@praxis.guard/auditor-cli 0.0.30 → 0.0.33
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/hooks/before-mcp-argv.d.ts +17 -0
- package/dist/hooks/before-mcp-argv.d.ts.map +1 -0
- package/dist/hooks/before-mcp-argv.js +67 -0
- package/dist/hooks/before-mcp-argv.js.map +1 -0
- package/dist/hooks/before-mcp-mutate.d.ts +23 -0
- package/dist/hooks/before-mcp-mutate.d.ts.map +1 -0
- package/dist/hooks/before-mcp-mutate.js +76 -0
- package/dist/hooks/before-mcp-mutate.js.map +1 -0
- package/dist/hooks/before-mcp-skipped.d.ts +14 -0
- package/dist/hooks/before-mcp-skipped.d.ts.map +1 -0
- package/dist/hooks/before-mcp-skipped.js +56 -0
- package/dist/hooks/before-mcp-skipped.js.map +1 -0
- package/dist/hooks/before-mcp-types.d.ts +15 -0
- package/dist/hooks/before-mcp-types.d.ts.map +1 -0
- package/dist/hooks/before-mcp-types.js +2 -0
- package/dist/hooks/before-mcp-types.js.map +1 -0
- package/dist/hooks/run-before-mcp.d.ts +3 -27
- package/dist/hooks/run-before-mcp.d.ts.map +1 -1
- package/dist/hooks/run-before-mcp.js +57 -195
- package/dist/hooks/run-before-mcp.js.map +1 -1
- package/dist/mcp/evaluate-guard.d.ts +11 -0
- package/dist/mcp/evaluate-guard.d.ts.map +1 -0
- package/dist/mcp/evaluate-guard.js +148 -0
- package/dist/mcp/evaluate-guard.js.map +1 -0
- package/dist/mcp/guard-approval-block.d.ts +26 -0
- package/dist/mcp/guard-approval-block.d.ts.map +1 -0
- package/dist/mcp/guard-approval-block.js +154 -0
- package/dist/mcp/guard-approval-block.js.map +1 -0
- package/dist/mcp/guard-heartbeat.d.ts +6 -0
- package/dist/mcp/guard-heartbeat.d.ts.map +1 -0
- package/dist/mcp/guard-heartbeat.js +68 -0
- package/dist/mcp/guard-heartbeat.js.map +1 -0
- package/dist/mcp/guard-schemas.d.ts +42 -0
- package/dist/mcp/guard-schemas.d.ts.map +1 -0
- package/dist/mcp/guard-schemas.js +39 -0
- package/dist/mcp/guard-schemas.js.map +1 -0
- package/dist/mcp/server.d.ts.map +1 -1
- package/dist/mcp/server.js +4 -327
- package/dist/mcp/server.js.map +1 -1
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"run-before-mcp.js","sourceRoot":"","sources":["../../src/hooks/run-before-mcp.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,sBAAsB,EAAa,MAAM,oBAAoB,CAAC;AAEvF,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,uBAAuB,EAAE,MAAM,iCAAiC,CAAC;AAC1E,OAAO,EAAE,yBAAyB,EAAE,MAAM,+BAA+B,CAAC;AAC1E,OAAO,EAAE,4BAA4B,EAAE,MAAM,qCAAqC,CAAC;AACnF,OAAO,EAAE,wBAAwB,EAAE,MAAM,qCAAqC,CAAC;AAC/E,OAAO,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,EACL,mCAAmC,EACnC,sBAAsB,GACvB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAkB9D,SAAS,gBAAgB,CAAC,IAAU;IAClC,IAAI,IAAI,KAAK,MAAM;QAAE,OAAO,OAAO,CAAC;IACpC,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,kBAAkB,CAAC,GAAY;IACtC,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI;QAAE,OAAO,EAAE,CAAC;IACjD,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC;IACxC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;IACrB,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAW;IAC1C,MAAM,CAAC,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;IACrB,IAAI,CAAC,CAAC;QAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;IAChD,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC;YACf,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC5C,IAAI,UAAU,IAAI,QAAQ;gBAAE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QACjF,CAAC;IACH,CAAC;IACD,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;AACxC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CAAC,OAAkC;IACvE,MAAM,OAAO,GAAG,OAAO,OAAO,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IACtF,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAExD,IAAI,MAAM,GAAG,OAAO,CAAC;IACrB,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC;QAC1D,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC;QAChC,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,GAAG,CAAC,CAAC;QACb,CAAC;IACH,CAAC;SAAM,IAAI,WAAW,EAAE,CAAC;QACvB,MAAM,GAAG,WAAW,CAAC;IACvB,CAAC;SAAM,IAAI,OAAO,OAAO,CAAC,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;QACzE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAChD,CAAC;IACD,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,IAAI,GAAG,CAAC,CAAC;AACtC,CAAC;AAED,KAAK,UAAU,aAAa;IAC1B,OAAO,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC3C,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAClC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,IAAI,IAAI,KAAK,CAAC,CAAC,CAAC;QACrD,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YAC3B,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;YAC5B,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,MAAM,CAAC,CAAC,CAAC,CAAC;YACZ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,mBAAmB,CAAC,GAA4B,EAAE,YAAqB;IACpF,IAAI,CAAC;QACH,MAAM,gBAAgB,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;IAC5C,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACvD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sCAAsC,GAAG,IAAI,CAAC,CAAC;IACtE,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB;IAC7C,MAAM,OAAO,GAAG,MAAM,aAAa,EAA6B,CAAC;IACjE,MAAM,eAAe,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;IAE1C,MAAM,WAAW,GAAG,OAAO,OAAO,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC1F,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,QAAQ,GAA+B;YAC3C,UAAU,EAAE,MAAM;YAClB,YAAY,EAAE,yDAAyD;YACvE,aAAa,EAAE,+DAA+D;SAC/E,CAAC;QACF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACxD,OAAO;IACT,CAAC;IAED,MAAM,IAAI,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAC;IAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC;IAEhC,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,cAAc,EAAE,EAAE,sBAAsB,EAAE,CAAC,CAAC,CAAC;IACjG,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,mBAAmB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAClE,MAAM,EAAE,cAAc,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,UAAU,CAAC;IACnD,MAAM,OAAO,GAAa,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAEnE,MAAM,YAAY,GAChB,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ;QAC7B,CAAC,CAAC,OAAO,CAAC,GAAG;QACb,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC;YACpC,OAAO,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,KAAK,QAAQ;YAChD,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC;YAC5B,CAAC,CAAC,SAAS,CAAC;IAClB,MAAM,WAAW,GAAG,uBAAuB,CAAC,YAAY,CAAC,CAAC;IAC1D,MAAM,YAAY,GAAG,WAAW,CAAC;IACjC,MAAM,aAAa,GAAG,eAAe,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAE1D,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,eAAe,CAAC;QACvD,MAAM,YAAY,GAAG,kBAAkB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAC5D,MAAM,mBAAmB,CACvB;YACE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YAC5B,IAAI,EAAE,oBAAoB;YAC1B,SAAS,EAAE,WAAW;YACtB,SAAS,EAAE,QAAQ;YACnB,UAAU,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC;YACvC,IAAI;YACJ,MAAM,EAAE,SAAS;YACjB,OAAO,EAAE,IAAI;YACb,WAAW,EAAE,sBAAsB;YACnC,IAAI;YACJ,UAAU,EAAE,OAAO;YACnB,cAAc,EAAE,KAAK;YACrB,OAAO;YACP,UAAU;SACX,EACD,YAAY,CACb,CAAC;QAEF,MAAM,YAAY,GAA+B,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC;QACzE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAE5D,MAAM,cAAc,CAAC;YACnB,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YAC5B,MAAM,EAAE,SAAS;YACjB,OAAO,EAAE,IAAI;YACb,WAAW,EAAE,sBAAsB;YACnC,IAAI,EAAE,kBAAkB;YACxB,YAAY,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI;YAC7B,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI;YACrB,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI;YAC1D,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,sBAAsB;YAC5C,GAAG,EAAE,GAAG,WAAW,EAAE;YACrB,IAAI;YACJ,QAAQ,EAAE,OAAO;YACjB,UAAU;YACV,SAAS,EAAE,YAAY,EAAE;YACzB,IAAI,EAAE,KAAK;YACX,GAAG,CAAC,cAAc,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,eAAe,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvE,IAAI,EAAE;gBACJ,IAAI,EAAE,oBAAoB;gBAC1B,cAAc,EAAE,KAAK;aACtB;SACF,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,IAAI,