@vainplex/openclaw-governance 0.1.0

package/dist/src/hooks.js

@@ -0,0 +1,198 @@
+import { extractAgentId, getCurrentTime } from "./util.js";
+function buildToolEvalContext(event, hookCtx, config, engine) {
+    const agentId = extractAgentId(hookCtx.sessionKey, hookCtx.agentId);
+    const trust = engine.getTrust(agentId);
+    const trustData = "score" in trust
+        ? { score: trust.score, tier: trust.tier }
+        : { score: 10, tier: "untrusted" };
+    return {
+        hook: "before_tool_call",
+        agentId,
+        sessionKey: hookCtx.sessionKey ?? `agent:${agentId}`,
+        toolName: event.toolName,
+        toolParams: event.params,
+        timestamp: Date.now(),
+        time: getCurrentTime(config.timezone),
+        trust: trustData,
+    };
+}
+function buildMessageEvalContext(event, hookCtx, config, engine) {
+    const agentId = "main"; // message context doesn't always have agentId
+    const trust = engine.getTrust(agentId);
+    const trustData = "score" in trust
+        ? { score: trust.score, tier: trust.tier }
+        : { score: 10, tier: "untrusted" };
+    return {
+        hook: "message_sending",
+        agentId,
+        sessionKey: `agent:${agentId}`,
+        channel: hookCtx.channelId,
+        messageContent: event.content,
+        messageTo: event.to,
+        timestamp: Date.now(),
+        time: getCurrentTime(config.timezone),
+        trust: trustData,
+        metadata: event.metadata,
+    };
+}
+function handleBeforeToolCall(engine, config) {
+    return async (event, hookCtx) => {
+        try {
+            const ev = event;
+            const ctx = hookCtx;
+            const evalCtx = buildToolEvalContext(ev, ctx, config, engine);
+            const verdict = await engine.evaluate(evalCtx);
+            if (verdict.action === "deny") {
+                return { block: true, blockReason: verdict.reason };
+            }
+            return undefined;
+        }
+        catch (e) {
+            const msg = e instanceof Error ? e.message : String(e);
+            if (config.failMode === "closed") {
+                return {
+                    block: true,
+                    blockReason: `Governance error (fail-closed): ${msg}`,
+                };
+            }
+            return undefined;
+        }
+    };
+}
+function handleMessageSending(engine, config) {
+    return async (event, hookCtx) => {
+        try {
+            const ev = event;
+            const ctx = hookCtx;
+            const evalCtx = buildMessageEvalContext(ev, ctx, config, engine);
+            const verdict = await engine.evaluate(evalCtx);
+            if (verdict.action === "deny") {
+                return { cancel: true };
+            }
+            return undefined;
+        }
+        catch {
+            return undefined;
+        }
+    };
+}
+function handleAfterToolCall(engine) {
+    return (event, hookCtx) => {
+        try {
+            const ev = event;
+            const ctx = hookCtx;
+            const agentId = extractAgentId(ctx.sessionKey, ctx.agentId);
+            const success = !ev.error;
+            engine.recordOutcome(agentId, ev.toolName, success);
+            // Detect sub-agent spawn
+            if (ev.toolName === "sessions_spawn" &&
+                success &&
+                ev.result &&
+                typeof ev.result === "object") {
+                const result = ev.result;
+                const childSessionId = result["sessionId"] ?? result["sessionKey"];
+                if (typeof childSessionId === "string" && ctx.sessionKey) {
+                    engine.registerSubAgent(ctx.sessionKey, childSessionId);
+                }
+            }
+        }
+        catch {
+            // Don't break on after_tool_call errors
+        }
+    };
+}
+function handleBeforeAgentStart(engine, _config) {
+    return (_event, hookCtx) => {
+        try {
+            const ctx = hookCtx;
+            const agentId = extractAgentId(ctx.sessionKey, ctx.agentId);
+            const trust = engine.getTrust(agentId);
+            if (!("score" in trust))
+                return undefined;
+            const status = engine.getStatus();
+            const context = [
+                `\n[Governance] Trust: ${trust.tier} (${trust.score}/100)`,
+                `Policies: ${status.policyCount} active`,
+                status.failMode === "closed" ? "Mode: fail-closed" : "",
+            ]
+                .filter(Boolean)
+                .join(" | ");
+            return { prependContext: context };
+        }
+        catch {
+            return undefined;
+        }
+    };
+}
+function handleSessionStart(engine) {
+    return (_event, hookCtx) => {
+        try {
+            const ctx = hookCtx;
+            const agentId = extractAgentId(undefined, ctx.agentId);
+            // Ensure trust state is initialized for this agent
+            engine.getTrust(agentId);
+        }
+        catch {
+            // Don't break on session_start errors
+        }
+    };
+}
+function handleGatewayStart(engine) {
+    return () => {
+        // Engine should already be started via service, but this is a safety net
+        engine.getStatus();
+    };
+}
+function handleGatewayStop(engine) {
+    return async () => {
+        await engine.stop();
+    };
+}
+function registerCommands(api, engine) {
+    const commands = [
+        {
+            name: "governance",
+            description: "Show governance engine status",
+            handler: () => {
+                const status = engine.getStatus();
+                return {
+                    text: [
+                        "🛡️ **Governance Engine**",
+                        `Enabled: ${status.enabled}`,
+                        `Policies: ${status.policyCount}`,
+                        `Trust: ${status.trustEnabled ? "enabled" : "disabled"}`,
+                        `Audit: ${status.auditEnabled ? "enabled" : "disabled"}`,
+                        `Fail mode: ${status.failMode}`,
+                        `Evaluations: ${status.stats.totalEvaluations} (${status.stats.allowCount} allow, ${status.stats.denyCount} deny, ${status.stats.errorCount} errors)`,
+                        `Avg latency: ${Math.round(status.stats.avgEvaluationUs)}μs`,
+                    ].join("\n"),
+                };
+            },
+        },
+    ];
+    for (const cmd of commands) {
+        api.registerCommand(cmd);
+    }
+}
+export function registerGovernanceHooks(api, engine, config) {
+    // Primary enforcement
+    api.on("before_tool_call", handleBeforeToolCall(engine, config), {
+        priority: 1000,
+    });
+    api.on("message_sending", handleMessageSending(engine, config), {
+        priority: 1000,
+    });
+    // Trust feedback
+    api.on("after_tool_call", handleAfterToolCall(engine), { priority: 900 });
+    // Context injection
+    api.on("before_agent_start", handleBeforeAgentStart(engine, config), {
+        priority: 5,
+    });
+    // Lifecycle
+    api.on("session_start", handleSessionStart(engine), { priority: 1 });
+    api.on("gateway_start", handleGatewayStart(engine), { priority: 1 });
+    api.on("gateway_stop", handleGatewayStop(engine), { priority: 999 });
+    // Commands
+    registerCommands(api, engine);
+}
+//# sourceMappingURL=hooks.js.map

