@strands-agents/sdk 1.5.0 → 1.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/src/__fixtures__/agent-helpers.d.ts.map +1 -1
- package/dist/src/__fixtures__/agent-helpers.js +3 -0
- package/dist/src/__fixtures__/agent-helpers.js.map +1 -1
- package/dist/src/agent/__tests__/agent.stateful-model.test.js +2 -2
- package/dist/src/agent/__tests__/agent.stateful-model.test.js.map +1 -1
- package/dist/src/agent/agent.d.ts +8 -5
- package/dist/src/agent/agent.d.ts.map +1 -1
- package/dist/src/agent/agent.js +60 -33
- package/dist/src/agent/agent.js.map +1 -1
- package/dist/src/context-manager/modes/agentic/agentic-context.d.ts +19 -0
- package/dist/src/context-manager/modes/agentic/agentic-context.d.ts.map +1 -0
- package/dist/src/context-manager/modes/agentic/agentic-context.js +245 -0
- package/dist/src/context-manager/modes/agentic/agentic-context.js.map +1 -0
- package/dist/src/conversation-manager/__tests__/agentic-context.test.d.ts +2 -0
- package/dist/src/conversation-manager/__tests__/agentic-context.test.d.ts.map +1 -0
- package/dist/src/conversation-manager/__tests__/agentic-context.test.js +332 -0
- package/dist/src/conversation-manager/__tests__/agentic-context.test.js.map +1 -0
- package/dist/src/conversation-manager/__tests__/context-compression.test.d.ts +2 -0
- package/dist/src/conversation-manager/__tests__/context-compression.test.d.ts.map +1 -0
- package/dist/src/conversation-manager/__tests__/context-compression.test.js +176 -0
- package/dist/src/conversation-manager/__tests__/context-compression.test.js.map +1 -0
- package/dist/src/conversation-manager/__tests__/pin.test.js +1 -1
- package/dist/src/conversation-manager/__tests__/pin.test.js.map +1 -1
- package/dist/src/conversation-manager/__tests__/sliding-window-conversation-manager.test.js +1 -1
- package/dist/src/conversation-manager/__tests__/sliding-window-conversation-manager.test.js.map +1 -1
- package/dist/src/conversation-manager/__tests__/summarizing-conversation-manager.test.js +1 -1
- package/dist/src/conversation-manager/__tests__/summarizing-conversation-manager.test.js.map +1 -1
- package/dist/src/conversation-manager/__tests__/token-usage-middleware.test.d.ts +2 -0
- package/dist/src/conversation-manager/__tests__/token-usage-middleware.test.d.ts.map +1 -0
- package/dist/src/conversation-manager/__tests__/token-usage-middleware.test.js +138 -0
- package/dist/src/conversation-manager/__tests__/token-usage-middleware.test.js.map +1 -0
- package/dist/src/conversation-manager/compression/context-compression.d.ts +39 -0
- package/dist/src/conversation-manager/compression/context-compression.d.ts.map +1 -0
- package/dist/src/conversation-manager/compression/context-compression.js +150 -0
- package/dist/src/conversation-manager/compression/context-compression.js.map +1 -0
- package/dist/src/conversation-manager/{pin-message.d.ts → compression/pin-message.d.ts} +1 -1
- package/dist/src/conversation-manager/compression/pin-message.d.ts.map +1 -0
- package/dist/src/conversation-manager/{pin-message.js → compression/pin-message.js} +1 -1
- package/dist/src/conversation-manager/compression/pin-message.js.map +1 -0
- package/dist/src/conversation-manager/conversation-manager.d.ts +2 -0
- package/dist/src/conversation-manager/conversation-manager.d.ts.map +1 -1
- package/dist/src/conversation-manager/conversation-manager.js +2 -2
- package/dist/src/conversation-manager/conversation-manager.js.map +1 -1
- package/dist/src/conversation-manager/sliding-window-conversation-manager.d.ts.map +1 -1
- package/dist/src/conversation-manager/sliding-window-conversation-manager.js +4 -35
- package/dist/src/conversation-manager/sliding-window-conversation-manager.js.map +1 -1
- package/dist/src/conversation-manager/summarizing-conversation-manager.d.ts +0 -19
- package/dist/src/conversation-manager/summarizing-conversation-manager.d.ts.map +1 -1
- package/dist/src/conversation-manager/summarizing-conversation-manager.js +4 -107
- package/dist/src/conversation-manager/summarizing-conversation-manager.js.map +1 -1
- package/dist/src/index.d.ts +3 -3
- package/dist/src/index.d.ts.map +1 -1
- package/dist/src/index.js +1 -1
- package/dist/src/index.js.map +1 -1
- package/dist/src/injection/__tests__/message-injection.test.d.ts +2 -0
- package/dist/src/injection/__tests__/message-injection.test.d.ts.map +1 -0
- package/dist/src/injection/__tests__/message-injection.test.js +200 -0
- package/dist/src/injection/__tests__/message-injection.test.js.map +1 -0
- package/dist/src/injection/index.d.ts +6 -0
- package/dist/src/injection/index.d.ts.map +1 -0
- package/dist/src/injection/index.js +2 -0
- package/dist/src/injection/index.js.map +1 -0
- package/dist/src/injection/message-injection.d.ts +65 -0
- package/dist/src/injection/message-injection.d.ts.map +1 -0
- package/dist/src/injection/message-injection.js +134 -0
- package/dist/src/injection/message-injection.js.map +1 -0
- package/dist/src/injection/types.d.ts +63 -0
- package/dist/src/injection/types.d.ts.map +1 -0
- package/dist/src/injection/types.js +2 -0
- package/dist/src/injection/types.js.map +1 -0
- package/dist/src/injection/xml.d.ts +27 -0
- package/dist/src/injection/xml.d.ts.map +1 -0
- package/dist/src/injection/xml.js +31 -0
- package/dist/src/injection/xml.js.map +1 -0
- package/dist/src/memory/__tests__/memory-manager.test.js +187 -1
- package/dist/src/memory/__tests__/memory-manager.test.js.map +1 -1
- package/dist/src/memory/index.d.ts +2 -1
- package/dist/src/memory/index.d.ts.map +1 -1
- package/dist/src/memory/index.js.map +1 -1
- package/dist/src/memory/memory-manager.d.ts +49 -2
