@sunaiva/gate 1.1.2 → 1.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/BUSINESS_LICENSE.md +2 -2
- package/CHANGELOG.md +2 -2
- package/LICENSE +0 -0
- package/README.DRAFT.md +418 -0
- package/README.md +471 -451
- package/README.md.bak-v1.0.0-stale-MIT +0 -0
- package/SUPPORT.md +0 -0
- package/TIER_DEFINITIONS.md +0 -0
- package/dist/config/defaults.d.ts +30 -10
- package/dist/config/defaults.d.ts.map +1 -1
- package/dist/config/defaults.js +49 -26
- package/dist/config/defaults.js.map +1 -1
- package/dist/config/loader.d.ts +0 -0
- package/dist/config/loader.d.ts.map +0 -0
- package/dist/config/loader.js +0 -0
- package/dist/config/loader.js.map +0 -0
- package/dist/engine/backend-client.d.ts +0 -0
- package/dist/engine/backend-client.d.ts.map +0 -0
- package/dist/engine/backend-client.js +0 -0
- package/dist/engine/backend-client.js.map +0 -0
- package/dist/engine/hmac-verifier.d.ts +0 -0
- package/dist/engine/hmac-verifier.d.ts.map +0 -0
- package/dist/engine/hmac-verifier.js +0 -0
- package/dist/engine/hmac-verifier.js.map +0 -0
- package/dist/engine/immutability.d.ts +0 -0
- package/dist/engine/immutability.d.ts.map +0 -0
- package/dist/engine/immutability.js +0 -0
- package/dist/engine/immutability.js.map +0 -0
- package/dist/engine/pattern-matcher.d.ts +0 -0
- package/dist/engine/pattern-matcher.d.ts.map +0 -0
- package/dist/engine/pattern-matcher.js +0 -0
- package/dist/engine/pattern-matcher.js.map +0 -0
- package/dist/engine/rule-engine.d.ts +8 -1
- package/dist/engine/rule-engine.d.ts.map +1 -1
- package/dist/engine/rule-engine.js +18 -3
- package/dist/engine/rule-engine.js.map +1 -1
- package/dist/engine/session-state.d.ts +0 -0
- package/dist/engine/session-state.d.ts.map +0 -0
- package/dist/engine/session-state.js +0 -0
- package/dist/engine/session-state.js.map +0 -0
- package/dist/engine/ship-confidence-gate.d.ts +0 -0
- package/dist/engine/ship-confidence-gate.d.ts.map +0 -0
- package/dist/engine/ship-confidence-gate.js +0 -0
- package/dist/engine/ship-confidence-gate.js.map +0 -0
- package/dist/identity/first-run.d.ts +24 -0
- package/dist/identity/first-run.d.ts.map +1 -0
- package/dist/identity/first-run.js +88 -0
- package/dist/identity/first-run.js.map +1 -0
- package/dist/identity/nudge.d.ts +29 -0
- package/dist/identity/nudge.d.ts.map +1 -0
- package/dist/identity/nudge.js +74 -0
- package/dist/identity/nudge.js.map +1 -0
- package/dist/identity/premium-unlock.d.ts +30 -0
- package/dist/identity/premium-unlock.d.ts.map +1 -0
- package/dist/identity/premium-unlock.js +65 -0
- package/dist/identity/premium-unlock.js.map +1 -0
- package/dist/identity/register-client.d.ts +25 -0
- package/dist/identity/register-client.d.ts.map +1 -0
- package/dist/identity/register-client.js +48 -0
- package/dist/identity/register-client.js.map +1 -0
- package/dist/identity/telemetry.d.ts +64 -0
- package/dist/identity/telemetry.d.ts.map +1 -0
- package/dist/identity/telemetry.js +173 -0
- package/dist/identity/telemetry.js.map +1 -0
- package/dist/index.d.ts +0 -0
- package/dist/index.js +75 -1
- package/dist/rules/categories.json +0 -0
- package/dist/rules/presets.json +0 -0
- package/dist/rules/rules.json +153 -42
- package/dist/tools/audit.d.ts +0 -0
- package/dist/tools/audit.d.ts.map +0 -0
- package/dist/tools/audit.js +0 -0
- package/dist/tools/audit.js.map +0 -0
- package/dist/tools/bypass.d.ts +0 -0
- package/dist/tools/bypass.d.ts.map +0 -0
- package/dist/tools/bypass.js +0 -0
- package/dist/tools/bypass.js.map +0 -0
- package/dist/tools/export-attestation.d.ts +0 -0
- package/dist/tools/export-attestation.d.ts.map +0 -0
- package/dist/tools/export-attestation.js +0 -0
- package/dist/tools/export-attestation.js.map +0 -0
- package/dist/tools/rules.d.ts +0 -0
- package/dist/tools/rules.d.ts.map +0 -0
- package/dist/tools/rules.js +0 -0
- package/dist/tools/rules.js.map +0 -0
- package/dist/tools/ship-confidence.d.ts +0 -0
- package/dist/tools/ship-confidence.d.ts.map +0 -0
- package/dist/tools/ship-confidence.js +0 -0
- package/dist/tools/ship-confidence.js.map +0 -0
- package/dist/tools/update.d.ts +0 -0
- package/dist/tools/update.d.ts.map +0 -0
- package/dist/tools/update.js +0 -0
- package/dist/tools/update.js.map +0 -0
- package/dist/tools/validate.d.ts +0 -0
- package/dist/tools/validate.d.ts.map +0 -0
- package/dist/tools/validate.js +0 -0
- package/dist/tools/validate.js.map +0 -0
- package/dist/types/backend.d.ts +0 -0
- package/dist/types/backend.d.ts.map +0 -0
- package/dist/types/backend.js +0 -0
- package/dist/types/backend.js.map +0 -0
- package/package.json +2 -1
|
File without changes
|
package/SUPPORT.md
CHANGED
|
File without changes
|
package/TIER_DEFINITIONS.md
CHANGED
|
File without changes
|
|
@@ -1,13 +1,16 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Default configuration values for @sunaiva/gate.
|
|
3
3
|
*
|
|
4
|
-
*
|
|
5
|
-
*
|
|
6
|
-
*
|
|
7
|
-
*
|
|
8
|
-
*
|
|
9
|
-
*
|
|
10
|
-
*
|
|
4
|
+
* v1.1.4 introduces 4-tier rule classification:
|
|
5
|
+
* - constitutional : ~23 immutable catastrophe-preventers, always active, cannot be disabled
|
|
6
|
+
* - recommended_default: ~8 rules on by default, disableable via config
|
|
7
|
+
* - premium : ~69 opt-in paid rules, fetched from backend when API key present
|
|
8
|
+
* - genesis_private : internal-only, never shipped to customers
|
|
9
|
+
*
|
|
10
|
+
* The active_rules list defaults to constitutional + recommended_default,
|
|
11
|
+
* guaranteeing strong protection out of the box without requiring any config.
