checks pass.
|
|
8
|
+
* 3. Bento outages follow the configured fail-open or fail-closed policy.
|
|
9
|
+
* 4. Local-only mode never depends on external services.
|
|
10
|
+
*/
|
|
11
|
+
import { LocalPolicyEngine } from './local-policy-engine.js';
|
|
12
|
+
import { BentoPolicyEngine, BentoUnavailableError } from './bento-policy-engine.js';
|
|
13
|
+
import { logger } from '../core/logger.js';
|
|
14
|
+
/**
|
|
15
|
+
* @name HybridPolicyEngine
|
|
16
|
+
* @description Runtime service that validates tool calls through local and optional Bento policies.
|
|
17
|
+
*/
|
|
18
|
+
export class HybridPolicyEngine {
|
|
19
|
+
localEngine;
|
|
20
|
+
bentoEngine = null;
|
|
21
|
+
config;
|
|
22
|
+
bentoAvailable = false;
|
|
23
|
+
constructor(config) {
|
|
24
|
+
this.config = {
|
|
25
|
+
...config,
|
|
26
|
+
logging: config.logging ?? true,
|
|
27
|
+
failOpen: config.failOpen ?? false,
|
|
28
|
+
};
|
|
29
|
+
this.localEngine = new LocalPolicyEngine(config.local);
|
|
30
|
+
if (config.bento && config.mode !== 'local-only') {
|
|
31
|
+
try {
|
|
32
|
+
this.bentoEngine = new BentoPolicyEngine(config.bento);
|
|
33
|
+
void this.checkBentoAvailability();
|
|
34
|
+
}
|
|
35
|
+
catch (error) {
|
|
36
|
+
logger.warn('Hybrid policy failed to initialize Bento', { error });
|
|
37
|
+
this.bentoEngine = null;
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
/**
|
|
42
|
+
* @name checkBentoAvailability
|
|
43
|
+
* @description Checks Bento Guard availability in the background without blocking server startup.
|
|
44
|
+
*/
|
|
45
|
+
async checkBentoAvailability() {
|
|
46
|
+
if (!this.bentoEngine) {
|
|
47
|
+
this.bentoAvailable = false;
|
|
48
|
+
return;
|
|
49
|
+
}
|
|
50
|
+
try {
|
|
51
|
+
this.bentoAvailable = await this.bentoEngine.isAvailable();
|
|
52
|
+
if (this.bentoAvailable && this.config.logging) {
|
|
53
|
+
logger.info('Hybrid policy Bento Guard available');
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
catch (error) {
|
|
57
|
+
this.bentoAvailable = false;
|
|
58
|
+
if (this.config.logging) {
|
|
59
|
+
logger.warn('Hybrid policy Bento Guard unavailable', { error });
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
}
|
|
63
|
+
/**
|
|
64
|
+
* @name validateToolCall
|
|
65
|
+
* @description Validates a tool call using the configured policy mode.
|
|
66
|
+
*/
|
|
67
|
+
async validateToolCall(context) {
|
|
68
|
+
const startTime = Date.now();
|
|
69
|
+
let decision;
|
|
70
|
+
try {
|
|
71
|
+
// Determine which engine to use
|
|
72
|
+
switch (this.config.mode) {
|
|
73
|
+
case 'bento-only':
|
|
74
|
+
decision = await this.validateWithBento(context);
|
|
75
|
+
break;
|
|
76
|
+
case 'local-only':
|
|
77
|
+
decision = await this.validateWithLocal(context);
|
|
78
|
+
break;
|
|
79
|
+
case 'hybrid':
|
|
80
|
+
default:
|
|
