@vallum/policy-gateway 0.0.0-prerelease → 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +13 -3
- package/dist/server.d.ts +1 -0
- package/dist/server.js +32 -1
- package/package.json +6 -6
package/README.md
CHANGED
|
@@ -4,14 +4,14 @@ Fail-closed sponsorship policy evaluation helpers for Vallum gateways.
|
|
|
4
4
|
|
|
5
5
|
## Install
|
|
6
6
|
|
|
7
|
-
For the npm
|
|
7
|
+
For the npm release, install:
|
|
8
8
|
|
|
9
9
|
```sh
|
|
10
|
-
npm install @vallum/policy-gateway
|
|
10
|
+
npm install @vallum/policy-gateway
|
|
11
11
|
```
|
|
12
12
|
|
|
13
13
|
See
|
|
14
|
-
https://github.com/0xCozart/
|
|
14
|
+
https://github.com/0xCozart/vallum/blob/main/docs/vallum/package-integration-guide.md
|
|
15
15
|
for package selection, configuration, and when to use the gateway package
|
|
16
16
|
instead of the SDK.
|
|
17
17
|
|
|
@@ -41,3 +41,13 @@ if (!decision.allowed) {
|
|
|
41
41
|
```
|
|
42
42
|
|
|
43
43
|
The evaluator is deterministic and local. It does not reserve gas, execute transactions, call IOTA RPC, or enforce quotas beyond the request context values supplied by the caller.
|
|
44
|
+
|
|
45
|
+
## Mock Agent Gateway
|
|
46
|
+
|
|
47
|
+
`createAgentMockGatewayServer()` is a local/test helper for deterministic
|
|
48
|
+
manifest and SDK flows. It is not the production policy gateway and does not
|
|
49
|
+
enforce production app API authentication or Gas Station sponsorship.
|
|
50
|
+
|
|
51
|
+
The server refuses non-loopback listen hosts by default. Bind it to
|
|
52
|
+
`127.0.0.1`, `::1`, or `localhost`; setting `allowUnsafeNonLoopback: true` is
|
|
53
|
+
an explicit unsafe opt-in for controlled test harnesses only.
|
package/dist/server.d.ts
CHANGED
|
@@ -8,5 +8,6 @@ export interface AgentMockGatewayServerConfig {
|
|
|
8
8
|
readonly now?: () => Date;
|
|
9
9
|
readonly eventSink?: (event: AgentGatewayEvent) => void | Promise<void>;
|
|
10
10
|
readonly maxBodyBytes?: number;
|
|
11
|
+
readonly allowUnsafeNonLoopback?: boolean;
|
|
11
12
|
}
|
|
12
13
|
export declare function createAgentMockGatewayServer(config: AgentMockGatewayServerConfig): Server;
|
package/dist/server.js
CHANGED
|
@@ -3,7 +3,7 @@ import { createMockGasStationAdapter } from "./mockGasStationAdapter.js";
|
|
|
3
3
|
import { handleAgentGatewayRequest } from "./routes.js";
|
|
4
4
|
export function createAgentMockGatewayServer(config) {
|
|
5
5
|
const mockGasStation = config.mockGasStation ?? createMockGasStationAdapter();
|
|
6
|
-
|
|
6
|
+
const server = createServer((request, response) => {
|
|
7
7
|
void handleAgentGatewayRequest(request, response, {
|
|
8
8
|
policy: config.policy,
|
|
9
9
|
mockGasStation,
|
|
@@ -12,4 +12,35 @@ export function createAgentMockGatewayServer(config) {
|
|
|
12
12
|
maxBodyBytes: config.maxBodyBytes,
|
|
13
13
|
});
|
|
14
14
|
});
|
|
15
|
+
guardMockGatewayListen(server, Boolean(config.allowUnsafeNonLoopback));
|
|
16
|
+
return server;
|
|
17
|
+
}
|
|
18
|
+
function guardMockGatewayListen(server, allowUnsafeNonLoopback) {
|
|
19
|
+
const listen = server.listen.bind(server);
|
|
20
|
+
server.listen = ((...args) => {
|
|
21
|
+
if (!allowUnsafeNonLoopback) {
|
|
22
|
+
const host = listenHost(args);
|
|
23
|
+
if (!isLoopbackListenHost(host)) {
|
|
24
|
+
throw new Error("Agent mock gateway must bind to 127.0.0.1, ::1, or localhost unless allowUnsafeNonLoopback is true.");
|
|
25
|
+
}
|
|
26
|
+
}
|
|
27
|
+
return listen(...args);
|
|
28
|
+
});
|
|
29
|
+
}
|
|
30
|
+
function listenHost(args) {
|
|
31
|
+
const first = args[0];
|
|
32
|
+
const second = args[1];
|
|
33
|
+
if (typeof first === "object" && first !== null && "host" in first) {
|
|
34
|
+
const host = first.host;
|
|
35
|
+
return typeof host === "string" ? host : undefined;
|
|
36
|
+
}
|
|
37
|
+
if (typeof first === "string")
|
|
38
|
+
return "local-socket";
|
|
39
|
+
return typeof second === "string" ? second : undefined;
|
|
40
|
+
}
|
|
41
|
+
function isLoopbackListenHost(host) {
|
|
42
|
+
if (host === "local-socket")
|
|
43
|
+
return true;
|
|
44
|
+
const normalized = host?.trim().toLowerCase();
|
|
45
|
+
return normalized === "127.0.0.1" || normalized === "::1" || normalized === "localhost";
|
|
15
46
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@vallum/policy-gateway",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.1.0",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -12,10 +12,10 @@
|
|
|
12
12
|
},
|
|
13
13
|
"license": "Apache-2.0",
|
|
14
14
|
"dependencies": {
|
|
15
|
-
"@vallum/contracts-metadata": "0.
|
|
16
|
-
"@vallum/manifest": "0.
|
|
17
|
-
"@vallum/registry": "0.
|
|
18
|
-
"@vallum/shared-types": "0.
|
|
15
|
+
"@vallum/contracts-metadata": "0.1.0",
|
|
16
|
+
"@vallum/manifest": "0.1.0",
|
|
17
|
+
"@vallum/registry": "0.1.0",
|
|
18
|
+
"@vallum/shared-types": "0.1.0"
|
|
19
19
|
},
|
|
20
20
|
"description": "Fail-closed policy decision engine scaffold for Vallum sponsorship gateways.",
|
|
21
21
|
"files": [
|
|
@@ -33,6 +33,6 @@
|
|
|
33
33
|
},
|
|
34
34
|
"publishConfig": {
|
|
35
35
|
"access": "public",
|
|
36
|
-
"tag": "
|
|
36
|
+
"tag": "latest"
|
|
37
37
|
}
|
|
38
38
|
}
|