UAAU,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACxC,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,IAAI,kBAAkB,GAAkB,IAAI,CAAC;IAC7C,IAAI,UAAU,KAAK,MAAM,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC/C,cAAc,GAAG,MAAM,yBAAyB,CAAC,IAAI,EAAE;YACrD,WAAW;YACX,IAAI,EAAE,KAAK;YACX,iBAAiB,EAAE,aAAa;SACjC,CAAC,CAAC;QACH,IAAI,cAAc;YAAE,UAAU,GAAG,OAAO,CAAC;IAC3C,CAAC;IAED,IAAI,cAAc,GAAoD,IAAI,CAAC;IAC3E,IAAI,UAAU,KAAK,MAAM,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC/C,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;QAC9B,MAAM,OAAO,GAAG,MAAM,wBAAwB,CAAC,IAAI,EAAE,EAAE,WAAW,EAAE,CAAC,CAAC;QACtE,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,UAAU,GAAG,MAAM,qBAAqB,CAAC;gBAC7C,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC;gBACf,YAAY,EAAE,KAAK;gBACnB,WAAW;gBACX,UAAU,EAAE,GAAG,WAAW,IAAI,kBAAkB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;gBACpF,OAAO,EAAE,UAAU,EAAE;gBACrB,cAAc;gBACd,OAAO;gBACP,QAAQ,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE;gBAC5C,MAAM,EAAE,CAAC;gBACT,iBAAiB,EAAE,aAAa;aACjC,CAAC,CAAC;YACH,IAAI,UAAU,CAAC,IAAI,KAAK,OAAO,IAAI,UAAU,CAAC,cAAc,EAAE,CAAC;gBAC7D,cAAc,GAAG,MAAM,yBAAyB,CAAC,IAAI,EAAE;oBACrD,WAAW;oBACX,IAAI,EAAE,KAAK;oBACX,iBAAiB,EAAE,aAAa;iBACjC,CAAC,CAAC;gBACH,IAAI,cAAc,EAAE,CAAC;oBACnB,UAAU,GAAG,OAAO,CAAC;gBACvB,CAAC;YACH,CAAC;YACD,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;gBAC1B,kBAAkB,GAAG,kCAAkC,CAAC;gBACxD,OAAO,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;gBACjD,cAAc,GAAG,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC;YAClF,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,OAAO,GAAG,MAAM,4BAA4B,CAAC;gBACjD,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC;gBACf,IAAI,EAAE,KAAK;gBACX,UAAU,EAAE,GAAG,WAAW,IAAI,kBAAkB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;gBACpF,cAAc;gBACd,OAAO;gBACP,OAAO,EAAE,UAAU,EAAE;gBACrB,WAAW;gBACX,iBAAiB,EAAE,aAAa;aACjC,CAAC,CAAC;YACH,IAAI,OAAO,EAAE,CAAC;gBACZ,cAAc,GAAG,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC;YAClF,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,eAAe,CAAC;IACvD,MAAM,YAAY,GAAG,kBAAkB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAE5D,MAAM,YAAY,GAAG,mCAAmC,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC;IAC7E,MAAM,YAAY,GAChB,UAAU,KAAK,MAAM;QACnB,CAAC,CAAC,sBAAsB,CAAC;YACrB,IAAI,EAAE,oBAAoB;YAC1B,IAAI;YACJ,IAAI;YACJ,OAAO;YACP,QAAQ,EAAE,WAAW;YACrB,cAAc;SACf,CAAC;QACJ,CAAC,CAAC,IAAI,CAAC;IAEX,MAAM,QAAQ,GACZ,UAAU,KAAK,OAAO;QACpB,CAAC,CAAC;YACE,UAAU;YACV,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACzD;QACH,CAAC,CAAC;YACE,UAAU;YACV,YAAY,EAAE,YAAa,CAAC,YAAY;YACxC,aAAa,EAAE,YAAa,CAAC,aAAa;SAC3C,CAAC;IAER,MAAM,mBAAmB,CACvB;QACE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QAC5B,IAAI,EAAE,oBAAoB;QAC1B,SAAS,EAAE,WAAW;QACtB,SAAS,EAAE,QAAQ;QACnB,UAAU,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC;QACvC,IAAI;QACJ,cAAc;QACd,KAAK;QACL,IAAI;QACJ,UAAU;QACV,cAAc;QACd,iBAAiB,EAAE,cAAc,EAAE,UAAU,IAAI,IAAI;QACrD,iBAAiB,EAAE,aAAa;QAChC,OAAO;QACP,oBAAoB,EAAE,kBAAkB;QACxC,UAAU;KACX,EACD,YAAY,CACb,CAAC;IAEF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAExD,MAAM,MAAM,GAAG,UAAU,KAAK,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;IAC7D,MAAM,cAAc,CAAC;QACnB,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QAC5B,MAAM;QACN,IAAI,EAAE,kBAAkB;QACxB,YAAY,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI;QAC7B,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI;QACrB,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI;QAC1D,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,IAAI;QAC1B,GAAG,EAAE,GAAG,WAAW,EAAE;QACrB,IAAI;QACJ,QAAQ,EAAE,UAAU,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO;QACpD,UAAU;QACV,SAAS,EAAE,YAAY,EAAE;QACzB,IAAI,EAAE,KAAK;QACX,GAAG,CAAC,cAAc,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,eAAe,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvE,IAAI,EAAE;YACJ,IAAI,EAAE,oBAAoB;YAC1B,cAAc;YACd,mBAAmB,EAAE,cAAc,EAAE,UAAU,IAAI,IAAI;YACvD,oBAAoB,EAAE,kBAAkB;SACzC;KACF,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,oCAAoC,CAAC,GAAY;IAC/D,OAAO;QACL,UAAU,EAAE,MAAM;QAClB,YAAY,EAAE,yDAAyD;QACvE,aAAa,EAAE,0CAA0C,MAAM,CAAC,GAAG,CAAC,EAAE;KACvE,CAAC;AACJ,CAAC"}
|
|
1
|
+
{"version":3,"file":"run-before-mcp.js","sourceRoot":"","sources":["../../src/hooks/run-before-mcp.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,sBAAsB,EAAa,MAAM,oBAAoB,CAAC;AAEvF,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,uBAAuB,EAAE,MAAM,iCAAiC,CAAC;AAC1E,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,EACL,mCAAmC,EACnC,sBAAsB,GACvB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EACL,sBAAsB,EACtB,gBAAgB,EAEhB,kBAAkB,GACnB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,2BAA2B,EAAE,MAAM,wBAAwB,CAAC;AACrE,OAAO,EAAE,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AAO/D,OAAO,EAAE,sBAAsB,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAEhF,KAAK,UAAU,aAAa;IAC1B,OAAO,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC3C,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAClC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,IAAI,IAAI,KAAK,CAAC,CAAC,CAAC;QACrD,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YAC3B,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;YAC5B,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,MAAM,CAAC,CAAC,CAAC,CAAC;YACZ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,gBAAgB,CAAC,IAAU;IAClC,IAAI,IAAI,KAAK,MAAM;QAAE,OAAO,OAAO,CAAC;IACpC,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB;IAC7C,MAAM,OAAO,GAAG,MAAM,aAAa,EAA6B,CAAC;IACjE,MAAM,eAAe,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;IAE1C,MAAM,WAAW,GAAG,OAAO,OAAO,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC1F,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,QAAQ,GAA+B;YAC3C,UAAU,EAAE,MAAM;YAClB,YAAY,EAAE,yDAAyD;YACvE,aAAa,EAAE,+DAA+D;SAC/E,CAAC;QACF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACxD,OAAO;IACT,CAAC;IAED,MAAM,IAAI,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAC;IAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC;IAEhC,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,cAAc,EAAE,EAAE,sBAAsB,EAAE,CAAC,CAAC,CAAC;IACjG,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,mBAAmB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAClE,MAAM,EAAE,cAAc,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,UAAU,CAAC;IACnD,MAAM,cAAc,GAAa,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAE1E,MAAM,WAAW,GAAG,uBAAuB,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAC;IACvE,MAAM,YAAY,GAAG,WAAW,CAAC;IACjC,MAAM,aAAa,GAAG,eAAe,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAE1D,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,oBAAoB,CAAC;YACzB,OAAO;YACP,WAAW;YACX,QAAQ;YACR,IAAI;YACJ,IAAI;YACJ,OAAO,EAAE,cAAc;YACvB,cAAc;YACd,YAAY;YACZ,eAAe;SAChB,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,IAAI,UAAU,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACxC,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,IAAI,cAAc,GAAoD,IAAI,CAAC;IAC3E,IAAI,kBAAkB,GAAkB,IAAI,CAAC;IAC7C,IAAI,OAAO,GAAG,cAAc,CAAC;IAE7B,IAAI,UAAU,KAAK,MAAM,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC/C,MAAM,MAAM,GAAG,MAAM,2BAA2B,CAAC;YAC/C,IAAI;YACJ,IAAI;YACJ,WAAW;YACX,aAAa;YACb,WAAW;YACX,gBAAgB,EAAE,kBAAkB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;YACtE,cAAc;YACd,cAAc;SACf,CAAC,CAAC;QACH,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;QAC/B,cAAc,GAAG,MAAM,CAAC,cAAc,CAAC;QACvC,cAAc,GAAG,MAAM,CAAC,cAAc,CAAC;QACvC,kBAAkB,GAAG,MAAM,CAAC,kBAAkB,CAAC;QAC/C,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;IAC3B,CAAC;IAED,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,eAAe,CAAC;IACvD,MAAM,YAAY,GAAG,kBAAkB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAE5D,MAAM,YAAY,GAAG,mCAAmC,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC;IAC7E,MAAM,YAAY,GAChB,UAAU,KAAK