81
|
+
decision = await this.validateHybrid(context);
|
|
82
|
+
break;
|
|
83
|
+
}
|
|
84
|
+
// Add timing metadata
|
|
85
|
+
decision.metadata = {
|
|
86
|
+
...decision.metadata,
|
|
87
|
+
validationTimeMs: Date.now() - startTime,
|
|
88
|
+
engine: this.getEngineUsed(),
|
|
89
|
+
};
|
|
90
|
+
// Log decision
|
|
91
|
+
if (this.config.logging) {
|
|
92
|
+
this.logDecision(context, decision);
|
|
93
|
+
}
|
|
94
|
+
return decision;
|
|
95
|
+
}
|
|
96
|
+
catch (error) {
|
|
97
|
+
// Unexpected error - handle based on failOpen setting
|
|
98
|
+
const errorMessage = error instanceof Error ? error.message : String(error);
|
|
99
|
+
if (this.config.logging) {
|
|
100
|
+
logger.error('Hybrid policy unexpected error', { error: errorMessage });
|
|
101
|
+
}
|
|
102
|
+
if (this.config.failOpen) {
|
|
103
|
+
return {
|
|
104
|
+
allowed: true,
|
|
105
|
+
reason: `Policy engine error, failing open: ${errorMessage}`,
|
|
106
|
+
rule: 'error-fail-open',
|
|
107
|
+
metadata: {
|
|
108
|
+
error: errorMessage,
|
|
109
|
+
failOpen: true,
|
|
110
|
+
},
|
|
111
|
+
};
|
|
112
|
+
}
|
|
113
|
+
else {
|
|
114
|
+
return {
|
|
115
|
+
allowed: false,
|
|
116
|
+
blocked: true,
|
|
117
|
+
reason: `Policy engine error, failing closed: ${errorMessage}`,
|
|
118
|
+
rule: 'error-fail-closed',
|
|
119
|
+
metadata: {
|
|
120
|
+
error: errorMessage,
|
|
121
|
+
failOpen: false,
|
|
122
|
+
},
|
|
123
|
+
};
|
|
124
|
+
}
|
|
125
|
+
}
|
|
126
|
+
}
|
|
127
|
+
/**
|
|
128
|
+
* @name validateWithBento
|
|
129
|
+
* @description Validates a tool call exclusively through Bento Guard.
|
|
130
|
+
*/
|
|
131
|
+
async validateWithBento(context) {
|
|
132
|
+
if (!this.bentoEngine) {
|
|
133
|
+
throw new Error('Bento engine not initialized');
|
|
134
|
+
}
|
|
135
|
+
return this.bentoEngine.validateAction(context);
|
|
136
|
+
}
|
|
137
|
+
/**
|
|
138
|
+
* @name validateWithLocal
|
|
139
|
+
* @description Validates a tool call exclusively through local deterministic policies.
|
|
140
|
+
*/
|
|
141
|
+
async validateWithLocal(context) {
|
|
142
|
+
return this.localEngine.validateToolCall(context);
|
|
143
|
+
}
|
|
144
|
+
/**
|
|
145
|
+
* @name validateHybrid
|
|
146
|
+
* @description Runs local guardrails first and then Bento Guard when configured.
|
|
147
|
+
*/
|
|
148
|
+
async validateHybrid(context) {
|
|
149
|
+
const localDecision = await this.localEngine.validateToolCall(context);
|
|
150
|
+
if (!localDecision.allowed || localDecision.blocked || localDecision.escalated) {
|
|
151
|
+
return {
|
|
152
|
+
...localDecision,
|
|
153
|
+
metadata: {
|
|
154
|
+
...localDecision.metadata,
|
|
155
|
+
provider: 'local',
|
|
156
|
+
hybridStage: 'local-guardrail',
|
|
157
|
+
},
|
|
158
|
+
};
|
|
159
|
+
}
|
|
160
|
+
// Try Bento after deterministic local guardrails pass.
