npm - @sekuire/sdk - Versions diffs - 0.1.18 → 0.1.19 - Mend

@sekuire/sdk 0.1.18 → 0.1.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/dist/a2a-delegator.d.ts CHANGED Viewed

@@ -4,6 +4,7 @@
  * Enables agents to delegate tasks to other agents and receive completion callbacks.
  * Provides a complete feedback loop for multi-agent orchestration.
  */
+import type { PolicyGateway } from "./policy-gateway";
 import type { A2AMessage, A2ATaskState, TaskUpdateEvent } from "./types/a2a-types";
 export interface DelegatorConfig {
     apiUrl: string;
@@ -15,6 +16,7 @@ export interface DelegatorConfig {
     maxRetries?: number;
     retryDelayMs?: number;
     retryBackoffMultiplier?: number;
+    policyGateway?: PolicyGateway;
 }
 export interface DelegationRequest {
     skill: string;
@@ -49,6 +51,7 @@ export declare class A2ATaskDelegator {
     private client;
     private config;
     private activeDelegations;
+    private policyGateway?;
     constructor(config: DelegatorConfig);
     setRuntimeToken(token: string): void;
     delegate(request: DelegationRequest): Promise<DelegationResult>;

package/dist/beacon.d.ts CHANGED Viewed

@@ -8,6 +8,7 @@
  * 1. Install Token (recommended): Use an install token from the dashboard
  * 2. API Key: Use an API key for SDK-initiated bootstrap (requires workspace)
  */
+import type { PolicyGateway } from "./policy-gateway";
 import { RuntimeCredentialsStore } from "./runtime-credentials";
 export interface BeaconConfig {
     /** Sekuire Core API base URL */
@@ -48,6 +49,7 @@ export interface BeaconConfig {
      * Reads from SEKUIRE_RUNTIME_TOKEN if not set.
      */
     runtimeToken?: string;
+    policyGateway?: PolicyGateway;
 }
 export interface BeaconStatus {
     isRunning: boolean;
@@ -86,6 +88,7 @@ export declare class Beacon {
     private recoveredFromEnv;
     private expiresAt;
     private credentialsStore?;
+    private policyGateway?;
     constructor(config: BeaconConfig);
     /**
      * Start the beacon - registers with Sekuire and begins heartbeat loop
@@ -103,6 +106,7 @@ export declare class Beacon {
      * Stop the beacon
      */
     stop(): void;
+    setPolicyGateway(gateway: PolicyGateway): void;
     /**
      * Get current beacon status
      */

package/dist/index.d.ts CHANGED Viewed

@@ -3,6 +3,95 @@ import { Tracer } from '@opentelemetry/api';
 import { ExportResult } from '@opentelemetry/core';
 import { SpanExporter, ReadableSpan } from '@opentelemetry/sdk-trace-base';
+interface ActivePolicy {
+    policy_id: string;
+    workspace_id: string;
+    version: string;
+    status: string;
+    hash: string;
+    content: any;
+    activated_at?: string;
+    updated_at?: string;
+    signature?: string;
+    signing_key_id?: string;
+    signing_public_key?: string;
+}
+declare class PolicyClient {
+    private readonly baseUrl;
+    private cache;
+    constructor(baseUrl: string);
+    invalidateCache(workspaceId: string): void;
+    fetchActivePolicy(workspaceId: string): Promise<ActivePolicy>;
+    verify(policy: ActivePolicy): void;
+}
+interface ActivePolicyResponse {
+    policy_id: string;
+    workspace_id: string;
+    version: string;
+    status: string;
+    hash: string;
+    content: unknown;
+    activated_at?: string;
+    updated_at?: string;
+    signature?: string;
+    signing_key_id?: string;
+    signing_public_key?: string;
+}
+interface CustomRule {
+    id: string;
+    name: string;
+    description?: string;
+    enabled: boolean;
+    priority?: number;
+    scope: {
+        capabilities: string[];
+        agents?: string[];
+    };
+    conditions: RuleCondition[];