- package/dist/src/memory/memory-manager.d.ts.map +1 -1
- package/dist/src/memory/memory-manager.js +124 -2
- package/dist/src/memory/memory-manager.js.map +1 -1
- package/dist/src/memory/types.d.ts +65 -0
- package/dist/src/memory/types.d.ts.map +1 -1
- package/dist/src/middleware/__tests__/agent-middleware.test.js +0 -1
- package/dist/src/middleware/__tests__/agent-middleware.test.js.map +1 -1
- package/dist/src/middleware/__tests__/copy-on-input.test.d.ts +2 -0
- package/dist/src/middleware/__tests__/copy-on-input.test.d.ts.map +1 -0
- package/dist/src/middleware/__tests__/copy-on-input.test.js +379 -0
- package/dist/src/middleware/__tests__/copy-on-input.test.js.map +1 -0
- package/dist/src/middleware/stages.d.ts +14 -7
- package/dist/src/middleware/stages.d.ts.map +1 -1
- package/dist/src/middleware/stages.js +3 -0
- package/dist/src/middleware/stages.js.map +1 -1
- package/dist/src/sandbox/__tests__/docker.test.node.js +2 -2
- package/dist/src/sandbox/__tests__/docker.test.node.js.map +1 -1
- package/dist/src/sandbox/__tests__/ssh.test.node.js +2 -2
- package/dist/src/sandbox/__tests__/ssh.test.node.js.map +1 -1
- package/dist/src/sandbox/base.d.ts +0 -5
- package/dist/src/sandbox/base.d.ts.map +1 -1
- package/dist/src/sandbox/base.js +0 -5
- package/dist/src/sandbox/base.js.map +1 -1
- package/dist/src/sandbox/docker.d.ts.map +1 -1
- package/dist/src/sandbox/docker.js +2 -0
- package/dist/src/sandbox/docker.js.map +1 -1
- package/dist/src/sandbox/ssh.d.ts.map +1 -1
- package/dist/src/sandbox/ssh.js +2 -0
- package/dist/src/sandbox/ssh.js.map +1 -1
- package/dist/src/tsconfig.tsbuildinfo +1 -1
- package/dist/src/types/messages.d.ts +8 -0
- package/dist/src/types/messages.d.ts.map +1 -1
- package/dist/src/types/messages.js +13 -1
- package/dist/src/types/messages.js.map +1 -1
- package/dist/src/vended-interventions/cedar/__tests__/cedar.test.node.d.ts +2 -0
- package/dist/src/vended-interventions/cedar/__tests__/cedar.test.node.d.ts.map +1 -0
- package/dist/src/vended-interventions/cedar/__tests__/cedar.test.node.js +675 -0
- package/dist/src/vended-interventions/cedar/__tests__/cedar.test.node.js.map +1 -0
- package/dist/src/vended-interventions/cedar/cedar.d.ts +102 -0
- package/dist/src/vended-interventions/cedar/cedar.d.ts.map +1 -0
- package/dist/src/vended-interventions/cedar/cedar.js +228 -0
- package/dist/src/vended-interventions/cedar/cedar.js.map +1 -0
- package/dist/src/vended-interventions/cedar/index.d.ts +3 -0
- package/dist/src/vended-interventions/cedar/index.d.ts.map +1 -0
- package/dist/src/vended-interventions/cedar/index.js +2 -0
- package/dist/src/vended-interventions/cedar/index.js.map +1 -0
- package/dist/src/vended-interventions/cedar/schema-generator.d.ts +10 -0
- package/dist/src/vended-interventions/cedar/schema-generator.d.ts.map +1 -0
- package/dist/src/vended-interventions/cedar/schema-generator.js +33 -0
- package/dist/src/vended-interventions/cedar/schema-generator.js.map +1 -0
- package/dist/src/vended-plugins/context-injector/__tests__/plugin.test.d.ts +2 -0
- package/dist/src/vended-plugins/context-injector/__tests__/plugin.test.d.ts.map +1 -0
- package/dist/src/vended-plugins/context-injector/__tests__/plugin.test.js +96 -0
- package/dist/src/vended-plugins/context-injector/__tests__/plugin.test.js.map +1 -0
- package/dist/src/vended-plugins/context-injector/index.d.ts +25 -0
- package/dist/src/vended-plugins/context-injector/index.d.ts.map +1 -0
- package/dist/src/vended-plugins/context-injector/index.js +23 -0
- package/dist/src/vended-plugins/context-injector/index.js.map +1 -0
- package/dist/src/vended-plugins/context-injector/plugin.d.ts +55 -0
- package/dist/src/vended-plugins/context-injector/plugin.d.ts.map +1 -0
- package/dist/src/vended-plugins/context-injector/plugin.js +41 -0
- package/dist/src/vended-plugins/context-injector/plugin.js.map +1 -0
- package/dist/src/vended-plugins/context-offloader/__tests__/plugin.test.js +43 -4
- package/dist/src/vended-plugins/context-offloader/__tests__/plugin.test.js.map +1 -1
- package/dist/src/vended-plugins/context-offloader/__tests__/storage.test.js +68 -0
- package/dist/src/vended-plugins/context-offloader/__tests__/storage.test.js.map +1 -1
- package/dist/src/vended-plugins/context-offloader/plugin.d.ts.map +1 -1
- package/dist/src/vended-plugins/context-offloader/plugin.js +12 -2
- package/dist/src/vended-plugins/context-offloader/plugin.js.map +1 -1
- package/dist/src/vended-plugins/context-offloader/storage.d.ts +29 -1
- package/dist/src/vended-plugins/context-offloader/storage.d.ts.map +1 -1
- package/dist/src/vended-plugins/context-offloader/storage.js +61 -3
- package/dist/src/vended-plugins/context-offloader/storage.js.map +1 -1
- package/dist/src/vended-plugins/index.d.ts +2 -1
- package/dist/src/vended-plugins/index.d.ts.map +1 -1
- package/dist/src/vended-plugins/index.js +2 -1
- package/dist/src/vended-plugins/index.js.map +1 -1
- package/package.json +19 -1
- package/dist/src/conversation-manager/pin-message.d.ts.map +0 -1
- package/dist/src/conversation-manager/pin-message.js.map +0 -1
|
@@ -0,0 +1,675 @@
|
|
|
1
|
+
import { describe, expect, it } from 'vitest';
|
|
2
|
+
import { CedarAuthorization } from '../cedar.js';
|
|
3
|
+
import { Agent } from '../../../agent/agent.js';
|
|
4
|
+
import { MockMessageModel } from '../../../__fixtures__/mock-message-model.js';
|
|
5
|
+
import { createMockTool } from '../../../__fixtures__/tool-helpers.js';
|
|
6
|
+
import { resolve } from 'node:path';
|
|
7
|
+
import { writeFileSync, unlinkSync, existsSync } from 'node:fs';
|
|
8
|
+
const FIXTURES = resolve(import.meta.dirname, 'fixtures');