|
|
161
|
+
if (this.bentoEngine) {
|
|
162
|
+
try {
|
|
163
|
+
const bentoDecision = await this.bentoEngine.validateAction(context);
|
|
164
|
+
this.bentoAvailable = true;
|
|
165
|
+
return {
|
|
166
|
+
...bentoDecision,
|
|
167
|
+
metadata: {
|
|
168
|
+
...bentoDecision.metadata,
|
|
169
|
+
localDecision: localDecision.reason,
|
|
170
|
+
hybridStage: 'bento-after-local',
|
|
171
|
+
},
|
|
172
|
+
};
|
|
173
|
+
}
|
|
174
|
+
catch (error) {
|
|
175
|
+
if (error instanceof BentoUnavailableError) {
|
|
176
|
+
this.bentoAvailable = false;
|
|
177
|
+
if (!this.config.failOpen) {
|
|
178
|
+
return {
|
|
179
|
+
allowed: false,
|
|
180
|
+
blocked: true,
|
|
181
|
+
reason: error.message,
|
|
182
|
+
rule: 'bento-unavailable-fail-closed',
|
|
183
|
+
metadata: {
|
|
184
|
+
provider: 'bento',
|
|
185
|
+
failOpen: false,
|
|
186
|
+
localDecision: localDecision.reason,
|
|
187
|
+
},
|
|
188
|
+
};
|
|
189
|
+
}
|
|
190
|
+
if (this.config.logging) {
|
|
191
|
+
logger.warn('Hybrid policy Bento unavailable; using local allow because failOpen=true');
|
|
192
|
+
}
|
|
193
|
+
return {
|
|
194
|
+
...localDecision,
|
|
195
|
+
metadata: {
|
|
196
|
+
...localDecision.metadata,
|
|
197
|
+
provider: 'local',
|
|
198
|
+
bentoUnavailable: true,
|
|
199
|
+
failOpen: true,
|
|
200
|
+
},
|
|
201
|
+
};
|
|
202
|
+
}
|
|
203
|
+
else {
|
|
204
|
+
// Other error - rethrow
|
|
205
|
+
throw error;
|
|
206
|
+
}
|
|
207
|
+
}
|
|
208
|
+
}
|
|
209
|
+
return localDecision;
|
|
210
|
+
}
|
|
211
|
+
/**
|
|
212
|
+
* @name getEngineUsed
|
|
213
|
+
* @description Returns the policy engine that is expected to have produced the most recent decision.
|
|
214
|
+
*/
|
|
215
|
+
getEngineUsed() {
|
|
216
|
+
if (this.config.mode === 'local-only') {
|
|
217
|
+
return 'local';
|
|
218
|
+
}
|
|
219
|
+
if (this.config.mode === 'bento-only') {
|
|
220
|
+
return 'bento';
|
|
221
|
+
}
|
|
222
|
+
// Hybrid mode
|
|
223
|
+
if (this.bentoEngine && this.bentoAvailable) {
|
|
224
|
+
return 'bento';
|
|
225
|
+
}
|
|
226
|
+
return 'local';
|
|
227
|
+
}
|
|
228
|
+
/**
|
|
229
|
+
* @name logDecision
|
|
230
|
+
* @description Writes a redacted policy decision to the structured logger.
|
|
231
|
+
*/
|
|
232
|
+
logDecision(context, decision) {
|
|
233
|
+
const message = decision.blocked
|
|
234
|
+
? 'BLOCKED'
|
|
235
|
+
: decision.escalated
|
|
236
|
+
? 'ESCALATED'
|
|
237
|
+
: decision.allowed
|
|
238
|
+
? 'ALLOWED'
|
|
239
|
+
: 'UNKNOWN';
|
|
240
|
+
const payload = {
|
|
241
|
+
user: context.user,
|
|
242
|
+
reason: decision.reason,
|
|
243
|
+
rule: decision.rule,
|
|
244
|
+
engine: this.getEngineUsed(),
|
|
245
|
+
};
|
|
246
|
+
if (decision.blocked || decision.escalated) {
|
|
247
|
+
logger.warn(`Policy ${message} - ${context.toolName}`, payload);
|
|
248
|
+
return;
|
|
249
|
+
}
|
|
250
|
+
logger.info(`Policy ${message} - ${context.toolName}`, payload);
|
|
251
|
+
}
|
|
252
|
+
/**
|
|
253
|
+
* @name getStatus
|
|
254
|
+
* @description Returns current hybrid policy health without exposing secrets.
|
|
255
|
+
*/
|
|
256
|
+
getStatus() {
|
|
257
|
+
return {
|
|
258
|
+
mode: this.config.mode,
|
|
259
|
+
bentoConfigured: this.bentoEngine !== null,
|
|
260
|
+
bentoAvailable: this.bentoAvailable,
|
|
261
|
+
localEngineActive: true,
|
|
262
|
+
};
|
|
263
|
+
}
|
|
264
|
+
/**
|
|
265
|
+
* @name refreshBentoStatus
|
|
266
|
+
* @description Forces a Bento Guard availability refresh.
|
|
267
|
+
*/
|
|
268
|
+
async refreshBentoStatus() {
|
|
269
|
+
await this.checkBentoAvailability();
|
|
270
|
+
return this.bentoAvailable;
|
|
271
|
+
}
|
|
272
|
+
}
|
|
273
|
+
/**
|
|
274
|
+
* @name createHybridPolicyConfigFromEnv
|
|
275
|
+
* @description Creates hybrid policy configuration from SAP MCP environment variables.
