npm - @theokit/sdk - Versions diffs - 2.4.0 → 2.5.0 - Mend

@theokit/sdk 2.4.0 → 2.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (36) hide show

package/CHANGELOG.md +16 -0
package/dist/eval.cjs +192 -16
package/dist/eval.cjs.map +1 -1
package/dist/eval.d.cts +2 -0
package/dist/eval.d.ts +2 -0
package/dist/eval.js +191 -18
package/dist/eval.js.map +1 -1
package/dist/index.cjs +31 -8
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +40 -5
package/dist/index.d.ts +40 -5
package/dist/index.js +31 -9
package/dist/index.js.map +1 -1
package/dist/internal/eval/code-runner.d.ts +28 -0
package/dist/internal/persistence/index.cjs +68 -0
package/dist/internal/persistence/index.cjs.map +1 -1
package/dist/internal/persistence/index.d.cts +1 -0
package/dist/internal/persistence/index.d.ts +1 -0
package/dist/internal/persistence/index.js +65 -1
package/dist/internal/persistence/index.js.map +1 -1
package/dist/internal/persistence/jsonl.d.cts +34 -0
package/dist/internal/persistence/jsonl.d.ts +34 -0
package/dist/permission-engine.d.ts +12 -4
package/dist/sandbox/index.cjs +71 -1
package/dist/sandbox/index.cjs.map +1 -1
package/dist/sandbox/index.d.cts +1 -0
package/dist/sandbox/index.d.ts +1 -0
package/dist/sandbox/index.js +70 -2
package/dist/sandbox/index.js.map +1 -1
package/dist/sandbox/provision.d.cts +53 -0
package/dist/sandbox/provision.d.ts +53 -0
package/dist/sandbox/shell-escape.d.cts +8 -0
package/dist/sandbox/shell-escape.d.ts +8 -0
package/dist/scorers.d.ts +19 -1
package/dist/types/eval.d.ts +71 -0
package/package.json +14 -14

package/dist/index.cjs CHANGED Viewed

@@ -18715,25 +18715,47 @@ async function migrateSqliteToLance2(options) {
 // src/permission-engine.ts
 var PermissionEngine = class {
-  constructor(rules) {
+  constructor(rules, options = {}) {
     this.rules = rules;
+    this.defaultAction = options.defaultAction ?? "allow";
   }
   rules;
+  defaultAction;
   /**
-   * Evaluate a tool name against the rules. First match wins; default "allow".
+   * Evaluate a tool name against the rules. First match wins; falls back to the
+   * configured `defaultAction` (default `"allow"`) when no rule matches.
    */
   evaluate(toolName) {
     for (const rule of this.rules) {
-      if (typeof rule.tool === "string") {
-        if (rule.tool === toolName) return rule.action;
-      } else {
-        if (rule.tool.test(toolName)) return rule.action;
-      }
+      const matches = typeof rule.tool === "string" ? rule.tool === toolName : rule.tool.test(toolName);
+      if (matches) return rule.action;
     }
-    return "allow";
+    return this.defaultAction;
   }
 };
+// src/permission-plugin.ts
+function createPermissionPlugin(engine, opts = {}) {
+  return definePlugin({
+    name: opts.name ?? "permission-engine",
+    version: "1.0.0",
+    kind: "general",
+    register(ctx) {
+      ctx.on("pre_tool_call", (rawCtx) => {
+        const { name } = rawCtx;
+        const action = engine.evaluate(name);
+        if (action === "deny") {
+          return { block: true, message: `denied by permission engine: ${name}` };
+        }
+        if (action === "ask") {
+          return opts.onAsk ? opts.onAsk(name) : { block: true, message: `requires approval: ${name}` };
+        }
+        return void 0;
+      });
+    }
+  });
+}
 // src/security.ts
 init_security();
 var Security = class {
@@ -19523,6 +19545,7 @@ exports.computeCost = computeCost;
 exports.createAgentFactory = createAgentFactory;
 exports.createCounterBudgetTracker = createCounterBudgetTracker;
 exports.createNoopMemoryProvider = createNoopMemoryProvider;
+exports.createPermissionPlugin = createPermissionPlugin;
 exports.createSquad = createSquad;
 exports.definePlugin = definePlugin;
 exports.defineProvider = defineProvider;