@theokit/sdk 2.4.0 → 2.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (43) hide show
  1. package/CHANGELOG.md +22 -0
  2. package/README.md +4 -0
  3. package/dist/eval.cjs +192 -16
  4. package/dist/eval.cjs.map +1 -1
  5. package/dist/eval.d.cts +2 -0
  6. package/dist/eval.d.ts +2 -0
  7. package/dist/eval.js +191 -18
  8. package/dist/eval.js.map +1 -1
  9. package/dist/index.cjs +31 -8
  10. package/dist/index.cjs.map +1 -1
  11. package/dist/index.d.cts +40 -5
  12. package/dist/index.d.ts +40 -5
  13. package/dist/index.js +31 -9
  14. package/dist/index.js.map +1 -1
  15. package/dist/internal/eval/code-runner.d.ts +28 -0
  16. package/dist/internal/persistence/index.cjs +68 -0
  17. package/dist/internal/persistence/index.cjs.map +1 -1
  18. package/dist/internal/persistence/index.d.cts +1 -0
  19. package/dist/internal/persistence/index.d.ts +1 -0
  20. package/dist/internal/persistence/index.js +65 -1
  21. package/dist/internal/persistence/index.js.map +1 -1
  22. package/dist/internal/persistence/jsonl.d.cts +34 -0
  23. package/dist/internal/persistence/jsonl.d.ts +34 -0
  24. package/dist/permission-engine.d.ts +12 -4
  25. package/dist/persistence.cjs +318 -0
  26. package/dist/persistence.cjs.map +1 -0
  27. package/dist/persistence.d.cts +24 -0
  28. package/dist/persistence.d.ts +24 -0
  29. package/dist/persistence.js +306 -0
  30. package/dist/persistence.js.map +1 -0
  31. package/dist/sandbox/index.cjs +71 -1
  32. package/dist/sandbox/index.cjs.map +1 -1
  33. package/dist/sandbox/index.d.cts +1 -0
  34. package/dist/sandbox/index.d.ts +1 -0
  35. package/dist/sandbox/index.js +70 -2
  36. package/dist/sandbox/index.js.map +1 -1
  37. package/dist/sandbox/provision.d.cts +53 -0
  38. package/dist/sandbox/provision.d.ts +53 -0
  39. package/dist/sandbox/shell-escape.d.cts +8 -0
  40. package/dist/sandbox/shell-escape.d.ts +8 -0
  41. package/dist/scorers.d.ts +19 -1
  42. package/dist/types/eval.d.ts +71 -0
  43. package/package.json +11 -1
package/dist/index.cjs CHANGED
@@ -18715,25 +18715,47 @@ async function migrateSqliteToLance2(options) {
18715
18715
 
18716
18716
  // src/permission-engine.ts
18717
18717
  var PermissionEngine = class {
18718
- constructor(rules) {
18718
+ constructor(rules, options = {}) {
18719
18719
  this.rules = rules;
18720
+ this.defaultAction = options.defaultAction ?? "allow";
18720
18721
  }
18721
18722
  rules;
18723
+ defaultAction;
18722
18724
  /**
18723
- * Evaluate a tool name against the rules. First match wins; default "allow".
18725
+ * Evaluate a tool name against the rules. First match wins; falls back to the
18726
+ * configured `defaultAction` (default `"allow"`) when no rule matches.
18724
18727
  */
18725
18728
  evaluate(toolName) {
18726
18729
  for (const rule of this.rules) {
18727
- if (typeof rule.tool === "string") {
18728
- if (rule.tool === toolName) return rule.action;
18729
- } else {
18730
- if (rule.tool.test(toolName)) return rule.action;
18731
- }
18730
+ const matches = typeof rule.tool === "string" ? rule.tool === toolName : rule.tool.test(toolName);
18731
+ if (matches) return rule.action;
18732
18732
  }
18733
- return "allow";
18733
+ return this.defaultAction;
18734
18734
  }
18735
18735
  };
18736
18736
 
18737
+ // src/permission-plugin.ts
18738
+ function createPermissionPlugin(engine, opts = {}) {
18739
+ return definePlugin({
18740
+ name: opts.name ?? "permission-engine",
18741
+ version: "1.0.0",
18742
+ kind: "general",
18743
+ register(ctx) {
18744
+ ctx.on("pre_tool_call", (rawCtx) => {
18745
+ const { name } = rawCtx;
18746
+ const action = engine.evaluate(name);
18747
+ if (action === "deny") {
18748
+ return { block: true, message: `denied by permission engine: ${name}` };
18749
+ }
18750
+ if (action === "ask") {
18751
+ return opts.onAsk ? opts.onAsk(name) : { block: true, message: `requires approval: ${name}` };
18752
+ }
18753
+ return void 0;
18754
+ });
18755
+ }
18756
+ });
18757
+ }
18758
+
18737
18759
  // src/security.ts
18738
18760
  init_security();
18739
18761
  var Security = class {
@@ -19523,6 +19545,7 @@ exports.computeCost = computeCost;
19523
19545
  exports.createAgentFactory = createAgentFactory;
19524
19546
  exports.createCounterBudgetTracker = createCounterBudgetTracker;
19525
19547
  exports.createNoopMemoryProvider = createNoopMemoryProvider;
19548
+ exports.createPermissionPlugin = createPermissionPlugin;
19526
19549
  exports.createSquad = createSquad;
19527
19550
  exports.definePlugin = definePlugin;
19528
19551
  exports.defineProvider = defineProvider;