,MAAM;QACnB,CAAC,CAAC,sBAAsB,CAAC;YACrB,IAAI,EAAE,oBAAoB;YAC1B,IAAI;YACJ,IAAI;YACJ,OAAO;YACP,QAAQ,EAAE,WAAW;YACrB,cAAc;SACf,CAAC;QACJ,CAAC,CAAC,IAAI,CAAC;IAEX,MAAM,QAAQ,GACZ,UAAU,KAAK,OAAO;QACpB,CAAC,CAAC;YACE,UAAU;YACV,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACzD;QACH,CAAC,CAAC;YACE,UAAU;YACV,YAAY,EAAE,YAAa,CAAC,YAAY;YACxC,aAAa,EAAE,YAAa,CAAC,aAAa;SAC3C,CAAC;IAER,IAAI,CAAC;QACH,MAAM,gBAAgB,CACpB;YACE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YAC5B,IAAI,EAAE,oBAAoB;YAC1B,SAAS,EAAE,WAAW;YACtB,SAAS,EAAE,QAAQ;YACnB,UAAU,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC;YACvC,IAAI;YACJ,cAAc;YACd,KAAK;YACL,IAAI;YACJ,UAAU;YACV,cAAc;YACd,iBAAiB,EAAE,cAAc,EAAE,UAAU,IAAI,IAAI;YACrD,iBAAiB,EAAE,aAAa;YAChC,OAAO;YACP,oBAAoB,EAAE,kBAAkB;YACxC,UAAU;SACX,EACD,YAAY,CACb,CAAC;IACJ,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACvD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sCAAsC,GAAG,IAAI,CAAC,CAAC;IACtE,CAAC;IAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAExD,MAAM,MAAM,GAAG,UAAU,KAAK,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;IAC7D,MAAM,cAAc,CAAC;QACnB,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QAC5B,MAAM;QACN,IAAI,EAAE,kBAAkB;QACxB,YAAY,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI;QAC7B,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI;QACrB,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI;QAC1D,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,IAAI;QAC1B,GAAG,EAAE,GAAG,WAAW,EAAE;QACrB,IAAI;QACJ,QAAQ,EAAE,UAAU,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO;QACpD,UAAU;QACV,SAAS,EAAE,YAAY,EAAE;QACzB,IAAI,EAAE,KAAK;QACX,GAAG,CAAC,cAAc,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,eAAe,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvE,IAAI,EAAE;YACJ,IAAI,EAAE,oBAAoB;YAC1B,cAAc;YACd,mBAAmB,EAAE,cAAc,EAAE,UAAU,IAAI,IAAI;YACvD,oBAAoB,EAAE,kBAAkB;SACzC;KACF,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,oCAAoC,CAAC,GAAY;IAC/D,OAAO;QACL,UAAU,EAAE,MAAM;QAClB,YAAY,EAAE,yDAAyD;QACvE,aAAa,EAAE,0CAA0C,MAAM,CAAC,GAAG,CAAC,EAAE;KACvE,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import { loadPoliciesV1 } from "../policy/index.js";
|
|
2
|
+
import type { GuardInput } from "./guard-schemas.js";
|
|
3
|
+
export type PolicyState = {
|
|
4
|
+
policy: Awaited<ReturnType<typeof loadPoliciesV1>>;
|
|
5
|
+
policyRevision: number | null;
|
|
6
|
+
};
|
|
7
|
+
export declare function evaluateGuard(input: GuardInput, policyState: PolicyState): Promise<{
|
|
8
|
+
response: Record<string, unknown>;
|
|
9
|
+
startedAt: number;
|
|
10
|
+
}>;
|
|
11
|
+
//# sourceMappingURL=evaluate-guard.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"evaluate-guard.d.ts","sourceRoot":"","sources":["../../src/mcp/evaluate-guard.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,cAAc,EAAqC,MAAM,oBAAoB,CAAC;AAiBvF,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAErD,MAAM,MAAM,WAAW,GAAG;IACxB,MAAM,EAAE,OAAO,CAAC,UAAU,CAAC,OAAO,cAAc,CAAC,CAAC,CAAC;IACnD,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;CAC/B,CAAC;AA+CF,wBAAsB,aAAa,CACjC,KAAK,EAAE,UAAU,EACjB,WAAW,EAAE,WAAW,GACvB,OAAO,CAAC;IAAE,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC,CAiHnE"}
|
|
@@ -0,0 +1,148 @@
|
|
|
1
|
+
import { v4 as uuidv4 } from "uuid";
|
|
2
|
+
import { loadPoliciesV1, readPoliciesV1Revision } from "../policy/index.js";
|
|
3
|
+
import { resolveGuardStorageRoot } from "../bridge/guard-storage-root.js";
|
|
4
|
+
import { evaluateMcpProposal, evaluateShellProposal, parseCommandToArgv, } from "../shell/evaluate.js";
|
|
5
|
+
import { sendGuardEvent } from "../telemetry/guard-events.js";
|
|
6
|
+
import { getInstallId } from "../cli/install-id.js";
|
|
7
|
+
import { resolveGuardAuditStatus } from "./guard-audit-status.js";
|
|
8
|
+
import { applyGuardMode, tierToPolicyDecision } from "./guard-mode.js";
|
|
9
|
+
import { resetHeartbeatIdle } from "./guard-heartbeat.js";
|
|
10
|
+
import { defaultApprovalBlock, resolveEnforceMutateApproval, } from "./guard-approval-block.js";
|
|
11
|
+
function riskScore(skipped, tier) {
|
|
12
|
+
if (skipped)
|
|
13
|
+
return 0;
|
|
14
|
+
if (tier === "READ")
|
|
15
|
+
return 0;
|
|
16
|
+
if (tier === "MUTATE")
|
|
17
|
+
return 60;
|
|
18
|
+
return 95;
|
|
19
|
+
}
|
|
20
|
+
function resolveTierDecision(input) {
|
|
21
|
+
const { mode, skipped, tier } = input;
|
|
22
|
+
let enforceDecision = tierToPolicyDecision(tier, skipped);
|
|
23
|
+
const approvalBlock = defaultApprovalBlock();
|
|
24
|
+
if (skipped) {
|
|
25
|
+
return { enforceDecision: "allow", approvalBlock };
|
|
26
|
+
}
|
|
27
|
+
if (tier === "DESTRUCTIVE") {
|
|
28
|
+
return {
|
|
29
|
+
enforceDecision: "block",
|
|
30
|
+
approvalBlock: {
|
|
31
|
+
...approvalBlock,
|
|
32
|
+
instructions: "DESTRUCTIVE actions cannot be approved via guard. Escalate outside the agent loop.",
|
|
33
|
+
},
|
|
34
|
+
};
|
|
35
|
+
}
|
|
36
|
+
if (tier === "READ") {
|
|
37
|
+
return { enforceDecision: "allow", approvalBlock };
|
|
38
|
+
}
|
|
39
|
+
if (mode === "shadow") {
|
|
40
|
+
return {
|
|
41
|
+
enforceDecision: "require_approval",
|
|
42
|
+
approvalBlock: {
|
|
43
|
+
...approvalBlock,
|
|
44
|
+
instructions: "Shadow mode: no approval request created. Re-call with mode enforce to coordinate human approval.",
|
|
45
|
+
},
|
|
46
|
+
};
|
|
47
|
+
}
|
|
48
|
+
return { enforceDecision, approvalBlock };
|
|
49
|
+
}
|
|
50
|
+
export async function evaluateGuard(input, policyState) {
|
|
51
|
+
const startedAt = performance.now();
|
|
52
|
+
const event_id = uuidv4();
|
|
53
|
+
resetHeartbeatIdle();
|
|
54
|
+
policyState.policy = await loadPoliciesV1();
|
|
55
|
+
policyState.policyRevision = await readPoliciesV1Revision();
|
|
56
|
+
const storageRoot = resolveGuardStorageRoot(input.proposal.cwd);
|
|
57
|
+
const argv = input.proposal.raw_command
|
|
58
|
+
? parseCommandToArgv(input.proposal.raw_command)
|
|
59
|
+
: input.proposal.argv;
|
|
60
|
+
const { skipped, evaluation } = input.proposal.kind === "shell"
|
|
61
|
+
? evaluateShellProposal(policyState.policy, argv)
|
|
62
|
+
: evaluateMcpProposal(policyState.policy, argv);
|
|
63
|
+
const tier = evaluation.tier;
|
|
64
|
+
const reasons = [...evaluation.reasons];
|
|
65
|
+
const policyReasons = [...evaluation.reasons];
|
|
66
|
+
let { enforceDecision, approvalBlock } = resolveTierDecision({
|
|
67
|
+
mode: input.mode,
|
|
68
|
+
skipped,
|
|
69
|
+
tier,
|
|
70
|
+
});
|
|
71
|
+
let approvalRequestId = null;
|
|
72
|
+
if (!skipped &&
|
|
73
|
+
tier !== "DESTRUCTIVE" &&
|
|
74
|
+
tier !== "READ" &&
|
|
75
|
+
input.mode === "enforce") {
|
|
76
|
+
const mutate = await resolveEnforceMutateApproval({
|
|
77
|
+
guardInput: input,
|
|
78
|
+
argv,
|
|
79
|
+
storageRoot,
|
|
80
|
+
eventId: event_id,
|
|
81
|
+
policyRevision: policyState.policyRevision,
|
|
82
|
+
reasons,
|
|
83
|
+
});
|
|
84
|
+
enforceDecision = mutate.enforceDecision;
|
|
85
|
+
approvalBlock = mutate.approvalBlock;
|
|
86
|
+
approvalRequestId = mutate.approvalRequestId;
|
|
87
|
+
}
|
|
88
|
+
const { decision, shadow } = applyGuardMode({
|
|
89
|
+
mode: input.mode,
|
|
90
|
+
skipped,
|
|
91
|
+
tier,
|
|
92
|
+
policyReasons,
|
|
93
|
+
enforceDecision,
|
|
94
|
+
});
|
|
95
|
+
const response = {
|
|
96
|
+
mode: input.mode,
|
|
97
|
+
decision,
|
|
98
|
+
skipped,
|
|
99
|
+
tier,
|
|
100
|
+
risk_score: riskScore(skipped, tier),
|
|
101
|
+
reasons,
|
|
102
|
+
shadow,
|
|
103
|
+
approval: approvalBlock,
|
|
104
|
+
audit: {
|
|
105
|
+
event_id,
|
|
106
|
+
timestamp: new Date().toISOString(),
|
|
107
|
+
latency_ms: performance.now() - startedAt,
|
|
108
|
+
},
|
|
109
|
+
execution: {
|
|
110
|
+
attempted: false,
|
|
111
|
+
result: null,
|
|
112
|
+
},
|
|
113
|
+
};
|
|
114
|
+
const firstReason = reasons.find((r) => typeof r?.message === "string")?.message ??