|
|
12
|
+
* Constitutional rules cannot be disabled via `update_rules` (enforced by B4's
|
|
13
|
+
* immutability guard). Recommended defaults can be disabled by the user.
|
|
11
14
|
*
|
|
12
15
|
* To keep this list in sync with rules/rules.json, see
|
|
13
16
|
* `scripts/verify-bundle.js` which asserts that every constitutional
|
|
@@ -17,14 +20,29 @@ export declare const CONFIG_DIR: string;
|
|
|
17
20
|
export declare const CONFIG_PATH: string;
|
|
18
21
|
export declare const AUDIT_LOG_PATH: string;
|
|
19
22
|
/**
|
|
20
|
-
* Every constitutional rule ID (
|
|
21
|
-
*
|
|
22
|
-
*
|
|
23
|
+
* Every constitutional rule ID (tier === "constitutional") shipped in rules/rules.json.
|
|
24
|
+
* Kept as a frozen array so it can be referenced by B4's immutability guard
|
|
25
|
+
* and by the bundle-verify script.
|
|
26
|
+
*
|
|
27
|
+
* v1.1.4 constitutional set: 23 rules (8 demoted from v1.1.3 to recommended_default
|
|
28
|
+
* or premium — com-001/002/005/006/009, know-009, fin-004, cmp-002, sec-010).
|
|
23
29
|
*
|
|
24
30
|
* UPDATE PROCEDURE: when rules.json gains a new constitutional rule,
|
|
25
31
|
* add its ID here. The verify-bundle script will flag a mismatch.
|
|
26
32
|
*/
|
|
27
33
|
export declare const CONSTITUTIONAL_RULE_IDS: readonly string[];
|
|
34
|
+
/**
|
|
35
|
+
* Recommended-default rule IDs (tier === "recommended_default").
|
|
36
|
+
* These are enabled by default but can be disabled by the user via update_rules.
|
|
37
|
+
* They are NOT immutable — they sit one tier below constitutional.
|
|
38
|
+
*
|
|
39
|
+
* Includes the 8 rules moved down from constitutional in v1.1.4:
|
|
40
|
+
* com-001/002/005/006/009 (email / social / outreach gates — legitimate in some automation contexts)
|
|
41
|
+
* know-009 (no fabricated stats — not reliably detectable by regex)
|
|
42
|
+
* fin-004 (crypto block — relevant for crypto-native setups)
|
|
43
|
+
* cmp-002 (GDPR data handling — varies by jurisdiction)
|
|
44
|
+
*/
|
|
45
|
+
export declare const RECOMMENDED_DEFAULT_RULE_IDS: readonly string[];
|
|
28
46
|
export declare const DEFAULT_CONFIG: GateConfig;
|
|
29
47
|
export declare const MANAGED_API_BASE = "https://api.sunaiva.ai/v1/gate";
|
|
30
48
|
export interface ModelConfig {
|
|
@@ -40,5 +58,7 @@ export interface GateConfig {
|
|
|
40
58
|
enforcement_mode: "enforce" | "warn-only" | "audit";
|
|
41
59
|
model: ModelConfig;
|
|
42
60
|
audit_log_path: string;
|
|
61
|
+
/** v1.1.4: IDs of recommended_default rules the user has explicitly disabled. */
|
|
62
|
+
disabled_recommended?: string[];
|
|
43
63
|
}
|
|
44
64
|
//# sourceMappingURL=defaults.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"defaults.d.ts","sourceRoot":"","sources":["../../src/config/defaults.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"defaults.d.ts","sourceRoot":"","sources":["../../src/config/defaults.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAKH,eAAO,MAAM,UAAU,QAA8B,CAAC;AACtD,eAAO,MAAM,WAAW,QAAuC,CAAC;AAChE,eAAO,MAAM,cAAc,QAAkC,CAAC;AAE9D;;;;;;;;;;GAUG;AACH,eAAO,MAAM,uBAAuB,EAAE,SAAS,MAAM,EA6BnD,CAAC;AAEH;;;;;;;;;;GAUG;AACH,eAAO,MAAM,4BAA4B,EAAE,SAAS,MAAM,EASxD,CAAC;AAEH,eAAO,MAAM,cAAc,EAAE,UAS5B,CAAC;AAEF,eAAO,MAAM,gBAAgB,mCAAmC,CAAC;AAEjE,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,SAAS,GAAG,QAAQ,GAAG,WAAW,GAAG,YAAY,GAAG,OAAO,CAAC;IACtE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,SAAS,GAAG,WAAW,GAAG,OAAO,CAAC;IACpD,KAAK,EAAE,WAAW,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;IACvB,iFAAiF;IACjF,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC;CACjC"}
|
package/dist/config/defaults.js
CHANGED
|
@@ -1,13 +1,16 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Default configuration values for @sunaiva/gate.
|
|
3
3
|
*
|
|
4
|
-
*
|
|
5
|
-
*
|
|
6
|
-
*
|
|
7
|
-
*
|
|
8
|
-
*
|
|
9
|
-
*
|
|
10
|
-
*
|
|
4
|
+
* v1.1.4 introduces 4-tier rule classification:
|
|
5
|
+
* - constitutional : ~23 immutable catastrophe-preventers, always active, cannot be disabled
|
|
6
|
+
* - recommended_default: ~8 rules on by default, disableable via config
|
|
7
|
+
* - premium : ~69 opt-in paid rules, fetched from backend when API key present
|
|
8
|
+
* - genesis_private : internal-only, never shipped to customers
|
|
9
|
+
*
|
|
10
|
+
* The active_rules list defaults to constitutional + recommended_default,
|
|
11
|
+
* guaranteeing strong protection out of the box without requiring any config.
|
|
12
|
+
* Constitutional rules cannot be disabled via `update_rules` (enforced by B4's
|
|
13
|
+
* immutability guard). Recommended defaults can be disabled by the user.
