@roxy-agent/agents 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +306 -0
- package/dist/approvals.js +143 -0
- package/dist/approvals.js.map +1 -0
- package/dist/classifier.js +436 -0
- package/dist/classifier.js.map +1 -0
- package/dist/dashboard/client.js +2057 -0
- package/dist/dashboard/client.js.map +1 -0
- package/dist/dashboard/html.js +57 -0
- package/dist/dashboard/html.js.map +1 -0
- package/dist/dashboard/icons.js +18 -0
- package/dist/dashboard/icons.js.map +1 -0
- package/dist/dashboard/server.js +423 -0
- package/dist/dashboard/server.js.map +1 -0
- package/dist/dashboard/styles.js +1685 -0
- package/dist/dashboard/styles.js.map +1 -0
- package/dist/dashboard.js +2 -0
- package/dist/dashboard.js.map +1 -0
- package/dist/db.js +526 -0
- package/dist/db.js.map +1 -0
- package/dist/index.js +94 -0
- package/dist/index.js.map +1 -0
- package/dist/license.js +257 -0
- package/dist/license.js.map +1 -0
- package/dist/logger.js +44 -0
- package/dist/logger.js.map +1 -0
- package/dist/ml/bash-classifier.js +121 -0
- package/dist/ml/bash-classifier.js.map +1 -0
- package/dist/ml/embedder.js +79 -0
- package/dist/ml/embedder.js.map +1 -0
- package/dist/ml/prototypes.js +707 -0
- package/dist/ml/prototypes.js.map +1 -0
- package/dist/policies.js +289 -0
- package/dist/policies.js.map +1 -0
- package/dist/slack.js +149 -0
- package/dist/slack.js.map +1 -0
- package/dist/tools/bash.js +134 -0
- package/dist/tools/bash.js.map +1 -0
- package/dist/tools/conversation.js +36 -0
- package/dist/tools/conversation.js.map +1 -0
- package/dist/tools/filesystem.js +243 -0
- package/dist/tools/filesystem.js.map +1 -0
- package/dist/tools/introspect.js +187 -0
- package/dist/tools/introspect.js.map +1 -0
- package/dist/tools/network.js +152 -0
- package/dist/tools/network.js.map +1 -0
- package/dist/tools/policies.js +107 -0
- package/dist/tools/policies.js.map +1 -0
- package/package.json +61 -0
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
// Policy management tools — let the agent persist user-stated guardrails
|
|
2
|
+
// ("never push to main", "always allow npm install in this repo") as
|
|
3
|
+
// natural-language allow/block rules that survive the session.
|
|
4
|
+
import { z } from "zod";
|
|
5
|
+
import { createPolicy, listPolicies, deletePolicy, updatePolicy, scoreAllPolicies, } from "../policies.js";
|
|
6
|
+
// ---------------------------------------------------------------------------
|
|
7
|
+
// add_policy
|
|
8
|
+
// ---------------------------------------------------------------------------
|
|
9
|
+
export const addPolicyToolDefinition = {
|
|
10
|
+
name: "add_policy",
|
|
11
|
+
description: "Persist a natural-language allow or block rule. Use when the user states a guardrail you should remember beyond this session — e.g. 'never run git push to main', 'always allow npm install in this project', 'block any aws cli command against production'. The description is embedded and matched semantically against future tool calls; you don't need to spell out exact commands. Returns the created policy with its id.",
|
|
12
|
+
schema: z.object({
|
|
13
|
+
kind: z
|
|
14
|
+
.enum(["allow", "block"])
|
|
15
|
+
.describe("'block' denies matching actions; 'allow' force-allows them (de-escalating from flagged or denied)."),
|
|
16
|
+
description: z
|
|
17
|
+
.string()
|
|
18
|
+
.min(3)
|
|
19
|
+