|
|
276
|
+
*/
|
|
277
|
+
export async function createHybridPolicyConfigFromEnv() {
|
|
278
|
+
const { createPolicyConfigFromEnv } = await import('./local-policy-engine.js');
|
|
279
|
+
const { createBentoConfigFromEnv } = await import('./bento-policy-engine.js');
|
|
280
|
+
const localConfig = createPolicyConfigFromEnv();
|
|
281
|
+
const bentoConfig = createBentoConfigFromEnv();
|
|
282
|
+
// Determine mode from env
|
|
283
|
+
const modeEnv = process.env.SAP_MCP_POLICY_MODE || 'hybrid';
|
|
284
|
+
const mode = modeEnv;
|
|
285
|
+
const failOpenEnv = process.env.SAP_MCP_POLICY_FAIL_OPEN || 'true';
|
|
286
|
+
const failOpen = failOpenEnv.toLowerCase() === 'true';
|
|
287
|
+
const loggingEnv = process.env.SAP_MCP_POLICY_LOGGING || 'true';
|
|
288
|
+
const logging = loggingEnv.toLowerCase() === 'true';
|
|
289
|
+
return {
|
|
290
|
+
local: localConfig,
|
|
291
|
+
bento: bentoConfig,
|
|
292
|
+
mode,
|
|
293
|
+
failOpen,
|
|
294
|
+
logging,
|
|
295
|
+
};
|
|
296
|
+
}
|
|
297
|
+
//# sourceMappingURL=hybrid-policy-engine.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"hybrid-policy-engine.js","sourceRoot":"","sources":["../../src/policy/hybrid-policy-engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,iBAAiB,EAA+C,MAAM,0BAA0B,CAAC;AAC1G,OAAO,EAAE,iBAAiB,EAAe,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AACjG,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAmB3C;;;GAGG;AACH,MAAM,OAAO,kBAAkB;IACrB,WAAW,CAAoB;IAC/B,WAAW,GAA6B,IAAI,CAAC;IAC7C,MAAM,CAAqB;IAC3B,cAAc,GAAY,KAAK,CAAC;IAExC,YAAmB,MAA0B;QAC3C,IAAI,CAAC,MAAM,GAAG;YACZ,GAAG,MAAM;YACT,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,IAAI;YAC/B,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,KAAK;SACnC,CAAC;QAEF,IAAI,CAAC,WAAW,GAAG,IAAI,iBAAiB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAEvD,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YACjD,IAAI,CAAC;gBACH,IAAI,CAAC,WAAW,GAAG,IAAI,iBAAiB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBACvD,KAAK,IAAI,CAAC,sBAAsB,EAAE,CAAC;YACrC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,IAAI,CAAC,0CAA0C,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;gBACnE,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,sBAAsB;QAClC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,IAAI,CAAC,cAAc,GAAG,KAAK,CAAC;YAC5B,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,IAAI,CAAC,cAAc,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC;YAC3D,IAAI,IAAI,CAAC,cAAc,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBAC/C,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;YACrD,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,cAAc,GAAG,KAAK,CAAC;YAC5B,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACxB,MAAM,CAAC,IAAI,CAAC,uCAAuC,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YAClE,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,gBAAgB,CAAC,OAAsB;QAClD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,IAAI,QAAwB,CAAC;QAE7B,IAAI,CAAC;YACH,gCAAgC;YAChC,QAAQ,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;gBACzB,KAAK,YAAY;oBACf,QAAQ,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;oBACjD,MAAM;gBAER,KAAK,YAAY;oBACf,QAAQ,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;oBACjD,MAAM;gBAER,KAAK,QAAQ,CAAC;gBACd;oBACE,QAAQ,