|
|
11
14
|
*
|
|
12
15
|
* To keep this list in sync with rules/rules.json, see
|
|
13
16
|
* `scripts/verify-bundle.js` which asserts that every constitutional
|
|
@@ -19,32 +22,29 @@ export const CONFIG_DIR = join(homedir(), ".sunaiva");
|
|
|
19
22
|
export const CONFIG_PATH = join(CONFIG_DIR, "gate-config.json");
|
|
20
23
|
export const AUDIT_LOG_PATH = join(CONFIG_DIR, "audit.jsonl");
|
|
21
24
|
/**
|
|
22
|
-
* Every constitutional rule ID (
|
|
23
|
-
*
|
|
24
|
-
*
|
|
25
|
+
* Every constitutional rule ID (tier === "constitutional") shipped in rules/rules.json.
|
|
26
|
+
* Kept as a frozen array so it can be referenced by B4's immutability guard
|
|
27
|
+
* and by the bundle-verify script.
|
|
28
|
+
*
|
|
29
|
+
* v1.1.4 constitutional set: 23 rules (8 demoted from v1.1.3 to recommended_default
|
|
30
|
+
* or premium — com-001/002/005/006/009, know-009, fin-004, cmp-002, sec-010).
|
|
25
31
|
*
|
|
26
32
|
* UPDATE PROCEDURE: when rules.json gains a new constitutional rule,
|
|
27
33
|
* add its ID here. The verify-bundle script will flag a mismatch.
|
|
28
34
|
*/
|
|
29
35
|
export const CONSTITUTIONAL_RULE_IDS = Object.freeze([
|
|
30
|
-
|
|
31
|
-
"com-001",
|
|
32
|
-
"com-002",
|
|
33
|
-
"com-005",
|
|
34
|
-
"com-006",
|
|
35
|
-
"com-007",
|
|
36
|
-
"com-009",
|
|
37
|
-
"com-011",
|
|
38
|
-
"dat-001",
|
|
39
|
-
"dat-002",
|
|
40
|
-
"dat-004",
|
|
41
|
-
"dat-010",
|
|
36
|
+
// financial-safety (immutable — real money at stake)
|
|
42
37
|
"fin-001",
|
|
43
38
|
"fin-002",
|
|
44
39
|
"fin-003",
|
|
45
|
-
"fin-004",
|
|
46
40
|
"fin-008",
|
|
47
41
|
"fin-009",
|
|
42
|
+
// data-protection (immutable — credential / PII catastrophe class)
|
|
43
|
+
"dat-001",
|
|
44
|
+
"dat-002",
|
|
45
|
+
"dat-004",
|
|
46
|
+
"dat-010",
|
|
47
|
+
// action-governance (immutable — production, DNS, destructive ops)
|
|
48
48
|
"gov-001",
|
|
49
49
|
"gov-002",
|
|
50
50
|
"gov-004",
|
|
@@ -52,17 +52,40 @@ export const CONSTITUTIONAL_RULE_IDS = Object.freeze([
|
|
|
52
52
|
"gov-006",
|
|
53
53
|
"gov-008",
|
|
54
54
|
"gov-012",
|
|
55
|
-
|
|
55
|
+
// communication-safety (immutable — legal doc send, impersonation)
|
|
56
|
+
"com-007",
|
|
57
|
+
"com-011",
|
|
58
|
+
// security (immutable — secret log, code exec, privesc, auth)
|
|
56
59
|
"sec-001",
|
|
57
60
|
"sec-002",
|
|
58
61
|
"sec-004",
|
|
59
62
|
"sec-006",
|
|
60
|
-
"sec-010",
|
|
61
63
|
"sec-011",
|
|
62
64
|
]);
|
|
65
|
+
/**
|
|
66
|
+
* Recommended-default rule IDs (tier === "recommended_default").
|
|
67
|
+
* These are enabled by default but can be disabled by the user via update_rules.
|
|
68
|
+
* They are NOT immutable — they sit one tier below constitutional.
|
|
69
|
+
*
|
|
70
|
+
* Includes the 8 rules moved down from constitutional in v1.1.4:
|
|
71
|
+
* com-001/002/005/006/009 (email / social / outreach gates — legitimate in some automation contexts)
|
|
72
|
+
* know-009 (no fabricated stats — not reliably detectable by regex)
|
|
73
|
+
* fin-004 (crypto block — relevant for crypto-native setups)
|
|
74
|
+
* cmp-002 (GDPR data handling — varies by jurisdiction)
|
|
75
|
+
*/
|
|
76
|
+
export const RECOMMENDED_DEFAULT_RULE_IDS = Object.freeze([
|
|
77
|
+
"com-001",
|
|
78
|
+
"com-002",
|
|
79
|
+
"com-005",
|
|
80
|
+
"com-006",
|
|
81
|
+
"com-009",
|
|
82
|
+
"know-009",
|
|
83
|
+
"fin-004",
|
|
84
|
+
"cmp-002",
|
|
85
|
+
]);
|
|
63
86
|
export const DEFAULT_CONFIG = {
|
|
64
87
|
api_key: "",
|
|
65
|
-
active_rules: [...CONSTITUTIONAL_RULE_IDS],
|
|
88
|
+
active_rules: [...CONSTITUTIONAL_RULE_IDS, ...RECOMMENDED_DEFAULT_RULE_IDS],
|
|
66
89
|
active_preset: "minimal",
|
|
67
90
|
enforcement_mode: "enforce",
|
|
68
91
|
model: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"defaults.js","sourceRoot":"","sources":["../../src/config/defaults.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"defaults.js","sourceRoot":"","sources":["../../src/config/defaults.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAC7B,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,MAAM,CAAC,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,UAAU,CAAC,CAAC;AACtD,MAAM,CAAC,MAAM,WAAW,GAAG,IAAI,CAAC,UAAU,EAAE,kBAAkB,CAAC,CAAC;AAChE,MAAM,CAAC,MAAM,cAAc,GAAG,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;AAE9D;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAsB,MAAM,CAAC,MAAM,CAAC;IACtE,qDAAqD;IACrD,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,mEAAmE;IACnE,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,mEAAmE;IACnE,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,mEAAmE;IACnE,SAAS;IACT,SAAS;IACT,8DAA8D;IAC9D,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;CACV,CAAC,CAAC;AAEH;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,4BAA4B,GAAsB,MAAM,CAAC,MAAM,CAAC;IAC3E,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,UAAU;IACV,SAAS;IACT,SAAS;CACV,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,cAAc,GAAe;IACxC,OAAO,EAAE,EAAE;IACX,YAAY,EAAE,CAAC,GAAG,uBAAuB,EAAE,GAAG,4BAA4B,CAAC;IAC3E,aAAa,EAAE,SAAS;IACxB,gBAAgB,EAAE,SAAS;IAC3B,KAAK,EAAE;QACL,QAAQ,EAAE,SAAS;KACpB;IACD,cAAc,EAAE,cAAc;CAC/B,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,gCAAgC,CAAC"}
|
package/dist/config/loader.d.ts
