@vorionsys/atsf-core 0.2.2 → 0.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +3 -3
- package/README.md +77 -11
- package/dist/api/index.d.ts +1 -1
- package/dist/api/index.js +1 -1
- package/dist/api/server.d.ts +5 -2
- package/dist/api/server.d.ts.map +1 -1
- package/dist/api/server.js +186 -149
- package/dist/api/server.js.map +1 -1
- package/dist/arbitration/index.d.ts +4 -4
- package/dist/arbitration/index.d.ts.map +1 -1
- package/dist/arbitration/index.js +46 -41
- package/dist/arbitration/index.js.map +1 -1
- package/dist/arbitration/types.d.ts +10 -10
- package/dist/arbitration/types.d.ts.map +1 -1
- package/dist/basis/evaluator.d.ts +1 -1
- package/dist/basis/evaluator.d.ts.map +1 -1
- package/dist/basis/evaluator.js +56 -54
- package/dist/basis/evaluator.js.map +1 -1
- package/dist/basis/index.d.ts +3 -3
- package/dist/basis/index.js +3 -3
- package/dist/basis/parser.d.ts +16 -16
- package/dist/basis/parser.d.ts.map +1 -1
- package/dist/basis/parser.js +32 -25
- package/dist/basis/parser.js.map +1 -1
- package/dist/basis/types.d.ts +2 -2
- package/dist/chain/index.d.ts.map +1 -1
- package/dist/chain/index.js +16 -16
- package/dist/chain/index.js.map +1 -1
- package/dist/cognigate/index.d.ts +1 -1
- package/dist/cognigate/index.d.ts.map +1 -1
- package/dist/cognigate/index.js +44 -33
- package/dist/cognigate/index.js.map +1 -1
- package/dist/common/adapters.d.ts +18 -11
- package/dist/common/adapters.d.ts.map +1 -1
- package/dist/common/adapters.js +100 -79
- package/dist/common/adapters.js.map +1 -1
- package/dist/common/config.d.ts +67 -67
- package/dist/common/config.js +49 -49
- package/dist/common/config.js.map +1 -1
- package/dist/common/index.d.ts +4 -4
- package/dist/common/index.js +4 -4
- package/dist/common/logger.d.ts +1 -1
- package/dist/common/logger.js +8 -8
- package/dist/common/types.d.ts +8 -8
- package/dist/common/types.js +5 -5
- package/dist/containment/index.d.ts +3 -3
- package/dist/containment/index.d.ts.map +1 -1
- package/dist/containment/index.js +119 -105
- package/dist/containment/index.js.map +1 -1
- package/dist/containment/types.d.ts +11 -11
- package/dist/containment/types.d.ts.map +1 -1
- package/dist/contracts/index.d.ts +9 -9
- package/dist/contracts/index.d.ts.map +1 -1
- package/dist/contracts/index.js +59 -54
- package/dist/contracts/index.js.map +1 -1
- package/dist/contracts/types.d.ts +12 -12
- package/dist/contracts/types.d.ts.map +1 -1
- package/dist/crewai/callback.d.ts +91 -0
- package/dist/crewai/callback.d.ts.map +1 -0
- package/dist/crewai/callback.js +271 -0
- package/dist/crewai/callback.js.map +1 -0
- package/dist/crewai/executor.d.ts +135 -0
- package/dist/crewai/executor.d.ts.map +1 -0
- package/dist/crewai/executor.js +381 -0
- package/dist/crewai/executor.js.map +1 -0
- package/dist/crewai/index.d.ts +12 -0
- package/dist/crewai/index.d.ts.map +1 -0
- package/dist/crewai/index.js +12 -0
- package/dist/crewai/index.js.map +1 -0
- package/dist/crewai/tools.d.ts +21 -0
- package/dist/crewai/tools.d.ts.map +1 -0
- package/dist/crewai/tools.js +164 -0
- package/dist/crewai/tools.js.map +1 -0
- package/dist/crewai/types.d.ts +139 -0
- package/dist/crewai/types.d.ts.map +1 -0
- package/dist/crewai/types.js +9 -0
- package/dist/crewai/types.js.map +1 -0
- package/dist/enforce/index.d.ts +48 -222
- package/dist/enforce/index.d.ts.map +1 -1
- package/dist/enforce/index.js +144 -47
- package/dist/enforce/index.js.map +1 -1
- package/dist/enforce/trust-aware-enforcement-service.d.ts +121 -0
- package/dist/enforce/trust-aware-enforcement-service.d.ts.map +1 -0
- package/dist/enforce/trust-aware-enforcement-service.js +601 -0
- package/dist/enforce/trust-aware-enforcement-service.js.map +1 -0
- package/dist/enforce/types.d.ts +234 -0
- package/dist/enforce/types.d.ts.map +1 -0
- package/dist/enforce/types.js +10 -0
- package/dist/enforce/types.js.map +1 -0
- package/dist/governance/fluid-workflow.d.ts +8 -8
- package/dist/governance/fluid-workflow.d.ts.map +1 -1
- package/dist/governance/fluid-workflow.js +114 -86
- package/dist/governance/fluid-workflow.js.map +1 -1
- package/dist/governance/index.d.ts +7 -7
- package/dist/governance/index.d.ts.map +1 -1
- package/dist/governance/index.js +81 -74
- package/dist/governance/index.js.map +1 -1
- package/dist/governance/proof-bridge.d.ts +6 -6
- package/dist/governance/proof-bridge.d.ts.map +1 -1
- package/dist/governance/proof-bridge.js +5 -5
- package/dist/governance/proof-bridge.js.map +1 -1
- package/dist/governance/types.d.ts +16 -9
- package/dist/governance/types.d.ts.map +1 -1
- package/dist/governance/types.js.map +1 -1
- package/dist/index.d.ts +29 -25
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +33 -23
- package/dist/index.js.map +1 -1
- package/dist/intent/index.d.ts +21 -56
- package/dist/intent/index.d.ts.map +1 -1
- package/dist/intent/index.js +58 -24
- package/dist/intent/index.js.map +1 -1
- package/dist/intent/persistent-intent-service.d.ts +68 -0
- package/dist/intent/persistent-intent-service.d.ts.map +1 -0
- package/dist/intent/persistent-intent-service.js +277 -0
- package/dist/intent/persistent-intent-service.js.map +1 -0
- package/dist/intent/types.d.ts +69 -0
- package/dist/intent/types.d.ts.map +1 -0
- package/dist/intent/types.js +10 -0
- package/dist/intent/types.js.map +1 -0
- package/dist/intent-gateway/index.d.ts +522 -0
- package/dist/intent-gateway/index.d.ts.map +1 -0
- package/dist/intent-gateway/index.js +1499 -0
- package/dist/intent-gateway/index.js.map +1 -0
- package/dist/langchain/callback.d.ts +2 -2
- package/dist/langchain/callback.d.ts.map +1 -1
- package/dist/langchain/callback.js +30 -30
- package/dist/langchain/callback.js.map +1 -1
- package/dist/langchain/executor.d.ts +4 -4
- package/dist/langchain/executor.d.ts.map +1 -1
- package/dist/langchain/executor.js +82 -80
- package/dist/langchain/executor.js.map +1 -1
- package/dist/langchain/index.d.ts +5 -5
- package/dist/langchain/index.js +5 -5
- package/dist/langchain/tools.d.ts +1 -1
- package/dist/langchain/tools.d.ts.map +1 -1
- package/dist/langchain/tools.js +33 -33
- package/dist/langchain/tools.js.map +1 -1
- package/dist/langchain/types.d.ts +3 -3
- package/dist/langchain/types.d.ts.map +1 -1
- package/dist/layers/implementations/L0-request-format.d.ts +37 -0
- package/dist/layers/implementations/L0-request-format.d.ts.map +1 -0
- package/dist/layers/implementations/L0-request-format.js +218 -0
- package/dist/layers/implementations/L0-request-format.js.map +1 -0
- package/dist/layers/implementations/L1-input-size.d.ts +36 -0