+    logic: "any" | "all";
+    action: "deny" | "warn";
+    message: string;
+}
+interface RuleCondition {
+    field: string;
+    operator: ConditionOperator;
+    value: unknown;
+    case_sensitive?: boolean;
+}
+type ConditionOperator = "contains" | "not_contains" | "equals" | "not_equals" | "starts_with" | "ends_with" | "matches" | "in" | "not_in" | "greater_than" | "less_than";
+interface PolicyDecision {
+    allowed: boolean;
+    violations: PolicyViolation[];
+    warnings: PolicyViolation[];
+}
+interface PolicyViolation {
+    rule_id: string;
+    rule_name: string;
+    message: string;
+    capability: string;
+}
+interface RateLimitsConfig$1 {
+    per_agent?: PerAgentLimits;
+}
+interface PerAgentLimits {
+    requests_per_minute?: number;
+    requests_per_hour?: number;
+    tokens_per_minute?: number;
+}
+declare class PolicyGateway {
+    private policyClient;
+    private workspaceId;
+    private enforcer;
+    private cachedPolicyHash;
+    constructor(policyClient: PolicyClient, workspaceId: string);
+    initialize(): Promise<void>;
+    checkRateLimit(type: "request" | "token", count?: number): PolicyDecision;
+    checkCapability(capability: string): PolicyDecision;
+    onHeartbeatResponse(policyHash: string | null): Promise<void>;
+}
 /**
  * A2A Protocol Type Definitions
  *
@@ -215,6 +304,7 @@ interface DelegatorConfig {
     maxRetries?: number;
     retryDelayMs?: number;
     retryBackoffMultiplier?: number;
+    policyGateway?: PolicyGateway;
 }
 interface DelegationRequest {
     skill: string;
@@ -249,6 +339,7 @@ declare class A2ATaskDelegator {
     private client;
     private config;
     private activeDelegations;
+    private policyGateway?;
     constructor(config: DelegatorConfig);
     setRuntimeToken(token: string): void;
     delegate(request: DelegationRequest): Promise<DelegationResult>;
@@ -344,6 +435,7 @@ interface BeaconConfig {
      * Reads from SEKUIRE_RUNTIME_TOKEN if not set.
      */
     runtimeToken?: string;
+    policyGateway?: PolicyGateway;
 }
 interface BeaconStatus {
     isRunning: boolean;
@@ -382,6 +474,7 @@ declare class Beacon {
     private recoveredFromEnv;
     private expiresAt;
     private credentialsStore?;
+    private policyGateway?;
     constructor(config: BeaconConfig);
     /**
      * Start the beacon - registers with Sekuire and begins heartbeat loop
@@ -399,6 +492,7 @@ declare class Beacon {
      * Stop the beacon
      */
     stop(): void;
+    setPolicyGateway(gateway: PolicyGateway): void;
     /**
      * Get current beacon status
      */
@@ -655,6 +749,8 @@ interface WorkerConfig {
     capabilities?: string[];
     /** Optional shared credentials store for token synchronization */
     credentialsStore?: RuntimeCredentialsStore;
+    /** Optional policy gateway for infrastructure enforcement */
+    policyGateway?: PolicyGateway;
     /**
      * Pre-existing installation ID for credential recovery.
      * When set with refreshToken, allows recovery after container restarts.
@@ -684,6 +780,7 @@ declare class TaskWorker {
     private recoveredFromEnv;
     private credentialsStore?;
     private tokenProvider?;
+    private policyGateway?;
     constructor(config: WorkerConfig);
     private getEnvVar;
     /**
@@ -810,6 +907,7 @@ declare class SekuireSDK {
     private beacon;
     private isRunning;
     private credentialsStore;
+    private policyGateway;
     constructor(config: SekuireSDKConfig);
     /**
      * Create SDK instance from environment variables.
@@ -986,6 +1084,7 @@ declare class SekuireSDK {
      * Get the underlying logger object.