package/dist/src/hooks.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hooks.js","sourceRoot":"","sources":["../../src/hooks.ts"],"names":[],"mappings":"AAgBA,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAE3D,SAAS,oBAAoB,CAC3B,KAA8B,EAC9B,OAAwB,EACxB,MAAwB,EACxB,MAAwB;IAExB,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IACpE,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IACvC,MAAM,SAAS,GAAG,OAAO,IAAI,KAAK;QAChC,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE;QAC1C,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,WAAoB,EAAE,CAAC;IAE9C,OAAO;QACL,IAAI,EAAE,kBAA2B;QACjC,OAAO;QACP,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,SAAS,OAAO,EAAE;QACpD,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,UAAU,EAAE,KAAK,CAAC,MAAM;QACxB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;QACrB,IAAI,EAAE,cAAc,CAAC,MAAM,CAAC,QAAQ,CAAC;QACrC,KAAK,EAAE,SAAS;KACjB,CAAC;AACJ,CAAC;AAED,SAAS,uBAAuB,CAC9B,KAA8B,EAC9B,OAA2B,EAC3B,MAAwB,EACxB,MAAwB;IAExB,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,8CAA8C;IACtE,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IACvC,MAAM,SAAS,GAAG,OAAO,IAAI,KAAK;QAChC,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE;QAC1C,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,WAAoB,EAAE,CAAC;IAE9C,OAAO;QACL,IAAI,EAAE,iBAA0B;QAChC,OAAO;QACP,UAAU,EAAE,SAAS,OAAO,EAAE;QAC9B,OAAO,EAAE,OAAO,CAAC,SAAS;QAC1B,cAAc,EAAE,KAAK,CAAC,OAAO;QAC7B,SAAS,EAAE,KAAK,CAAC,EAAE;QACnB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;QACrB,IAAI,EAAE,cAAc,CAAC,MAAM,CAAC,QAAQ,CAAC;QACrC,KAAK,EAAE,SAAS;QAChB,QAAQ,EAAE,KAAK,CAAC,QAA+C;KAChE,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAC3B,MAAwB,EACxB,MAAwB;IAExB,OAAO,KAAK,EACV,KAAc,EACd,OAAgB,EAC+B,EAAE;QACjD,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,KAAgC,CAAC;YAC5C,MAAM,GAAG,GAAG,OAA0B,CAAC;YACvC,MAAM,OAAO,GAAG,oBAAoB,CAAC,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;YAC9D,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAE/C,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC;YACtD,CAAC;YACD,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACvD,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBACjC,OAAO;oBACL,KAAK,EAAE,IAAI;oBACX,WAAW,EAAE,mCAAmC,GAAG,EAAE;iBACtD,CAAC;YACJ,CAAC;YACD,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAC3B,MAAwB,EACxB,MAAwB;IAExB,OAAO,KAAK,EACV,KAAc,EACd,OAAgB,EAC+B,EAAE;QACjD,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,KAAgC,CAAC;YAC5C,MAAM,GAAG,GAAG,OAA6B,CAAC;YAC1C,MAAM,OAAO,GAAG,uBAAuB,CAAC,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;YACjE,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAE/C,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC9B,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;YAC1B,CAAC;YACD,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAAC,MAAwB;IACnD,OAAO,CAAC,KAAc,EAAE,OAAgB,EAAQ,EAAE;QAChD,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,KAA+B,CAAC;YAC3C,MAAM,GAAG,GAAG,OAA0B,CAAC;YACvC,MAAM,OAAO,GAAG,cAAc,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAC5D,MAAM,OAAO,GAAG,CAAC,EAAE,CAAC,KAAK,CAAC;YAE1B,MAAM,CAAC,aAAa,CAAC,OAAO,EAAE,EAAE,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAEpD,yBAAyB;YACzB,IACE,EAAE,CAAC,QAAQ,KAAK,gBAAgB;gBAChC,OAAO;gBACP,EAAE,CAAC,MAAM;gBACT,OAAO,EAAE,CAAC,MAAM,KAAK,QAAQ,EAC7B,CAAC;gBACD,MAAM,MAAM,GAAG,EAAE,CAAC,MAAiC,CAAC;gBACpD,MAAM,cAAc,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC;gBACnE,IAAI,OAAO,cAAc,KAAK,QAAQ,IAAI,GAAG,CAAC,UAAU,EAAE,CAAC;oBACzD,MAAM,CAAC,gBAAgB,CAAC,