- package/dist/layers/implementations/L1-input-size.d.ts.map +1 -0
- package/dist/layers/implementations/L1-input-size.js +160 -0
- package/dist/layers/implementations/L1-input-size.js.map +1 -0
- package/dist/layers/implementations/L2-charset-sanitizer.d.ts +28 -0
- package/dist/layers/implementations/L2-charset-sanitizer.d.ts.map +1 -0
- package/dist/layers/implementations/L2-charset-sanitizer.js +230 -0
- package/dist/layers/implementations/L2-charset-sanitizer.js.map +1 -0
- package/dist/layers/implementations/L3-schema-conformance.d.ts +47 -0
- package/dist/layers/implementations/L3-schema-conformance.d.ts.map +1 -0
- package/dist/layers/implementations/L3-schema-conformance.js +267 -0
- package/dist/layers/implementations/L3-schema-conformance.js.map +1 -0
- package/dist/layers/implementations/L4-injection-detector.d.ts +47 -0
- package/dist/layers/implementations/L4-injection-detector.d.ts.map +1 -0
- package/dist/layers/implementations/L4-injection-detector.js +260 -0
- package/dist/layers/implementations/L4-injection-detector.js.map +1 -0
- package/dist/layers/implementations/L5-rate-limiter.d.ts +51 -0
- package/dist/layers/implementations/L5-rate-limiter.d.ts.map +1 -0
- package/dist/layers/implementations/L5-rate-limiter.js +183 -0
- package/dist/layers/implementations/L5-rate-limiter.js.map +1 -0
- package/dist/layers/implementations/index.d.ts +16 -0
- package/dist/layers/implementations/index.d.ts.map +1 -0
- package/dist/layers/implementations/index.js +16 -0
- package/dist/layers/implementations/index.js.map +1 -0
- package/dist/layers/index.d.ts +3 -3
- package/dist/layers/index.d.ts.map +1 -1
- package/dist/layers/index.js +99 -71
- package/dist/layers/index.js.map +1 -1
- package/dist/layers/types.d.ts +16 -16
- package/dist/layers/types.d.ts.map +1 -1
- package/dist/persistence/file.d.ts +3 -3
- package/dist/persistence/file.d.ts.map +1 -1
- package/dist/persistence/file.js +32 -28
- package/dist/persistence/file.js.map +1 -1
- package/dist/persistence/index.d.ts +7 -7
- package/dist/persistence/index.d.ts.map +1 -1
- package/dist/persistence/index.js +18 -18
- package/dist/persistence/index.js.map +1 -1
- package/dist/persistence/memory.d.ts +3 -3
- package/dist/persistence/memory.d.ts.map +1 -1
- package/dist/persistence/memory.js +10 -8
- package/dist/persistence/memory.js.map +1 -1
- package/dist/persistence/sqlite.d.ts +3 -3
- package/dist/persistence/sqlite.d.ts.map +1 -1
- package/dist/persistence/sqlite.js +36 -36
- package/dist/persistence/sqlite.js.map +1 -1
- package/dist/persistence/supabase.d.ts +3 -3
- package/dist/persistence/supabase.d.ts.map +1 -1
- package/dist/persistence/supabase.js +41 -43
- package/dist/persistence/supabase.js.map +1 -1
- package/dist/persistence/types.d.ts +5 -5
- package/dist/phase6/ceiling.d.ts +5 -5
- package/dist/phase6/ceiling.d.ts.map +1 -1
- package/dist/phase6/ceiling.js +67 -34
- package/dist/phase6/ceiling.js.map +1 -1
- package/dist/phase6/context.d.ts +3 -3
- package/dist/phase6/context.d.ts.map +1 -1
- package/dist/phase6/context.js +91 -45
- package/dist/phase6/context.js.map +1 -1
- package/dist/phase6/index.d.ts +13 -13
- package/dist/phase6/index.d.ts.map +1 -1
- package/dist/phase6/index.js +16 -16
- package/dist/phase6/index.js.map +1 -1
- package/dist/phase6/presets.d.ts +2 -2
- package/dist/phase6/presets.d.ts.map +1 -1
- package/dist/phase6/presets.js +39 -33
- package/dist/phase6/presets.js.map +1 -1
- package/dist/phase6/provenance.d.ts +4 -4
- package/dist/phase6/provenance.d.ts.map +1 -1
- package/dist/phase6/provenance.js +42 -35
- package/dist/phase6/provenance.js.map +1 -1
- package/dist/phase6/role-gates/index.d.ts +2 -2
- package/dist/phase6/role-gates/index.js +2 -2
- package/dist/phase6/role-gates/kernel.d.ts.map +1 -1
- package/dist/phase6/role-gates/kernel.js +16 -16
- package/dist/phase6/role-gates/kernel.js.map +1 -1
- package/dist/phase6/role-gates/policy.d.ts +2 -2
- package/dist/phase6/role-gates/policy.js +6 -6
- package/dist/phase6/role-gates.d.ts +4 -4
- package/dist/phase6/role-gates.d.ts.map +1 -1
- package/dist/phase6/role-gates.js +80 -58
- package/dist/phase6/role-gates.js.map +1 -1
- package/dist/phase6/types.d.ts +35 -35
- package/dist/phase6/types.d.ts.map +1 -1
- package/dist/phase6/types.js +166 -66
- package/dist/phase6/types.js.map +1 -1
- package/dist/phase6/weight-presets/canonical.d.ts +2 -2
- package/dist/phase6/weight-presets/canonical.d.ts.map +1 -1
- package/dist/phase6/weight-presets/canonical.js +12 -12
- package/dist/phase6/weight-presets/canonical.js.map +1 -1
- package/dist/phase6/weight-presets/deltas.d.ts +2 -2
- package/dist/phase6/weight-presets/deltas.d.ts.map +1 -1
- package/dist/phase6/weight-presets/deltas.js +27 -27
- package/dist/phase6/weight-presets/deltas.js.map +1 -1
- package/dist/phase6/weight-presets/index.d.ts +4 -4
- package/dist/phase6/weight-presets/index.js +4 -4
- package/dist/phase6/weight-presets/merger.d.ts +3 -3
- package/dist/phase6/weight-presets/merger.d.ts.map +1 -1
- package/dist/phase6/weight-presets/merger.js +40 -44
- package/dist/phase6/weight-presets/merger.js.map +1 -1
- package/dist/proof/index.d.ts +3 -3
- package/dist/proof/index.d.ts.map +1 -1
- package/dist/proof/index.js +44 -38
- package/dist/proof/index.js.map +1 -1
- package/dist/proof/merkle.d.ts +3 -3
- package/dist/proof/merkle.d.ts.map +1 -1
- package/dist/proof/merkle.js +26 -25
- package/dist/proof/merkle.js.map +1 -1
- package/dist/proof/zk-proofs.d.ts +6 -6
- package/dist/proof/zk-proofs.d.ts.map +1 -1
- package/dist/proof/zk-proofs.js +42 -43
- package/dist/proof/zk-proofs.js.map +1 -1
- package/dist/provenance/index.d.ts +3 -3
- package/dist/provenance/index.d.ts.map +1 -1
- package/dist/provenance/index.js +19 -17
- package/dist/provenance/index.js.map +1 -1
- package/dist/provenance/types.d.ts +4 -4
- package/dist/provenance/types.d.ts.map +1 -1
- package/dist/sandbox-training/challenges.d.ts +1 -1
- package/dist/sandbox-training/challenges.d.ts.map +1 -1
- package/dist/sandbox-training/challenges.js +228 -228
- package/dist/sandbox-training/challenges.js.map +1 -1
- package/dist/sandbox-training/graduation.d.ts +1 -1
- package/dist/sandbox-training/graduation.d.ts.map +1 -1
- package/dist/sandbox-training/graduation.js +14 -15
- package/dist/sandbox-training/graduation.js.map +1 -1
- package/dist/sandbox-training/index.d.ts +9 -9
- package/dist/sandbox-training/index.d.ts.map +1 -1
- package/dist/sandbox-training/index.js +6 -6
- package/dist/sandbox-training/index.js.map +1 -1
- package/dist/sandbox-training/promotion-service.d.ts +4 -4