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;oBAC9C,MAAM;YACV,CAAC;YAED,sBAAsB;YACtB,QAAQ,CAAC,QAAQ,GAAG;gBAClB,GAAG,QAAQ,CAAC,QAAQ;gBACpB,gBAAgB,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBACxC,MAAM,EAAE,IAAI,CAAC,aAAa,EAAE;aAC7B,CAAC;YAEF,eAAe;YACf,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACxB,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YACtC,CAAC;YAED,OAAO,QAAQ,CAAC;QAClB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,sDAAsD;YACtD,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAE5E,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACxB,MAAM,CAAC,KAAK,CAAC,gCAAgC,EAAE,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,CAAC;YAC1E,CAAC;YAED,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACzB,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,MAAM,EAAE,sCAAsC,YAAY,EAAE;oBAC5D,IAAI,EAAE,iBAAiB;oBACvB,QAAQ,EAAE;wBACR,KAAK,EAAE,YAAY;wBACnB,QAAQ,EAAE,IAAI;qBACf;iBACF,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE,IAAI;oBACb,MAAM,EAAE,wCAAwC,YAAY,EAAE;oBAC9D,IAAI,EAAE,mBAAmB;oBACzB,QAAQ,EAAE;wBACR,KAAK,EAAE,YAAY;wBACnB,QAAQ,EAAE,KAAK;qBAChB;iBACF,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,iBAAiB,CAAC,OAAsB;QACpD,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClD,CAAC;QAED,OAAO,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;IAClD,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,iBAAiB,CAAC,OAAsB;QACpD,OAAO,IAAI,CAAC,WAAW,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;IACpD,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,cAAc,CAAC,OAAsB;QACjD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QACvE,IAAI,CAAC,aAAa,CAAC,OAAO,IAAI,aAAa,CAAC,OAAO,IAAI,aAAa,CAAC,SAAS,EAAE,CAAC;YAC/E,OAAO;gBACL,GAAG,aAAa;gBAChB,QAAQ,EAAE;oBACR,GAAG,aAAa,CAAC,QAAQ;oBACzB,QAAQ,EAAE,OAAO;oBACjB,WAAW,EAAE,iBAAiB;iBAC/B;aACF,CAAC;QACJ,CAAC;QAED,uDAAuD;QACvD,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,IAAI,CAAC;gBACH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;gBACrE,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;gBAC3B,OAAO;oBACL,GAAG,aAAa;oBAChB,QAAQ,EAAE;wBACR,GAAG,aAAa,CAAC,QAAQ;wBACzB,aAAa,EAAE,aAAa,CAAC,MAAM;wBACnC,WAAW,EAAE,mBAAmB;qBACjC;iBACF,CAAC;YACJ,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,KAAK,YAAY,qBAAqB,EAAE,CAAC;oBAC3C,IAAI,CAAC,cAAc,GAAG,KAAK,CAAC;oBAC5B,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;wBAC1B,OAAO;4BACL,OAAO,EAAE,KAAK;4BACd,OAAO,EAAE,IAAI;4BACb,MAAM,EAAE,KAAK,CAAC,OAAO;4BACrB,IAAI,EAAE,+BAA+B;4BACrC,QAAQ,EAAE;gCACR,QAAQ,EAAE,OAAO;gCACjB,QAAQ,EAAE,KAAK;gCACf,aAAa,EAAE,aAAa,CAAC,MAAM;6BACpC;yBACF,CAAC;oBACJ,CAAC;oBAED,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;wBACxB,MAAM,CAAC,IAAI,CAAC,0EAA0E,CAAC,CAAC;oBAC1F,CAAC;oBACD,OAAO;wBACL,GAAG,aAAa;wBAChB,QAAQ,EAAE;4BACR,GAAG,aAAa,CAAC,QAAQ;4BACzB,QAAQ,EAAE,OAAO;4BACjB,gBAAgB,EAAE,IAAI;4BACtB,QAAQ,EAAE,IAAI;yBACf;qBACF,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,wBAAwB;oBACxB,MAAM,KAAK,CAAC;gBACd,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,aAAa,CAAC;IACvB,CAAC;IAED;;;OAGG;IACK,aAAa;QACnB,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YACtC,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YACtC,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,cAAc;QACd,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