@openleash/core 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +46 -0
- package/index.js +3 -0
- package/package.json +27 -0
package/README.md
ADDED
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
# @openleash/core
|
|
2
|
+
|
|
3
|
+
Core authorization and proof engine for [OpenLeash](https://openleash.ai).
|
|
4
|
+
|
|
5
|
+
> **This package is a placeholder.** The full implementation is under active development.
|
|
6
|
+
|
|
7
|
+
## What is OpenLeash?
|
|
8
|
+
|
|
9
|
+
OpenLeash is a local-first authorization and proof sidecar for AI agents. It answers two questions:
|
|
10
|
+
|
|
11
|
+
1. **Is this agent allowed to do this action right now?**
|
|
12
|
+
2. **Can the agent produce a cryptographic proof that others can verify?**
|
|
13
|
+
|
|
14
|
+
## What does `@openleash/core` provide?
|
|
15
|
+
|
|
16
|
+
This package contains the core logic that powers OpenLeash:
|
|
17
|
+
|
|
18
|
+
- **Policy engine** — Evaluates structured `ActionRequest` objects against YAML policies and returns a `DecisionResult` (`ALLOW`, `DENY`, `REQUIRE_APPROVAL`, `REQUIRE_STEP_UP`, `REQUIRE_DEPOSIT`).
|
|
19
|
+
- **Expression evaluator** — A safe, sandboxed expression language for policy `when` clauses supporting `all`, `any`, `not`, and `match` operators with JSONPath-lite accessors.
|
|
20
|
+
- **Constraints evaluation** — Built-in constraint shortcuts for `amount_max`, `amount_min`, `currency`, `merchant_domain`, `allowed_domains`, and `blocked_domains`.
|
|
21
|
+
- **Obligations & precedence** — Computes obligations from matched rules and maps them to the final decision using blocking precedence (`HUMAN_APPROVAL` > `STEP_UP_AUTH` > `DEPOSIT` > `COUNTERPARTY_ATTESTATION`).
|
|
22
|
+
- **Canonical hashing** — RFC 8785 JSON Canonicalization Scheme (JCS) for deterministic `action_hash` computation.
|
|
23
|
+
- **Proof token issuance & verification** — PASETO v4.public (Ed25519) tokens bound to `action_hash`.
|
|
24
|
+
- **File-based state management** — Read/write for `state.md`, owner/agent markdown files, and policy YAML.
|
|
25
|
+
- **Audit logging** — Append-only JSONL audit log.
|
|
26
|
+
- **Nonce replay cache** — In-memory TTL cache to prevent request replay.
|
|
27
|
+
|
|
28
|
+
## Installation
|
|
29
|
+
|
|
30
|
+
```bash
|
|
31
|
+
npm install @openleash/core
|
|
32
|
+
```
|
|
33
|
+
|
|
34
|
+
## Status
|
|
35
|
+
|
|
36
|
+
This package is under active development. See the [OpenLeash repository](https://github.com/openleash/openleash) for progress and documentation.
|
|
37
|
+
|
|
38
|
+
## Links
|
|
39
|
+
|
|
40
|
+
- [OpenLeash website](https://openleash.ai)
|
|
41
|
+
- [GitHub repository](https://github.com/openleash/openleash)
|
|
42
|
+
- [OpenClaw](https://openclaw.ai) — agent runtime that integrates with OpenLeash
|
|
43
|
+
|
|
44
|
+
## License
|
|
45
|
+
|
|
46
|
+
MIT
|
package/index.js
ADDED
package/package.json
ADDED
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
{
|
|
2
|
+
"private": false,
|
|
3
|
+
"publishConfig": {
|
|
4
|
+
"access": "public"
|
|
5
|
+
},
|
|
6
|
+
"name": "@openleash/core",
|
|
7
|
+
"version": "0.0.1",
|
|
8
|
+
"description": "Core authorization and proof engine for OpenLeash — policy evaluation, cryptographic proof tokens, and audit logging for AI agents.",
|
|
9
|
+
"main": "index.js",
|
|
10
|
+
"types": "index.d.ts",
|
|
11
|
+
"license": "MIT",
|
|
12
|
+
"repository": {
|
|
13
|
+
"type": "git",
|
|
14
|
+
"url": "https://github.com/openleash/openleash",
|
|
15
|
+
"directory": "packages/core"
|
|
16
|
+
},
|
|
17
|
+
"homepage": "https://openleash.ai",
|
|
18
|
+
"keywords": [
|
|
19
|
+
"openleash",
|
|
20
|
+
"authorization",
|
|
21
|
+
"ai-agents",
|
|
22
|
+
"policy-engine",
|
|
23
|
+
"paseto",
|
|
24
|
+
"proof-tokens",
|
|
25
|
+
"security"
|
|
26
|
+
]
|
|
27
|
+
}
|