|
|
9
|
+
describe('CedarAuthorization', () => {
|
|
10
|
+
describe('real Cedar evaluation', () => {
|
|
11
|
+
const entities = [
|
|
12
|
+
{ uid: { type: 'Resource', id: 'agent' }, attrs: {}, parents: [] },
|
|
13
|
+
{ uid: { type: 'User', id: 'alice' }, attrs: { role: 'admin' }, parents: [] },
|
|
14
|
+
{ uid: { type: 'User', id: 'bob' }, attrs: { role: 'analyst' }, parents: [] },
|
|
15
|
+
{ uid: { type: 'User', id: 'eve' }, attrs: { role: 'viewer' }, parents: [] },
|
|
16
|
+
];
|
|
17
|
+
it('allows permitted tool calls', async () => {
|
|
18
|
+
const model = new MockMessageModel()
|
|
19
|
+
.addTurn({ type: 'toolUseBlock', name: 'search', toolUseId: 'tool-1', input: { query: 'test' } })
|
|
20
|
+
.addTurn({ type: 'textBlock', text: 'Done' });
|
|
21
|
+
let toolExecuted = false;
|
|
22
|
+
const tool = createMockTool('search', () => {
|
|
23
|
+
toolExecuted = true;
|
|
24
|
+
return 'results';
|
|
25
|
+
});
|
|
26
|
+
const cedar = new CedarAuthorization({
|
|
27
|
+
policies: `${FIXTURES}/test.cedar`,
|
|
28
|
+
entities,
|
|
29
|
+
principalResolver: (state) => {
|
|
30
|
+
if (!state.user_id)
|
|
31
|
+
return undefined;
|
|
32
|
+
return { type: 'User', id: String(state.user_id) };
|
|
33
|
+
},
|
|
34
|
+
});
|
|
35
|
+
const agent = new Agent({ model, tools: [tool], interventions: [cedar], printer: false });
|
|
36
|
+
const result = await agent.invoke('Search', { invocationState: { user_id: 'alice' } });
|
|
37
|
+
expect(result.stopReason).toBe('endTurn');
|
|
38
|
+
expect(toolExecuted).toBe(true);
|
|
39
|
+
});
|
|
40
|
+
it('denies tools not in any permit policy (default-deny)', async () => {
|
|
41
|
+
const model = new MockMessageModel()
|
|
42
|
+
.addTurn({ type: 'toolUseBlock', name: 'delete_record', toolUseId: 'tool-1', input: { id: '1' } })
|
|
43
|
+
.addTurn({ type: 'textBlock', text: 'Ok' });
|
|
44
|
+
let toolExecuted = false;
|
|
45
|
+
const tool = createMockTool('delete_record', () => {
|
|
46
|
+
toolExecuted = true;
|
|
47
|
+
return 'deleted';
|
|
48
|
+
});
|
|
49
|
+
const cedar = new CedarAuthorization({
|
|
50
|
+
policies: `${FIXTURES}/test.cedar`,
|
|
51
|
+
entities,
|
|
52
|
+
principalResolver: () => ({ type: 'User', id: 'alice' }),
|
|
53
|
+
});
|
|
54
|
+
const agent = new Agent({ model, tools: [tool], interventions: [cedar], printer: false });
|
|
55
|
+
await agent.invoke('Delete it', { invocationState: {} });
|
|
56
|
+
expect(toolExecuted).toBe(false);
|
|
57
|
+
});
|
|
58
|
+
it('enforces role-based access (admin can delete, analyst cannot)', async () => {
|
|
59
|
+
const model = new MockMessageModel()
|
|
60
|
+
.addTurn({ type: 'toolUseBlock', name: 'delete_record', toolUseId: 'tool-1', input: {} })
|
|
61
|
+
.addTurn({ type: 'textBlock', text: 'Done' });
|
|
62
|
+
let toolExecuted = false;
|
|
63
|
+
const tool = createMockTool('delete_record', () => {
|
|
64
|
+
toolExecuted = true;
|
|
65
|
+
return 'deleted';
|
|
66
|
+
});
|
|
67
|
+
// Admin can delete
|
|
68
|
+
const cedarAdmin = new CedarAuthorization({
|
|
69
|
+
policies: `${FIXTURES}/role-based.cedar`,
|
|
70
|
+
entities,
|
|
71
|
+
principalResolver: () => ({ type: 'User', id: 'alice' }),
|
|
72
|
+
});
|
|
73
|
+
const agentAdmin = new Agent({ model, tools: [tool], interventions: [cedarAdmin], printer: false });
|
|
74
|
+
await agentAdmin.invoke('Delete', { invocationState: {} });
|
|
75
|
+
expect(toolExecuted).toBe(true);
|
|
76
|
+
// Analyst cannot delete
|
|
77
|
+
toolExecuted = false;
|
|
78
|
+
const model2 = new MockMessageModel()
|
|
79
|
+
.addTurn({ type: 'toolUseBlock', name: 'delete_record', toolUseId: 'tool-2', input: {} })
|
|
80
|
+
.addTurn({ type: 'textBlock', text: 'Denied' });
|
|
81
|
+
const cedarAnalyst = new CedarAuthorization({
|
|
82
|
+
policies: `${FIXTURES}/role-based.cedar`,
|
|
83
|
+
entities,
|
|
84
|
+
principalResolver: () => ({ type: 'User', id: 'bob' }),
|
|
85
|
+
});
|
|
86
|
+
const agentAnalyst = new Agent({ model: model2, tools: [tool], interventions: [cedarAnalyst], printer: false });
|
|
87
|
+
await agentAnalyst.invoke('Delete', { invocationState: {} });
|
|
88
|
+
expect(toolExecuted).toBe(false);
|
|
89
|
+
});
|
|
90
|
+
it('enforces role-based access (analyst can search, viewer cannot)', async () => {
|
|
91
|
+
const model = new MockMessageModel()
|
|
92
|
+
.addTurn({ type: 'toolUseBlock', name: 'search', toolUseId: 'tool-1', input: {} })
|
|
93
|
+
.addTurn({ type: 'textBlock', text: 'Done' });
|
|
94
|
+
let toolExecuted = false;
|
|
95
|
+
const tool = createMockTool('search', () => {
|
|
96
|
+
toolExecuted = true;
|
|
97
|
+
return 'found';
|
|
98
|
+
});
|
|
99
|
+
// Analyst can search
|
|
100
|
+
const cedarAnalyst = new CedarAuthorization({
|
|
101
|
+
policies: `${FIXTURES}/role-based.cedar`,
|
|
102
|
+
entities,
|
|
103
|
+
principalResolver: () => ({ type: 'User', id: 'bob' }),
|
|
104
|
+
});
|
|
105
|
+
const agent1 = new Agent({ model, tools: [tool], interventions: [cedarAnalyst], printer: false });
|
|
106
|
+
await agent1.invoke('Search', { invocationState: {} });
|
|
107
|
+
expect(toolExecuted).toBe(true);
|
|
108
|
+
// Viewer cannot search
|
|
109
|
+
toolExecuted = false;
|
|
110
|
+
const model2 = new MockMessageModel()
|
|
111
|
+
.addTurn({ type: 'toolUseBlock', name: 'search', toolUseId: 'tool-2', input: {} })
|
|
112
|
+
.addTurn({ type: 'textBlock', text: 'Denied' });
|
|
113
|
+
const cedarViewer = new CedarAuthorization({
|
|
114
|
+
policies: `${FIXTURES}/role-based.cedar`,
|
|
115
|
+
entities,
|
|
116
|
+
principalResolver: () => ({ type: 'User', id: 'eve' }),
|
|
117
|