.describe("Natural-language rule. Be specific about the intent: 'block destructive aws s3 commands against production buckets' is better than 'block aws'."),
|
|
20
|
+
applies_to: z
|
|
21
|
+
.string()
|
|
22
|
+
.optional()
|
|
23
|
+
.describe("Comma-separated tools this rule applies to: 'bash', 'filesystem', 'network', or '*' (default)."),
|
|
24
|
+
scope: z
|
|
25
|
+
.string()
|
|
26
|
+
.optional()
|
|
27
|
+
.describe("Scope label, e.g. 'global', 'team:platform', 'user:alice'. Defaults to 'global'."),
|
|
28
|
+
}),
|
|
29
|
+
};
|
|
30
|
+
export async function addPolicy(args) {
|
|
31
|
+
const policy = await createPolicy({
|
|
32
|
+
kind: args.kind,
|
|
33
|
+
description: args.description,
|
|
34
|
+
applies_to: args.applies_to,
|
|
35
|
+
scope: args.scope,
|
|
36
|
+
});
|
|
37
|
+
return { success: true, policy };
|
|
38
|
+
}
|
|
39
|
+
// ---------------------------------------------------------------------------
|
|
40
|
+
// list_policies
|
|
41
|
+
// ---------------------------------------------------------------------------
|
|
42
|
+
export const listPoliciesToolDefinition = {
|
|
43
|
+
name: "list_policies",
|
|
44
|
+
description: "List every persisted natural-language policy (allow/block rules). Use this to understand what guardrails are active before suggesting an action that might match an existing rule. The optional `against` parameter scores all policies against a hypothetical command/path/url so you can see which rule will fire and at what similarity.",
|
|
45
|
+
schema: z.object({
|
|
46
|
+
only_enabled: z
|
|
47
|
+
.boolean()
|
|
48
|
+
.optional()
|
|
49
|
+
.describe("If true, hide disabled policies (default false)."),
|
|
50
|
+
against: z
|
|
51
|
+
.string()
|
|
52
|
+
.optional()
|
|
53
|
+
.describe("If provided, score every policy against this text and include similarities, sorted descending."),
|
|
54
|
+
against_tool: z
|
|
55
|
+
.enum(["bash", "filesystem", "network"])
|
|
56
|
+
.optional()
|
|
57
|
+
.describe("Tool context for `against` (default 'bash')."),
|
|
58
|
+
}),
|
|
59
|
+
};
|
|
60
|
+
export async function listPoliciesTool(args) {
|
|
61
|
+
const all = listPolicies();
|
|
62
|
+
const filtered = args.only_enabled ? all.filter((p) => p.enabled) : all;
|
|
63
|
+
if (args.against) {
|
|
64
|
+
const scored = await scoreAllPolicies(args.against, args.against_tool ?? "bash");
|
|
65
|
+
const byId = new Map(scored.map((s) => [s.policy.id, s.similarity]));
|
|
66
|
+
const enriched = filtered
|
|
67
|
+
.map((p) => ({ ...p, similarity: byId.get(p.id) ?? 0 }))
|
|
68
|
+
.sort((a, b) => (b.similarity ?? 0) - (a.similarity ?? 0));
|
|
69
|
+
return { count: enriched.length, policies: enriched };
|
|
70
|
+
}
|
|
71
|
+
return { count: filtered.length, policies: filtered };
|
|
72
|
+
}
|
|
73
|
+
// ---------------------------------------------------------------------------
|
|
74
|
+
// delete_policy
|
|
75
|
+
// ---------------------------------------------------------------------------
|
|
76
|
+
export const deletePolicyToolDefinition = {
|
|
77
|
+
name: "delete_policy",
|
|
78
|
+
description: "Delete a persisted policy by id. Use sparingly — prefer disabling a policy via `update_policy` so it can be re-enabled later. Returns whether anything was deleted.",
|
|
79
|
+
schema: z.object({
|
|
80
|
+
id: z.number().int().positive().describe("The policy id to delete."),
|
|
81
|
+
}),
|
|
82
|
+
};
|
|
83
|
+