- package/dist/sandbox-training/promotion-service.d.ts.map +1 -1
- package/dist/sandbox-training/promotion-service.js +5 -5
- package/dist/sandbox-training/promotion-service.js.map +1 -1
- package/dist/sandbox-training/runner.d.ts +1 -1
- package/dist/sandbox-training/runner.d.ts.map +1 -1
- package/dist/sandbox-training/runner.js +74 -73
- package/dist/sandbox-training/runner.js.map +1 -1
- package/dist/sandbox-training/scorer.d.ts +4 -4
- package/dist/sandbox-training/scorer.js +5 -5
- package/dist/sandbox-training/types.d.ts +4 -4
- package/dist/sandbox-training/types.d.ts.map +1 -1
- package/dist/sandbox-training/types.js +11 -7
- package/dist/sandbox-training/types.js.map +1 -1
- package/dist/trust-engine/ceiling-enforcement/audit.d.ts +1 -1
- package/dist/trust-engine/ceiling-enforcement/audit.d.ts.map +1 -1
- package/dist/trust-engine/ceiling-enforcement/audit.js +3 -4
- package/dist/trust-engine/ceiling-enforcement/audit.js.map +1 -1
- package/dist/trust-engine/ceiling-enforcement/index.d.ts +2 -2
- package/dist/trust-engine/ceiling-enforcement/index.js +2 -2
- package/dist/trust-engine/ceiling-enforcement/kernel.d.ts +1 -1
- package/dist/trust-engine/ceiling-enforcement/kernel.d.ts.map +1 -1
- package/dist/trust-engine/ceiling-enforcement/kernel.js +1 -1
- package/dist/trust-engine/context-policy/enforcement.d.ts.map +1 -1
- package/dist/trust-engine/context-policy/factory.d.ts +1 -1
- package/dist/trust-engine/context-policy/factory.d.ts.map +1 -1
- package/dist/trust-engine/context-policy/factory.js +1 -1
- package/dist/trust-engine/context-policy/factory.js.map +1 -1
- package/dist/trust-engine/context-policy/index.d.ts +2 -2
- package/dist/trust-engine/context-policy/index.js +2 -2
- package/dist/trust-engine/creation-modifiers/index.d.ts +1 -1
- package/dist/trust-engine/creation-modifiers/index.js +1 -1
- package/dist/trust-engine/creation-modifiers/types.d.ts.map +1 -1
- package/dist/trust-engine/creation-modifiers/types.js +2 -3
- package/dist/trust-engine/creation-modifiers/types.js.map +1 -1
- package/dist/trust-engine/decay-profiles.d.ts +1 -1
- package/dist/trust-engine/decay-profiles.d.ts.map +1 -1
- package/dist/trust-engine/decay-profiles.js +4 -4
- package/dist/trust-engine/decay-profiles.js.map +1 -1
- package/dist/trust-engine/index.d.ts +111 -45
- package/dist/trust-engine/index.d.ts.map +1 -1
- package/dist/trust-engine/index.js +418 -61
- package/dist/trust-engine/index.js.map +1 -1
- package/dist/trust-engine/phase6-types.d.ts +10 -10
- package/dist/trust-engine/phase6-types.d.ts.map +1 -1
- package/dist/trust-engine/phase6-types.js +25 -23
- package/dist/trust-engine/phase6-types.js.map +1 -1
- package/dist/trust-engine/types.d.ts +77 -0
- package/dist/trust-engine/types.d.ts.map +1 -0
- package/dist/trust-engine/types.js +20 -0
- package/dist/trust-engine/types.js.map +1 -0
- package/package.json +5 -4
|
@@ -2,6 +2,6 @@
|
|
|
2
2
|
* Q3: Role Gates
|
|
3
3
|
* Dual-layer validation: kernel fast-path + BASIS policy engine
|
|
4
4
|
*/
|
|
5
|
-
export { AgentRole, TrustTier, ROLE_GATE_MATRIX, validateRoleAndTier, isValidRole, isValidTier, getMaxTierForRole, getMinRoleForTier, RoleGateValidationError, } from
|
|
6
|
-
export { BasisPolicyEngine, } from
|
|
5
|
+
export { AgentRole, TrustTier, ROLE_GATE_MATRIX, validateRoleAndTier, isValidRole, isValidTier, getMaxTierForRole, getMinRoleForTier, RoleGateValidationError, } from "./kernel.js";
|
|
6
|
+
export { BasisPolicyEngine, } from "./policy.js";
|
|
7
7
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"kernel.d.ts","sourceRoot":"","sources":["../../../src/phase6/role-gates/kernel.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH;;;GAGG;AACH,oBAAY,SAAS;IACnB,IAAI,SAAS,CAAE,uCAAuC;IACtD,IAAI,SAAS,CAAE,mCAAmC;IAClD,IAAI,SAAS,CAAE,sCAAsC;IACrD,IAAI,SAAS,CAAE,uCAAuC;IACtD,IAAI,SAAS,CAAE,yCAAyC;IACxD,IAAI,SAAS,CAAE,kCAAkC;IACjD,IAAI,SAAS,CAAE,0CAA0C;IACzD,IAAI,SAAS,CAAE,6CAA6C;IAC5D,IAAI,SAAS;CACd;AAED;;;GAGG;AACH,oBAAY,SAAS;IACnB,EAAE,OAAO,CAAE,gCAAgC;IAC3C,EAAE,OAAO,CAAE,0CAA0C;IACrD,EAAE,OAAO,CAAE,qCAAqC;IAChD,EAAE,OAAO,CAAE,yCAAyC;IACpD,EAAE,OAAO,CAAE,8CAA8C;IACzD,EAAE,OAAO;CACV;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,gBAAgB,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,CAyE1E,CAAC;AAEF;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,GAAG,OAAO,CAK7E;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,IAAI,SAAS,CAG5D;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,IAAI,SAAS,CAG5D;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,SAAS,GAAG,SAAS,
|
|
1
|
+
{"version":3,"file":"kernel.d.ts","sourceRoot":"","sources":["../../../src/phase6/role-gates/kernel.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH;;;GAGG;AACH,oBAAY,SAAS;IACnB,IAAI,SAAS,CAAE,uCAAuC;IACtD,IAAI,SAAS,CAAE,mCAAmC;IAClD,IAAI,SAAS,CAAE,sCAAsC;IACrD,IAAI,SAAS,CAAE,uCAAuC;IACtD,IAAI,SAAS,CAAE,yCAAyC;IACxD,IAAI,SAAS,CAAE,kCAAkC;IACjD,IAAI,SAAS,CAAE,0CAA0C;IACzD,IAAI,SAAS,CAAE,6CAA6C;IAC5D,IAAI,SAAS;CACd;AAED;;;GAGG;AACH,oBAAY,SAAS;IACnB,EAAE,OAAO,CAAE,gCAAgC;IAC3C,EAAE,OAAO,CAAE,0CAA0C;IACrD,EAAE,OAAO,CAAE,qCAAqC;IAChD,EAAE,OAAO,CAAE,yCAAyC;IACpD,EAAE,OAAO,CAAE,8CAA8C;IACzD,EAAE,OAAO;CACV;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,gBAAgB,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,CAyE1E,CAAC;AAEF;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,GAAG,OAAO,CAK7E;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,IAAI,SAAS,CAG5D;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,IAAI,SAAS,CAG5D;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,SAAS,GAAG,SAAS,CA6D5D;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,SAAS,GAAG,SAAS,CAyB5D;AAED;;GAEG;AACH,qBAAa,uBAAwB,SAAQ,KAAK;IAEvC,IAAI,EAAE,SAAS;IACf,IAAI,EAAE,SAAS;gBADf,IAAI,EAAE,SAAS,EACf,IAAI,EAAE,SAAS,EACtB,OAAO,CAAC,EAAE,MAAM;CAKnB"}
|
|
@@ -141,7 +141,7 @@ export function validateRoleAndTier(role, tier) {
|
|
|
141
141
|
* Check if value is a valid AgentRole
|
|
142
142
|
*/
|
|
143
143
|
export function isValidRole(role) {
|
|
144
|
-
if (typeof role !==
|
|
144
|
+
if (typeof role !== "string")
|
|
145
145
|
return false;
|
|
146
146
|
return Object.values(AgentRole).includes(role);
|
|
147
147
|
}
|
|
@@ -149,7 +149,7 @@ export function isValidRole(role) {
|
|
|
149
149
|
* Check if value is a valid TrustTier
|
|
150
150
|
*/
|
|
151
151
|
export function isValidTier(tier) {
|
|
152
|
-
if (typeof tier !==
|
|
152
|
+
if (typeof tier !== "string")
|
|
153
153
|
return false;
|
|
154
154
|
return Object.values(TrustTier).includes(tier);
|
|
155
155
|
}
|
|
@@ -165,55 +165,55 @@ export function getMaxTierForRole(role) {