|
|
115
|
+
reasons.find((r) => typeof r?.code === "string")?.code ??
|
|
116
|
+
null;
|
|
117
|
+
const actionVerb = argv[1] ?? null;
|
|
118
|
+
const actionResource = argv.length > 2 ? argv.slice(2).join(" ") : null;
|
|
119
|
+
const status = resolveGuardAuditStatus({ skipped, decision });
|
|
120
|
+
void sendGuardEvent({
|
|
121
|
+
ts: new Date().toISOString(),
|
|
122
|
+
status,
|
|
123
|
+
skipped,
|
|
124
|
+
...(skipped
|
|
125
|
+
? {
|
|
126
|
+
skip_reason: input.proposal.kind === "shell" ? "ungoverned_shell_tool" : "mcp_policy_unmatched",
|
|
127
|
+
}
|
|
128
|
+
: {}),
|
|
129
|
+
tool: "auditor-mcp",
|
|
130
|
+
command_path: argv[0] ?? null,
|
|
131
|
+
verb: actionVerb,
|
|
132
|
+
resource: actionResource,
|
|
133
|
+
reason: firstReason,
|
|
134
|
+
cmd: argv.join(" "),
|
|
135
|
+
tier,
|
|
136
|
+
decision,
|
|
137
|
+
latency_ms: performance.now() - startedAt,
|
|
138
|
+
event_id,
|
|
139
|
+
installId: getInstallId(),
|
|
140
|
+
kind: input.proposal.kind,
|
|
141
|
+
...(policyState.policyRevision !== null
|
|
142
|
+
? { policy_revision: policyState.policyRevision }
|
|
143
|
+
: {}),
|
|
144
|
+
...(approvalRequestId ? { approval_request_id: approvalRequestId } : {}),
|
|
145
|
+
});
|
|
146
|
+
return { response, startedAt };
|
|
147
|
+
}
|
|
148
|
+
//# sourceMappingURL=evaluate-guard.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"evaluate-guard.js","sourceRoot":"","sources":["../../src/mcp/evaluate-guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,MAAM,CAAC;AAEpC,OAAO,EAAE,cAAc,EAAE,sBAAsB,EAAa,MAAM,oBAAoB,CAAC;AACvF,OAAO,EAAE,uBAAuB,EAAE,MAAM,iCAAiC,CAAC;AAC1E,OAAO,EACL,mBAAmB,EACnB,qBAAqB,EACrB,kBAAkB,GACnB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AAClE,OAAO,EAAE,cAAc,EAAE,oBAAoB,EAAsB,MAAM,iBAAiB,CAAC;AAC3F,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,EACL,oBAAoB,EACpB,4BAA4B,GAE7B,MAAM,2BAA2B,CAAC;AAQnC,SAAS,SAAS,CAAC,OAAgB,EAAE,IAAU;IAC7C,IAAI,OAAO;QAAE,OAAO,CAAC,CAAC;IACtB,IAAI,IAAI,KAAK,MAAM;QAAE,OAAO,CAAC,CAAC;IAC9B,IAAI,IAAI,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAC;IACjC,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,mBAAmB,CAAC,KAI5B;IACC,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,KAAK,CAAC;IACtC,IAAI,eAAe,GAAG,oBAAoB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC1D,MAAM,aAAa,GAAG,oBAAoB,EAAE,CAAC;IAE7C,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,aAAa,EAAE,CAAC;IACrD,CAAC;IACD,IAAI,IAAI,KAAK,aAAa,EAAE,CAAC;QAC3B,OAAO;YACL,eAAe,EAAE,OAAO;YACxB,aAAa,EAAE;gBACb,GAAG,aAAa;gBAChB,YAAY,EACV,oFAAoF;aACvF;SACF,CAAC;IACJ,CAAC;IACD,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;QACpB,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,aAAa,EAAE,CAAC;IACrD,CAAC;IACD,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtB,OAAO;YACL,eAAe,EAAE,kBAAkB;YACnC,aAAa,EAAE;gBACb,GAAG,aAAa;gBAChB,YAAY,EACV,mGAAmG;aACtG;SACF,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,CAAC;AAC5C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,KAAiB,EACjB,WAAwB;IAExB,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;IACpC,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC;IAC1B,kBAAkB,EAAE,CAAC;IAErB,WAAW,CAAC,MAAM,GAAG,MAAM,cAAc,EAAE,CAAC;IAC5C,WAAW,CAAC,cAAc,GAAG,MAAM,sBAAsB,EAAE,CAAC;IAE5D,MAAM,WAAW,GAAG,uBAAuB,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAChE,MAAM,IAAI,GAAG,KAAK,CAAC,QAAQ,CAAC,WAAW;QACrC,CAAC,CAAC,kBAAkB,CAAC,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC;QAChD,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC;IAExB,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,GAC3B,KAAK,CAAC,QAAQ,CAAC,IAAI,KAAK,OAAO;QAC7B,CAAC,CAAC,qBAAqB,CAAC,WAAW,CAAC,MAAM,EAAE,IAAI,CAAC;QACjD,CAAC,CAAC,mBAAmB,CAAC,WAAW,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAEpD,MAAM,IAAI,GAAS,UAAU,CAAC,IAAI,CAAC;IACnC,MAAM,OAAO,GAAG,CAAC,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;IACxC,MAAM,aAAa,GAAG,CAAC,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;IAE9C,IAAI,EAAE,eAAe,EAAE,aAAa,EAAE,GAAG,mBAAmB,CAAC;QAC3D,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,OAAO;QACP,IAAI;KACL,CAAC,CAAC;IACH,IAAI,iBAAiB,GAAkB,IAAI,CAAC;IAE5C,IACE,CAAC,OAAO;QACR,IAAI,KAAK,aAAa;QACtB,IAAI,KAAK,MAAM;QACf,KAAK,CAAC,IAAI,KAAK,SAAS,EACxB,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,4BAA4B,CAAC;YAChD,UAAU,EAAE,KAAK;YACjB,IAAI;YACJ,WAAW;YACX,OAAO,EAAE,QAAQ;YACjB,cAAc,EAAE,WAAW,CAAC,cAAc;YAC1C,OAAO;SACR,CAAC,CAAC;QACH,eAAe,GAAG,MAAM,CAAC,eAAe,CAAC;QACzC,aAAa,GAAG,MAAM,CAAC,aAAa,CAAC;QACrC,iBAAiB,GAAG,MAAM,CAAC,iBAAiB,CAAC;IAC/C,CAAC;IAED,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,cAAc,CAAC;QAC1C,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,OAAO;QACP,IAAI;QACJ,aAAa;QACb,eAAe;KAChB,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG;QACf,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,QAAQ;QACR,OAAO;QACP,IAAI;QACJ,UAAU,EAAE,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC;QACpC,OAAO;QACP,MAAM;QACN,QAAQ,EAAE,aAAa;QACvB,KAAK,EAAE;YACL,QAAQ;YACR,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,UAAU,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS;SAC1C;QACD,SAAS,EAAE;YACT,SAAS,EAAE,KAAK;YAChB,MAAM,EAAE,IAAI;SACb;KACF,CAAC;IAEF,MAAM,WAAW,GACf,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,EAAE,OAAO,KAAK,QAAQ,CAAC,EAAE,OAAO;QAC5D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,EAAE,IAAI,KAAK,QAAQ,CAAC,EAAE,IAAI;QACtD,IAAI,CAAC;IACP,MAAM,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;IACnC,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACxE,MAAM,MAAM,GAAG,uBAAuB,CAAC,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC;IAE9D,KAAK,cAAc,CAAC;QAClB,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QAC5B,MAAM;QACN,OAAO;QACP,GAAG,CAAC,OAAO;YACT,CAAC,CAAC;gBACE,WAAW,EACT,KAAK,CAAC,QAAQ,CAAC,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,sBAAsB;aACrF;YACH,CAAC,CAAC,EAAE,CAAC;QACP,IAAI,EAAE,aAAa;QACnB,YAAY,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI;QAC7B,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,cAAc;QACxB,MAAM,EAAE,WAAW;QACnB,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;QACnB,IAAI;QACJ,QAAQ;QACR,UAAU,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS;QACzC,QAAQ;QACR,SAAS,EAAE,YAAY,EAAE;QACzB,IAAI,EAAE,KAAK,CAAC,QAAQ,CAAC,IAAI;QACzB,GAAG,CAAC,WAAW,CAAC,cAAc,KAAK,IAAI;YACrC,CAAC,CAAC,EAAE,eAAe,EAAE,WAAW,CAAC,cAAc,EAAE;YACjD,CAAC,CAAC,EAAE,CAAC;QACP,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACzE,CAAC,CAAC;IAEH,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;AACjC,CAAC"}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