CHANGED
|
File without changes
|
|
File without changes
|
package/dist/config/loader.js
CHANGED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
@@ -20,6 +20,8 @@ export interface Rule {
|
|
|
20
20
|
description: string;
|
|
21
21
|
category: string;
|
|
22
22
|
enforcement: "constitutional" | "standard";
|
|
23
|
+
/** v1.1.4 tier: constitutional | recommended_default | premium | genesis_private */
|
|
24
|
+
tier?: "constitutional" | "recommended_default" | "premium" | "genesis_private";
|
|
23
25
|
gate_type: string;
|
|
24
26
|
severity: "block" | "warn" | "warn-then-block";
|
|
25
27
|
detection_pattern: string;
|
|
@@ -27,6 +29,9 @@ export interface Rule {
|
|
|
27
29
|
preset_groups: string[];
|
|
28
30
|
backend_required?: boolean;
|
|
29
31
|
constitutional?: boolean;
|
|
32
|
+
/** v1.1.4: true when the customer can supply their own config for this rule */
|
|
33
|
+
user_configurable?: boolean;
|
|
34
|
+
config_schema?: Record<string, unknown>;
|
|
30
35
|
}
|
|
31
36
|
export interface EvaluationResult {
|
|
32
37
|
allowed: boolean;
|
|
@@ -45,7 +50,7 @@ export interface EvaluationResult {
|
|
|
45
50
|
export declare function setBackendClient(client: BackendClient | null): void;
|
|
46
51
|
export declare function loadAllRules(): Rule[];
|
|
47
52
|
/**
|
|
48
|
-
* Returns ONLY the rules whose
|
|
53
|
+
* Returns ONLY the rules whose tier === "constitutional" (or legacy enforcement === "constitutional").
|
|
49
54
|
*
|
|
50
55
|
* This is the canonical "what is constitutional" function used by
|
|
51
56
|
* B4's immutability guard. It reads from the package-bundled rules
|
|
@@ -53,6 +58,8 @@ export declare function loadAllRules(): Rule[];
|
|
|
53
58
|
* copy at ~/.sunaiva/rules.json — so a user cannot circumvent the
|
|
54
59
|
* guard by hand-editing their config.
|
|
55
60
|
*
|
|
61
|
+
* v1.1.4: the tier field is authoritative; enforcement field kept for backward compat.
|
|
62
|
+
*
|
|
56
63
|
* Cached via loadAllRules().
|
|
57
64
|
*/
|
|
58
65
|
export declare function loadConstitutionalRulesOnly(): Rule[];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rule-engine.d.ts","sourceRoot":"","sources":["../../src/engine/rule-engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAMH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAqB7D,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,QAAQ,GAAG,MAAM,CAAC;AAEtD,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,gBAAgB,GAAG,UAAU,CAAC;IAC3C,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,OAAO,GAAG,MAAM,GAAG,iBAAiB,CAAC;IAC/C,iBAAiB,EAAE,MAAM,CAAC;IAC1B,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,cAAc,CAAC,EAAE,OAAO,CAAC;
|
|
1
|
+
{"version":3,"file":"rule-engine.d.ts","sourceRoot":"","sources":["../../src/engine/rule-engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAMH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAqB7D,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,QAAQ,GAAG,MAAM,CAAC;AAEtD,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,gBAAgB,GAAG,UAAU,CAAC;IAC3C,oFAAoF;IACpF,IAAI,CAAC,EAAE,gBAAgB,GAAG,qBAAqB,GAAG,SAAS,GAAG,iBAAiB,CAAC;IAChF,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,OAAO,GAAG,MAAM,GAAG,iBAAiB,CAAC;IAC/C,iBAAiB,EAAE,MAAM,CAAC;IAC1B,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,+EAA+E;IAC/E,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACzC;AAED,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,EAAE,IAAI,EAAE,CAAC;IACnB,QAAQ,EAAE,IAAI,EAAE,CAAC;IACjB,mEAAmE;IACnE,aAAa,EAAE,YAAY,GAAG,IAAI,CAAC;IACnC,qFAAqF;IACrF,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,0FAA0F;IAC1F,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,wFAAwF;IACxF,eAAe,CAAC,EAAE,iBAAiB,EAAE,CAAC;CACvC;AAmBD,iCAAiC;AACjC,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,aAAa,GAAG,IAAI,GAAG,IAAI,CAEnE;AAOD,wBAAgB,YAAY,IAAI,IAAI,EAAE,CAerC;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,2BAA2B,IAAI,IAAI,EAAE,CAWpD;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,CAE7C;AAED,wBAAgB,cAAc,CAAC,MAAM,EAAE,UAAU,GAAG,IAAI,EAAE,CAGzD;AAwBD,wBAAgB,cAAc,CAC5B,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,UAAU,EAClB,aAAa,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,EAClC,OAAO,CAAC,EAAE,MAAM,GACf,gBAAgB,CAiElB;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,UAAU,EAClB,aAAa,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,EAClC,OAAO,CAAC,EAAE,MAAM,GACf,OAAO,CAAC,gBAAgB,CAAC,CAmF3B"}
|
|
@@ -72,7 +72,7 @@ export function loadAllRules() {
|
|
|
72
72
|
return _rules;
|
|
73
73
|
}
|
|
74
74
|
/**
|
|
75
|
-
* Returns ONLY the rules whose
|
|
75
|
+
* Returns ONLY the rules whose tier === "constitutional" (or legacy enforcement === "constitutional").
|
|
76
76
|
*
|
|
77
77
|
* This is the canonical "what is constitutional" function used by
|
|
78
78
|
* B4's immutability guard. It reads from the package-bundled rules
|
|
@@ -80,10 +80,18 @@ export function loadAllRules() {
|
|
|
80
80
|
* copy at ~/.sunaiva/rules.json — so a user cannot circumvent the
|
|
81
81
|
* guard by hand-editing their config.
|
|
82
82
|
*
|
|
83
|
+
* v1.1.4: the tier field is authoritative; enforcement field kept for backward compat.
|
|
84
|
+
*
|
|
83
85
|
* Cached via loadAllRules().