GAAG,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;gBAC1D,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,wCAAwC;QAC1C,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,sBAAsB,CAC7B,MAAwB,EACxB,OAAyB;IAEzB,OAAO,CACL,MAAe,EACf,OAAgB,EACwB,EAAE;QAC1C,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,OAA2B,CAAC;YACxC,MAAM,OAAO,GAAG,cAAc,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAC5D,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAEvC,IAAI,CAAC,CAAC,OAAO,IAAI,KAAK,CAAC;gBAAE,OAAO,SAAS,CAAC;YAE1C,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;YAClC,MAAM,OAAO,GAAG;gBACd,yBAAyB,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,KAAK,OAAO;gBAC1D,aAAa,MAAM,CAAC,WAAW,SAAS;gBACxC,MAAM,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,EAAE;aACxD;iBACE,MAAM,CAAC,OAAO,CAAC;iBACf,IAAI,CAAC,KAAK,CAAC,CAAC;YAEf,OAAO,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,MAAwB;IAClD,OAAO,CAAC,MAAe,EAAE,OAAgB,EAAQ,EAAE;QACjD,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,OAA6B,CAAC;YAC1C,MAAM,OAAO,GAAG,cAAc,CAAC,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YACvD,mDAAmD;YACnD,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC3B,CAAC;QAAC,MAAM,CAAC;YACP,sCAAsC;QACxC,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,MAAwB;IAClD,OAAO,GAAS,EAAE;QAChB,yEAAyE;QACzE,MAAM,CAAC,SAAS,EAAE,CAAC;IACrB,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,MAAwB;IACjD,OAAO,KAAK,IAAmB,EAAE;QAC/B,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;IACtB,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CACvB,GAAsB,EACtB,MAAwB;IAExB,MAAM,QAAQ,GAAoB;QAChC;YACE,IAAI,EAAE,YAAY;YAClB,WAAW,EAAE,+BAA+B;YAC5C,OAAO,EAAE,GAAG,EAAE;gBACZ,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;gBAClC,OAAO;oBACL,IAAI,EAAE;wBACJ,2BAA2B;wBAC3B,YAAY,MAAM,CAAC,OAAO,EAAE;wBAC5B,aAAa,MAAM,CAAC,WAAW,EAAE;wBACjC,UAAU,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU,EAAE;wBACxD,UAAU,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU,EAAE;wBACxD,cAAc,MAAM,CAAC,QAAQ,EAAE;wBAC/B,gBAAgB,MAAM,CAAC,KAAK,CAAC,gBAAgB,KAAK,MAAM,CAAC,KAAK,CAAC,UAAU,WAAW,MAAM,CAAC,KAAK,CAAC,SAAS,UAAU,MAAM,CAAC,KAAK,CAAC,UAAU,UAAU;wBACrJ,gBAAgB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,IAAI;qBAC7D,CAAC,IAAI,CAAC,IAAI,CAAC;iBACb,CAAC;YACJ,CAAC;SACF;KACF,CAAC;IAEF,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,GAAG,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;AACH,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,GAAsB,EACtB,MAAwB,EACxB,MAAwB;IAExB,sBAAsB;IACtB,GAAG,CAAC,EAAE,CAAC,kBAAkB,EAAE,oBAAoB,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE;QAC/D,QAAQ,EAAE,IAAI;KACf,CAAC,CAAC;IACH,GAAG,CAAC,EAAE,CAAC,iBAAiB,EAAE,oBAAoB,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE;QAC9D,QAAQ,EAAE,IAAI;KACf,CAAC,CAAC;IAEH,iBAAiB;IACjB,GAAG,CAAC,EAAE,CAAC,iBAAiB,EAAE,mBAAmB,CAAC,MAAM,CAAC,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC,CAAC;IAE1E,oBAAoB;IACpB,GAAG,CAAC,EAAE,CAAC,oBAAoB,EAAE,sBAAsB,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE;QACnE,QAAQ,EAAE,CAAC;KACZ,CAAC,CAAC;IAEH,YAAY;IACZ,GAAG,CAAC,EAAE,CAAC,eAAe,EAAE,kBAAkB,CAAC,MAAM,CAAC,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC,CAAC;IACrE,GAAG,CAAC,EAAE,CAAC,eAAe,EAAE,kBAAkB,CAAC,MAAM,CAAC,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC,CAAC;IACrE,GAAG,CAAC,EAAE,CAAC,cAAc,EAAE,iBAAiB,CAAC,MAAM,CAAC,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC,CAAC;IAErE,WAAW;IACX,gBAAgB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;AAChC,CAAC"}