      */
     getLogger(): SekuireLogger;
+    getPolicyGateway(): PolicyGateway | null;
 }
 /**
@@ -1346,20 +1445,6 @@ declare function tools<T extends ToolDefinition$2[]>(...definitions: T): T;
  */
 declare function getTools$1(agent: SekuireAgent$1, names?: string[]): ToolDefinition$2[];
-interface ActivePolicyResponse {
-    policy_id: string;
-    workspace_id: string;
-    version: string;
-    status: string;
-    hash: string;
-    content: unknown;
-    activated_at?: string;
-    updated_at?: string;
-    signature?: string;
-    signing_key_id?: string;
-    signing_public_key?: string;
-}
 interface Manifest {
     project: ProjectMetadata;
     identity: IdentityConfig;
@@ -2421,32 +2506,12 @@ interface MemoryFactoryConfig {
 }
 declare function createMemoryStorage(config: MemoryFactoryConfig): MemoryStorage;
-interface ActivePolicy {
-    policy_id: string;
-    workspace_id: string;
-    version: string;
-    status: string;
-    hash: string;
-    content: any;
-    activated_at?: string;
-    updated_at?: string;
-    signature?: string;
-    signing_key_id?: string;
-    signing_public_key?: string;
-}
-declare class PolicyClient {
-    private readonly baseUrl;
-    private cache;
-    constructor(baseUrl: string);
-    fetchActivePolicy(workspaceId: string): Promise<ActivePolicy>;
-    verify(policy: ActivePolicy): void;
-}
 type ViolationHandler = (rule: string, reason: string) => void;
 declare class PolicyEnforcer {
     private readonly policy;
     private readonly onViolation?;
     private readonly override;
+    private rateLimitWindows;
     constructor(policy: ActivePolicy, override?: boolean, onViolation?: ViolationHandler | undefined);
     enforceNetwork(domain: string, protocol: string): void;
     enforceFilesystem(path: string, operation: string): void;
@@ -2455,6 +2520,8 @@ declare class PolicyEnforcer {
     enforceModel(model: string): void;
     enforceApi(service: string): void;
     enforceRateLimit(type: "request" | "token", count?: number): void;
+    private checkWindow;
+    private cleanupStaleWindows;
     private throw;
     private warnOnly;
     private matches;
@@ -3467,5 +3534,5 @@ declare class A2AServer {
     private generateId;
 }
-export { A2AClient, A2AError, A2AServer, A2ATaskDelegator, SekuireAgent as Agent, AgentIdentity, AnthropicProvider, BaseMemoryStorage, Beacon, CONVEX_FUNCTIONS_TEMPLATE, CONVEX_SCHEMA_TEMPLATE, CloudflareD1Storage, CloudflareKVStorage, ComplianceError, ComplianceMonitor, ContentPolicyError, ConvexStorage, CryptoError, DEFAULT_API_URL, DynamoDBStorage, FileAccessError, GoogleProvider, InMemoryStorage, NetworkComplianceError, NetworkError, OllamaProvider, OpenAIProvider, PolicyClient, PolicyEnforcer, PolicyViolationError, PostgresStorage, ProtocolError, RedisStorage, RuntimeCredentialsStore, SQLiteStorage, SekuireAgent$1 as SekuireAgent, SekuireAgentBuilder, SekuireClient, SekuireCrypto, SekuireError, SekuireLogger, SekuireRegistryClient, SekuireSDK, SekuireServer, SekuireSpanExporter, TaskWorker, Tool, ToolPatternParser, ToolRegistry, ToolUsageError, TursoStorage, UpstashStorage, builtInTools, calculateSekuireId, createAgent, createBeacon, createDefaultToolRegistry, createDelegationTool, createDelegator, createDiscoveryTool, createLLMProvider, createMemoryStorage, createRegistryClient, createSekuireClient, createSekuireExpressMiddleware, createSekuireFastifyPlugin, createWorker, detectDeploymentUrl, generateKeyPair, getAgent, getAgentConfig, getAgents, getTools$1 as getLegacyTools, getStorageInfo, getSystemPrompt, getTools, getTracer, hasStorage, initTelemetry, listStorageTypes, llm, loadConfig, loadSystemPrompt, loadTools, registerStorage, shutdownTelemetry, tool, tools };