|
|
|
165
165
|
return TrustTier.T0;
|
|
166
166
|
}
|
|
167
167
|
// Debug logging for R-L0
|
|
168
|
-
const isDebug = role ===
|
|
168
|
+
const isDebug = role === "R-L0";
|
|
169
169
|
if (isDebug) {
|
|
170
|
-
console.log(
|
|
171
|
-
console.log(
|
|
172
|
-
console.log(
|
|
173
|
-
console.log(
|
|
170
|
+
console.log("getMaxTierForRole debug for R-L0:");
|
|
171
|
+
console.log(" roleEntry:", roleEntry);
|
|
172
|
+
console.log(" TrustTier.T1:", TrustTier.T1);
|
|
173
|
+
console.log(" roleEntry[TrustTier.T1]:", roleEntry[TrustTier.T1]);
|
|
174
174
|
}
|
|
175
175
|
// Check tiers from highest to lowest
|
|
176
176
|
const t5Val = roleEntry[TrustTier.T5];
|
|
177
177
|
if (t5Val === true) {
|
|
178
178
|
if (isDebug)
|
|
179
|
-
console.log(
|
|
179
|
+
console.log(" returning T5");
|
|
180
180
|
return TrustTier.T5;
|
|
181
181
|
}
|
|
182
182
|
const t4Val = roleEntry[TrustTier.T4];
|
|
183
183
|
if (t4Val === true) {
|
|
184
184
|
if (isDebug)
|
|
185
|
-
console.log(
|
|
185
|
+
console.log(" returning T4");
|
|
186
186
|
return TrustTier.T4;
|
|
187
187
|
}
|
|
188
188
|
const t3Val = roleEntry[TrustTier.T3];
|
|
189
189
|
if (t3Val === true) {
|
|
190
190
|
if (isDebug)
|
|
191
|
-
console.log(
|
|
191
|
+
console.log(" returning T3");
|
|
192
192
|
return TrustTier.T3;
|
|
193
193
|
}
|
|
194
194
|
const t2Val = roleEntry[TrustTier.T2];
|
|
195
195
|
if (t2Val === true) {
|
|
196
196
|
if (isDebug)
|
|
197
|
-
console.log(
|
|
197
|
+
console.log(" returning T2");
|
|
198
198
|
return TrustTier.T2;
|
|
199
199
|
}
|
|
200
200
|
const t1Val = roleEntry[TrustTier.T1];
|
|
201
201
|
if (isDebug)
|
|
202
|
-
console.log(
|
|
202
|
+
console.log(" t1Val:", t1Val, "t1Val === true:", t1Val === true);
|
|
203
203
|
if (t1Val === true) {
|
|
204
204
|
if (isDebug)
|
|
205
|
-
console.log(
|
|
205
|
+
console.log(" returning T1");
|
|
206
206
|
return TrustTier.T1;
|
|
207
207
|
}
|
|
208
208
|
const t0Val = roleEntry[TrustTier.T0];
|
|
209
209
|
if (t0Val === true) {
|
|
210
210
|
if (isDebug)
|
|
211
|
-
console.log(
|
|
211
|
+
console.log(" returning T0");
|
|
212
212
|
return TrustTier.T0;
|
|
213
213
|
}
|
|
214
214
|
// Fallback
|
|
215
215
|
if (isDebug)
|
|
216
|
-
console.log(
|
|
216
|
+
console.log(" returning fallback T0");
|
|
217
217
|
return TrustTier.T0;
|
|
218
218
|
}
|
|
219
219
|
/**
|
|
@@ -252,7 +252,7 @@ export class RoleGateValidationError extends Error {
|
|
|
252
252
|
super(message || `Invalid role+tier combination: ${role} + ${tier}`);
|
|
253
253
|
this.role = role;
|
|
254
254
|
this.tier = tier;
|
|
255
|
-
this.name =
|
|
255
|
+
this.name = "RoleGateValidationError";
|
|
256
256
|
}
|
|
257
257
|
}
|
|
258
258
|
//# sourceMappingURL=kernel.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"kernel.js","sourceRoot":"","sources":["../../../src/phase6/role-gates/kernel.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH;;;GAGG;AACH,MAAM,CAAN,IAAY,SAUX;AAVD,WAAY,SAAS;IACnB,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;AACf,CAAC,EAVW,SAAS,KAAT,SAAS,QAUpB;AAED;;;GAGG;AACH,MAAM,CAAN,IAAY,SAOX;AAPD,WAAY,SAAS;IACnB,sBAAS,CAAA;IACT,sBAAS,CAAA;IACT,sBAAS,CAAA;IACT,sBAAS,CAAA;IACT,sBAAS,CAAA;IACT,sBAAS,CAAA;AACX,CAAC,EAPW,SAAS,KAAT,SAAS,QAOpB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAkD;IAC7E,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;QACrB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;QACrB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;QACrB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;KACtB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;QACrB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;QACrB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;KACtB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;QACrB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;KACtB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;KACtB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;KACtB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;KACtB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;KACrB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;KACrB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;KACrB;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAAe,EAAE,IAAe;IAClE,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7C,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC;AACjD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,IAAa;IACvC,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC3C,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,IAAiB,CAAC,CAAC;AAC9D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,IAAa;IACvC,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC3C,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,IAAiB,CAAC,CAAC;AAC9D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAe;IAC/C,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC;IAC3C,CAAC;IAED,MAAM,SAAS,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACzC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,SAAS,CAAC,EAAE,CAAC;IACtB,CAAC;IAED,yBAAyB;IACzB,MAAM,OAAO,GAAG,IAAI,KAAK,MAAM,CAAC;IAChC,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,SAAS,CAAC,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,SAAS,CAAC,EAAE,CAAC,CAAC;QAC7C,OAAO,CAAC,GAAG,CAAC,4BAA4B,EAAE,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC;IACrE,CAAC;IAED,qCAAqC;IACrC,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACtC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,IAAI,OAAO;YAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC3C,OAAO,SAAS,CAAC,EAAE,CAAC;IACtB,CAAC;IAED,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACtC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,IAAI,OAAO;YAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC3C,OAAO,SAAS,CAAC,EAAE,CAAC;IACtB,CAAC;IAED,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACtC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,IAAI,OAAO;YAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC3C,OAAO,SAAS,CAAC,EAAE,CAAC;IACtB,CAAC;IAED,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACtC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,IAAI,OAAO;YAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC3C,OAAO,SAAS,CAAC,EAAE,CAAC;IACtB,CAAC;IAED,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACtC,IAAI,OAAO;
|
|
1
|
+