package/dist/src/policy-evaluator.d.ts

@@ -0,0 +1,16 @@
+import type { ConditionEvaluatorMap, ConditionDeps, EvaluationContext, MatchedPolicy, Policy, RiskAssessment } from "./types.js";
+type EvalResult = {
+    action: "allow" | "deny";
+    reason: string;
+    matches: MatchedPolicy[];
+};
+export declare class PolicyEvaluator {
+    private readonly evaluators;
+    constructor(evaluators: ConditionEvaluatorMap);
+    evaluate(ctx: EvaluationContext, policies: Policy[], risk: RiskAssessment): EvalResult;
+    evaluateWithDeps(ctx: EvaluationContext, policies: Policy[], risk: RiskAssessment, deps: ConditionDeps): EvalResult;
+    private evaluateInternal;
+    private matchPolicy;
+}
+export {};
+//# sourceMappingURL=policy-evaluator.d.ts.map

package/dist/src/policy-evaluator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-evaluator.d.ts","sourceRoot":"","sources":["../../src/policy-evaluator.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,qBAAqB,EACrB,aAAa,EACb,iBAAiB,EACjB,aAAa,EACb,MAAM,EACN,cAAc,EACf,MAAM,YAAY,CAAC;AAIpB,KAAK,UAAU,GAAG;IAChB,MAAM,EAAE,OAAO,GAAG,MAAM,CAAC;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,aAAa,EAAE,CAAC;CAC1B,CAAC;AAuDF,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAwB;gBAEvC,UAAU,EAAE,qBAAqB;IAI7C,QAAQ,CACN,GAAG,EAAE,iBAAiB,EACtB,QAAQ,EAAE,MAAM,EAAE,EAClB,IAAI,EAAE,cAAc,GACnB,UAAU;IAUb,gBAAgB,CACd,GAAG,EAAE,iBAAiB,EACtB,QAAQ,EAAE,MAAM,EAAE,EAClB,IAAI,EAAE,cAAc,EACpB,IAAI,EAAE,aAAa,GAClB,UAAU;IAIb,OAAO,CAAC,gBAAgB;IAmBxB,OAAO,CAAC,WAAW;CAkBpB"}

package/dist/src/policy-evaluator.js

@@ -0,0 +1,99 @@
+import { evaluateConditions } from "./conditions/index.js";
+import { isTierAtLeast, isTierAtMost } from "./conditions/simple.js";
+function matchesScope(policy, ctx) {
+    if (policy.scope.excludeAgents?.includes(ctx.agentId))
+        return false;
+    if (policy.scope.channels && policy.scope.channels.length > 0) {
+        if (!ctx.channel || !policy.scope.channels.includes(ctx.channel)) {
+            return false;
+        }
+    }
+    return true;
+}
+function policySpecificity(policy) {
+    let score = 0;
+    if (policy.scope.agents && policy.scope.agents.length > 0)
+        score += 10;
+    if (policy.scope.channels && policy.scope.channels.length > 0)
+        score += 5;
+    if (policy.scope.hooks && policy.scope.hooks.length > 0)
+        score += 3;
+    return score;
+}
+function sortPolicies(policies) {
+    return [...policies].sort((a, b) => {
+        const priDiff = (b.priority ?? 0) - (a.priority ?? 0);
+        if (priDiff !== 0)
+            return priDiff;
+        return policySpecificity(b) - policySpecificity(a);
+    });
+}
+function aggregateMatches(matches) {
+    let hasDeny = false;
+    let denyReason = "";
+    let hasAudit = false;
+    for (const m of matches) {
+        if (m.effect.action === "deny") {
+            hasDeny = true;
+            if (!denyReason)
+                denyReason = "reason" in m.effect ? m.effect.reason : "";
+        }
+        else if (m.effect.action === "audit") {
+            hasAudit = true;
+        }
+    }
+    if (hasDeny) {
+        return { action: "deny", reason: denyReason || "Denied by governance policy", matches };
+    }
+    if (hasAudit) {
+        return { action: "allow", reason: "Allowed with audit logging", matches };
+    }
+    return {
+        action: "allow",
+        reason: matches.length > 0 ? "Allowed by governance policy" : "No matching policies",
+        matches,
+    };
+}
+export class PolicyEvaluator {
+    evaluators;
+    constructor(evaluators) {
+        this.evaluators = evaluators;
+    }
+    evaluate(ctx, policies, risk) {
+        const stubDeps = {
+            regexCache: new Map(),
+            timeWindows: {},
+            risk,
+            frequencyTracker: { record: () => { }, count: () => 0, clear: () => { } },
+        };
+        return this.evaluateInternal(ctx, policies, risk, stubDeps);
+    }
+    evaluateWithDeps(ctx, policies, risk, deps) {
+        return this.evaluateInternal(ctx, policies, risk, deps);
+    }
+    evaluateInternal(ctx, policies, risk, deps) {
+        const applicable = sortPolicies(policies.filter((p) => matchesScope(p, ctx)));
+        const matches = [];
+        for (const policy of applicable) {
+            const match = this.matchPolicy(policy, ctx, { ...deps, risk });
+            if (match)
+                matches.push(match);
+        }
+        return aggregateMatches(matches);
+    }
+    matchPolicy(policy, ctx, deps) {
+        for (const rule of policy.rules) {
+            if (rule.minTrust && !isTierAtLeast(ctx.trust.tier, rule.minTrust)) {
+                continue;
+            }
+            if (rule.maxTrust && !isTierAtMost(ctx.trust.tier, rule.maxTrust)) {
+                continue;
+            }
+            if (evaluateConditions(rule.conditions, ctx, deps, this.evaluators)) {
+                return { policyId: policy.id, ruleId: rule.id, effect: rule.effect };
+            }
+        }
+        return null;
+    }
+}
+//# sourceMappingURL=policy-evaluator.js.map