|
|
84
86
|
*/
|
|
85
87
|
export function loadConstitutionalRulesOnly() {
|
|
86
|
-
return loadAllRules().filter((r) => r &&
|
|
88
|
+
return loadAllRules().filter((r) => r &&
|
|
89
|
+
(r.tier === "constitutional" ||
|
|
90
|
+
r.enforcement === "constitutional" ||
|
|
91
|
+
r.constitutional === true) &&
|
|
92
|
+
r.tier !== "recommended_default" &&
|
|
93
|
+
r.tier !== "premium" &&
|
|
94
|
+
r.tier !== "genesis_private");
|
|
87
95
|
}
|
|
88
96
|
/**
|
|
89
97
|
* Resolved path that loadAllRules() reads from. Exported for tests
|
|
@@ -106,8 +114,15 @@ function isLocalRule(rule, backendConfigured) {
|
|
|
106
114
|
}
|
|
107
115
|
/** Map a rule + enforcement_mode to the severity tier label. */
|
|
108
116
|
function deriveSeverity(rule) {
|
|
109
|
-
|
|
117
|
+
// Constitutional tier = HARD (immutable block)
|
|
118
|
+
if (rule.tier === "constitutional" || rule.enforcement === "constitutional")
|
|
110
119
|
return "HARD";
|
|
120
|
+
// Recommended-default rules behave like MEDIUM (on by default, disableable)
|
|
121
|
+
if (rule.tier === "recommended_default") {
|
|
122
|
+
if (rule.severity === "warn")
|
|
123
|
+
return "SOFT";
|
|
124
|
+
return "MEDIUM";
|
|
125
|
+
}
|
|
111
126
|
if (rule.severity === "warn")
|
|
112
127
|
return "SOFT";
|
|
113
128
|
// standard + block or warn-then-block
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rule-engine.js","sourceRoot":"","sources":["../../src/engine/rule-engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAC9C,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AACrC,OAAO,EAAE,aAAa,EAAE,MAAM,KAAK,CAAC;AACpC,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAEnD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAGpD,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAE1D,yEAAyE;AACzE,8EAA8E;AAC9E,2DAA2D;AAC3D,SAAS,gBAAgB;IACvB,MAAM,UAAU,GAAG;QACjB,IAAI,CAAC,SAAS,EAAE,qBAAqB,CAAC,EAAE,8CAA8C;QACtF,IAAI,CAAC,SAAS,EAAE,6BAA6B,CAAC,EAAE,iEAAiE;QACjH,IAAI,CAAC,SAAS,EAAE,wBAAwB,CAAC,EAAE,qEAAqE;KACjH,CAAC;IACF,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3B,IAAI,UAAU,CAAC,CAAC,CAAC;YAAE,OAAO,CAAC,CAAC;IAC9B,CAAC;IACD,OAAO,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,yCAAyC;AACjE,CAAC;AAED,MAAM,UAAU,GAAG,gBAAgB,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"rule-engine.js","sourceRoot":"","sources":["../../src/engine/rule-engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAC9C,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AACrC,OAAO,EAAE,aAAa,EAAE,MAAM,KAAK,CAAC;AACpC,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAEnD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAGpD,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAE1D,yEAAyE;AACzE,8EAA8E;AAC9E,2DAA2D;AAC3D,SAAS,gBAAgB;IACvB,MAAM,UAAU,GAAG;QACjB,IAAI,CAAC,SAAS,EAAE,qBAAqB,CAAC,EAAE,8CAA8C;QACtF,IAAI,CAAC,SAAS,EAAE,6BAA6B,CAAC,EAAE,iEAAiE;QACjH,IAAI,CAAC,SAAS,EAAE,wBAAwB,CAAC,EAAE,qEAAqE;KACjH,CAAC;IACF,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3B,IAAI,UAAU,CAAC,CAAC,CAAC;YAAE,OAAO,CAAC,CAAC;IAC9B,CAAC;IACD,OAAO,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,yCAAyC;AACjE,CAAC;AAED,MAAM,UAAU,GAAG,gBAAgB,EAAE,CAAC;AAsCtC,IAAI,MAAM,GAAkB,IAAI,CAAC;AAEjC,yEAAyE;AACzE,8DAA8D;AAC9D,yEAAyE;AACzE,wEAAwE;AACxE,wEAAwE;AACxE,wEAAwE;AACxE,iDAAiD;AACjD,IAAI,cAAc,GAAyB,IAAI,CAAC;AAEhD,iEAAiE;AACjE,SAAS,gBAAgB;IACvB,IAAI,CAAC,cAAc;QAAE,cAAc,GAAG,IAAI,aAAa,EAAE,CAAC;IAC1D,OAAO,cAAc,CAAC;AACxB,CAAC;AAED,iCAAiC;AACjC,MAAM,UAAU,gBAAgB,CAAC,MAA4B;IAC3D,cAAc,GAAG,MAAM,CAAC;AAC1B,CAAC;AAED,wEAAwE;AACxE,SAAS,mBAAmB;IAC1B,OAAO,gBAAgB,EAAE,CAAC,YAAY,EAAE,CAAC;AAC3C,CAAC;AAED,MAAM,UAAU,YAAY;IAC1B,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAC1B,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAC9C,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAW,CAAC;IACrC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,2DAA2D;QAC3D,2DAA2D;QAC3D,OAAO,CAAC,KAAK,CACX,qDAAqD,UAAU,IAAI;YACjE,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CACrD,CAAC;QACF,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,2BAA2B;IACzC,OAAO,YAAY,EAAE,CAAC,MAAM,CAC1B,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC;QACD,CAAC,CAAC,CAAC,IAAI,KAAK,gBAAgB;YAC1B,CAAC,CAAC,WAAW,KAAK,gBAAgB;YAClC,CAAC,CAAC,cAAc,KAAK,IAAI,CAAC;QAC5B,CAAC,CAAC,IAAI,KAAK,qBAAqB;QAChC,CAAC,CAAC,IAAI,KAAK,SAAS;QACpB,CAAC,CAAC,IAAI,KAAK,iBAAiB,CAC/B,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,oBAAoB;IAClC,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,MAAkB;IAC/C,MAAM,GAAG,GAAG,YAAY,EAAE,CAAC;IAC3B,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AAC/D,CAAC;AAED,2DAA2D;AAC3D,SAAS,WAAW,CAAC,IAAU,EAAE,iBAA0B;IACzD,IAAI,CAAC,IAAI,CAAC,gBAAgB;QAAE,OAAO,IAAI,CAAC;IACxC,2EAA2E;IAC3E,4EAA4E;IAC5E,OAAO,iBAAiB,CAAC;AAC3B,CAAC;AAED,gEAAgE;AAChE,SAAS,cAAc,CAAC,IAAU;IAChC,+CAA+C;IAC/C,IAAI,IAAI,CAAC,IAAI,KAAK,gBAAgB,IAAI,IAAI,CAAC,WAAW,KAAK,gBAAgB;QAAE,OAAO,MAAM,CAAC;IAC3F,4EAA4E;IAC5E,IAAI,IAAI,CAAC,IAAI,KAAK,qBAAqB,EAAE,CAAC;QACxC,IAAI,IAAI,CAAC,QAAQ,KAAK,MAAM;YAAE,OAAO,MAAM,CAAC;QAC5C,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,IAAI,IAAI,CAAC,QAAQ,KAAK,MAAM;QAAE,OAAO,MAAM,CAAC;IAC5C,sCAAsC;IACtC,