{"version":3,"file":"kernel.js","sourceRoot":"","sources":["../../../src/phase6/role-gates/kernel.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH;;;GAGG;AACH,MAAM,CAAN,IAAY,SAUX;AAVD,WAAY,SAAS;IACnB,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;AACf,CAAC,EAVW,SAAS,KAAT,SAAS,QAUpB;AAED;;;GAGG;AACH,MAAM,CAAN,IAAY,SAOX;AAPD,WAAY,SAAS;IACnB,sBAAS,CAAA;IACT,sBAAS,CAAA;IACT,sBAAS,CAAA;IACT,sBAAS,CAAA;IACT,sBAAS,CAAA;IACT,sBAAS,CAAA;AACX,CAAC,EAPW,SAAS,KAAT,SAAS,QAOpB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAkD;IAC7E,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;QACrB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;QACrB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;QACrB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;KACtB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;QACrB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;QACrB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;KACtB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;QACrB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;KACtB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;KACtB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;KACtB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;KACtB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;KACrB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;KACrB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;KACrB;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAAe,EAAE,IAAe;IAClE,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7C,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC;AACjD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,IAAa;IACvC,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC3C,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,IAAiB,CAAC,CAAC;AAC9D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,IAAa;IACvC,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC3C,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,IAAiB,CAAC,CAAC;AAC9D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAe;IAC/C,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC;IAC3C,CAAC;IAED,MAAM,SAAS,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACzC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,SAAS,CAAC,EAAE,CAAC;IACtB,CAAC;IAED,yBAAyB;IACzB,MAAM,OAAO,GAAG,IAAI,KAAK,MAAM,CAAC;IAChC,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,SAAS,CAAC,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,SAAS,CAAC,EAAE,CAAC,CAAC;QAC7C,OAAO,CAAC,GAAG,CAAC,4BAA4B,EAAE,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC;IACrE,CAAC;IAED,qCAAqC;IACrC,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACtC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,IAAI,OAAO;YAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC3C,OAAO,SAAS,CAAC,EAAE,CAAC;IACtB,CAAC;IAED,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACtC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,IAAI,OAAO;YAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC3C,OAAO,SAAS,CAAC,EAAE,CAAC;IACtB,CAAC;IAED,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACtC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,IAAI,OAAO;YAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC3C,OAAO,SAAS,CAAC,EAAE,CAAC;IACtB,CAAC;IAED,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACtC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,IAAI,OAAO;YAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC3C,OAAO,SAAS,CAAC,EAAE,CAAC;IACtB,CAAC;IAED,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACtC,IAAI,OAAO;QACT,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,EAAE,iBAAiB,EAAE,KAAK,KAAK,IAAI,CAAC,CAAC;IACpE,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,IAAI,OAAO;YAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC3C,OAAO,SAAS,CAAC,EAAE,CAAC;IACtB,CAAC;IAED,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACtC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,IAAI,OAAO;YAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC3C,OAAO,SAAS,CAAC,EAAE,CAAC;IACtB,CAAC;IAED,WAAW;IACX,IAAI,OAAO;QAAE,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;IACpD,OAAO,SAAS,CAAC,EAAE,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAe;IAC/C,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC;IAC3C,CAAC;IAED,MAAM,SAAS,GAAG;QAChB,SAAS,CAAC,IAAI;QACd,SAAS,CAAC,IAAI;QACd,SAAS,CAAC,IAAI;QACd,SAAS,CAAC,IAAI;QACd,SAAS,CAAC,IAAI;QACd,SAAS,CAAC,IAAI;QACd,SAAS,CAAC,IAAI;QACd,SAAS,CAAC,IAAI;QACd,SAAS,CAAC,IAAI;KACf,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC7B,IAAI,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACnC,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,WAAW;IACX,OAAO,SAAS,CAAC,IAAI,CAAC;AACxB,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,uBAAwB,SAAQ,KAAK;IAEvC;IACA;IAFT,YACS,IAAe,EACf,IAAe,EACtB,OAAgB;QAEhB,KAAK,CAAC,OAAO,IAAI,kCAAkC,IAAI,MAAM,IAAI,EAAE,CAAC,CAAC;QAJ9D,SAAI,GAAJ,IAAI,CAAW;QACf,SAAI,GAAJ,IAAI,CAAW;QAItB,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;IACxC,CAAC;CACF"}
|
|
@@ -9,7 +9,7 @@
|
|
|
9
9
|
* - Full audit trail of all evaluations
|
|
10
10
|
* - Version tracking on policy changes
|
|
11
11
|
*/
|
|
12
|
-
import { AgentRole, TrustTier } from
|
|
12
|
+
import { AgentRole, TrustTier } from "./kernel.js";
|
|
13
13
|
/**
|
|
14
14
|
* Policy rule definition
|
|
15
15
|
*/
|
|
@@ -38,7 +38,7 @@ export interface PolicyException {
|
|
|
38
38
|
export interface PolicyDecision {
|
|
39
39
|
allowed: boolean;
|
|
40
40
|
reason: string;
|
|
41
|
-
source:
|
|
41
|
+
source: "exception" | "rule" | "default";
|
|
42
42
|
appliedAt: Date;
|
|
43
43
|
}
|
|
44
44
|
/**
|
|
@@ -16,7 +16,7 @@ export class BasisPolicyEngine {
|
|
|
16
16
|
rules = new Map();
|
|
17
17
|
exceptions = new Map();
|
|
18
18
|
auditLog = [];
|
|
19
|
-
policyVersion =
|
|
19
|
+
policyVersion = "1.0.0";
|
|
20
20
|
versionCounter = 0;
|
|
21
21
|
/**
|
|
22
22
|
* Add a policy rule
|
|
@@ -76,7 +76,7 @@ export class BasisPolicyEngine {
|
|
|
76
76
|
const decision = {
|
|
77
77
|
allowed: exception.allowed,
|
|
78
78
|
reason: exception.reason,
|
|
79
|
-
source:
|
|
79
|
+
source: "exception",
|
|
80
80
|
appliedAt: timestamp,
|
|
81
81
|
};
|
|
82
82
|
this.logAudit({ timestamp, agentId, role, tier, domain, decision });
|
|
@@ -95,7 +95,7 @@ export class BasisPolicyEngine {
|
|
|
95
95
|
const decision = {
|
|
96
96
|
allowed: rule.allowed,
|
|
97
97
|
reason: rule.reason,
|
|
98
|
-
source:
|
|
98
|
+
source: "rule",
|
|
99
99
|
appliedAt: timestamp,
|
|
100
100
|
};
|
|
101
101
|
this.logAudit({ timestamp, agentId, role, tier, domain, decision });
|
|
@@ -105,8 +105,8 @@ export class BasisPolicyEngine {
|
|
|
105
105
|
// Default: allow
|
|
106
106
|
const decision = {
|
|
107
107
|
allowed: true,
|
|
108
|
-
reason:
|
|
109
|
