@openape/proxy 0.2.5 → 0.2.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/PLAN.md +5 -5
- package/package.json +8 -3
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,13 @@
|
|
|
1
1
|
# @openape/proxy
|
|
2
2
|
|
|
3
|
+
## 0.2.6
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- Updated dependencies [[`da8a5ac`](https://github.com/openape-ai/openape/commit/da8a5acf82542810ecddf4ad7a9ac8b7b1cfd287)]:
|
|
8
|
+
- @openape/core@0.10.0
|
|
9
|
+
- @openape/grants@0.5.3
|
|
10
|
+
|
|
3
11
|
## 0.2.5
|
|
4
12
|
|
|
5
13
|
### Patch Changes
|
package/PLAN.md
CHANGED
|
@@ -63,7 +63,7 @@ Das Agent-JWT kommt aus dem bestehenden Ed25519 Challenge-Response Flow.
|
|
|
63
63
|
[proxy]
|
|
64
64
|
listen = "127.0.0.1:9090"
|
|
65
65
|
idp_url = "https://id.office.or.at"
|
|
66
|
-
agent_key = "/etc/
|
|
66
|
+
agent_key = "/etc/openape/agent.key"
|
|
67
67
|
agent_id = "mini-claw@office.or.at"
|
|
68
68
|
default_action = "request" # block | request | request-async
|
|
69
69
|
audit_log = "/var/log/openape-proxy/audit.jsonl"
|
|
@@ -134,7 +134,7 @@ grant_type = "once"
|
|
|
134
134
|
|
|
135
135
|
### Sprache: Rust
|
|
136
136
|
|
|
137
|
-
- Wie `
|
|
137
|
+
- Wie `escapes` — konsistent im Ökosystem
|
|
138
138
|
- Performant für Proxy-Workload (viele gleichzeitige Connections)
|
|
139
139
|
- `tokio` + `hyper` für async HTTP
|
|
140
140
|
- Kein TLS-Aufbrechen nötig: CONNECT-Tunnel ist opak (nur Domain sichtbar, nicht der Inhalt)
|
|
@@ -229,7 +229,7 @@ Ziel: Volle Transparenz über Agent-Aktivität im Web.
|
|
|
229
229
|
Ziel: Nahtlose Einbindung in OpenApe und Agent-Runtimes.
|
|
230
230
|
|
|
231
231
|
- [ ] `@openape/proxy` npm Package (programmatisch starten/konfigurieren)
|
|
232
|
-
- [ ] Integration mit `
|
|
232
|
+
- [ ] Integration mit `escapes` (ein Setup: Proxy + sudo gemeinsam konfiguriert)
|
|
233
233
|
- [ ] OpenClaw Plugin (Proxy automatisch starten wenn Agent startet)
|
|
234
234
|
- [ ] Agent-Runtime SDKs (Python, Go) — für Agents die nicht auf HTTP_PROXY setzen
|
|
235
235
|
- [ ] Auto-Discovery (Agent fragt IdP: "Welche Domains darf ich?" → Config generieren)
|
|
@@ -253,9 +253,9 @@ openape-proxy --status
|
|
|
253
253
|
| Komponente | Rolle |
|
|
254
254
|
|---|---|
|
|
255
255
|
| `openape-proxy` | Kontrolliert ausgehenden Agent-Traffic |
|
|
256
|
-
| `
|
|
256
|
+
| `escapes` (openape-escapes) | Kontrolliert lokale Privilege Elevation |
|
|
257
257
|
| `@openape/grants` | Grant-Logik (shared zwischen Proxy und sudo) |
|
|
258
258
|
| `@openape/nuxt-grants` | Web-UI für Grant-Approval |
|
|
259
259
|
| IdP (id.office.or.at) | Zentrale Autorität für Agents + Grants |
|
|
260
260
|
|
|
261
|
-
**Zusammen:** Ein Agent kann weder lokal (
|
|
261
|
+
**Zusammen:** Ein Agent kann weder lokal (escapes) noch im Web (proxy) etwas tun, ohne dass ein Mensch es erlaubt hat.
|
package/package.json
CHANGED
|
@@ -1,7 +1,12 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@openape/proxy",
|
|
3
3
|
"type": "module",
|
|
4
|
-
"version": "0.2.
|
|
4
|
+
"version": "0.2.6",
|
|
5
|
+
"turbo": {
|
|
6
|
+
"tags": [
|
|
7
|
+
"publishable"
|
|
8
|
+
]
|
|
9
|
+
},
|
|
5
10
|
"description": "OpenApe agent HTTP gateway — forward proxy with grant-based access control",
|
|
6
11
|
"author": "Patrick Hofmann",
|
|
7
12
|
"license": "MIT",
|
|
@@ -11,8 +16,8 @@
|
|
|
11
16
|
"dependencies": {
|
|
12
17
|
"jose": "^5.9.0",
|
|
13
18
|
"smol-toml": "^1.3.0",
|
|
14
|
-
"@openape/
|
|
15
|
-
"@openape/
|
|
19
|
+
"@openape/core": "0.10.0",
|
|
20
|
+
"@openape/grants": "0.5.3"
|
|
16
21
|
},
|
|
17
22
|
"devDependencies": {
|
|
18
23
|
"@types/bun": "^1.3.10",
|