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,cAAc,CAC5B,MAAc,EACd,MAAkB,EAClB,aAAkC,EAClC,OAAgB;IAEhB,MAAM,WAAW,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;IAC3C,MAAM,QAAQ,GAAG,OAAO,CAAC,CAAC,CAAC,GAAG,MAAM,IAAI,OAAO,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;IAE3D,MAAM,UAAU,GAAW,EAAE,CAAC;IAC9B,MAAM,QAAQ,GAAW,EAAE,CAAC;IAC5B,MAAM,gBAAgB,GAAa,EAAE,CAAC;IACtC,MAAM,cAAc,GAAa,EAAE,CAAC;IAEpC,mEAAmE;IACnE,sEAAsE;IACtE,uEAAuE;IACvE,wEAAwE;IACxE,kEAAkE;IAClE,MAAM,iBAAiB,GAAG,KAAK,CAAC;IAEhC,IAAI,WAAW,GAAwB,IAAI,CAAC;IAC5C,MAAM,YAAY,GAAG,CAAC,CAAe,EAAE,EAAE;QACvC,IAAI,WAAW,KAAK,IAAI;YAAE,WAAW,GAAG,CAAC,CAAC;aACrC,IAAI,CAAC,KAAK,MAAM;YAAE,WAAW,GAAG,MAAM,CAAC;aACvC,IAAI,CAAC,KAAK,QAAQ,IAAI,WAAW,KAAK,MAAM;YAAE,WAAW,GAAG,QAAQ,CAAC;IAC5E,CAAC,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,iBAAiB,CAAC,EAAE,CAAC;YAC1C,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC7B,SAAS;QACX,CAAC;QACD,MAAM,MAAM,GAAG,WAAW,CAAC,QAAQ,EAAE,IAAI,CAAC,iBAAiB,CAAC,CAAC;QAC7D,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,SAAS;QAE9B,MAAM,IAAI,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;QAClC,YAAY,CAAC,IAAI,CAAC,CAAC;QAEnB,IAAI,IAAI,CAAC,WAAW,KAAK,gBAAgB,EAAE,CAAC;YAC1C,sDAAsD;YACtD,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtB,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjC,CAAC;aAAM,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;YAC3B,mDAAmD;YACnD,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtB,CAAC;aAAM,CAAC;YACN,qDAAqD;YACrD,MAAM,KAAK,GAAG,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;YAC9C,IAAI,MAAM,CAAC,gBAAgB,KAAK,WAAW,IAAI,MAAM,CAAC,gBAAgB,KAAK,OAAO,EAAE,CAAC;gBACnF,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACpB,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACjC,CAAC;iBAAM,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;gBACvB,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtB,CAAC;iBAAM,CAAC;gBACN,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACtB,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,KAAK,CAAC,CAAC;IACxC,OAAO;QACL,OAAO;QACP,UAAU;QACV,QAAQ;QACR,aAAa,EAAE,WAAW;QAC1B,kBAAkB,EAAE,gBAAgB;QACpC,eAAe,EAAE,cAAc;KAChC,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,MAAc,EACd,MAAkB,EAClB,aAAkC,EAClC,OAAgB;IAEhB,MAAM,IAAI,GAAG,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,OAAO,CAAC,CAAC;IAEpE,+DAA+D;IAC/D,MAAM,WAAW,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;IAC3C,MAAM,YAAY,GAAG,WAAW,CAAC,MAAM,CACrC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,gBAAgB,KAAK,IAAI,IAAI,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAC1E,CAAC;IAEF,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAE3C,MAAM,QAAQ,GAAG,OAAO,CAAC,CAAC,CAAC,GAAG,MAAM,IAAI,OAAO,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;IAC3D,MAAM,MAAM,GAAG,gBAAgB,EAAE,CAAC;IAClC,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,QAAQ,CACvC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAC7B,QAAQ,EACR,EAAE,cAAc,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CACzC,CAAC;IAEF,mEAAmE;IACnE,oEAAoE;IACpE,MAAM,UAAU,GAAW,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;IAChD,MAAM,QAAQ,GAAW,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC5C,MAAM,gBAAgB,GAAa,CAAC,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC;IAChE,IAAI,WAAW,GAAwB,IAAI,CAAC,aAAa,CAAC;IAE1D,MAAM,IAAI,GAAG,CAAC,CAAe,EAAE,EAAE;QAC/B,IAAI,WAAW,KAAK,IAAI;YAAE,WAAW,GAAG,CAAC,CAAC;aACrC,IAAI,CAAC,KAAK,MAAM;YAAE,WAAW,GAAG,MAAM,CAAC;aACvC,IAAI,CAAC,KAAK,QAAQ,IAAI,WAAW,KAAK,MAAM;YAAE,WAAW,GAAG,QAAQ,CAAC;IAC5E,CAAC,CAAC;IAEF,KAAK,MAAM,CAAC,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;QACpC,IAAI,CAAC,CAAC,CAAC,OAAO;YAAE,SAAS;QACzB,MAAM,IAAI,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC;QAC1D,IAAI,CAAC,IAAI;YAAE,SAAS;QAEpB,wEAAwE;QACxE,MAAM,IAAI,GACR,IAAI,CAAC,WAAW,KAAK,gBAAgB;YACnC,CAAC,CAAC,MAAM;YACR,CAAC,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM;gBACrB,CAAC,CAAC,MAAM;gBACR,CAAC,CAAC,QAAQ,CAAC;QACjB,IAAI,CAAC,IAAI,CAAC,CAAC;QAEX,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;YACpB,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtB,CAAC;aAAM,CAAC;YACN,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtB,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAED,kEAAkE;IAClE,MAAM,cAAc,GAAG,IAAI,CAAC,eAAe,CAAC,MAAM,CAChD,CAAC,EAAE,EAAE,EAAE,CACL,CAAC,WAAW,CAAC,OAAO,CAAC,IAAI,CACvB,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,OAAO,KAAK,EAAE;QAChB,CAAC,CAAC,MAAM,KAAK,kBAAkB;QAC/B,CAAC,CAAC,MAAM,KAAK,kBAAkB;QAC/B,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CACnC,CACJ,CAAC;IAEF,kFAAkF;IAClF,MAAM,YAAY,GAAG,WAAW,CAAC,OAAO;SACrC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;SAC9C,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAEzB,iDAAiD;IACjD,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,GAAG,cAAc,EAAE,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;IAE/E,OAAO;QACL,OAAO,EAAE,UAAU,CAAC,MAAM,KAAK,CAAC;QAChC,UAAU;QACV,QAAQ;QACR,aAAa,EAAE,WAAW;QAC1B,kBAAkB,EAAE,gBAAgB;QACpC,eAAe,EAAE,YAAY;QAC7B,eAAe,EAAE,WAAW,CAAC,OAAO;KACrC,CAAC;AACJ,CAAC"}
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* emitFirstRunIfNeeded — anonymous first-install ping.