package/dist/src/policy-evaluator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-evaluator.js","sourceRoot":"","sources":["../../src/policy-evaluator.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAQrE,SAAS,YAAY,CAAC,MAAc,EAAE,GAAsB;IAC1D,IAAI,MAAM,CAAC,KAAK,CAAC,aAAa,EAAE,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC;QAAE,OAAO,KAAK,CAAC;IACpE,IAAI,MAAM,CAAC,KAAK,CAAC,QAAQ,IAAI,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9D,IAAI,CAAC,GAAG,CAAC,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YACjE,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,iBAAiB,CAAC,MAAc;IACvC,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC;QAAE,KAAK,IAAI,EAAE,CAAC;IACvE,IAAI,MAAM,CAAC,KAAK,CAAC,QAAQ,IAAI,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC;QAAE,KAAK,IAAI,CAAC,CAAC;IAC1E,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,KAAK,IAAI,CAAC,CAAC;IACpE,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,YAAY,CAAC,QAAkB;IACtC,OAAO,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACjC,MAAM,OAAO,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC;QACtD,IAAI,OAAO,KAAK,CAAC;YAAE,OAAO,OAAO,CAAC;QAClC,OAAO,iBAAiB,CAAC,CAAC,CAAC,GAAG,iBAAiB,CAAC,CAAC,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAwB;IAChD,IAAI,OAAO,GAAG,KAAK,CAAC;IACpB,IAAI,UAAU,GAAG,EAAE,CAAC;IACpB,IAAI,QAAQ,GAAG,KAAK,CAAC;IAErB,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YAC/B,OAAO,GAAG,IAAI,CAAC;YACf,IAAI,CAAC,UAAU;gBAAE,UAAU,GAAG,QAAQ,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QAC5E,CAAC;aAAM,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;YACvC,QAAQ,GAAG,IAAI,CAAC;QAClB,CAAC;IACH,CAAC;IAED,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,IAAI,6BAA6B,EAAE,OAAO,EAAE,CAAC;IAC1F,CAAC;IACD,IAAI,QAAQ,EAAE,CAAC;QACb,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,4BAA4B,EAAE,OAAO,EAAE,CAAC;IAC5E,CAAC;IACD,OAAO;QACL,MAAM,EAAE,OAAO;QACf,MAAM,EAAE,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,8BAA8B,CAAC,CAAC,CAAC,sBAAsB;QACpF,OAAO;KACR,CAAC;AACJ,CAAC;AAED,MAAM,OAAO,eAAe;IACT,UAAU,CAAwB;IAEnD,YAAY,UAAiC;QAC3C,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;IAED,QAAQ,CACN,GAAsB,EACtB,QAAkB,EAClB,IAAoB;QAEpB,MAAM,QAAQ,GAAkB;YAC9B,UAAU,EAAE,IAAI,GAAG,EAAE;YACrB,WAAW,EAAE,EAAE;YACf,IAAI;YACJ,gBAAgB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,GAAE,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC,EAAE;SACxE,CAAC;QACF,OAAO,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC9D,CAAC;IAED,gBAAgB,CACd,GAAsB,EACtB,QAAkB,EAClB,IAAoB,EACpB,IAAmB;QAEnB,OAAO,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IAC1D,CAAC;IAEO,gBAAgB,CACtB,GAAsB,EACtB,QAAkB,EAClB,IAAoB,EACpB,IAAmB;QAEnB,MAAM,UAAU,GAAG,YAAY,CAC7B,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAC7C,CAAC;QAEF,MAAM,OAAO,GAAoB,EAAE,CAAC;QACpC,KAAK,MAAM,MAAM,IAAI,UAAU,EAAE,CAAC;YAChC,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;YAC/D,IAAI,KAAK;gBAAE,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjC,CAAC;QAED,OAAO,gBAAgB,CAAC,OAAO,CAAC,CAAC;IACnC,CAAC;IAEO,WAAW,CACjB,MAAc,EACd,GAAsB,EACtB,IAAmB;QAEnB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YAChC,IAAI,IAAI,CAAC,QAAQ,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACnE,SAAS;YACX,CAAC;YACD,IAAI,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAClE,SAAS;YACX,CAAC;YACD,IAAI,kBAAkB,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;gBACpE,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC;YACvE,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}

package/dist/src/policy-loader.d.ts

@@ -0,0 +1,8 @@
+import type { BuiltinPoliciesConfig, PluginLogger, Policy, PolicyIndex } from "./types.js";
+export declare function validateRegex(pattern: string): {
+    valid: boolean;
+    error?: string;
+};
+export declare function loadPolicies(policies: Policy[], builtinConfig: BuiltinPoliciesConfig, logger: PluginLogger): Policy[];
+export declare function buildPolicyIndex(policies: Policy[]): PolicyIndex;
+//# sourceMappingURL=policy-loader.d.ts.map

package/dist/src/policy-loader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-loader.d.ts","sourceRoot":"","sources":["../../src/policy-loader.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,qBAAqB,EAGrB,YAAY,EACZ,MAAM,EAEN,WAAW,EACZ,MAAM,YAAY,CAAC;AAMpB,wBAAgB,aAAa,CAC3B,OAAO,EAAE,MAAM,GACd;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAcpC;AAwCD,wBAAgB,YAAY,CAC1B,QAAQ,EAAE,MAAM,EAAE,EAClB,aAAa,EAAE,qBAAqB,EACpC,MAAM,EAAE,YAAY,GACnB,MAAM,EAAE,CAWV;AAED,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,MAAM,EAAE,GACjB,WAAW,CA2Cb"}