+
});
|
|
118
|
+
const agent2 = new Agent({ model: model2, tools: [tool], interventions: [cedarViewer], printer: false });
|
|
119
|
+
await agent2.invoke('Search', { invocationState: {} });
|
|
120
|
+
expect(toolExecuted).toBe(false);
|
|
121
|
+
});
|
|
122
|
+
it('enforces rate limits via call_count in session context', async () => {
|
|
123
|
+
const model = new MockMessageModel()
|
|
124
|
+
.addTurn({ type: 'toolUseBlock', name: 'send_email', toolUseId: 'tool-1', input: {} })
|
|
125
|
+
.addTurn({ type: 'toolUseBlock', name: 'send_email', toolUseId: 'tool-2', input: {} })
|
|
126
|
+
.addTurn({ type: 'toolUseBlock', name: 'send_email', toolUseId: 'tool-3', input: {} })
|
|
127
|
+
.addTurn({ type: 'toolUseBlock', name: 'send_email', toolUseId: 'tool-4', input: {} })
|
|
128
|
+
.addTurn({ type: 'textBlock', text: 'Done' });
|
|
129
|
+
let callCount = 0;
|
|
130
|
+
const tool = createMockTool('send_email', () => {
|
|
131
|
+
callCount++;
|
|
132
|
+
return 'sent';
|
|
133
|
+
});
|
|
134
|
+
const cedar = new CedarAuthorization({
|
|
135
|
+
policies: `${FIXTURES}/rate-limited.cedar`,
|
|
136
|
+
entities,
|
|
137
|
+
principalResolver: () => ({ type: 'User', id: 'alice' }),
|
|
138
|
+
});
|
|
139
|
+
const agent = new Agent({ model, tools: [tool], interventions: [cedar], printer: false });
|
|
140
|
+
await agent.invoke('Send 4 emails', { invocationState: {} });
|
|
141
|
+
// Policy allows call_count < 3, so calls 1 and 2 succeed, 3+ denied
|
|
142
|
+
expect(callCount).toBe(2);
|
|
143
|
+
});
|
|
144
|
+
it('enforces environment restrictions via contextEnricher', async () => {
|
|
145
|
+
const model = new MockMessageModel()
|
|
146
|
+
.addTurn({ type: 'toolUseBlock', name: 'search', toolUseId: 'tool-1', input: {} })
|
|
147
|
+
.addTurn({ type: 'textBlock', text: 'Done' });
|
|
148
|
+
let toolExecuted = false;
|
|
149
|
+
const tool = createMockTool('search', () => {
|
|
150
|
+
toolExecuted = true;
|
|
151
|
+
return 'results';
|
|
152
|
+
});
|
|
153
|
+
// Non-production: allowed
|
|
154
|
+
const cedar = new CedarAuthorization({
|
|
155
|
+
policies: `${FIXTURES}/env-restricted.cedar`,
|
|
156
|
+
entities,
|
|
157
|
+
principalResolver: () => ({ type: 'User', id: 'alice' }),
|
|
158
|
+
contextEnricher: ({ invocationState }) => ({
|
|
159
|
+
environment: invocationState.environment ?? 'unknown',
|
|
160
|
+
}),
|
|
161
|
+
});
|
|
162
|
+
const agent = new Agent({ model, tools: [tool], interventions: [cedar], printer: false });
|
|
163
|
+
await agent.invoke('Search', { invocationState: { environment: 'development' } });
|
|
164
|
+
expect(toolExecuted).toBe(true);
|
|
165
|
+
// Production: denied
|
|
166
|
+
toolExecuted = false;
|
|
167
|
+
const model2 = new MockMessageModel()
|
|
168
|
+
.addTurn({ type: 'toolUseBlock', name: 'search', toolUseId: 'tool-2', input: {} })
|
|
169
|
+
.addTurn({ type: 'textBlock', text: 'Denied' });
|
|
170
|
+
const agent2 = new Agent({ model: model2, tools: [tool], interventions: [cedar], printer: false });
|
|
171
|
+
await agent2.invoke('Search', { invocationState: { environment: 'production' } });
|
|
172
|
+
expect(toolExecuted).toBe(false);
|
|
173
|
+
});
|
|
174
|
+
it('denies when principal is missing (fail-closed)', async () => {
|
|
175
|
+
const model = new MockMessageModel()
|
|
176
|
+
.addTurn({ type: 'toolUseBlock', name: 'search', toolUseId: 'tool-1', input: {} })
|
|
177
|
+
.addTurn({ type: 'textBlock', text: 'Ok' });
|
|
178
|
+
let toolExecuted = false;
|
|
179
|
+
const tool = createMockTool('search', () => {
|
|
180
|
+
toolExecuted = true;
|
|
181
|
+
return 'results';
|
|
182
|
+
});
|
|
183
|
+
const cedar = new CedarAuthorization({
|
|
184
|
+
policies: `${FIXTURES}/test.cedar`,
|
|
185
|
+
entities,
|
|
186
|
+
principalResolver: (state) => {
|
|
187
|
+
if (!state.user_id)
|
|
188
|
+
return undefined;
|
|
189
|
+
return { type: 'User', id: String(state.user_id) };
|
|
190
|
+
},
|
|
191
|
+
});
|
|
192
|
+
const agent = new Agent({ model, tools: [tool], interventions: [cedar], printer: false });
|
|
193
|
+
await agent.invoke('Search', { invocationState: {} });
|
|
194
|
+
expect(toolExecuted).toBe(false);
|
|
195
|
+
});
|
|
196
|
+
it('throws on malformed policy at construction time', () => {
|
|
197
|
+
expect(() => new CedarAuthorization({
|
|
198
|
+
policies: 'this is not valid cedar syntax at all!!!',
|
|
199
|
+
entities,
|
|
200
|
+
principalResolver: () => ({ type: 'User', id: 'alice' }),
|
|
201
|
+
})).toThrow('Invalid Cedar policy');
|
|
202
|
+
});
|
|
203
|
+
});
|
|
204
|
+
describe('principal config', () => {
|
|
205
|
+
it('supports static principal (no invocationState needed)', async () => {
|
|
206
|
+
const model = new MockMessageModel()
|
|
207
|
+
.addTurn({ type: 'toolUseBlock', name: 'search', toolUseId: 'tool-1', input: {} })
|
|
208
|
+
.addTurn({ type: 'textBlock', text: 'Done' });
|
|
209
|
+
let toolExecuted = false;
|
|
210
|
+
const tool = createMockTool('search', () => {
|
|
211
|
+
toolExecuted = true;
|
|
212
|
+
return 'ok';
|
|
213
|
+
});
|
|
214
|
+
const cedar = new CedarAuthorization({
|
|
215
|
+
policies: `${FIXTURES}/test.cedar`,
|
|
216
|
+
entities: [{ uid: { type: 'Resource', id: 'agent' }, attrs: {}, parents: [] }],
|
|
217
|
+
principal: { type: 'User', id: 'alice' },
|
|
218
|
+
});
|
|
219
|
+
const agent = new Agent({ model, tools: [tool], interventions: [cedar], printer: false });
|
|
220
|
+
await agent.invoke('Search', { invocationState: {} });
|
|
221
|
+
expect(toolExecuted).toBe(true);
|
|
222
|
+
});
|
|
223
|
+
it('throws when both principal and principalResolver are provided', () => {