|
|
3
|
+
*
|
|
4
|
+
* Design constraints (v1.1.4):
|
|
5
|
+
* - Fires at most ONCE per install (marker file ~/.sunaiva-gate/first-run-<version>).
|
|
6
|
+
* - NEVER called from --smoke-test, --version, or --mcp-bridge paths.
|
|
7
|
+
* - Caller uses fire-and-forget: `void emitFirstRunIfNeeded(version)`.
|
|
8
|
+
* - 2s fetch timeout — never blocks gate decisions.
|
|
9
|
+
* - FAIL-OPEN: any error is swallowed. This function NEVER throws.
|
|
10
|
+
* - Kill-switch: SUNAIVA_TELEMETRY_OFF=1 suppresses the ping entirely.
|
|
11
|
+
* - Stubbed endpoint via SUNAIVA_FIRST_RUN_ENDPOINT env var.
|
|
12
|
+
* - Payload: version + os.platform() + os.release() — NO PII, NO content.
|
|
13
|
+
*/
|
|
14
|
+
/**
|
|
15
|
+
* emitFirstRunIfNeeded — fire-and-forget anonymous first-run ping.
|
|
16
|
+
*
|
|
17
|
+
* Safe to call on every MCP CallToolRequest; the marker-file guard ensures the
|
|
18
|
+
* HTTP hit only happens once. After the first call, the guard short-circuits in
|
|
19
|
+
* ~1 µs (existsSync on a warm FS cache).
|
|
20
|
+
*
|
|
21
|
+
* @param version The gate version string (e.g. "1.1.4").
|
|
22
|
+
*/
|
|
23
|
+
export declare function emitFirstRunIfNeeded(version: string): void;
|
|
24
|
+
//# sourceMappingURL=first-run.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"first-run.d.ts","sourceRoot":"","sources":["../../src/identity/first-run.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAkBH;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CA4B1D"}
|
|
@@ -0,0 +1,88 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* emitFirstRunIfNeeded — anonymous first-install ping.
|
|
3
|
+
*
|
|
4
|
+
* Design constraints (v1.1.4):
|
|
5
|
+
* - Fires at most ONCE per install (marker file ~/.sunaiva-gate/first-run-<version>).
|
|
6
|
+
* - NEVER called from --smoke-test, --version, or --mcp-bridge paths.
|
|
7
|
+
* - Caller uses fire-and-forget: `void emitFirstRunIfNeeded(version)`.
|
|
8
|
+
* - 2s fetch timeout — never blocks gate decisions.
|
|
9
|
+
* - FAIL-OPEN: any error is swallowed. This function NEVER throws.
|
|
10
|
+
* - Kill-switch: SUNAIVA_TELEMETRY_OFF=1 suppresses the ping entirely.
|
|
11
|
+
* - Stubbed endpoint via SUNAIVA_FIRST_RUN_ENDPOINT env var.
|
|
12
|
+
* - Payload: version + os.platform() + os.release() — NO PII, NO content.
|
|
13
|
+
*/
|
|
14
|
+
import { existsSync, mkdirSync, writeFileSync } from "node:fs";
|
|
15
|
+
import { homedir, platform, release } from "node:os";
|
|
16
|
+
import { join } from "node:path";
|
|
17
|
+
const MARKER_DIR = join(homedir(), ".sunaiva-gate");
|
|
18
|
+
const DEFAULT_ENDPOINT = "https://sunaivacore.io/api/telemetry/first-run";
|
|
19
|
+
const TIMEOUT_MS = 2_000;
|
|
20
|
+
/**
|
|
21
|
+
* Returns the path of the per-version first-run marker file.
|
|
22
|
+
* Using a versioned marker means each major install emits exactly once.
|
|
23
|
+
*/
|
|
24
|
+
function markerPath(version) {
|
|
25
|
+
return join(MARKER_DIR, `first-run-${version}`);
|
|
26
|
+
}
|
|
27
|
+
/**
|
|
28
|
+
* emitFirstRunIfNeeded — fire-and-forget anonymous first-run ping.
|
|
29
|
+
*
|
|
30
|
+
* Safe to call on every MCP CallToolRequest; the marker-file guard ensures the
|
|
31
|
+
* HTTP hit only happens once. After the first call, the guard short-circuits in
|
|
32
|
+
* ~1 µs (existsSync on a warm FS cache).
|
|
33
|
+
*
|
|
34
|
+
* @param version The gate version string (e.g. "1.1.4").
|
|
35
|
+
*/
|
|
36
|
+
export function emitFirstRunIfNeeded(version) {
|
|
37
|
+
// Kill-switch: respect the global telemetry-off env var.
|
|
38
|
+
if (process.env.SUNAIVA_TELEMETRY_OFF === "1")
|
|
39
|
+
return;
|
|
40
|
+
// Guard: already fired for this version — fast path, no I/O beyond existsSync.
|
|
41
|
+
try {
|
|
42
|
+
if (existsSync(markerPath(version)))
|
|
43
|
+
return;
|
|
44
|
+
}
|
|
45
|
+
catch {
|
|
46
|
+
// If we cannot read the FS, skip silently (fail-open).