package/dist/src/policy-loader.js

@@ -0,0 +1,105 @@
+import { getBuiltinPolicies } from "./builtin-policies.js";
+const NESTED_QUANTIFIER_RE = /(\+|\*|\{)\)(\+|\*|\{)/;
+const MAX_PATTERN_LENGTH = 500;
+export function validateRegex(pattern) {
+    if (pattern.length > MAX_PATTERN_LENGTH) {
+        return { valid: false, error: `Pattern exceeds ${MAX_PATTERN_LENGTH} chars` };
+    }
+    if (NESTED_QUANTIFIER_RE.test(pattern)) {
+        return { valid: false, error: "Nested quantifiers detected (ReDoS risk)" };
+    }
+    try {
+        new RegExp(pattern);
+        return { valid: true };
+    }
+    catch (e) {
+        const msg = e instanceof Error ? e.message : String(e);
+        return { valid: false, error: msg };
+    }
+}
+function collectRegexPatterns(conditions) {
+    const patterns = [];
+    for (const cond of conditions) {
+        if (cond.type === "tool" && cond.params) {
+            for (const matcher of Object.values(cond.params)) {
+                if (isMatchesMatcher(matcher)) {
+                    patterns.push(matcher.matches);
+                }
+            }
+        }
+        if (cond.type === "context") {
+            const conv = cond.conversationContains;
+            if (conv) {
+                const arr = Array.isArray(conv) ? conv : [conv];
+                patterns.push(...arr);
+            }
+            const msg = cond.messageContains;
+            if (msg) {
+                const arr = Array.isArray(msg) ? msg : [msg];
+                patterns.push(...arr);
+            }
+        }
+        if (cond.type === "any") {
+            patterns.push(...collectRegexPatterns(cond.conditions));
+        }
+        if (cond.type === "not") {
+            patterns.push(...collectRegexPatterns([cond.condition]));
+        }
+    }
+    return patterns;
+}
+function isMatchesMatcher(m) {
+    return "matches" in m;
+}
+export function loadPolicies(policies, builtinConfig, logger) {
+    const builtins = getBuiltinPolicies(builtinConfig);
+    const all = [...builtins, ...policies];
+    return all.filter((p) => {
+        if (p.enabled === false) {
+            logger.info(`[governance] Policy "${p.id}" disabled`);
+            return false;
+        }
+        return true;
+    });
+}
+export function buildPolicyIndex(policies) {
+    const byHook = new Map();
+    const byAgent = new Map();
+    const regexCache = new Map();
+    const hooks = [
+        "before_tool_call",
+        "message_sending",
+        "before_agent_start",
+        "session_start",
+    ];
+    for (const policy of policies) {
+        // Index by hook
+        const policyHooks = policy.scope.hooks ?? hooks;
+        for (const hook of policyHooks) {
+            const list = byHook.get(hook) ?? [];
+            list.push(policy);
+            byHook.set(hook, list);
+        }
+        // Index by agent
+        const agents = policy.scope.agents ?? ["*"];
+        for (const agent of agents) {
+            const list = byAgent.get(agent) ?? [];
+            list.push(policy);
+            byAgent.set(agent, list);
+        }
+        // Collect and compile regex patterns
+        for (const rule of policy.rules) {
+            const patterns = collectRegexPatterns(rule.conditions);
+            for (const pattern of patterns) {
+                if (regexCache.has(pattern))
+                    continue;
+                const validation = validateRegex(pattern);
+                if (validation.valid) {
+                    regexCache.set(pattern, new RegExp(pattern));
+                }
+            }
+        }
+    }
+    return { byHook, byAgent, regexCache };
+}
+//# sourceMappingURL=policy-loader.js.map

package/dist/src/policy-loader.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-loader.js","sourceRoot":"","sources":["../../src/policy-loader.ts"],"names":[],"mappings":"AASA,OAAO,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAE3D,MAAM,oBAAoB,GAAG,wBAAwB,CAAC;AACtD,MAAM,kBAAkB,GAAG,GAAG,CAAC;AAE/B,MAAM,UAAU,aAAa,CAC3B,OAAe;IAEf,IAAI,OAAO,CAAC,MAAM,GAAG,kBAAkB,EAAE,CAAC;QACxC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,kBAAkB,QAAQ,EAAE,CAAC;IAChF,CAAC;IACD,IAAI,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACvC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,0CAA0C,EAAE,CAAC;IAC7E,CAAC;IACD,IAAI,CAAC;QACH,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC;QACpB,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACvD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;IACtC,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,UAAuB;IACnD,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YACxC,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBACjD,IAAI,gBAAgB,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC9B,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;gBACjC,CAAC;YACH,CAAC;QACH,CAAC;QACD,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,IAAI,GAAG,IAAI,CAAC,oBAAoB,CAAC;YACvC,IAAI,IAAI,EAAE,CAAC;gBACT,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;gBAChD,QAAQ,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC;YACxB,CAAC;YACD,MAAM,GAAG,GAAG,IAAI,CAAC,eAAe,CAAC;YACjC,IAAI,GAAG,EAAE,CAAC;gBACR,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;gBAC7C,QAAQ,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;QACD,IAAI,IAAI,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;YACxB,QAAQ,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAC1D,CAAC;QACD,IAAI,IAAI,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;YACxB,QAAQ,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,gBAAgB,CACvB,CAAe;IAEf,OAAO,SAAS,IAAI,CAAC,CAAC;AACxB,CAAC;AAED,MAAM,UAAU,YAAY,CAC1B,QAAkB,EAClB,aAAoC,EACpC,MAAoB;IAEpB,MAAM,QAAQ,GAAG,kBAAkB,CAAC,aAAa,CAAC,CAAC;IACnD,MAAM,GAAG,GAAG,CAAC,GAAG,QAAQ,EAAE,GAAG,QAAQ,CAAC,CAAC;IAEvC,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;QACtB,IAAI,CAAC,CAAC,OAAO,KAAK,KAAK,EAAE,CAAC;YACxB,MAAM,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;YACtD,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,QAAkB;IAElB,MAAM,MAAM,GAAG,IAAI,GAAG,EAA4B,CAAC;IACnD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAoB,CAAC;IAC5C,MAAM,UAAU,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE7C,MAAM,KAAK,GAAqB;QAC9B,kBAAkB;QAClB,iBAAiB;QACjB,oBAAoB;QACpB,eAAe;KAChB,CAAC;IAEF,KAAK,MAAM,MAAM,IAAI,QAAQ,EAAE,CAAC;QAC9B,gBAAgB;QAChB,MAAM,WAAW,GAAG,MAAM,CAAC,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC;QAChD,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YACpC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAClB,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QACzB,CAAC;QAED,iBAAiB;QACjB,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,CAAC;QAC5C,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;YACtC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAC3B,CAAC;QAED,qCAAqC;QACrC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YAChC,MAAM,QAAQ,GAAG,oBAAoB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACvD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;gBAC/B,IAAI,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC;oBAAE,SAAS;gBACtC,MAAM,UAAU,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;gBAC1C,IAAI,UAAU,CAAC,KAAK,EAAE,CAAC;oBACrB,UAAU,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;gBAC/C,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC;AACzC,CAAC"}