import type { GuardDecision } from "./guard-mode.js";
|
|
2
|
+
import type { GuardInput } from "./guard-schemas.js";
|
|
3
|
+
export type ApprovalBlock = {
|
|
4
|
+
required: boolean;
|
|
5
|
+
request_id: string | null;
|
|
6
|
+
expires_at: string | null;
|
|
7
|
+
open_url: string | null;
|
|
8
|
+
instructions: string | null;
|
|
9
|
+
redeemed: boolean;
|
|
10
|
+
approved_by: string | null;
|
|
11
|
+
};
|
|
12
|
+
export declare function defaultApprovalBlock(): ApprovalBlock;
|
|
13
|
+
export declare function approvalBlockNoToken(): ApprovalBlock;
|
|
14
|
+
export declare function resolveEnforceMutateApproval(input: {
|
|
15
|
+
guardInput: GuardInput;
|
|
16
|
+
argv: string[];
|
|
17
|
+
storageRoot: string;
|
|
18
|
+
eventId: string;
|
|
19
|
+
policyRevision: number | null;
|
|
20
|
+
reasons: unknown[];
|
|
21
|
+
}): Promise<{
|
|
22
|
+
enforceDecision: GuardDecision;
|
|
23
|
+
approvalBlock: ApprovalBlock;
|
|
24
|
+
approvalRequestId: string | null;
|
|
25
|
+
}>;
|
|
26
|
+
//# sourceMappingURL=guard-approval-block.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"guard-approval-block.d.ts","sourceRoot":"","sources":["../../src/mcp/guard-approval-block.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AACrD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAErD,MAAM,MAAM,aAAa,GAAG;IAC1B,QAAQ,EAAE,OAAO,CAAC;IAClB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,QAAQ,EAAE,OAAO,CAAC;IAClB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B,CAAC;AAEF,wBAAgB,oBAAoB,IAAI,aAAa,CAUpD;AAED,wBAAgB,oBAAoB,IAAI,aAAa,CAWpD;AAuFD,wBAAsB,4BAA4B,CAAC,KAAK,EAAE;IACxD,UAAU,EAAE,UAAU,CAAC;IACvB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,OAAO,EAAE,OAAO,EAAE,CAAC;CACpB,GAAG,OAAO,CAAC;IACV,eAAe,EAAE,aAAa,CAAC;IAC/B,aAAa,EAAE,aAAa,CAAC;IAC7B,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;CAClC,CAAC,CA0DD"}
|
|
@@ -0,0 +1,154 @@
|
|
|
1
|
+
import { resolveGuardToken } from "../cli/credentials.js";
|
|
2
|
+
import { resolveMutateApproval } from "../approval/mcp-flow.js";
|
|
3
|
+
export function defaultApprovalBlock() {
|
|
4
|
+
return {
|
|
5
|
+
required: false,
|
|
6
|
+
request_id: null,
|
|
7
|
+
expires_at: null,
|
|
8
|
+
open_url: null,
|
|
9
|
+
instructions: null,
|
|
10
|
+
redeemed: false,
|
|
11
|
+
approved_by: null,
|
|
12
|
+
};
|
|
13
|
+
}
|
|
14
|
+
export function approvalBlockNoToken() {
|
|
15
|
+
return {
|
|
16
|
+
required: true,
|
|
17
|
+
request_id: null,
|
|
18
|
+
expires_at: null,
|
|
19
|
+
open_url: null,
|
|
20
|
+
instructions: "MUTATE requires human approval. Run `auditor login` (or set PRAXIS_GUARD_TOKEN), then call guard again.",
|
|
21
|
+
redeemed: false,
|
|
22
|
+
approved_by: null,
|
|
23
|
+
};
|
|
24
|
+
}
|
|
25
|
+
function approvalBlockFromOutcome(outcome, fallbackRequestId) {
|
|
26
|
+
if (outcome.kind === "allow") {
|
|
27
|
+
if (!outcome.ticketRecorded) {
|
|
28
|
+
return {
|
|
29
|
+
enforceDecision: "require_approval",
|
|
30
|
+
approvalRequestId: outcome.request_id,
|
|
31
|
+
approvalBlock: {
|
|
32
|
+
required: true,
|
|
33
|
+
request_id: outcome.request_id,
|
|
34
|
+
expires_at: null,
|
|
35
|
+
open_url: null,
|
|
36
|
+
instructions: "Approval redeemed but execution ticket was not written under .cursor/guard/tickets. Fix permissions and call guard_wait again.",
|
|
37
|
+
redeemed: false,
|
|
38
|
+
approved_by: outcome.approved_by,
|
|
39
|
+
},
|
|
40
|
+
};
|
|
41
|
+
}
|
|
42
|
+
return {
|
|
43
|
+
enforceDecision: "allow",
|
|
44
|
+
approvalRequestId: outcome.request_id,
|
|
45
|
+
approvalBlock: {
|
|
46
|
+
required: false,
|
|
47
|
+
request_id: outcome.request_id,
|
|
48
|
+
expires_at: null,
|
|
49
|
+
open_url: null,
|
|
50
|
+
instructions: "Approval redeemed; retry the same shell/MCP invocation (hook consumes execution ticket).",
|
|
51
|
+
redeemed: outcome.redeemed,
|
|
52
|
+
approved_by: outcome.approved_by,
|
|
53
|
+
},
|
|
54
|
+
};
|
|
55
|
+
}
|
|
56
|
+
if (outcome.kind === "credential_not_recorded") {
|
|
57
|
+
return {
|
|
58
|
+
enforceDecision: "require_approval",
|
|
59
|
+
approvalRequestId: outcome.request_id,
|
|
60
|
+
approvalBlock: {
|
|
61
|
+
required: true,
|
|
62
|
+
request_id: outcome.request_id,
|
|
63
|
+
expires_at: null,
|
|
64
|
+
open_url: null,
|
|
65
|
+
instructions: `${outcome.message} Hooks will deny until a credential is recorded; retry guard after fixing local write permissions.`,
|
|
66
|
+
redeemed: false,
|
|
67
|
+
approved_by: null,
|
|
68
|
+
},
|
|
69
|
+
};
|
|
70
|
+
}
|
|
71
|
+
if (outcome.kind === "require_approval") {
|
|
72
|
+
return {
|
|
73
|
+
enforceDecision: "require_approval",
|
|
74
|
+
approvalRequestId: outcome.request_id,
|
|
75
|
+
approvalBlock: {
|
|
76
|
+
required: true,
|
|
77
|
+
request_id: outcome.request_id,
|
|
78
|
+
expires_at: outcome.expires_at,
|
|
79
|
+
open_url: outcome.open_url,
|
|
80
|
+
instructions: "Human must approve in the Praxis app (or dev: `auditor approvals approve <id>`). Prefer guard_wait with context.approval.request_id and context.wait_ms, then retry once.",
|
|
81
|
+
redeemed: false,
|
|
82
|
+
approved_by: null,
|
|
83
|
+
},
|
|
84
|
+
};
|
|
85
|
+
}
|
|
86
|
+
return {
|
|
87
|
+
enforceDecision: "require_approval",
|
|
88
|
+
approvalRequestId: null,
|
|
89
|
+
approvalBlock: {
|
|
90
|
+
required: true,
|
|
91
|
+
request_id: fallbackRequestId,
|
|
92
|
+
expires_at: null,
|
|
93
|
+
open_url: null,
|
|
94
|
+
instructions: `Approval backend error: ${outcome.message}. Hooks will deny MUTATE until resolved.`,
|
|
95
|
+
redeemed: false,
|
|
96
|
+
approved_by: null,
|
|
97
|
+
},
|
|
98
|
+
};
|
|
99
|
+
}