-export type { A2AArtifact, A2AClientOptions, A2AMessage, A2AMessagePart, A2ARouteRequest, A2ARouteResponse, A2AServerOptions, A2ATask, A2ATaskState, A2ATaskStatus, ActivePolicy, ActivePolicyResponse, AgentCapabilities, AgentCard, AgentConfig, AgentId, AgentInvokeOptions, AgentOptions, AgentProvider, AgentResponse$1 as AgentResponse, AgentSkill, BeaconConfig, BeaconStatus, BootstrapResponse, BuiltInMemoryType, ChatChunk, ChatOptions, ChatResponse, CloudflareD1Config, CloudflareKVConfig, ComplianceConfig, ComplianceViolation, ToolDefinition$1 as ConfigToolDefinition, ConvexConfig, CreateOrgRequest, CreateWorkspaceRequest, DelegationRequest, DelegationResult, DelegatorConfig, DisputeRequest, DisputeResponse, DynamoDBConfig, EventLog, EventType, ExporterType, HandshakeAuth, HandshakeHello, HandshakeResult, HandshakeWelcome, HexString, IdentityConfig, InstallationCredentials, InviteRequest, InviteResponse, JsonRpcError, JsonRpcRequest, JsonRpcResponse, KeyPair, LLMConfig, Message as LLMMessage, LLMProvider, LLMProviderConfig, ToolCallFunction as LLMToolCall, ToolDefinition as LLMToolDefinition, LeaderboardEntry, LoggerConfig$1 as LoggerConfig, Manifest, MemoryConfig, MemoryFactoryConfig, MemoryMessage, MemoryStorage, MemoryType, Message$1 as Message, OrgResponse, OrgSummary, PostgresConfig, ProjectMetadata, PublishAgentOptions, PublishRequest, PublishResponse, RedisConfig, RegistryClientConfig, ReputationLog, ReputationResponse, RuntimeCredentials, SQLiteConfig, SearchAgentsOptions, SekuireAgentConfig, SekuireClientConfig, SekuireConfig, SekuireExporterConfig, SekuireSDKConfig, Severity, SkillContext, SkillHandler, StreamingSkillContext, StreamingSkillHandler, StreamingUpdate, SubmitReputationRequest, TaskCompletion, TaskContext, TaskEvent, TaskHandler, TaskState, TaskUpdateEvent, TasksCancelParams, TasksGetParams, TasksSendParams, TasksSendSubscribeParams, TelemetryConfig, ToolCall, ToolDefinition$2 as ToolDefinition, ToolInput, ToolMetadata, ToolParameter, ToolsSchema, TrustHeaders, TrustHeadersRequest, TursoConfig, UpdateAgentOptions, UpstashConfig, UserContextResponse, VerificationIssue, VerificationRequest, VerificationResult, VerificationStatus, VerifyAgentRequest, WorkerConfig, WorkspaceResponse, WorkspaceSummary };
+export { A2AClient, A2AError, A2AServer, A2ATaskDelegator, SekuireAgent as Agent, AgentIdentity, AnthropicProvider, BaseMemoryStorage, Beacon, CONVEX_FUNCTIONS_TEMPLATE, CONVEX_SCHEMA_TEMPLATE, CloudflareD1Storage, CloudflareKVStorage, ComplianceError, ComplianceMonitor, ContentPolicyError, ConvexStorage, CryptoError, DEFAULT_API_URL, DynamoDBStorage, FileAccessError, GoogleProvider, InMemoryStorage, NetworkComplianceError, NetworkError, OllamaProvider, OpenAIProvider, PolicyClient, PolicyEnforcer, PolicyGateway, PolicyViolationError, PostgresStorage, ProtocolError, RedisStorage, RuntimeCredentialsStore, SQLiteStorage, SekuireAgent$1 