export function deletePolicyTool(args) {
|
|
84
|
+
const ok = deletePolicy(args.id);
|
|
85
|
+
return { success: true, deleted: ok };
|
|
86
|
+
}
|
|
87
|
+
// ---------------------------------------------------------------------------
|
|
88
|
+
// update_policy
|
|
89
|
+
// ---------------------------------------------------------------------------
|
|
90
|
+
export const updatePolicyToolDefinition = {
|
|
91
|
+
name: "update_policy",
|
|
92
|
+
description: "Modify an existing policy by id. Common uses: enable/disable a rule, tighten its description, or change which tools it applies to. Any field you omit is left unchanged. Re-embeds the description if you change it.",
|
|
93
|
+
schema: z.object({
|
|
94
|
+
id: z.number().int().positive(),
|
|
95
|
+
kind: z.enum(["allow", "block"]).optional(),
|
|
96
|
+
description: z.string().min(3).optional(),
|
|
97
|
+
applies_to: z.string().optional(),
|
|
98
|
+
scope: z.string().optional(),
|
|
99
|
+
enabled: z.boolean().optional(),
|
|
100
|
+
}),
|
|
101
|
+
};
|
|
102
|
+
export async function updatePolicyTool(args) {
|
|
103
|
+
const { id, ...rest } = args;
|
|
104
|
+
const policy = await updatePolicy(id, rest);
|
|
105
|
+
return policy ? { success: true, policy } : { success: false };
|
|
106
|
+
}
|
|
107
|
+
//# sourceMappingURL=policies.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"policies.js","sourceRoot":"","sources":["../../src/tools/policies.ts"],"names":[],"mappings":"AAAA,yEAAyE;AACzE,qEAAqE;AACrE,+DAA+D;AAC/D,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,gBAAgB,GAEjB,MAAM,gBAAgB,CAAC;AAExB,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAE9E,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,IAAI,EAAE,YAAY;IAClB,WAAW,EACT,maAAma;IACra,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;QACf,IAAI,EAAE,CAAC;aACJ,IAAI,CAAC,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;aACxB,QAAQ,CACP,oGAAoG,CACrG;QACH,WAAW,EAAE,CAAC;aACX,MAAM,EAAE;aACR,GAAG,CAAC,CAAC,CAAC;aACN,QAAQ,CACP,iJAAiJ,CAClJ;QACH,UAAU,EAAE,CAAC;aACV,MAAM,EAAE;aACR,QAAQ,EAAE;aACV,QAAQ,CACP,gGAAgG,CACjG;QACH,KAAK,EAAE,CAAC;aACL,MAAM,EAAE;aACR,QAAQ,EAAE;aACV,QAAQ,CACP,kFAAkF,CACnF;KACJ,CAAC;CACH,CAAC;AAIF,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,IAAmB;IAIjD,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC;QAChC,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,KAAK,EAAE,IAAI,CAAC,KAAK;KAClB,CAAC,CAAC;IACH,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;AACnC,CAAC;AAED,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAE9E,MAAM,CAAC,MAAM,0BAA0B,GAAG;IACxC,IAAI,EAAE,eAAe;IACrB,WAAW,EACT,6UAA6U;IAC/U,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;QACf,YAAY,EAAE,CAAC;aACZ,OAAO,EAAE;aACT,QAAQ,EAAE;aACV,QAAQ,CAAC,kDAAkD,CAAC;QAC/D,OAAO,EAAE,CAAC;aACP,MAAM,EAAE;aACR,QAAQ,EAAE;aACV,QAAQ,CACP,gGAAgG,CACjG;QACH,YAAY,EAAE,CAAC;aACZ,IAAI,CAAC,CAAC,MAAM,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;aACvC,QAAQ,EAAE;aACV,QAAQ,CAAC,8CAA8C,CAAC;KAC5D,CAAC;CACH,CAAC;AASF,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,IAAsB;IAEtB,MAAM,GAAG,GAAG,YAAY,EAAE,CAAC;IAC3B,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IAExE,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,YAAY,IAAI,MAAM,CAAC,CAAC;QACjF,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QACrE,MAAM,QAAQ,GAAG,QAAQ;aACtB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;aACvD,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC,CAAC;QAC7D,OAAO,EAAE,KAAK,EAAE,QAAQ,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;IACxD,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,QAAQ,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;AACxD,CAAC;AAED,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAE9E,MAAM,CAAC,MAAM,0BAA0B,GAAG;IACxC,IAAI,EAAE,eAAe;IACrB,WAAW,EACT,qKAAqK;IACvK,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;QACf,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0BAA0B,CAAC;KACrE,CAAC;CACH,CAAC;AAIF,MAAM,UAAU,gBAAgB,CAAC,IAAsB;IAIrD,MAAM,EAAE,GAAG,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;AACxC,CAAC;AAED,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAE9E,MAAM,CAAC,MAAM,0BAA0B,GAAG;IACxC,IAAI,EAAE,eAAe;IACrB,WAAW,EACT,sNAAsN;IACxN,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;QACf,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;QAC/B,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE;QAC3C,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;QACzC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACjC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC5B,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;KAChC,CAAC;CACH,CAAC;AAIF,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,IAAsB;IAEtB,MAAM,EAAE,EAAE,EAAE,GAAG,IAAI,EAAE,GAAG,IAAI,CAAC;IAC7B,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;IAC5C,OAAO,MAAM,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AACjE,CAAC"}
|
package/package.json
ADDED
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@roxy-agent/agents",
|
|
3
|
+
"version": "0.1.0",
|
|
4
|
+
"description": "MCP server that proxies all agent actions, classifies risk, enforces natural-language policies, and logs to a local SQLite audit DB with a live dashboard.",
|
|
5
|
+
"type": "module",
|
|
6
|
+
"main": "dist/index.js",
|
|
7
|
+
"bin": {
|
|
8
|
+
"agent-proxy": "dist/index.js"
|
|
9
|
+
},
|
|
10
|
+
"files": [
|
|
11
|
+
"dist",
|
|
12
|
+
"README.md",
|
|
13
|
+
"LICENSE"
|
|
14
|
+
],
|
|
15
|
+
"scripts": {
|
|
16
|
+
"build": "tsc && node scripts/postbuild.mjs",
|
|
17
|
+
"start": "node dist/index.js",
|
|
18
|
+
"dev": "tsx src/index.ts",
|
|
19
|
+
"dev:watch": "tsx watch src/index.ts",
|
|
20
|
+
"typecheck": "tsc --noEmit",
|
|
21
|
+
"prepublishOnly": "npm run build",
|
|
22
|
+
"prepack": "npm run build"
|
|
23
|
+
},
|
|
24
|
+
"dependencies": {
|
|
25
|
+
"@huggingface/transformers": "^4.2.0",
|
|
26
|
+
"@modelcontextprotocol/sdk": "^1.29.0",
|
|
27
|
+
"better-sqlite3": "^12.9.0",
|
|
28
|
+
"echarts": "^6.0.0",
|
|
29
|
+
"express": "^4.21.2",
|
|
30
|
+
"geist": "^1.7.0",
|
|
31
|
+
"zod": "^3.25.76"
|
|
32
|
+
},
|
|
33
|
+
"devDependencies": {
|
|
34
|
+
"@types/better-sqlite3": "^7.6.13",
|
|
35
|
+
"@types/express": "^4.17.21",
|
|
36
|
+
"@types/node": "^20.19.0",
|
|
37
|
+
"tsx": "^4.20.6",
|
|
38
|
+
"typescript": "^5.9.3"
|
|
39
|
+
},
|
|
40
|
+
"engines": {
|
|
41
|
+
"node": ">=20"
|
|
42
|
+
},
|
|
43
|
+
"keywords": [
|
|
44
|
+
"mcp",
|
|
45
|
+
"model-context-protocol",
|
|
46
|
+
"agent",
|
|
47
|
+
"proxy",
|
|
48
|
+
"audit",
|
|
49
|
+
"guardrail",
|
|
50
|
+
"policy",
|
|
51
|
+
"cursor",
|
|
52
|
+
"claude",
|
|
53
|
+
"codex",
|
|
54
|
+
"ai-safety",
|
|
55
|
+
"human-in-the-loop"
|
|
56
|
+
],
|
|
57
|
+
"license": "MIT",
|
|
58
|
+
"publishConfig": {
|
|
59
|
+
"access": "public"
|
|
60
|
+
}
|
|
61
|
+
}
|