|
|
100
|
+
export async function resolveEnforceMutateApproval(input) {
|
|
101
|
+
const { guardInput, argv, storageRoot, eventId, policyRevision, reasons } = input;
|
|
102
|
+
if (!resolveGuardToken()) {
|
|
103
|
+
reasons.push({
|
|
104
|
+
code: "approval_backend_unavailable",
|
|
105
|
+
message: "No guard token; cannot create approval request.",
|
|
106
|
+
});
|
|
107
|
+
return {
|
|
108
|
+
enforceDecision: "require_approval",
|
|
109
|
+
approvalBlock: approvalBlockNoToken(),
|
|
110
|
+
approvalRequestId: null,
|
|
111
|
+
};
|
|
112
|
+
}
|
|
113
|
+
const outcome = await resolveMutateApproval({
|
|
114
|
+
argv,
|
|
115
|
+
proposalKind: guardInput.proposal.kind,
|
|
116
|
+
storageRoot,
|
|
117
|
+
rawDisplay: guardInput.proposal.raw_command ?? argv.join(" "),
|
|
118
|
+
eventId,
|
|
119
|
+
policyRevision,
|
|
120
|
+
reasons,
|
|
121
|
+
sessionId: guardInput.context?.session_id ?? null,
|
|
122
|
+
environment: guardInput.context?.environment ?? null,
|
|
123
|
+
approval: guardInput.context?.approval ?? null,
|
|
124
|
+
waitMs: guardInput.context?.wait_ms ?? null,
|
|
125
|
+
tool_input_sha256: guardInput.context?.tool_input_sha256 ?? null,
|
|
126
|
+
});
|
|
127
|
+
const mapped = approvalBlockFromOutcome(outcome, guardInput.context?.approval?.request_id ?? null);
|
|
128
|
+
if (outcome.kind === "allow" && outcome.ticketRecorded) {
|
|
129
|
+
reasons.push({
|
|
130
|
+
code: "execution_ticket_recorded",
|
|
131
|
+
message: "Recorded signed execution ticket for hooks (same argv within TTL).",
|
|
132
|
+
});
|
|
133
|
+
}
|
|
134
|
+
else if (outcome.kind === "allow" && !outcome.ticketRecorded) {
|
|
135
|
+
reasons.push({
|
|
136
|
+
code: "hook_credential_not_recorded",
|
|
137
|
+
message: "Execution ticket file was not recorded for hooks.",
|
|
138
|
+
});
|
|
139
|
+
}
|
|
140
|
+
else if (outcome.kind === "credential_not_recorded") {
|
|
141
|
+
reasons.push({
|
|
142
|
+
code: "hook_credential_not_recorded",
|
|
143
|
+
message: outcome.message,
|
|
144
|
+
});
|
|
145
|
+
}
|
|
146
|
+
else if (outcome.kind === "backend_unavailable") {
|
|
147
|
+
reasons.push({
|
|
148
|
+
code: "approval_backend_unavailable",
|
|
149
|
+
message: outcome.message,
|
|
150
|
+
});
|
|
151
|
+
}
|
|
152
|
+
return mapped;
|
|
153
|
+
}
|
|
154
|
+
//# sourceMappingURL=guard-approval-block.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"guard-approval-block.js","sourceRoot":"","sources":["../../src/mcp/guard-approval-block.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,qBAAqB,EAA2B,MAAM,yBAAyB,CAAC;AAczF,MAAM,UAAU,oBAAoB;IAClC,OAAO;QACL,QAAQ,EAAE,KAAK;QACf,UAAU,EAAE,IAAI;QAChB,UAAU,EAAE,IAAI;QAChB,QAAQ,EAAE,IAAI;QACd,YAAY,EAAE,IAAI;QAClB,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,IAAI;KAClB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,oBAAoB;IAClC,OAAO;QACL,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,IAAI;QAChB,UAAU,EAAE,IAAI;QAChB,QAAQ,EAAE,IAAI;QACd,YAAY,EACV,yGAAyG;QAC3G,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,IAAI;KAClB,CAAC;AACJ,CAAC;AAED,SAAS,wBAAwB,CAC/B,OAA2B,EAC3B,iBAAgC;IAEhC,IAAI,OAAO,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QAC7B,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;YAC5B,OAAO;gBACL,eAAe,EAAE,kBAAkB;gBACnC,iBAAiB,EAAE,OAAO,CAAC,UAAU;gBACrC,aAAa,EAAE;oBACb,QAAQ,EAAE,IAAI;oBACd,UAAU,EAAE,OAAO,CAAC,UAAU;oBAC9B,UAAU,EAAE,IAAI;oBAChB,QAAQ,EAAE,IAAI;oBACd,YAAY,EACV,gIAAgI;oBAClI,QAAQ,EAAE,KAAK;oBACf,WAAW,EAAE,OAAO,CAAC,WAAW;iBACjC;aACF,CAAC;QACJ,CAAC;QACD,OAAO;YACL,eAAe,EAAE,OAAO;YACxB,iBAAiB,EAAE,OAAO,CAAC,UAAU;YACrC,aAAa,EAAE;gBACb,QAAQ,EAAE,KAAK;gBACf,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,UAAU,EAAE,IAAI;gBAChB,QAAQ,EAAE,IAAI;gBACd,YAAY,EACV,0FAA0F;gBAC5F,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC;SACF,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,KAAK,yBAAyB,EAAE,CAAC;QAC/C,OAAO;YACL,eAAe,EAAE,kBAAkB;YACnC,iBAAiB,EAAE,OAAO,CAAC,UAAU;YACrC,aAAa,EAAE;gBACb,QAAQ,EAAE,IAAI;gBACd,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,UAAU,EAAE,IAAI;gBAChB,QAAQ,EAAE,IAAI;gBACd,YAAY,EAAE,GAAG,OAAO,CAAC,OAAO,oGAAoG;gBACpI,QAAQ,EAAE,KAAK;gBACf,WAAW,EAAE,IAAI;aAClB;SACF,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;QACxC,OAAO;YACL,eAAe,EAAE,kBAAkB;YACnC,iBAAiB,EAAE,OAAO,CAAC,UAAU;YACrC,aAAa,EAAE;gBACb,QAAQ,EAAE,IAAI;gBACd,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,YAAY,EACV,2KAA2K;gBAC7K,QAAQ,EAAE,KAAK;gBACf,WAAW,EAAE,IAAI;aAClB;SACF,CAAC;IACJ,CAAC;IAED,OAAO;QACL,eAAe,EAAE,kBAAkB;QACnC,iBAAiB,EAAE,IAAI;QACvB,aAAa,EAAE;YACb,QAAQ,EAAE,IAAI;YACd,UAAU,EAAE,iBAAiB;YAC7B,UAAU,EAAE,IAAI;YAChB,QAAQ,EAAE,IAAI;YACd,YAAY,EAAE,2BAA2B,OAAO,CAAC,OAAO,0CAA0C;YAClG,QAAQ,EAAE,KAAK;YACf,WAAW,EAAE,IAAI;SAClB;KACF,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,4BAA4B,CAAC,KAOlD;IAKC,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,cAAc,EAAE,OAAO,EAAE,GAAG,KAAK,CAAC;IAElF,IAAI,CAAC,iBAAiB,EAAE,EAAE,CAAC;QACzB,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,8BAA8B;YACpC,OAAO,EAAE,iDAAiD;SAC3D,CAAC,CAAC;QACH,OAAO;YACL,eAAe,EAAE,kBAAkB;YACnC,aAAa,EAAE,oBAAoB,EAAE;YACrC,iBAAiB,EAAE,IAAI;SACxB,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,qBAAqB,CAAC;QAC1C,IAAI;QACJ,YAAY,EAAE,UAAU,CAAC,QAAQ,CAAC,IAAI;QACtC,WAAW;QACX,UAAU,EAAE,UAAU,CAAC,QAAQ,CAAC,WAAW,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;QAC7D,OAAO;QACP,cAAc;QACd,OAAO;QACP,SAAS,EAAE,UAAU,CAAC,OAAO,EAAE,UAAU,IAAI,IAAI;QACjD,WAAW,EAAE,UAAU,CAAC,OAAO,EAAE,WAAW,IAAI,IAAI;QACpD,QAAQ,EAAE,UAAU,CAAC,OAAO,EAAE,QAAQ,IAAI,IAAI;QAC9C,MAAM,EAAE,UAAU,CAAC,OAAO,EAAE,OAAO,IAAI,IAAI;QAC3C,iBAAiB,EAAE,UAAU,CAAC,OAAO,EAAE,iBAAiB,IAAI,IAAI;KACjE,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,wBAAwB,CACrC,OAAO,EACP,UAAU,CAAC,OAAO,EAAE,QAAQ,EAAE,UAAU,IAAI,IAAI,CACjD,CAAC;IAEF,IAAI,OAAO,CAAC,IAAI,KAAK,OAAO,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;QACvD,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,2BAA2B;YACjC,OAAO,EAAE,oEAAoE;SAC9E,CAAC,CAAC;IACL,CAAC;SAAM,IAAI,OAAO,CAAC,IAAI,KAAK,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;QAC/D,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,8BAA8B;YACpC,OAAO,EAAE,mDAAmD;SAC7D,CAAC,CAAC;IACL,CAAC;SAAM,IAAI,OAAO,CAAC,IAAI,KAAK,yBAAyB,EAAE,CAAC;QACtD,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,8BAA8B;YACpC,OAAO,EAAE,OAAO,CAAC,OAAO;SACzB,CAAC,CAAC;IACL,CAAC;SAAM,IAAI,OAAO,CAAC,IAAI,KAAK,qBAAqB,EAAE,CAAC;QAClD,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,8BAA8B;YACpC,OAAO,EAAE,OAAO,CAAC,OAAO;SACzB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