YAC5C,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;OAGG;IACK,WAAW,CAAC,OAAsB,EAAE,QAAwB;QAClE,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO;YAC9B,CAAC,CAAC,SAAS;YACX,CAAC,CAAC,QAAQ,CAAC,SAAS;gBAClB,CAAC,CAAC,WAAW;gBACb,CAAC,CAAC,QAAQ,CAAC,OAAO;oBAChB,CAAC,CAAC,SAAS;oBACX,CAAC,CAAC,SAAS,CAAC;QAElB,MAAM,OAAO,GAAG;YACd,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,IAAI,EAAE,QAAQ,CAAC,IAAI;YACnB,MAAM,EAAE,IAAI,CAAC,aAAa,EAAE;SAC7B,CAAC;QAEF,IAAI,QAAQ,CAAC,OAAO,IAAI,QAAQ,CAAC,SAAS,EAAE,CAAC;YAC3C,MAAM,CAAC,IAAI,CAAC,UAAU,OAAO,MAAM,OAAO,CAAC,QAAQ,EAAE,EAAE,OAAO,CAAC,CAAC;YAChE,OAAO;QACT,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,UAAU,OAAO,MAAM,OAAO,CAAC,QAAQ,EAAE,EAAE,OAAO,CAAC,CAAC;IAClE,CAAC;IAED;;;OAGG;IACI,SAAS;QAMd,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI;YACtB,eAAe,EAAE,IAAI,CAAC,WAAW,KAAK,IAAI;YAC1C,cAAc,EAAE,IAAI,CAAC,cAAc;YACnC,iBAAiB,EAAE,IAAI;SACxB,CAAC;IACJ,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,kBAAkB;QAC7B,MAAM,IAAI,CAAC,sBAAsB,EAAE,CAAC;QACpC,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,+BAA+B;IACnD,MAAM,EAAE,yBAAyB,EAAE,GAAG,MAAM,MAAM,CAAC,0BAA0B,CAAC,CAAC;IAC/E,MAAM,EAAE,wBAAwB,EAAE,GAAG,MAAM,MAAM,CAAC,0BAA0B,CAAC,CAAC;IAE9E,MAAM,WAAW,GAAG,yBAAyB,EAAE,CAAC;IAChD,MAAM,WAAW,GAAG,wBAAwB,EAAE,CAAC;IAE/C,0BAA0B;IAC1B,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,QAAQ,CAAC;IAC5D,MAAM,IAAI,GAAG,OAAiD,CAAC;IAE/D,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,IAAI,MAAM,CAAC;IACnE,MAAM,QAAQ,GAAG,WAAW,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC;IAEtD,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,IAAI,MAAM,CAAC;IAChE,MAAM,OAAO,GAAG,UAAU,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC;IAEpD,OAAO;QACL,KAAK,EAAE,WAAW;QAClB,KAAK,EAAE,WAAW;QAClB,IAAI;QACJ,QAAQ;QACR,OAAO;KACR,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Policy Engine Module
|
|
3
|
+
*
|
|
4
|
+
* Hybrid policy engine for SAP MCP Server
|
|
5
|
+
* Combines local deterministic policies with optional Bento Guard integration
|
|
6
|
+
*/
|
|
7
|
+
export { LocalPolicyEngine, type PolicyConfig, type PolicyDecision, type PolicyContext, createPolicyConfigFromEnv, } from './local-policy-engine.js';
|
|
8
|
+
export { BentoPolicyEngine, type BentoConfig, BentoUnavailableError, createBentoConfigFromEnv, } from './bento-policy-engine.js';
|
|
9
|
+
export { HybridPolicyEngine, type HybridPolicyConfig, createHybridPolicyConfigFromEnv, } from './hybrid-policy-engine.js';
|
|
10
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/policy/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,iBAAiB,EACjB,KAAK,YAAY,EACjB,KAAK,cAAc,EACnB,KAAK,aAAa,EAClB,yBAAyB,GAC1B,MAAM,0BAA0B,CAAC;AAElC,OAAO,EACL,iBAAiB,EACjB,KAAK,WAAW,EAChB,qBAAqB,EACrB,wBAAwB,GACzB,MAAM,0BAA0B,CAAC;AAElC,OAAO,EACL,kBAAkB,EAClB,KAAK,kBAAkB,EACvB,+BAA+B,GAChC,MAAM,2BAA2B,CAAC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Policy Engine Module
|
|
3
|
+
*
|
|
4
|
+
* Hybrid policy engine for SAP MCP Server
|
|
5
|
+
* Combines local deterministic policies with optional Bento Guard integration
|
|
6
|
+
*/
|
|
7
|
+
export { LocalPolicyEngine, createPolicyConfigFromEnv, } from './local-policy-engine.js';
|
|
8
|
+