|
|
47
|
+
return;
|
|
48
|
+
}
|
|
49
|
+
// Write the marker first so concurrent calls (e.g. burst of tool requests)
|
|
50
|
+
// do not race and emit duplicate pings.
|
|
51
|
+
try {
|
|
52
|
+
if (!existsSync(MARKER_DIR)) {
|
|
53
|
+
mkdirSync(MARKER_DIR, { recursive: true });
|
|
54
|
+
}
|
|
55
|
+
writeFileSync(markerPath(version), new Date().toISOString(), "utf-8");
|
|
56
|
+
}
|
|
57
|
+
catch {
|
|
58
|
+
// Marker write failed — skip the ping so we don't hammer the endpoint.
|
|
59
|
+
return;
|
|
60
|
+
}
|
|
61
|
+
// Fire-and-forget: do NOT await. Any error is swallowed.
|
|
62
|
+
void _send(version).catch(() => {
|
|
63
|
+
/* fail-open */
|
|
64
|
+
});
|
|
65
|
+
}
|
|
66
|
+
async function _send(version) {
|
|
67
|
+
const endpoint = process.env.SUNAIVA_FIRST_RUN_ENDPOINT ?? DEFAULT_ENDPOINT;
|
|
68
|
+
const payload = {
|
|
69
|
+
gate_version: version,
|
|
70
|
+
os_platform: platform(),
|
|
71
|
+
os_release: release(),
|
|
72
|
+
ts: new Date().toISOString(),
|
|
73
|
+
};
|
|
74
|
+
const controller = new AbortController();
|
|
75
|
+
const timer = setTimeout(() => controller.abort(), TIMEOUT_MS);
|
|
76
|
+
try {
|
|
77
|
+
await fetch(endpoint, {
|
|
78
|
+
method: "POST",
|
|
79
|
+
headers: { "Content-Type": "application/json" },
|
|
80
|
+
body: JSON.stringify(payload),
|
|
81
|
+
signal: controller.signal,
|
|
82
|
+
});
|
|
83
|
+
}
|
|
84
|
+
finally {
|
|
85
|
+
clearTimeout(timer);
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
//# sourceMappingURL=first-run.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"first-run.js","sourceRoot":"","sources":["../../src/identity/first-run.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC/D,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AACrD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,eAAe,CAAC,CAAC;AACpD,MAAM,gBAAgB,GAAG,gDAAgD,CAAC;AAC1E,MAAM,UAAU,GAAG,KAAK,CAAC;AAEzB;;;GAGG;AACH,SAAS,UAAU,CAAC,OAAe;IACjC,OAAO,IAAI,CAAC,UAAU,EAAE,aAAa,OAAO,EAAE,CAAC,CAAC;AAClD,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,oBAAoB,CAAC,OAAe;IAClD,yDAAyD;IACzD,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,KAAK,GAAG;QAAE,OAAO;IAEtD,+EAA+E;IAC/E,IAAI,CAAC;QACH,IAAI,UAAU,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YAAE,OAAO;IAC9C,CAAC;IAAC,MAAM,CAAC;QACP,uDAAuD;QACvD,OAAO;IACT,CAAC;IAED,2EAA2E;IAC3E,wCAAwC;IACxC,IAAI,CAAC;QACH,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC5B,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7C,CAAC;QACD,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,OAAO,CAAC,CAAC;IACxE,CAAC;IAAC,MAAM,CAAC;QACP,uEAAuE;QACvE,OAAO;IACT,CAAC;IAED,yDAAyD;IACzD,KAAK,KAAK,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;QAC7B,eAAe;IACjB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,KAAK,CAAC,OAAe;IAClC,MAAM,QAAQ,GACZ,OAAO,CAAC,GAAG,CAAC,0BAA0B,IAAI,gBAAgB,CAAC;IAE7D,MAAM,OAAO,GAAG;QACd,YAAY,EAAE,OAAO;QACrB,WAAW,EAAE,QAAQ,EAAE;QACvB,UAAU,EAAE,OAAO,EAAE;QACrB,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KAC7B,CAAC;IAEF,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,UAAU,CAAC,CAAC;IAE/D,IAAI,CAAC;QACH,MAAM,KAAK,CAAC,QAAQ,EAAE;YACpB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;YAC7B,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC,CAAC;IACL,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* First-run nudge — opt-in registration prompt.
|
|
3
|
+
*
|
|
4
|
+
* Design constraints (v1.1.4):
|
|
5
|
+
* - CORE gate is FREE and NEVER email-gated. Gating the critical path = lockout class.
|
|
6
|
+
* - Email is captured at the VALUE layer (live rule feed, Shield-of-Health dashboard).
|
|
7
|
+
* - Nudge is skippable via SUNAIVA_NUDGE_OFF=1.
|
|
8
|
+
* - Nudge fires at most once per install (presence of ~/.sunaiva-gate/registered marker).
|
|
9
|
+
* - FAIL-OPEN: any error in this module must not surface to the caller.
|
|
10
|
+
*/
|
|
11
|
+
/**
|
|
12
|
+
* Returns true if the registration marker exists (user has already seen the nudge).
|
|
13
|
+
*/
|
|
14
|
+
export declare function isNudgeComplete(): boolean;
|
|
15
|
+
/**
|
|
16
|
+
* Writes the registration marker so the nudge does not fire again.
|
|
17
|
+
* Fail-open on any error.
|
|
18
|
+
*/
|
|
19
|
+
export declare function markNudgeComplete(): void;
|
|
20
|
+
/**
|
|
21
|
+
* maybeShowNudge — print a friendly one-time registration prompt if:
|
|
22
|
+
* 1. SUNAIVA_NUDGE_OFF=1 is NOT set
|
|
23
|
+
* 2. The registered marker does not exist
|
|
24
|
+
* 3. stdout is a TTY (not piped — avoids polluting JSON output)
|
|
25
|
+
*
|
|
26
|
+
* FAIL-OPEN: any error is swallowed. This function NEVER throws.
|
|
27
|
+
*/
|
|
28
|
+
export declare function maybeShowNudge(): void;
|
|
29
|
+
//# sourceMappingURL=nudge.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"nudge.d.ts","sourceRoot":"","sources":["../../src/identity/nudge.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AASH;;GAEG;AACH,wBAAgB,eAAe,IAAI,OAAO,CAMzC;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,IAAI,IAAI,CASxC;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,IAAI,IAAI,CAuBrC"}
|