/** Reset adaptive heartbeat backoff after guard tool activity. */
|
|
2
|
+
export declare function resetHeartbeatIdle(): void;
|
|
3
|
+
export declare function sendGuardHeartbeat(): Promise<void>;
|
|
4
|
+
/** Send an initial heartbeat and schedule periodic idle heartbeats. */
|
|
5
|
+
export declare function startGuardHeartbeatLoop(): void;
|
|
6
|
+
//# sourceMappingURL=guard-heartbeat.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"guard-heartbeat.d.ts","sourceRoot":"","sources":["../../src/mcp/guard-heartbeat.ts"],"names":[],"mappings":"AA6BA,kEAAkE;AAClE,wBAAgB,kBAAkB,IAAI,IAAI,CAEzC;AAED,wBAAsB,kBAAkB,IAAI,OAAO,CAAC,IAAI,CAAC,CAmCxD;AAED,uEAAuE;AACvE,wBAAgB,uBAAuB,IAAI,IAAI,CAG9C"}
|
|
@@ -0,0 +1,68 @@
|
|
|
1
|
+
import { resolveGuardToken } from "../cli/credentials.js";
|
|
2
|
+
import { getInstallId } from "../cli/install-id.js";
|
|
3
|
+
import { AUDITOR_CLI_VERSION } from "../runtime/version.js";
|
|
4
|
+
import { prodFunctionUrl } from "../cli/function-url.js";
|
|
5
|
+
const DEFAULT_HEARTBEAT_URL = prodFunctionUrl("guardHeartbeat");
|
|
6
|
+
const HEARTBEAT_BASE_INTERVAL_MS = 5 * 60 * 1000;
|
|
7
|
+
const HEARTBEAT_MAX_INTERVAL_MS = 30 * 60 * 1000;
|
|
8
|
+
let heartbeatTimer = null;
|
|
9
|
+
let consecutiveIdleHeartbeats = 0;
|
|
10
|
+
function getNextHeartbeatInterval() {
|
|
11
|
+
if (consecutiveIdleHeartbeats < 3)
|
|
12
|
+
return HEARTBEAT_BASE_INTERVAL_MS;
|
|
13
|
+
return Math.min(HEARTBEAT_BASE_INTERVAL_MS * Math.pow(1.5, consecutiveIdleHeartbeats - 2), HEARTBEAT_MAX_INTERVAL_MS);
|
|
14
|
+
}
|
|
15
|
+
function scheduleNextHeartbeat() {
|
|
16
|
+
if (heartbeatTimer)
|
|
17
|
+
clearTimeout(heartbeatTimer);
|
|
18
|
+
heartbeatTimer = setTimeout(async () => {
|
|
19
|
+
consecutiveIdleHeartbeats++;
|
|
20
|
+
await sendGuardHeartbeat();
|
|
21
|
+
scheduleNextHeartbeat();
|
|
22
|
+
}, getNextHeartbeatInterval());
|
|
23
|
+
}
|
|
24
|
+
/** Reset adaptive heartbeat backoff after guard tool activity. */
|
|
25
|
+
export function resetHeartbeatIdle() {
|
|
26
|
+
consecutiveIdleHeartbeats = 0;
|
|
27
|
+
}
|
|
28
|
+
export async function sendGuardHeartbeat() {
|
|
29
|
+
const heartbeatUrl = process.env.PRAXIS_GUARD_HEARTBEAT_URL || DEFAULT_HEARTBEAT_URL;
|
|
30
|
+
const token = resolveGuardToken();
|
|
31
|
+
if (!token)
|
|
32
|
+
return;
|
|
33
|
+
const payload = {
|
|
34
|
+
installId: getInstallId(),
|
|
35
|
+
kind: "auditor-mcp",
|
|
36
|
+
version: AUDITOR_CLI_VERSION,
|
|
37
|
+
status: "running",
|
|
38
|
+
client: {
|
|
39
|
+
os: process.platform,
|
|
40
|
+
arch: process.arch,
|
|
41
|
+
node: process.version,
|
|
42
|
+
},
|
|
43
|
+
};
|
|
44
|
+
try {
|
|
45
|
+
const res = await fetch(heartbeatUrl, {
|
|
46
|
+
method: "POST",
|
|
47
|
+
headers: {
|
|
48
|
+
Authorization: `Bearer ${token}`,
|
|
49
|
+
"Content-Type": "application/json",
|
|
50
|
+
},
|
|
51
|
+
body: JSON.stringify(payload),
|
|
52
|
+
signal: AbortSignal.timeout(3000),
|
|
53
|
+
});
|
|
54
|
+
if (!res.ok) {
|
|
55
|
+
process.stderr.write(`[auditor:mcp] heartbeat failed (${res.status}).\n`);
|
|
56
|
+
}
|
|
57
|
+
}
|
|
58
|
+
catch (err) {
|
|
59
|
+
const msg = err instanceof Error ? err.message : String(err);
|
|
60
|
+
process.stderr.write(`[auditor:mcp] heartbeat error: ${msg}\n`);
|
|
61
|
+
}
|
|
62
|
+
}
|
|
63
|
+
/** Send an initial heartbeat and schedule periodic idle heartbeats. */
|
|
64
|
+
export function startGuardHeartbeatLoop() {
|
|
65
|
+
void sendGuardHeartbeat();
|
|
66
|
+
scheduleNextHeartbeat();
|
|
67
|
+
}
|
|
68
|
+
//# sourceMappingURL=guard-heartbeat.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"guard-heartbeat.js","sourceRoot":"","sources":["../../src/mcp/guard-heartbeat.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAEzD,MAAM,qBAAqB,GAAG,eAAe,CAAC,gBAAgB,CAAC,CAAC;AAEhE,MAAM,0BAA0B,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AACjD,MAAM,yBAAyB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AACjD,IAAI,cAAc,GAAyC,IAAI,CAAC;AAChE,IAAI,yBAAyB,GAAG,CAAC,CAAC;AAElC,SAAS,wBAAwB;IAC/B,IAAI,yBAAyB,GAAG,CAAC;QAAE,OAAO,0BAA0B,CAAC;IACrE,OAAO,IAAI,CAAC,GAAG,CACb,0BAA0B,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,yBAAyB,GAAG,CAAC,CAAC,EACzE,yBAAyB,CAC1B,CAAC;AACJ,CAAC;AAED,SAAS,qBAAqB;IAC5B,IAAI,cAAc;QAAE,YAAY,CAAC,cAAc,CAAC,CAAC;IACjD,cAAc,GAAG,UAAU,CAAC,KAAK,IAAI,EAAE;QACrC,yBAAyB,EAAE,CAAC;QAC5B,MAAM,kBAAkB,EAAE,CAAC;QAC3B,qBAAqB,EAAE,CAAC;IAC1B,CAAC,EAAE,wBAAwB,EAAE,CAAC,CAAC;AACjC,CAAC;AAED,kEAAkE;AAClE,MAAM,UAAU,kBAAkB;IAChC,yBAAyB,GAAG,CAAC,CAAC;AAChC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB;IACtC,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,IAAI,qBAAqB,CAAC;IACrF,MAAM,KAAK,GAAG,iBAAiB,EAAE,CAAC;IAClC,IAAI,CAAC,KAAK;QAAE,OAAO;IAEnB,MAAM,OAAO,GAAG;QACd,SAAS,EAAE,YAAY,EAAE;QACzB,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,mBAAmB;QAC5B,MAAM,EAAE,SAAS;QACjB,MAAM,EAAE;YACN,EAAE,EAAE,OAAO,CAAC,QAAQ;YACpB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,IAAI,EAAE,OAAO,CAAC,OAAO;SACtB;KACF,CAAC;IAEF,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,YAAY,EAAE;YACpC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,KAAK,EAAE;gBAChC,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;YAC7B,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;SAClC,CAAC,CAAC;QAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mCAAmC,GAAG,CAAC,MAAM,MAAM,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,kCAAkC,GAAG,IAAI,CAAC,CAAC;IAClE,CAAC;AACH,CAAC;AAED,uEAAuE;AACvE,MAAM,UAAU,uBAAuB;IACrC,KAAK,kBAAkB,EAAE,CAAC;IAC1B,qBAAqB,EAAE,CAAC;AAC1B,CAAC"}
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
import { z } from "zod";
|
|
2
|
+