export { BentoPolicyEngine, BentoUnavailableError, createBentoConfigFromEnv, } from './bento-policy-engine.js';
|
|
9
|
+
export { HybridPolicyEngine, createHybridPolicyConfigFromEnv, } from './hybrid-policy-engine.js';
|
|
10
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/policy/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,iBAAiB,EAIjB,yBAAyB,GAC1B,MAAM,0BAA0B,CAAC;AAElC,OAAO,EACL,iBAAiB,EAEjB,qBAAqB,EACrB,wBAAwB,GACzB,MAAM,0BAA0B,CAAC;AAElC,OAAO,EACL,kBAAkB,EAElB,+BAA+B,GAChC,MAAM,2BAA2B,CAAC"}
|
|
@@ -0,0 +1,119 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Local Policy Engine
|
|
3
|
+
*
|
|
4
|
+
* Deterministic security policies for SAP MCP Server
|
|
5
|
+
* Runs entirely locally - no external dependencies
|
|
6
|
+
*
|
|
7
|
+
* Features:
|
|
8
|
+
* - Spend limits per tool/operation
|
|
9
|
+
* - Program whitelist/blacklist
|
|
10
|
+
* - Address whitelist/blacklist
|
|
11
|
+
* - Rate limiting per user
|
|
12
|
+
* - Time-based restrictions
|
|
13
|
+
*/
|
|
14
|
+
export interface PolicyConfig {
|
|
15
|
+
/** Maximum amount (in lamports) per tool call */
|
|
16
|
+
spendLimits: Record<string, number>;
|
|
17
|
+
/** Allowed program IDs */
|
|
18
|
+
programWhitelist: string[];
|
|
19
|
+
/** Blocked program IDs */
|
|
20
|
+
programBlacklist: string[];
|
|
21
|
+
/** Allowed destination addresses */
|
|
22
|
+
addressWhitelist: string[];
|
|
23
|
+
/** Blocked destination addresses */
|
|
24
|
+
addressBlacklist: string[];
|
|
25
|
+
/** Max calls per minute per user */
|
|
26
|
+
rateLimits: Record<string, number>;
|
|
27
|
+
/** Tools that require escalation (human approval) */
|
|
28
|
+
escalationTools: string[];
|
|
29
|
+
/** Time windows when operations are allowed (UTC hours) */
|
|
30
|
+
allowedHours?: {
|
|
31
|
+
start: number;
|
|
32
|
+
end: number;
|
|
33
|
+
};
|
|
34
|
+
}
|
|
35
|
+
/**
|
|
36
|
+
* Contract describing policy decision data used by the SAP MCP runtime.
|
|
37
|
+
*/
|
|
38
|
+
export interface PolicyDecision {
|
|
39
|
+
/** Whether the operation is allowed */
|
|
40
|
+
allowed: boolean;
|
|
41
|
+
/** Whether the operation is explicitly blocked */
|
|
42
|
+
blocked?: boolean;
|
|
43
|
+
/** Whether the operation requires human escalation */
|
|
44
|
+
escalated?: boolean;
|
|
45
|
+
/** Reason for the decision */
|
|
46
|
+
reason: string;
|
|
47
|
+
/** Policy rule that was triggered */
|
|
48
|
+
rule?: string;
|
|
49
|
+
/** Metadata for logging/auditing */
|
|
50
|
+
metadata?: Record<string, unknown>;
|
|
51
|
+
}
|
|
52
|
+
/**
|
|
53
|
+
* Contract describing policy context data used by the SAP MCP runtime.
|
|
54
|
+
*/
|
|
55
|
+
export interface PolicyContext {
|
|
56
|
+
/** Tool/function being called */
|
|
57
|
+
toolName: string;
|
|
58
|
+
/** Tool arguments */
|
|
59
|
+
args: Record<string, unknown>;
|
|
60
|
+
/** User/wallet identifier */
|
|
61
|
+
user: string;
|
|
62
|
+
/** Amount involved (if applicable, in lamports) */
|
|
63
|
+
amount?: number;
|
|
64
|
+
/** Program ID being interacted with */
|
|
65
|
+
programId?: string;
|
|
66
|
+
/** Destination address (if applicable) */
|
|
67
|
+
destination?: string;
|
|
68
|
+
/** Current timestamp */
|
|
69
|
+
timestamp?: number;
|
|
70
|
+
}
|
|
71
|
+
/**
|
|
72
|
+
* Runtime service that implements local policy engine behavior.