|
|
224
|
+
expect(() => new CedarAuthorization({
|
|
225
|
+
policies: `${FIXTURES}/test.cedar`,
|
|
226
|
+
principal: { type: 'User', id: 'alice' },
|
|
227
|
+
principalResolver: () => ({ type: 'User', id: 'alice' }),
|
|
228
|
+
})).toThrow('Provide either `principal` or `principalResolver`, not both');
|
|
229
|
+
});
|
|
230
|
+
it('defaults to User::"anonymous" when neither principal nor principalResolver is provided', async () => {
|
|
231
|
+
const model = new MockMessageModel()
|
|
232
|
+
.addTurn({ type: 'toolUseBlock', name: 'search', toolUseId: 'tool-1', input: {} })
|
|
233
|
+
.addTurn({ type: 'textBlock', text: 'Done' });
|
|
234
|
+
let toolExecuted = false;
|
|
235
|
+
const tool = createMockTool('search', () => {
|
|
236
|
+
toolExecuted = true;
|
|
237
|
+
return 'ok';
|
|
238
|
+
});
|
|
239
|
+
// Policy permits any principal to search
|
|
240
|
+
const cedar = new CedarAuthorization({
|
|
241
|
+
policies: 'permit(principal, action == Action::"search", resource);',
|
|
242
|
+
entities: [{ uid: { type: 'Resource', id: 'agent' }, attrs: {}, parents: [] }],
|
|
243
|
+
});
|
|
244
|
+
const agent = new Agent({ model, tools: [tool], interventions: [cedar], printer: false });
|
|
245
|
+
await agent.invoke('Search', { invocationState: {} });
|
|
246
|
+
expect(toolExecuted).toBe(true);
|
|
247
|
+
});
|
|
248
|
+
});
|
|
249
|
+
describe('resource handling', () => {
|
|
250
|
+
it('uses unconstrained resource by default', async () => {
|
|
251
|
+
const model = new MockMessageModel()
|
|
252
|
+
.addTurn({ type: 'toolUseBlock', name: 'search', toolUseId: 'tool-1', input: {} })
|
|
253
|
+
.addTurn({ type: 'textBlock', text: 'Done' });
|
|
254
|
+
let toolExecuted = false;
|
|
255
|
+
const tool = createMockTool('search', () => {
|
|
256
|
+
toolExecuted = true;
|
|
257
|
+
return 'ok';
|
|
258
|
+
});
|
|
259
|
+
const cedar = new CedarAuthorization({
|
|
260
|
+
policies: 'permit(principal, action == Action::"search", resource);',
|
|
261
|
+
principalResolver: () => ({ type: 'User', id: 'alice' }),
|
|
262
|
+
});
|
|
263
|
+
const agent = new Agent({ model, tools: [tool], interventions: [cedar], printer: false });
|
|
264
|
+
await agent.invoke('Go', { invocationState: {} });
|
|
265
|
+
expect(toolExecuted).toBe(true);
|
|
266
|
+
});
|
|
267
|
+
it('constrains on tool arguments via context.input', async () => {
|
|
268
|
+
const model = new MockMessageModel()
|
|
269
|
+
.addTurn({ type: 'toolUseBlock', name: 'delete', toolUseId: 'tool-1', input: { record_id: '99' } })
|
|
270
|
+
.addTurn({ type: 'textBlock', text: 'Denied' });
|
|
271
|
+
let toolExecuted = false;
|
|
272
|
+
const tool = createMockTool('delete', () => {
|
|
273
|
+
toolExecuted = true;
|
|
274
|
+
return 'deleted';
|
|
275
|
+
});
|
|
276
|
+
// Only allow deleting record 42 via context.input check
|
|
277
|
+
const cedar = new CedarAuthorization({
|
|
278
|
+
policies: 'permit(principal, action == Action::"delete", resource) when { context.input.record_id == "42" };',
|
|
279
|
+
principalResolver: () => ({ type: 'User', id: 'alice' }),
|
|
280
|
+
});
|
|
281
|
+
const agent = new Agent({ model, tools: [tool], interventions: [cedar], printer: false });
|
|
282
|
+
await agent.invoke('Delete 99', { invocationState: {} });
|
|
283
|
+
expect(toolExecuted).toBe(false);
|
|
284
|
+
});
|
|
285
|
+
});
|
|
286
|
+
describe('context enricher', () => {
|
|
287
|
+
it('adds custom fields usable in policies', async () => {
|
|
288
|
+
const model = new MockMessageModel()
|
|
289
|
+
.addTurn({ type: 'toolUseBlock', name: 'search', toolUseId: 'tool-1', input: {} })
|
|
290
|
+
.addTurn({ type: 'textBlock', text: 'Done' });
|
|
291
|
+
let toolExecuted = false;
|
|
292
|
+
const tool = createMockTool('search', () => {
|
|
293
|
+
toolExecuted = true;
|
|
294
|
+
return 'ok';
|
|
295
|
+
});
|
|
296
|
+
// Policy checks custom context field
|
|
297
|
+
const cedar = new CedarAuthorization({
|
|
298
|
+
policies: 'permit(principal, action, resource) when { context.session.department == "engineering" };',
|
|
299
|
+
entities: [{ uid: { type: 'Resource', id: 'agent' }, attrs: {}, parents: [] }],
|
|
300
|
+
principalResolver: () => ({ type: 'User', id: 'alice' }),
|
|
301
|
+
contextEnricher: () => ({ department: 'engineering' }),
|
|
302
|
+
});
|
|
303
|
+
const agent = new Agent({ model, tools: [tool], interventions: [cedar], printer: false });
|
|
304
|
+
await agent.invoke('Go', { invocationState: {} });
|
|
305
|
+
expect(toolExecuted).toBe(true);
|
|
306
|
+
});
|
|
307
|
+
it('denies when enricher value does not match policy', async () => {
|
|
308
|
+
const model = new MockMessageModel()
|
|
309
|
+
.addTurn({ type: 'toolUseBlock', name: 'search', toolUseId: 'tool-1', input: {} })
|
|
310
|
+
.addTurn({ type: 'textBlock', text: 'Denied' });
|
|
311
|
+
let toolExecuted = false;
|
|
312
|
+
const tool = createMockTool('search', () => {
|
|
313
|
+
toolExecuted = true;
|
|
314
|
+
return 'ok';
|
|
315
|
+
});
|
|
316
|
+
const cedar = new CedarAuthorization({
|
|
317
|
+
policies: 'permit(principal, action, resource) when { context.session.department == "engineering" };',
|
|
318
|
+
entities: [{ uid: { type: 'Resource', id: 'agent' }, attrs: {}, parents: [] }],
|
|
319
|
+
principalResolver: () => ({ type: 'User', id: 'alice' }),
|
|
320
|
+
contextEnricher: () => ({ department: 'marketing' }),
|
|
321
|
+
});
|
|
322
|
+
const agent = new Agent({ model, tools: [tool], interventions: [cedar], printer: false });
|
|
323
|
+
await agent.invoke('Go', { invocationState: {} });
|
|
324
|
+