as SekuireAgent, SekuireAgentBuilder, SekuireClient, SekuireCrypto, SekuireError, SekuireLogger, SekuireRegistryClient, SekuireSDK, SekuireServer, SekuireSpanExporter, TaskWorker, Tool, ToolPatternParser, ToolRegistry, ToolUsageError, TursoStorage, UpstashStorage, builtInTools, calculateSekuireId, createAgent, createBeacon, createDefaultToolRegistry, createDelegationTool, createDelegator, createDiscoveryTool, createLLMProvider, createMemoryStorage, createRegistryClient, createSekuireClient, createSekuireExpressMiddleware, createSekuireFastifyPlugin, createWorker, detectDeploymentUrl, generateKeyPair, getAgent, getAgentConfig, getAgents, getTools$1 as getLegacyTools, getStorageInfo, getSystemPrompt, getTools, getTracer, hasStorage, initTelemetry, listStorageTypes, llm, loadConfig, loadSystemPrompt, loadTools, registerStorage, shutdownTelemetry, tool, tools };
+export type { A2AArtifact, A2AClientOptions, A2AMessage, A2AMessagePart, A2ARouteRequest, A2ARouteResponse, A2AServerOptions, A2ATask, A2ATaskState, A2ATaskStatus, ActivePolicy, ActivePolicyResponse, AgentCapabilities, AgentCard, AgentConfig, AgentId, AgentInvokeOptions, AgentOptions, AgentProvider, AgentResponse$1 as AgentResponse, AgentSkill, BeaconConfig, BeaconStatus, BootstrapResponse, BuiltInMemoryType, ChatChunk, ChatOptions, ChatResponse, CloudflareD1Config, CloudflareKVConfig, ComplianceConfig, ComplianceViolation, ConditionOperator, ToolDefinition$1 as ConfigToolDefinition, ConvexConfig, CreateOrgRequest, CreateWorkspaceRequest, CustomRule, DelegationRequest, DelegationResult, DelegatorConfig, DisputeRequest, DisputeResponse, DynamoDBConfig, EventLog, EventType, ExporterType, HandshakeAuth, HandshakeHello, HandshakeResult, HandshakeWelcome, HexString, IdentityConfig, InstallationCredentials, InviteRequest, InviteResponse, JsonRpcError, JsonRpcRequest, JsonRpcResponse, KeyPair, LLMConfig, Message as LLMMessage, LLMProvider, LLMProviderConfig, ToolCallFunction as LLMToolCall, ToolDefinition as LLMToolDefinition, LeaderboardEntry, LoggerConfig$1 as LoggerConfig, Manifest, MemoryConfig, MemoryFactoryConfig, MemoryMessage, MemoryStorage, MemoryType, Message$1 as Message, OrgResponse, OrgSummary, PerAgentLimits, PolicyDecision, PolicyViolation, PostgresConfig, ProjectMetadata, PublishAgentOptions, PublishRequest, PublishResponse, RateLimitsConfig$1 as RateLimitsConfig, RedisConfig, RegistryClientConfig, ReputationLog, ReputationResponse, RuleCondition, RuntimeCredentials, SQLiteConfig, SearchAgentsOptions, SekuireAgentConfig, SekuireClientConfig, SekuireConfig, SekuireExporterConfig, SekuireSDKConfig, Severity, SkillContext, SkillHandler, StreamingSkillContext, StreamingSkillHandler, StreamingUpdate, SubmitReputationRequest, TaskCompletion, TaskContext, TaskEvent, TaskHandler, TaskState, TaskUpdateEvent, TasksCancelParams, TasksGetParams, TasksSendParams, TasksSendSubscribeParams, TelemetryConfig, ToolCall, ToolDefinition$2 as ToolDefinition, ToolInput, ToolMetadata, ToolParameter, ToolsSchema, TrustHeaders, TrustHeadersRequest, TursoConfig, UpdateAgentOptions, UpstashConfig, UserContextResponse, VerificationIssue, VerificationRequest, VerificationResult, VerificationStatus, VerifyAgentRequest, WorkerConfig, WorkspaceResponse, WorkspaceSummary };