|
|
73
|
+
*/
|
|
74
|
+
export declare class LocalPolicyEngine {
|
|
75
|
+
private config;
|
|
76
|
+
private callHistory;
|
|
77
|
+
constructor(config: PolicyConfig);
|
|
78
|
+
/**
|
|
79
|
+
* Validate a tool call against all policy rules
|
|
80
|
+
*/
|
|
81
|
+
validateToolCall(context: PolicyContext): Promise<PolicyDecision>;
|
|
82
|
+
/**
|
|
83
|
+
* Check if program or address is blacklisted
|
|
84
|
+
*/
|
|
85
|
+
private checkBlacklist;
|
|
86
|
+
/**
|
|
87
|
+
* Check if program or address is whitelisted (if whitelist is configured)
|
|
88
|
+
*/
|
|
89
|
+
private checkWhitelist;
|
|
90
|
+
/**
|
|
91
|
+
* Check if amount exceeds spend limits
|
|
92
|
+
*/
|
|
93
|
+
private checkSpendLimits;
|
|
94
|
+
/**
|
|
95
|
+
* Check rate limiting per user
|
|
96
|
+
*/
|
|
97
|
+
private checkRateLimits;
|
|
98
|
+
/**
|
|
99
|
+
* Check if tool requires human escalation
|
|
100
|
+
*/
|
|
101
|
+
private checkEscalation;
|
|
102
|
+
/**
|
|
103
|
+
* Check if operation is within allowed time window
|
|
104
|
+
*/
|
|
105
|
+
private checkTimeWindow;
|
|
106
|
+
/**
|
|
107
|
+
* Get current policy configuration
|
|
108
|
+
*/
|
|
109
|
+
getConfig(): PolicyConfig;
|
|
110
|
+
/**
|
|
111
|
+
* Clear call history (useful for testing)
|
|
112
|
+
*/
|
|
113
|
+
clearHistory(): void;
|
|
114
|
+
}
|
|
115
|
+
/**
|
|
116
|
+
* Create policy config from environment variables
|
|
117
|
+
*/
|
|
118
|
+
export declare function createPolicyConfigFromEnv(): PolicyConfig;
|
|
119
|
+
//# sourceMappingURL=local-policy-engine.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"local-policy-engine.d.ts","sourceRoot":"","sources":["../../src/policy/local-policy-engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,MAAM,WAAW,YAAY;IAC3B,iDAAiD;IACjD,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACpC,0BAA0B;IAC1B,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,0BAA0B;IAC1B,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,oCAAoC;IACpC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,oCAAoC;IACpC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,oCAAoC;IACpC,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnC,qDAAqD;IACrD,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,2DAA2D;IAC3D,YAAY,CAAC,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;CAC/C;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,uCAAuC;IACvC,OAAO,EAAE,OAAO,CAAC;IACjB,kDAAkD;IAClD,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,sDAAsD;IACtD,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,8BAA8B;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,qCAAqC;IACrC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,oCAAoC;IACpC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,iCAAiC;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,qBAAqB;IACrB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,6BAA6B;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,mDAAmD;IACnD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,uCAAuC;IACvC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,0CAA0C;IAC1C,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,wBAAwB;IACxB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,MAAM,CAAe;IAC7B,OAAO,CAAC,WAAW,CAAiE;gBAExE,MAAM,EAAE,YAAY;IAIhC;;OAEG;IACG,gBAAgB,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC;IAyDvE;;OAEG;IACH,OAAO,CAAC,cAAc;IAwBtB;;OAEG;IACH,OAAO,CAAC,cAAc;IA2BtB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAsCxB;;OAEG;IACH,OAAO,CAAC,eAAe;IAuCvB;;OAEG;IACH,OAAO,CAAC,eAAe;IAiBvB;;OAEG;IACH,OAAO,CAAC,eAAe;IAmCvB;;OAEG;IACH,SAAS,IAAI,YAAY;IAIzB;;OAEG;IACH,YAAY,IAAI,IAAI;CAGrB;AAED;;GAEG;AACH,wBAAgB,yBAAyB,IAAI,YAAY,CA2DxD"}
|