expect(toolExecuted).toBe(false);
|
|
325
|
+
});
|
|
326
|
+
});
|
|
327
|
+
describe('onError behavior', () => {
|
|
328
|
+
it('throws by default when handler errors', async () => {
|
|
329
|
+
const model = new MockMessageModel()
|
|
330
|
+
.addTurn({ type: 'toolUseBlock', name: 'tool', toolUseId: 'tool-1', input: {} })
|
|
331
|
+
.addTurn({ type: 'textBlock', text: 'Done' });
|
|
332
|
+
const tool = createMockTool('tool', () => 'ok');
|
|
333
|
+
// principalResolver throws
|
|
334
|
+
const cedar = new CedarAuthorization({
|
|
335
|
+
policies: 'permit(principal, action, resource);',
|
|
336
|
+
principalResolver: () => {
|
|
337
|
+
throw new Error('resolver crash');
|
|
338
|
+
},
|
|
339
|
+
onError: 'throw',
|
|
340
|
+
});
|
|
341
|
+
const agent = new Agent({ model, tools: [tool], interventions: [cedar], printer: false });
|
|
342
|
+
await expect(agent.invoke('Go', { invocationState: {} })).rejects.toThrow('resolver crash');
|
|
343
|
+
});
|
|
344
|
+
it('denies when onError is "deny" and handler throws', async () => {
|
|
345
|
+
const model = new MockMessageModel()
|
|
346
|
+
.addTurn({ type: 'toolUseBlock', name: 'tool', toolUseId: 'tool-1', input: {} })
|
|
347
|
+
.addTurn({ type: 'textBlock', text: 'Done' });
|
|
348
|
+
let toolExecuted = false;
|
|
349
|
+
const tool = createMockTool('tool', () => {
|
|
350
|
+
toolExecuted = true;
|
|
351
|
+
return 'ok';
|
|
352
|
+
});
|
|
353
|
+
const cedar = new CedarAuthorization({
|
|
354
|
+
policies: 'permit(principal, action, resource);',
|
|
355
|
+
principalResolver: () => {
|
|
356
|
+
throw new Error('resolver crash');
|
|
357
|
+
},
|
|
358
|
+
onError: 'deny',
|
|
359
|
+
});
|
|
360
|
+
const agent = new Agent({ model, tools: [tool], interventions: [cedar], printer: false });
|
|
361
|
+
const result = await agent.invoke('Go', { invocationState: {} });
|
|
362
|
+
expect(result.stopReason).toBe('endTurn');
|
|
363
|
+
expect(toolExecuted).toBe(false);
|
|
364
|
+
});
|
|
365
|
+
it('proceeds when onError is "proceed" and handler throws', async () => {
|
|
366
|
+
const model = new MockMessageModel()
|
|
367
|
+
.addTurn({ type: 'toolUseBlock', name: 'tool', toolUseId: 'tool-1', input: {} })
|
|
368
|
+
.addTurn({ type: 'textBlock', text: 'Done' });
|
|
369
|
+
let toolExecuted = false;
|
|
370
|
+
const tool = createMockTool('tool', () => {
|
|
371
|
+
toolExecuted = true;
|
|
372
|
+
return 'ok';
|
|
373
|
+
});
|
|
374
|
+
const cedar = new CedarAuthorization({
|
|
375
|
+
policies: 'permit(principal, action, resource);',
|
|
376
|
+
principalResolver: () => {
|
|
377
|
+
throw new Error('resolver crash');
|
|
378
|
+
},
|
|
379
|
+
onError: 'proceed',
|
|
380
|
+
});
|
|
381
|
+
const agent = new Agent({ model, tools: [tool], interventions: [cedar], printer: false });
|
|
382
|
+
const result = await agent.invoke('Go', { invocationState: {} });
|
|
383
|
+
expect(result.stopReason).toBe('endTurn');
|
|
384
|
+
expect(toolExecuted).toBe(true);
|
|
385
|
+
});
|
|
386
|
+
});
|
|
387
|
+
describe('file-based config', () => {
|
|
388
|
+
it('reads .cedar file from disk', async () => {
|
|
389
|
+
const fixturesDir = FIXTURES;
|
|
390
|
+
const model = new MockMessageModel()
|
|
391
|
+
.addTurn({ type: 'toolUseBlock', name: 'search', toolUseId: 'tool-1', input: {} })
|
|
392
|
+
.addTurn({ type: 'textBlock', text: 'Done' });
|
|
393
|
+
let toolExecuted = false;
|
|
394
|
+
const tool = createMockTool('search', () => {
|
|
395
|
+
toolExecuted = true;
|
|
396
|
+
return 'ok';
|
|
397
|
+
});
|
|
398
|
+
const cedar = new CedarAuthorization({
|
|
399
|
+
policies: `${fixturesDir}/test.cedar`,
|
|
400
|
+
entities: [
|
|
401
|
+
{ uid: { type: 'Resource', id: 'agent' }, attrs: {}, parents: [] },
|
|
402
|
+
{ uid: { type: 'User', id: 'alice' }, attrs: { role: 'analyst' }, parents: [] },
|
|
403
|
+
],
|
|
404
|
+
principalResolver: () => ({ type: 'User', id: 'alice' }),
|
|
405
|
+
});
|
|
406
|
+
const agent = new Agent({ model, tools: [tool], interventions: [cedar], printer: false });
|
|
407
|
+
await agent.invoke('Search', { invocationState: {} });
|
|
408
|
+
expect(toolExecuted).toBe(true);
|
|
409
|
+
});
|
|
410
|
+
it('reads .json entity file from disk', async () => {
|
|
411
|
+
const fixturesDir = FIXTURES;
|
|
412
|
+
const model = new MockMessageModel()
|
|
413
|
+
.addTurn({ type: 'toolUseBlock', name: 'search', toolUseId: 'tool-1', input: {} })
|
|
414
|
+
.addTurn({ type: 'textBlock', text: 'Done' });
|
|
415
|
+
let toolExecuted = false;
|
|
416
|
+
const tool = createMockTool('search', () => {
|
|
417
|
+
toolExecuted = true;
|
|
418
|
+
return 'ok';
|
|
419
|
+
});
|
|
420
|
+
const cedar = new CedarAuthorization({
|
|
421
|
+
policies: 'permit(principal, action == Action::"search", resource);',
|
|
422
|
+
entities: `${fixturesDir}/entities.json`,
|
|
423
|
+
principalResolver: () => ({ type: 'User', id: 'alice' }),
|
|
424
|
+
});
|
|
425
|
+
const agent = new Agent({ model, tools: [tool], interventions: [cedar], printer: false });
|
|
426
|
+
await agent.invoke('Search', { invocationState: {} });
|
|
427
|
+
expect(toolExecuted).toBe(true);
|
|
428
|
+
});
|
|
429
|
+
it('throws when .cedar file does not exist', () => {
|
|
430
|
+
expect(() => new CedarAuthorization({
|
|
431
|
+
policies: '/nonexistent/path.cedar',
|
|
432
|
+
principalResolver: () => ({ type: 'User', id: 'alice' }),
|
|
433
|
+
})).toThrow('Cedar policy file not found: /nonexistent/path.cedar');
|
|
434
|
+
});
|
|
435
|
+
});
|
|
436
|
+
describe('session management', () => {
|
|
437
|
+
it('resetCallCounts clears counts and re-enables rate-limited tools', async () => {