-
source:
|
|
108
|
+
reason: "No matching rule or exception (default allow)",
|
|
109
|
+
source: "default",
|
|
110
110
|
appliedAt: timestamp,
|
|
111
111
|
};
|
|
112
112
|
this.logAudit({ timestamp, agentId, role, tier, domain, decision });
|
|
@@ -150,7 +150,7 @@ export class BasisPolicyEngine {
|
|
|
150
150
|
*/
|
|
151
151
|
incrementVersion() {
|
|
152
152
|
this.versionCounter++;
|
|
153
|
-
const [major, minor] = this.policyVersion.split(
|
|
153
|
+
const [major, minor] = this.policyVersion.split(".").map(Number);
|
|
154
154
|
this.policyVersion = `${major}.${minor + 1}`;
|
|
155
155
|
}
|
|
156
156
|
}
|
|
@@ -14,7 +14,7 @@
|
|
|
14
14
|
*
|
|
15
15
|
* @packageDocumentation
|
|
16
16
|
*/
|
|
17
|
-
import { type RoleGateEntry, type RoleGatePolicy, type RoleGateEvaluation, AgentRole, TrustTier, ContextType } from
|
|
17
|
+
import { type RoleGateEntry, type RoleGatePolicy, type RoleGateEvaluation, AgentRole, TrustTier, ContextType } from "./types.js";
|
|
18
18
|
/**
|
|
19
19
|
* Get all role gate entries
|
|
20
20
|
*/
|
|
@@ -54,7 +54,7 @@ export interface PolicyLayerResult {
|
|
|
54
54
|
valid: boolean;
|
|
55
55
|
appliedRuleId?: string;
|
|
56
56
|
appliedPolicyVersion?: number;
|
|
57
|
-
action:
|
|
57
|
+
action: "ALLOW" | "DENY" | "ESCALATE";
|
|
58
58
|
reason: string;
|
|
59
59
|
}
|
|
60
60
|
/**
|
|
@@ -151,7 +151,7 @@ export declare class RoleGateService {
|
|
|
151
151
|
*/
|
|
152
152
|
getStats(): {
|
|
153
153
|
totalEvaluations: number;
|
|
154
|
-
byDecision: Record<
|
|
154
|
+
byDecision: Record<"ALLOW" | "DENY" | "ESCALATE", number>;
|
|
155
155
|
byRole: Record<AgentRole, number>;
|
|
156
156
|
policyCount: number;
|
|
157
157
|
};
|
|
@@ -160,5 +160,5 @@ export declare class RoleGateService {
|
|
|
160
160
|
* Create a new role gate service
|
|
161
161
|
*/
|
|
162
162
|
export declare function createRoleGateService(): RoleGateService;
|
|
163
|
-
export { type RoleGateEntry, type RoleGatePolicy, type RoleGatePolicyRule, type RoleGateCondition, type RoleGateEvaluation, AgentRole, TrustTier, ROLE_GATE_MATRIX, validateRoleGateKernel, } from
|
|
163
|
+
export { type RoleGateEntry, type RoleGatePolicy, type RoleGatePolicyRule, type RoleGateCondition, type RoleGateEvaluation, AgentRole, TrustTier, ROLE_GATE_MATRIX, validateRoleGateKernel, } from "./types.js";
|
|
164
164
|
//# sourceMappingURL=role-gates.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"role-gates.d.ts","sourceRoot":"","sources":["../../src/phase6/role-gates.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,cAAc,EAGnB,KAAK,kBAAkB,EACvB,SAAS,EACT,SAAS,EACT,WAAW,EAKZ,MAAM,YAAY,CAAC;AAuBpB;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,SAAS,aAAa,EAAE,
|
|
1
|
+
{"version":3,"file":"role-gates.d.ts","sourceRoot":"","sources":["../../src/phase6/role-gates.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,cAAc,EAGnB,KAAK,kBAAkB,EACvB,SAAS,EACT,SAAS,EACT,WAAW,EAKZ,MAAM,YAAY,CAAC;AAuBpB;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,SAAS,aAAa,EAAE,CAiC5D;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,SAAS,GAAG,SAAS,CAchE;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,OAAO,CAAC;IACf,YAAY,EAAE,OAAO,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CACjC,IAAI,EAAE,SAAS,EACf,IAAI,EAAE,SAAS,GACd,iBAAiB,CAgBnB;AAMD;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,SAAS,CAAC;IAChB,IAAI,EAAE,SAAS,CAAC;IAChB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,WAAW,CAAC,EAAE,IAAI,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AA0ED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,OAAO,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,MAAM,EAAE,OAAO,GAAG,MAAM,GAAG,UAAU,CAAC;IACtC,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,uBAAuB,EAChC,MAAM,EAAE,cAAc,GACrB,iBAAiB,CAsBnB;AAMD;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,IAAI,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,kBAAkB,EAAE;QAClB,YAAY,CAAC,EAAE,SAAS,EAAE,CAAC;QAC3B,WAAW,CAAC,EAAE,SAAS,EAAE,CAAC;QAC1B,gBAAgB,CAAC,EAAE,OAAO,CAAC;QAC3B,eAAe,CAAC,EAAE,eAAe,CAAC;KACnC,CAAC;CACH;AA4BD;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,OAAO,CAAC;IACf,gBAAgB,EAAE,OAAO,CAAC;IAC1B,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC9B,qBAAqB,EAAE,OAAO,CAAC;IAC/B,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,IAAI,EAAE,SAAS,EACf,OAAO,EAAE,iBAAiB,GACzB,gBAAgB,CAiElB;AAMD;;GAEG;AACH,wBAAsB,gBAAgB,CACpC,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,SAAS,EACf,IAAI,EAAE,SAAS,EACf,MAAM,EAAE,cAAc,EACtB,YAAY,EAAE,iBAAiB,EAC/B,aAAa,CAAC,EAAE,OAAO,CAAC,uBAAuB,CAAC,GAC/C,OAAO,CAAC,kBAAkB,CAAC,CAyF7B;AAMD;;GAEG;AACH,wBAAsB,2BAA2B,CAC/C,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,cAAc,CAAC,CA2FzB;AAMD;;GAEG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAA4C;IAC5D,OAAO,CAAC,WAAW,CAAgD;IACnE,OAAO,CAAC,aAAa,CAAC,CAAiB;IAEvC;;OAEG;IACG,UAAU,CAAC,SAAS,GAAE,MAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAO7D;;OAEG;IACH,cAAc,CAAC,MAAM,EAAE,cAAc,GAAG,IAAI;IAU5C;;OAEG;IACH,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,cAAc,GAAG,SAAS;IAKvD;;OAEG;IACH,gBAAgB,IAAI,cAAc,GAAG,SAAS;IAI9C;;OAEG;IACG,QAAQ,CACZ,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,SAAS,EACf,IAAI,EAAE,SAAS,EACf,YAAY,EAAE,iBAAiB,EAC/B,OAAO,CAAC,EAAE;QACR,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,aAAa,CAAC,EAAE,OAAO,CAAC,uBAAuB,CAAC,CAAC;KAClD,GACA,OAAO,CAAC,kBAAkB,CAAC;IA4B9B;;OAEG;IACH,UAAU,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,GAAG,OAAO;IAIrD;;OAEG;IACH,oBAAoB,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,kBAAkB,EAAE;IAIpE;;OAEG;IACH,oBAAoB,IAAI,SAAS,kBAAkB,EAAE;IAcrD;;OAEG;IACH,QAAQ,IAAI;QACV,gBAAgB,EAAE,MAAM,CAAC;QACzB,UAAU,EAAE,MAAM,CAAC,OAAO,GAAG,MAAM,GAAG,UAAU,EAAE,MAAM,CAAC,CAAC;QAC1D,MAAM,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAClC,WAAW,EAAE,MAAM,CAAC;KACrB;CAyBF;AAED;;GAEG;AACH,wBAAgB,qBAAqB,IAAI,eAAe,CAEvD;AAMD,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,cAAc,EACnB,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACtB,KAAK,kBAAkB,EACvB,SAAS,EACT,SAAS,EACT,gBAAgB,EAChB,sBAAsB,GACvB,MAAM,YAAY,CAAC"}
|
|
@@ -14,9 +14,9 @@
|
|
|
14
14
|
*
|
|
15
15
|
* @packageDocumentation
|
|
16
16
|
*/
|
|
17
|
-
import { createLogger } from
|
|
18
|
-
import { AgentRole, TrustTier, ContextType, ROLE_GATE_MATRIX, validateRoleGateKernel, roleGateEvaluationSchema, } from
|
|
19
|
-
const logger = createLogger({ component:
|
|
17
|
+
import { createLogger } from "../common/logger.js";
|
|
18
|
+
import { AgentRole, TrustTier, ContextType, ROLE_GATE_MATRIX, validateRoleGateKernel, roleGateEvaluationSchema, } from "./types.js";