export declare const GuardModeSchema: z.ZodEnum<{
|
|
3
|
+
shadow: "shadow";
|
|
4
|
+
enforce: "enforce";
|
|
5
|
+
}>;
|
|
6
|
+
export declare const ProposalKindSchema: z.ZodEnum<{
|
|
7
|
+
shell: "shell";
|
|
8
|
+
mcp: "mcp";
|
|
9
|
+
}>;
|
|
10
|
+
export declare const GuardInputSchema: z.ZodObject<{
|
|
11
|
+
mode: z.ZodEnum<{
|
|
12
|
+
shadow: "shadow";
|
|
13
|
+
enforce: "enforce";
|
|
14
|
+
}>;
|
|
15
|
+
proposal: z.ZodObject<{
|
|
16
|
+
kind: z.ZodEnum<{
|
|
17
|
+
shell: "shell";
|
|
18
|
+
mcp: "mcp";
|
|
19
|
+
}>;
|
|
20
|
+
argv: z.ZodArray<z.ZodString>;
|
|
21
|
+
cwd: z.ZodOptional<z.ZodString>;
|
|
22
|
+
raw_command: z.ZodOptional<z.ZodString>;
|
|
23
|
+
}, z.core.$strip>;
|
|
24
|
+
context: z.ZodOptional<z.ZodObject<{
|
|
25
|
+
provider: z.ZodOptional<z.ZodString>;
|
|
26
|
+
session_id: z.ZodOptional<z.ZodString>;
|
|
27
|
+
trace_id: z.ZodOptional<z.ZodString>;
|
|
28
|
+
agent_id: z.ZodOptional<z.ZodString>;
|
|
29
|
+
user_id: z.ZodOptional<z.ZodString>;
|
|
30
|
+
environment: z.ZodOptional<z.ZodString>;
|
|
31
|
+
approval: z.ZodOptional<z.ZodObject<{
|
|
32
|
+
request_id: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
33
|
+
grant: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
34
|
+
}, z.core.$strip>>;
|
|
35
|
+
wait_ms: z.ZodOptional<z.ZodNumber>;
|
|
36
|
+
tool_input_sha256: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
37
|
+
}, z.core.$strip>>;
|
|
38
|
+
}, z.core.$strip>;
|
|
39
|
+
export type GuardInput = z.infer<typeof GuardInputSchema>;
|
|
40
|
+
export declare const GUARD_TOOL_DESCRIPTION: string;
|
|
41
|
+
export declare const GUARD_WAIT_TOOL_DESCRIPTION: string;
|
|
42
|
+
//# sourceMappingURL=guard-schemas.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"guard-schemas.d.ts","sourceRoot":"","sources":["../../src/mcp/guard-schemas.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,eAAO,MAAM,eAAe;;;EAAgC,CAAC;AAC7D,eAAO,MAAM,kBAAkB;;;EAA2B,CAAC;AAS3D,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAqB3B,CAAC;AAEH,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAE1D,eAAO,MAAM,sBAAsB,QAI8E,CAAC;AAElH,eAAO,MAAM,2BAA2B,QAGyE,CAAC"}
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
import { z } from "zod";
|
|
2
|
+
export const GuardModeSchema = z.enum(["shadow", "enforce"]);
|
|
3
|
+
export const ProposalKindSchema = z.enum(["shell", "mcp"]);
|
|
4
|
+
const ApprovalContextSchema = z
|
|
5
|
+
.object({
|
|
6
|
+
request_id: z.string().nullable().optional(),
|
|
7
|
+
grant: z.string().nullable().optional(),
|
|
8
|
+
})
|
|
9
|
+
.optional();
|
|
10
|
+
export const GuardInputSchema = z.object({
|
|
11
|
+
mode: GuardModeSchema,
|
|
12
|
+
proposal: z.object({
|
|
13
|
+
kind: ProposalKindSchema,
|
|
14
|
+
argv: z.array(z.string()).min(1),
|
|
15
|
+
cwd: z.string().optional(),
|
|
16
|
+
raw_command: z.string().optional(),
|
|
17
|
+
}),
|
|
18
|
+
context: z
|
|
19
|
+
.object({
|
|
20
|
+
provider: z.string().optional(),
|
|
21
|
+
session_id: z.string().optional(),
|
|
22
|
+
trace_id: z.string().optional(),
|
|
23
|
+
agent_id: z.string().optional(),
|
|
24
|
+
user_id: z.string().optional(),
|
|
25
|
+
environment: z.string().optional(),
|
|
26
|
+
approval: ApprovalContextSchema,
|
|
27
|
+
wait_ms: z.number().int().nonnegative().optional(),
|
|
28
|
+
tool_input_sha256: z.string().nullable().optional(),
|
|
29
|
+
})
|
|
30
|
+
.optional(),
|
|
31
|
+
});
|
|
32
|
+
export const GUARD_TOOL_DESCRIPTION = "Policy gatekeeper for agent actions. Evaluates a proposal argv against policies.v1.json. " +
|
|
33
|
+
"Required `mode`: `shadow` (dry-run — response `decision` is always `allow`; see `shadow` for the policy verdict) " +
|
|
34
|
+
"or `enforce` (coordination — real `allow` / `require_approval` / `block`; runs human approval for MUTATE). " +
|
|
35
|
+
"For MUTATE after approval, pass `context.approval.request_id` (and optional `grant`) from the app or dev CLI.";
|
|
36
|
+
export const GUARD_WAIT_TOOL_DESCRIPTION = "Poll until a MUTATE approval request is approved, redeem grant, and record a signed execution ticket for hooks. " +
|
|
37
|
+
"Uses enforce semantics (approval backend). Prefer this over a separate `guard` + retry. " +
|
|
38
|
+
"Set `context.wait_ms` (e.g. 120000) and `context.approval.request_id` from hook deny or a prior `guard` call.";
|
|
39
|
+
//# sourceMappingURL=guard-schemas.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"guard-schemas.js","sourceRoot":"","sources":["../../src/mcp/guard-schemas.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC;AAC7D,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;AAE3D,MAAM,qBAAqB,GAAG,CAAC;KAC5B,MAAM,CAAC;IACN,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;IAC5C,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;CACxC,CAAC;KACD,QAAQ,EAAE,CAAC;AAEd,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,IAAI,EAAE,eAAe;IACrB,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC;QACjB,IAAI,EAAE,kBAAkB;QACxB,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAChC,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC1B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KACnC,CAAC;IACF,OAAO,EAAE,CAAC;SACP,MAAM,CAAC;QACN,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC/B,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACjC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC/B,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC/B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC9B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAClC,QAAQ,EAAE,qBAAqB;QAC/B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;QAClD,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;KACpD,CAAC;SACD,QAAQ,EAAE;CACd,CAAC,CAAC;AAIH,MAAM,CAAC,MAAM,sBAAsB,GACjC,2FAA2F;IAC3F,mHAAmH;IACnH,6GAA6G;IAC7G,+GAA+G,CAAC;AAElH,MAAM,CAAC,MAAM,2BAA2B,GACtC,kHAAkH;IAClH,0FAA0F;IAC1F,+GAA+G,CAAC"}
|
package/dist/mcp/server.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/mcp/server.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/mcp/server.ts"],"names":[],"mappings":"AAcA,8EAA8E;AAC9E,wBAAsB,iBAAiB,IAAI,OAAO,CAAC,IAAI,CAAC,CAkDvD"}
|