package/dist/src/risk-assessor.d.ts

@@ -0,0 +1,8 @@
+import type { EvaluationContext, FrequencyTracker, RiskAssessment } from "./types.js";
+export declare class RiskAssessor {
+    private readonly overrides;
+    constructor(toolRiskOverrides: Record<string, number>);
+    assess(ctx: EvaluationContext, frequencyTracker: FrequencyTracker): RiskAssessment;
+    private computeFactors;
+}
+//# sourceMappingURL=risk-assessor.d.ts.map

package/dist/src/risk-assessor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"risk-assessor.d.ts","sourceRoot":"","sources":["../../src/risk-assessor.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,iBAAiB,EACjB,gBAAgB,EAChB,cAAc,EAGf,MAAM,YAAY,CAAC;AAqCpB,qBAAa,YAAY;IACvB,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAyB;gBAEvC,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;IAIrD,MAAM,CACJ,GAAG,EAAE,iBAAiB,EACtB,gBAAgB,EAAE,gBAAgB,GACjC,cAAc;IAQjB,OAAO,CAAC,cAAc;CAsCvB"}

package/dist/src/risk-assessor.js

@@ -0,0 +1,80 @@
+import { clamp } from "./util.js";
+const DEFAULT_TOOL_RISK = {
+    gateway: 95, cron: 90, elevated: 95,
+    exec: 70, write: 65, edit: 60,
+    sessions_spawn: 45, sessions_send: 50,
+    browser: 40, message: 40,
+    read: 10, memory_search: 5, memory_get: 5,
+    web_search: 15, web_fetch: 20, image: 10, canvas: 15,
+};
+function lookupToolRisk(toolName, overrides) {
+    if (!toolName)
+        return 30;
+    const override = overrides[toolName];
+    if (override !== undefined)
+        return override;
+    return DEFAULT_TOOL_RISK[toolName] ?? 30;
+}
+function isExternalTarget(ctx) {
+    if (ctx.messageTo)
+        return true;
+    if (!ctx.toolParams)
+        return false;
+    const host = ctx.toolParams["host"];
+    if (typeof host === "string" && host !== "sandbox")
+        return true;
+    return ctx.toolParams["elevated"] === true;
+}
+function scoreToRiskLevel(score) {
+    if (score <= 25)
+        return "low";
+    if (score <= 50)
+        return "medium";
+    if (score <= 75)
+        return "high";
+    return "critical";
+}
+export class RiskAssessor {
+    overrides;
+    constructor(toolRiskOverrides) {
+        this.overrides = toolRiskOverrides;
+    }
+    assess(ctx, frequencyTracker) {
+        const factors = this.computeFactors(ctx, frequencyTracker);
+        const total = clamp(factors.reduce((sum, f) => sum + f.value, 0), 0, 100);
+        return { level: scoreToRiskLevel(total), score: Math.round(total), factors };
+    }
+    computeFactors(ctx, frequencyTracker) {
+        const toolRaw = lookupToolRisk(ctx.toolName, this.overrides);
+        const isOff = ctx.time.hour < 8 || ctx.time.hour >= 23;
+        const recentCount = frequencyTracker.count(60, "agent", ctx.agentId, ctx.sessionKey);
+        return [
+            {
+                name: "tool_sensitivity", weight: 30,
+                value: (toolRaw / 100) * 30,
+                description: `Tool ${ctx.toolName ?? "unknown"} risk=${toolRaw}`,
+            },
+            {
+                name: "time_of_day", weight: 15,
+                value: isOff ? 15 : 0,
+                description: isOff ? "Off-hours operation" : "Business hours",
+            },
+            {
+                name: "trust_deficit", weight: 20,
+                value: ((100 - ctx.trust.score) / 100) * 20,
+                description: `Trust score ${ctx.trust.score}/100`,
+            },
+            {
+                name: "frequency", weight: 15,
+                value: Math.min(recentCount / 20, 1) * 15,
+                description: `${recentCount} actions in last 60s`,
+            },
+            {
+                name: "target_scope", weight: 20,
+                value: isExternalTarget(ctx) ? 20 : 0,
+                description: isExternalTarget(ctx) ? "External target" : "Internal target",
+            },
+        ];
+    }
+}
+//# sourceMappingURL=risk-assessor.js.map