|
|
19
|
+
const logger = createLogger({ component: "phase6:role-gates" });
|
|
20
20
|
// =============================================================================
|
|
21
21
|
// HASH UTILITIES
|
|
22
22
|
// =============================================================================
|
|
@@ -26,9 +26,9 @@ const logger = createLogger({ component: 'phase6:role-gates' });
|
|
|
26
26
|
async function calculateHash(data) {
|
|
27
27
|
const encoder = new TextEncoder();
|
|
28
28
|
const dataBuffer = encoder.encode(data);
|
|
29
|
-
const hashBuffer = await crypto.subtle.digest(
|
|
29
|
+
const hashBuffer = await crypto.subtle.digest("SHA-256", dataBuffer);
|
|
30
30
|
const hashArray = Array.from(new Uint8Array(hashBuffer));
|
|
31
|
-
return hashArray.map((b) => b.toString(16).padStart(2,
|
|
31
|
+
return hashArray.map((b) => b.toString(16).padStart(2, "0")).join("");
|
|
32
32
|
}
|
|
33
33
|
// =============================================================================
|
|
34
34
|
// KERNEL LAYER (Pre-computed Matrix)
|
|
@@ -45,7 +45,14 @@ export function getRoleGateMatrix() {
|
|
|
45
45
|
if (ROLE_GATE_MATRIX[role][tier]) {
|
|
46
46
|
allowedTiers.push(tier);
|
|
47
47
|
// Track minimum tier
|
|
48
|
-
const tierOrder = [
|
|
48
|
+
const tierOrder = [
|
|
49
|
+
TrustTier.T0,
|
|
50
|
+
TrustTier.T1,
|
|
51
|
+
TrustTier.T2,
|
|
52
|
+
TrustTier.T3,
|
|
53
|
+
TrustTier.T4,
|
|
54
|
+
TrustTier.T5,
|
|
55
|
+
];
|
|
49
56
|
if (tierOrder.indexOf(tier) < tierOrder.indexOf(minimumTier)) {
|
|
50
57
|
minimumTier = tier;
|
|
51
58
|
}
|
|
@@ -63,7 +70,14 @@ export function getRoleGateMatrix() {
|
|
|
63
70
|
* Get minimum required tier for a role
|
|
64
71
|
*/
|
|
65
72
|
export function getMinimumTierForRole(role) {
|
|
66
|
-
for (const tier of [
|
|
73
|
+
for (const tier of [
|
|
74
|
+
TrustTier.T0,
|
|
75
|
+
TrustTier.T1,
|
|
76
|
+
TrustTier.T2,
|
|
77
|
+
TrustTier.T3,
|
|
78
|
+
TrustTier.T4,
|
|
79
|
+
TrustTier.T5,
|
|
80
|
+
]) {
|
|
67
81
|
if (ROLE_GATE_MATRIX[role][tier]) {
|
|
68
82
|
return tier;
|
|
69
83
|
}
|
|
@@ -107,26 +121,30 @@ function conditionMatches(condition, context) {
|
|
|
107
121
|
}
|
|
108
122
|
// Check context types
|
|
109
123
|
if (condition.contextTypes && condition.contextTypes.length > 0) {
|
|
110
|
-
if (!context.contextType ||
|
|
124
|
+
if (!context.contextType ||
|
|
125
|
+
!condition.contextTypes.includes(context.contextType)) {
|
|
111
126
|
return false;
|
|
112
127
|
}
|
|
113
128
|
}
|
|
114
129
|
// Check domains
|
|
115
130
|
if (condition.domains && condition.domains.length > 0) {
|
|
116
|
-
if (!context.domains ||
|
|
131
|
+
if (!context.domains ||
|
|
132
|
+
!condition.domains.some((d) => context.domains.includes(d))) {
|
|
117
133
|
return false;
|
|
118
134
|
}
|
|
119
135
|
}
|
|
120
136
|
// Check time window
|
|
121
137
|
if (condition.timeWindow) {
|
|
122
138
|
const now = context.currentTime ?? new Date();
|
|
123
|
-
const currentHHMM = `${now.getHours().toString().padStart(2,
|
|
124
|
-
if (currentHHMM < condition.timeWindow.start ||
|
|
139
|
+
const currentHHMM = `${now.getHours().toString().padStart(2, "0")}:${now.getMinutes().toString().padStart(2, "0")}`;
|
|
140
|
+
if (currentHHMM < condition.timeWindow.start ||
|
|
141
|
+
currentHHMM > condition.timeWindow.end) {
|
|
125
142
|
return false;
|
|
126
143
|
}
|
|
127
144
|
}
|
|
128
145
|
// Check attestations
|
|
129
|
-
if (condition.requiresAttestation &&
|
|
146
|
+
if (condition.requiresAttestation &&
|
|
147
|
+
condition.requiresAttestation.length > 0) {
|
|
130
148
|
if (!context.attestations) {
|
|
131
149
|
return false;
|
|
132
150
|
}
|
|
@@ -147,7 +165,7 @@ export function evaluatePolicyLayer(context, policy) {
|
|
|
147
165
|
for (const rule of sortedRules) {
|
|
148
166
|
if (conditionMatches(rule.condition, context)) {
|
|
149
167
|
return {
|
|
150
|
-
valid: rule.action ===
|
|
168
|
+
valid: rule.action === "ALLOW",
|
|
151
169
|
appliedRuleId: rule.ruleId,
|
|
152
170
|
appliedPolicyVersion: policy.version,
|
|
153
171
|
action: rule.action,
|
|
@@ -158,8 +176,8 @@ export function evaluatePolicyLayer(context, policy) {
|
|
|
158
176
|
// No rules matched - default allow (kernel already validated)
|
|
159
177
|
return {
|
|
160
178
|
valid: true,
|
|
161
|
-
action:
|
|
162
|
-
reason:
|
|
179
|
+
action: "ALLOW",
|
|
180
|
+
reason: "No policy rules matched - default allow",
|
|
163
181
|
};
|
|
164
182
|
}
|
|
165
183
|
/**
|
|
@@ -169,11 +187,14 @@ function validateOverride(override) {
|
|
|
169
187
|
const now = new Date();
|
|
170
188
|
// Check expiration
|
|
171
189
|
if (override.expiresAt < now) {
|
|
172
|
-
return { valid: false, reason:
|
|
190
|
+
return { valid: false, reason: "Override has expired" };
|
|
173
191
|
}
|
|
174
192
|
// Check dual-control (requester != approver)
|
|
175
193
|
if (override.requestedBy === override.approvedBy) {
|
|
176
|
-
return {
|
|
194
|
+
return {
|
|
195
|
+
valid: false,
|
|
196
|
+
reason: "Override requires dual-control (different requester and approver)",
|
|
197
|
+
};
|
|
177
198
|
}
|
|
178
199
|
return { valid: true };
|
|
179
200
|
}
|
|
@@ -191,7 +212,8 @@ export function evaluateBasisLayer(role, context) {
|
|
|
191
212
|
};
|
|
192
213
|
}
|
|
193
214
|
// Check allowed roles (if specified, role must be in list)
|
|
194
|
-
if (context.contextConstraints.allowedRoles &&
|
|
215
|
+
if (context.contextConstraints.allowedRoles &&
|
|
216
|
+
context.contextConstraints.allowedRoles.length > 0) {
|
|
195
217
|
if (!context.contextConstraints.allowedRoles.includes(role)) {
|
|
196
218
|
return {
|
|
197
219
|
valid: false,
|
|
@@ -208,7 +230,7 @@ export function evaluateBasisLayer(role, context) {
|
|
|
208
230
|
valid: false,
|
|
209
231
|
requiresOverride: true,
|
|
210
232
|
contextConstraintsMet: true,
|
|
211
|
-
reason:
|
|
233
|
+
reason: "Override required but not provided",
|
|
212
234
|
};
|
|
213
235
|
}
|
|
214
236
|
const overrideResult = validateOverride(context.contextConstraints.overrideRequest);
|
|
@@ -259,16 +281,16 @@ export async function evaluateRoleGate(agentId, role, tier, policy, basisContext
|
|
|
259
281
|
let decision;
|
|
260
282
|
if (!kernelResult.valid) {
|
|
261
283
|
// Kernel denial cannot be overridden
|
|
262
|
-
decision =
|
|
284
|
+
decision = "DENY";
|
|
263
285
|
}
|
|
264
286
|
else if (!policyResult.valid) {
|
|
265
287
|
decision = policyResult.action;
|
|
266
288
|
}
|
|
267
289
|
else if (!basisResult.valid) {
|
|
268
|
-
decision = basisResult.requiresOverride ?