|
|
438
|
+
let callCount = 0;
|
|
439
|
+
// Rate limit: < 2 calls allowed
|
|
440
|
+
const cedar = new CedarAuthorization({
|
|
441
|
+
policies: 'permit(principal, action, resource) when { context.session.call_count < 2 };',
|
|
442
|
+
principalResolver: () => ({ type: 'User', id: 'alice' }),
|
|
443
|
+
});
|
|
444
|
+
// First call succeeds (count = 1)
|
|
445
|
+
const model1 = new MockMessageModel()
|
|
446
|
+
.addTurn({ type: 'toolUseBlock', name: 'send_email', toolUseId: 'tool-1', input: {} })
|
|
447
|
+
.addTurn({ type: 'textBlock', text: 'Done' });
|
|
448
|
+
const tool1 = createMockTool('send_email', () => {
|
|
449
|
+
callCount++;
|
|
450
|
+
return 'sent';
|
|
451
|
+
});
|
|
452
|
+
const agent1 = new Agent({ model: model1, tools: [tool1], interventions: [cedar], printer: false });
|
|
453
|
+
await agent1.invoke('Send', { invocationState: {} });
|
|
454
|
+
expect(callCount).toBe(1);
|
|
455
|
+
// Second call succeeds (count = 2, but < 2 check passes for count at time of eval which is 2... denied)
|
|
456
|
+
const model2 = new MockMessageModel()
|
|
457
|
+
.addTurn({ type: 'toolUseBlock', name: 'send_email', toolUseId: 'tool-2', input: {} })
|
|
458
|
+
.addTurn({ type: 'textBlock', text: 'Denied' });
|
|
459
|
+
const tool2 = createMockTool('send_email', () => {
|
|
460
|
+
callCount++;
|
|
461
|
+
return 'sent';
|
|
462
|
+
});
|
|
463
|
+
const agent2 = new Agent({ model: model2, tools: [tool2], interventions: [cedar], printer: false });
|
|
464
|
+
await agent2.invoke('Send', { invocationState: {} });
|
|
465
|
+
expect(callCount).toBe(1); // still 1 — second was denied
|
|
466
|
+
// Reset and try again — should succeed
|
|
467
|
+
cedar.resetCallCounts(agent2);
|
|
468
|
+
const model3 = new MockMessageModel()
|
|
469
|
+
.addTurn({ type: 'toolUseBlock', name: 'send_email', toolUseId: 'tool-3', input: {} })
|
|
470
|
+
.addTurn({ type: 'textBlock', text: 'Done' });
|
|
471
|
+
const tool3 = createMockTool('send_email', () => {
|
|
472
|
+
callCount++;
|
|
473
|
+
return 'sent';
|
|
474
|
+
});
|
|
475
|
+
const agent3 = new Agent({ model: model3, tools: [tool3], interventions: [cedar], printer: false });
|
|
476
|
+
await agent3.invoke('Send again', { invocationState: {} });
|
|
477
|
+
expect(callCount).toBe(2); // succeeded after reset
|
|
478
|
+
});
|
|
479
|
+
});
|
|
480
|
+
describe('reload', () => {
|
|
481
|
+
it('reloads policies from file', () => {
|
|
482
|
+
const cedar = new CedarAuthorization({
|
|
483
|
+
policies: `${FIXTURES}/test.cedar`,
|
|
484
|
+
principalResolver: () => ({ type: 'User', id: 'alice' }),
|
|
485
|
+
});
|
|
486
|
+
// reload() should not throw — file still exists and is valid
|
|
487
|
+
expect(() => cedar.reload()).not.toThrow();
|
|
488
|
+
});
|
|
489
|
+
it('throws on reload if policy file was deleted', () => {
|
|
490
|
+
const tmpFile = `${FIXTURES}/_tmp_reload_test.cedar`;
|
|
491
|
+
writeFileSync(tmpFile, 'permit(principal, action, resource);');
|
|
492
|
+
try {
|
|
493
|
+
const cedar = new CedarAuthorization({
|
|
494
|
+
policies: tmpFile,
|
|
495
|
+
principalResolver: () => ({ type: 'User', id: 'alice' }),
|
|
496
|
+
});
|
|
497
|
+
unlinkSync(tmpFile);
|
|
498
|
+
expect(() => cedar.reload()).toThrow('Cedar policy file not found');
|
|
499
|
+
}
|
|
500
|
+
finally {
|
|
501
|
+
if (existsSync(tmpFile))
|
|
502
|
+
unlinkSync(tmpFile);
|
|
503
|
+
}
|
|
504
|
+
});
|
|
505
|
+
it('validates policies on reload', () => {
|
|
506
|
+
const tmpFile = `${FIXTURES}/_tmp_reload_invalid.cedar`;
|
|
507
|
+
writeFileSync(tmpFile, 'permit(principal, action, resource);');
|
|
508
|
+
try {
|
|
509
|
+
const cedar = new CedarAuthorization({
|
|
510
|
+
policies: tmpFile,
|
|
511
|
+
principalResolver: () => ({ type: 'User', id: 'alice' }),
|
|
512
|
+
});
|
|
513
|
+
writeFileSync(tmpFile, 'this is broken!!!');
|
|
514
|
+
expect(() => cedar.reload()).toThrow('Invalid Cedar policy');
|
|
515
|
+
}
|
|
516
|
+
finally {
|
|
517
|
+
if (existsSync(tmpFile))
|
|
518
|
+
unlinkSync(tmpFile);
|
|
519
|
+
}
|
|
520
|
+
});
|
|
521
|
+
});
|
|
522
|
+
describe('schema validation', () => {
|
|
523
|
+
it('passes validation when policies match schema', () => {
|
|
524
|
+
expect(() => new CedarAuthorization({
|
|
525
|
+
policies: 'permit(principal is User, action == Action::"search", resource is Resource);',
|
|
526
|
+
schema: `${FIXTURES}/test.cedarschema`,
|
|
527
|
+
principalResolver: () => ({ type: 'User', id: 'alice' }),
|
|
528
|
+
})).not.toThrow();
|
|
529
|
+
});
|
|
530
|
+
it('throws when policy references unknown action', () => {
|
|
531
|
+
expect(() => new CedarAuthorization({
|
|
532
|
+
policies: 'permit(principal, action == Action::"nonexistent_tool", resource);',
|
|
533
|
+
schema: `${FIXTURES}/test.cedarschema`,
|
|
534
|
+
principalResolver: () => ({ type: 'User', id: 'alice' }),
|
|
535
|
+
})).toThrow('Cedar policy validation failed');
|
|
536
|
+
});
|
|
537
|
+
it('throws when policy references unknown attribute', () => {
|
|
538
|
+
expect(() => new CedarAuthorization({
|
|
539
|
+
policies: 'permit(principal, action == Action::"search", resource) when { principal.nonexistent == "x" };',
|
|
540
|
+
schema: `${FIXTURES}/test.cedarschema`,
|
|
541
|
+
principalResolver: () => ({ type: 'User', id: 'alice' }),
|
|
542
|
+
})).toThrow('Cedar policy validation failed');
|
|
543
|
+
});
|
|
544
|
+
it('accepts inline schema string', () => {
|
|
545
|
+
const schema = `
|
|
546
|
+
entity User = { role: String };
|
|
547
|
+
entity Resource;
|
|
548
|
+
action "search" appliesTo { principal: [User], resource: [Resource] };