package/dist/src/risk-assessor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"risk-assessor.js","sourceRoot":"","sources":["../../src/risk-assessor.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,KAAK,EAAE,MAAM,WAAW,CAAC;AAElC,MAAM,iBAAiB,GAA2B;IAChD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE;IACnC,IAAI,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE;IAC7B,cAAc,EAAE,EAAE,EAAE,aAAa,EAAE,EAAE;IACrC,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE;IACxB,IAAI,EAAE,EAAE,EAAE,aAAa,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC;IACzC,UAAU,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE;CACrD,CAAC;AAEF,SAAS,cAAc,CACrB,QAA4B,EAC5B,SAAiC;IAEjC,IAAI,CAAC,QAAQ;QAAE,OAAO,EAAE,CAAC;IACzB,MAAM,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;IACrC,IAAI,QAAQ,KAAK,SAAS;QAAE,OAAO,QAAQ,CAAC;IAC5C,OAAO,iBAAiB,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;AAC3C,CAAC;AAED,SAAS,gBAAgB,CAAC,GAAsB;IAC9C,IAAI,GAAG,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAC/B,IAAI,CAAC,GAAG,CAAC,UAAU;QAAE,OAAO,KAAK,CAAC;IAClC,MAAM,IAAI,GAAG,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IACpC,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IAChE,OAAO,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,KAAK,IAAI,CAAC;AAC7C,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAa;IACrC,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,KAAK,CAAC;IAC9B,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,QAAQ,CAAC;IACjC,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,MAAM,CAAC;IAC/B,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,MAAM,OAAO,YAAY;IACN,SAAS,CAAyB;IAEnD,YAAY,iBAAyC;QACnD,IAAI,CAAC,SAAS,GAAG,iBAAiB,CAAC;IACrC,CAAC;IAED,MAAM,CACJ,GAAsB,EACtB,gBAAkC;QAElC,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;QAC3D,MAAM,KAAK,GAAG,KAAK,CACjB,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,GAAG,CACrD,CAAC;QACF,OAAO,EAAE,KAAK,EAAE,gBAAgB,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,OAAO,EAAE,CAAC;IAC/E,CAAC;IAEO,cAAc,CACpB,GAAsB,EACtB,gBAAkC;QAElC,MAAM,OAAO,GAAG,cAAc,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;QAC7D,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC;QACvD,MAAM,WAAW,GAAG,gBAAgB,CAAC,KAAK,CACxC,EAAE,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,UAAU,CACzC,CAAC;QAEF,OAAO;YACL;gBACE,IAAI,EAAE,kBAAkB,EAAE,MAAM,EAAE,EAAE;gBACpC,KAAK,EAAE,CAAC,OAAO,GAAG,GAAG,CAAC,GAAG,EAAE;gBAC3B,WAAW,EAAE,QAAQ,GAAG,CAAC,QAAQ,IAAI,SAAS,SAAS,OAAO,EAAE;aACjE;YACD;gBACE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,EAAE;gBAC/B,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;gBACrB,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,gBAAgB;aAC9D;YACD;gBACE,IAAI,EAAE,eAAe,EAAE,MAAM,EAAE,EAAE;gBACjC,KAAK,EAAE,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,GAAG,EAAE;gBAC3C,WAAW,EAAE,eAAe,GAAG,CAAC,KAAK,CAAC,KAAK,MAAM;aAClD;YACD;gBACE,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,EAAE;gBAC7B,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,WAAW,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE;gBACzC,WAAW,EAAE,GAAG,WAAW,sBAAsB;aAClD;YACD;gBACE,IAAI,EAAE,cAAc,EAAE,MAAM,EAAE,EAAE;gBAChC,KAAK,EAAE,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;gBACrC,WAAW,EAAE,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,iBAAiB;aAC3E;SACF,CAAC;IACJ,CAAC;CACF"}

package/dist/src/trust-manager.d.ts

@@ -0,0 +1,29 @@
+import type { AgentTrust, PluginLogger, TrustConfig, TrustStore, TrustTier } from "./types.js";
+export declare class TrustManager {
+    private readonly config;
+    private readonly filePath;
+    private readonly logger;
+    private readonly weights;
+    private store;
+    private persistTimer;
+    private dirty;
+    constructor(config: TrustConfig, workspace: string, logger: PluginLogger);
+    load(): void;
+    private applyDecay;
+    getAgentTrust(agentId: string): AgentTrust;
+    private resolveDefault;
+    getStore(): TrustStore;
+    recordSuccess(agentId: string, reason?: string): void;
+    recordViolation(agentId: string, reason?: string): void;
+    setScore(agentId: string, score: number): void;
+    lockTier(agentId: string, tier: TrustTier): void;
+    unlockTier(agentId: string): void;
+    setFloor(agentId: string, floor: number): void;
+    resetHistory(agentId: string): void;
+    private addEvent;
+    private recalculate;
+    flush(): void;
+    startPersistence(): void;
+    stopPersistence(): void;
+}
+//# sourceMappingURL=trust-manager.d.ts.map

package/dist/src/trust-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"trust-manager.d.ts","sourceRoot":"","sources":["../../src/trust-manager.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,UAAU,EACV,YAAY,EACZ,WAAW,EAGX,UAAU,EACV,SAAS,EAEV,MAAM,YAAY,CAAC;AAuDpB,qBAAa,YAAY;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAc;IACrC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAe;IACtC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAe;IACvC,OAAO,CAAC,KAAK,CAAa;IAC1B,OAAO,CAAC,YAAY,CAA+C;IACnE,OAAO,CAAC,KAAK,CAAS;gBAEV,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY;IAQxE,IAAI,IAAI,IAAI;IAkBZ,OAAO,CAAC,UAAU;IAmBlB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,UAAU;IAW1C,OAAO,CAAC,cAAc;IAQtB,QAAQ,IAAI,UAAU;IAItB,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI;IAQrD,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI;IAQvD,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI;IAc9C,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,GAAG,IAAI;IAOhD,UAAU,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAOjC,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI;IAU9C,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAanC,OAAO,CAAC,QAAQ;IAkBhB,OAAO,CAAC,WAAW;IAanB,KAAK,IAAI,IAAI;IAiBb,gBAAgB,IAAI,IAAI;IASxB,eAAe,IAAI,IAAI;CAOxB"}