|
|
290
|
+
decision = basisResult.requiresOverride ? "ESCALATE" : "DENY";
|
|
269
291
|
}
|
|
270
292
|
else {
|
|
271
|
-
decision =
|
|
293
|
+
decision = "ALLOW";
|
|
272
294
|
}
|
|
273
295
|
const evaluationData = {
|
|
274
296
|
evaluationId: crypto.randomUUID(),
|
|
@@ -308,7 +330,7 @@ export async function evaluateRoleGate(agentId, role, tier, policy, basisContext
|
|
|
308
330
|
if (!parsed.success) {
|
|
309
331
|
throw new Error(`Invalid role gate evaluation: ${parsed.error.message}`);
|
|
310
332
|
}
|
|
311
|
-
if (decision !==
|
|
333
|
+
if (decision !== "ALLOW") {
|
|
312
334
|
logger.warn({
|
|
313
335
|
agentId,
|
|
314
336
|
role,
|
|
@@ -317,7 +339,7 @@ export async function evaluateRoleGate(agentId, role, tier, policy, basisContext
|
|
|
317
339
|
kernelValid: kernelResult.valid,
|
|
318
340
|
policyValid: policyResult.valid,
|
|
319
341
|
basisValid: basisResult.valid,
|
|
320
|
-
},
|
|
342
|
+
}, "Role gate denied or escalated");
|
|
321
343
|
}
|
|
322
344
|
return evaluation;
|
|
323
345
|
}
|
|
@@ -330,82 +352,82 @@ export async function evaluateRoleGate(agentId, role, tier, policy, basisContext
|
|
|
330
352
|
export async function createDefaultRoleGatePolicy(createdBy) {
|
|
331
353
|
const now = new Date();
|
|
332
354
|
const policy = {
|
|
333
|
-
policyId:
|
|
355
|
+
policyId: "default:role-gate-policy",
|
|
334
356
|
version: 1,
|
|
335
357
|
rules: [
|
|
336
358
|
// Rule 1: Block sovereign roles (R-L6+) in non-sovereign contexts
|
|
337
359
|
{
|
|
338
|
-
ruleId:
|
|
339
|
-
name:
|
|
360
|
+
ruleId: "rule:sovereign-context-required",
|
|
361
|
+
name: "Sovereign Context Required for High Roles",
|
|
340
362
|
condition: {
|
|
341
363
|
roles: [AgentRole.R_L6, AgentRole.R_L7, AgentRole.R_L8],
|
|
342
364
|
contextTypes: [ContextType.LOCAL, ContextType.ENTERPRISE],
|
|
343
365
|
},
|
|
344
|
-
action:
|
|
366
|
+
action: "DENY",
|
|
345
367
|
priority: 10,
|
|
346
|
-
reason:
|
|
368
|
+
reason: "Sovereign roles (R-L6+) require sovereign context",
|
|
347
369
|
},
|
|
348
370
|
// Rule 2: Require attestation for orchestrators
|
|
349
371
|
{
|
|
350
|
-
ruleId:
|
|
351
|
-
name:
|
|
372
|
+
ruleId: "rule:orchestrator-attestation",
|
|
373
|
+
name: "Orchestrator Attestation Required",
|
|
352
374
|
condition: {
|
|
353
375
|
roles: [AgentRole.R_L3],
|
|
354
|
-
requiresAttestation: [
|
|
376
|
+
requiresAttestation: ["capability:orchestration"],
|
|
355
377
|
},
|
|
356
|
-
action:
|
|
378
|
+
action: "ALLOW",
|
|
357
379
|
priority: 20,
|
|
358
|
-
reason:
|
|
380
|
+
reason: "Orchestrators require capability attestation",
|
|
359
381
|
},
|
|
360
382
|
{
|
|
361
|
-
ruleId:
|
|
362
|
-
name:
|
|
383
|
+
ruleId: "rule:orchestrator-no-attestation",
|
|
384
|
+
name: "Orchestrator Without Attestation",
|
|
363
385
|
condition: {
|
|
364
386
|
roles: [AgentRole.R_L3],
|
|
365
387
|
},
|
|
366
|
-
action:
|
|
388
|
+
action: "ESCALATE",
|
|
367
389
|
priority: 21,
|
|
368
|
-
reason:
|
|
390
|
+
reason: "Orchestrator without attestation requires approval",
|
|
369
391
|
},
|
|
370
392
|
// Rule 3: Allow basic roles everywhere
|
|
371
393
|
{
|
|
372
|
-
ruleId:
|
|
373
|
-
name:
|
|
394
|
+
ruleId: "rule:basic-roles-allowed",
|
|
395
|
+
name: "Basic Roles Allowed",
|
|
374
396
|
condition: {
|
|
375
397
|
roles: [AgentRole.R_L0, AgentRole.R_L1],
|
|
376
398
|
},
|
|
377
|
-
action:
|
|
399
|
+
action: "ALLOW",
|
|
378
400
|
priority: 100,
|
|
379
|
-
reason:
|
|
401
|
+
reason: "Listener and executor roles are generally allowed",
|
|
380
402
|
},
|
|
381
403
|
// Rule 4: Business hours restriction for architects
|
|
382
404
|
{
|
|
383
|
-
ruleId:
|
|
384
|
-
name:
|
|
405
|
+
ruleId: "rule:architect-business-hours",
|
|
406
|
+
name: "Architect Business Hours Only",
|
|
385
407
|
condition: {
|
|
386
408
|
roles: [AgentRole.R_L4],
|
|
387
|
-
timeWindow: { start:
|
|
409
|
+
timeWindow: { start: "09:00", end: "17:00" },
|
|
388
410
|
},
|
|
389
|
-
action:
|
|
411
|
+
action: "ALLOW",
|
|
390
412
|
priority: 30,
|
|
391
|
-
reason:
|
|
413
|
+
reason: "Architects allowed during business hours",
|
|
392
414
|
},
|
|
393
415
|
{
|
|
394
|
-
ruleId:
|
|
395
|
-
name:
|
|
416
|
+
ruleId: "rule:architect-outside-hours",
|
|
417
|
+
name: "Architect Outside Hours Escalation",
|
|
396
418
|
condition: {
|
|
397
419
|
roles: [AgentRole.R_L4],
|
|
398
420
|
},
|
|
399
|
-
action:
|
|
421
|
+
action: "ESCALATE",
|
|
400
422
|
priority: 31,
|
|
401
|
-
reason:
|
|
423
|
+
reason: "Architect operations outside business hours require approval",
|
|
402
424
|
},
|
|
403
425
|
],
|
|
404
426
|
effectiveFrom: now,
|
|
405
427
|
createdAt: now,
|
|
406
428
|
createdBy,
|
|
407
429
|
policyHash: await calculateHash(JSON.stringify({
|
|
408
|
-
policyId:
|
|
430
|
+
policyId: "default:role-gate-policy",
|
|
409
431
|
version: 1,
|
|
410
432
|
createdAt: now.toISOString(),
|
|
411
433
|
})),
|
|
@@ -425,11 +447,11 @@ export class RoleGateService {
|
|
|
425
447
|
/**
|
|
426
448
|
* Initialize with default policy
|
|
427
449
|
*/
|
|
428
|
-
async initialize(createdBy =
|
|
450
|
+
async initialize(createdBy = "system") {
|
|
429
451
|
this.defaultPolicy = await createDefaultRoleGatePolicy(createdBy);
|
|
430
452
|
const versions = [this.defaultPolicy];
|
|
431
453
|
this.policies.set(this.defaultPolicy.policyId, versions);
|
|
432
|
-
logger.info(
|
|
454
|
+
logger.info("Role gate service initialized with default policy");
|
|
433
455
|
}
|
|
434
456
|
/**
|
|
435
457
|
* Register a custom policy
|
|
@@ -438,7 +460,7 @@ export class RoleGateService {
|
|
|
438
460
|
const versions = this.policies.get(policy.policyId) ?? [];
|
|
439
461
|
versions.push(policy);
|
|
440
462
|
this.policies.set(policy.policyId, versions);
|
|
441
|
-
logger.info({ policyId: policy.policyId, version: policy.version },
|
|
463
|
+
logger.info({ policyId: policy.policyId, version: policy.version }, "Policy registered");
|
|
442
464
|
}
|
|
443
465
|
/**
|
|
444
466
|
* Get current policy version
|
|
@@ -462,7 +484,7 @@ export class RoleGateService {
|
|
|
462
484
|
? this.getPolicy(options.policyId)
|
|
463
485
|
: this.defaultPolicy;
|
|
464
486
|
if (!policy) {
|
|
465
|
-
throw new Error(
|
|
487
|
+
throw new Error("No policy available for evaluation");
|
|
466
488
|
}
|
|
467
489
|
// Evaluate
|
|
468
490
|
const evaluation = await evaluateRoleGate(agentId, role, tier, policy, basisContext, options?.policyContext);
|
|
@@ -491,7 +513,7 @@ export class RoleGateService {
|
|
|
491
513
|
const denied = [];
|
|
492
514
|
for (const evaluations of this.evaluations.values()) {
|
|
493
515
|
for (const evaluation of evaluations) {
|
|
494
|
-
if (evaluation.decision !==
|
|
516
|
+
if (evaluation.decision !== "ALLOW") {
|
|
495
517
|
denied.push(evaluation);
|
|
496
518
|
}
|
|
497
519
|
}
|
|
@@ -532,5 +554,5 @@ export function createRoleGateService() {
|
|
|
532
554
|
// =============================================================================
|
|
533
555
|
// EXPORTS
|
|
534
556
|
// =============================================================================
|
|
535
|
-
export { AgentRole, TrustTier, ROLE_GATE_MATRIX, validateRoleGateKernel, } from
|
|
557
|
+
export { AgentRole, TrustTier, ROLE_GATE_MATRIX, validateRoleGateKernel, } from "./types.js";
|
|
536
558
|
//# sourceMappingURL=role-gates.js.map
|