|
|
549
|
+
`;
|
|
550
|
+
expect(() => new CedarAuthorization({
|
|
551
|
+
policies: 'permit(principal is User, action == Action::"search", resource is Resource);',
|
|
552
|
+
schema,
|
|
553
|
+
principalResolver: () => ({ type: 'User', id: 'alice' }),
|
|
554
|
+
})).not.toThrow();
|
|
555
|
+
});
|
|
556
|
+
it('skips schema validation when schema is not provided', () => {
|
|
557
|
+
// This policy references an unknown entity type — without schema, it passes parse check
|
|
558
|
+
expect(() => new CedarAuthorization({
|
|
559
|
+
policies: 'permit(principal, action == Action::"anything", resource);',
|
|
560
|
+
principalResolver: () => ({ type: 'User', id: 'alice' }),
|
|
561
|
+
})).not.toThrow();
|
|
562
|
+
});
|
|
563
|
+
});
|
|
564
|
+
describe('tools config (schema generator integration)', () => {
|
|
565
|
+
const tools = [
|
|
566
|
+
{
|
|
567
|
+
name: 'search',
|
|
568
|
+
inputSchema: { type: 'object', properties: { query: { type: 'string' } }, required: ['query'] },
|
|
569
|
+
},
|
|
570
|
+
{ name: 'delete', inputSchema: { type: 'object', properties: { id: { type: 'string' } }, required: ['id'] } },
|
|
571
|
+
];
|
|
572
|
+
it('auto-generates schema and validates policies when tools are provided', () => {
|
|
573
|
+
const cedar = new CedarAuthorization({
|
|
574
|
+
policies: 'permit(principal, action == Action::"search", resource);',
|
|
575
|
+
tools,
|
|
576
|
+
});
|
|
577
|
+
expect(cedar.name).toBe('cedar-authorization');
|
|
578
|
+
});
|
|
579
|
+
it('catches unknown action names via auto-generated schema', () => {
|
|
580
|
+
expect(() => new CedarAuthorization({
|
|
581
|
+
policies: 'permit(principal, action == Action::"nonexistent", resource);',
|
|
582
|
+
tools,
|
|
583
|
+
})).toThrow('Cedar policy validation failed');
|
|
584
|
+
});
|
|
585
|
+
it('allows policies referencing context.session (handler-injected, not in schema)', () => {
|
|
586
|
+
const cedar = new CedarAuthorization({
|
|
587
|
+
policies: 'permit(principal, action == Action::"search", resource) when { context.session.role == "admin" };',
|
|
588
|
+
tools,
|
|
589
|
+
});
|
|
590
|
+
expect(cedar.name).toBe('cedar-authorization');
|
|
591
|
+
});
|
|
592
|
+
it('allows tool calls when tools config is provided', async () => {
|
|
593
|
+
const model = new MockMessageModel()
|
|
594
|
+
.addTurn({ type: 'toolUseBlock', name: 'search', toolUseId: 'tool-1', input: { query: 'test' } })
|
|
595
|
+
.addTurn({ type: 'textBlock', text: 'Done' });
|
|
596
|
+
let toolExecuted = false;
|
|
597
|
+
const tool = createMockTool('search', () => {
|
|
598
|
+
toolExecuted = true;
|
|
599
|
+
return 'results';
|
|
600
|
+
});
|
|
601
|
+
const cedar = new CedarAuthorization({
|
|
602
|
+
policies: 'permit(principal, action == Action::"search", resource);',
|
|
603
|
+
tools,
|
|
604
|
+
principal: { type: 'User', id: 'alice' },
|
|
605
|
+
});
|
|
606
|
+
const agent = new Agent({ model, tools: [tool], interventions: [cedar], printer: false });
|
|
607
|
+
await agent.invoke('Search', { invocationState: {} });
|
|
608
|
+
expect(toolExecuted).toBe(true);
|
|
609
|
+
});
|
|
610
|
+
it('validates nested tool input schemas without breaking', async () => {
|
|
611
|
+
const nestedTools = [
|
|
612
|
+
...tools,
|
|
613
|
+
{
|
|
614
|
+
name: 'create_user',
|
|
615
|
+
inputSchema: {
|
|
616
|
+
type: 'object',
|
|
617
|
+
properties: {
|
|
618
|
+
name: { type: 'string' },
|
|
619
|
+
address: { type: 'object', properties: { street: { type: 'string' }, city: { type: 'string' } } },
|
|
620
|
+
},
|
|
621
|
+
},
|
|
622
|
+
},
|
|
623
|
+
];
|
|
624
|
+
const cedar = new CedarAuthorization({
|
|
625
|
+
policies: 'permit(principal, action == Action::"create_user", resource);',
|
|
626
|
+
tools: nestedTools,
|
|
627
|
+
principal: { type: 'User', id: 'alice' },
|
|
628
|
+
});
|
|
629
|
+
const model = new MockMessageModel()
|
|
630
|
+
.addTurn({
|
|
631
|
+
type: 'toolUseBlock',
|
|
632
|
+
name: 'create_user',
|
|
633
|
+
toolUseId: 'tool-1',
|
|
634
|
+
input: { name: 'Bob', address: { street: '123', city: 'NYC' } },
|
|
635
|
+
})
|
|
636
|
+
.addTurn({ type: 'textBlock', text: 'Done' });
|
|
637
|
+
let toolExecuted = false;
|
|
638
|
+
const tool = createMockTool('create_user', () => {
|
|
639
|
+
toolExecuted = true;
|
|
640
|
+
return 'created';
|
|
641
|
+
});
|
|
642
|
+
const agent = new Agent({ model, tools: [tool], interventions: [cedar], printer: false });
|
|
643
|
+
await agent.invoke('Create user', { invocationState: {} });
|
|
644
|
+
expect(toolExecuted).toBe(true);
|
|
645
|
+
});
|
|
646
|
+
it('surfaces schema generator errors for naming collisions in nested inputs', async () => {
|
|
647
|
+
const collidingTools = [
|
|
648
|
+
{
|
|
649
|
+
name: 'create_user',
|
|
650
|
+
inputSchema: {
|
|
651
|
+
type: 'object',
|
|
652
|
+
properties: {
|
|
653
|
+
address: {
|
|
654
|
+
type: 'object',
|
|
655
|
+
properties: {
|
|
656
|
+
street: { type: 'string' },
|
|
657
|
+
geo: { type: 'object', properties: { lat: { type: 'number' }, lng: { type: 'number' } } },
|
|
658
|
+
},
|
|
659
|
+
},
|
|
660
|
+
address_geo: {
|
|
661
|
+
type: 'object',
|
|
662
|
+
properties: { lat: { type: 'string' }, lng: { type: 'string' } },
|
|
663
|
+
},
|
|
664
|
+
},
|
|
665
|
+
},
|
|
666
|
+
},
|
|
667
|
+
];
|
|
668
|
+
expect(() => new CedarAuthorization({
|
|
669
|
+
policies: 'permit(principal, action, resource);',
|
|
670
|
+
tools: collidingTools,
|
|
671
|
+
})).toThrow('Schema generation failed');
|
|
672
|
+
});
|
|
673
|
+
});
|
|
674
|
+
});
|
|
675
|
+
//# sourceMappingURL=cedar.test.node.js.map
|