@vorionsys/atsf-core 0.2.3 → 0.2.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/api/index.d.ts +1 -1
- package/dist/api/index.js +1 -1
- package/dist/api/server.d.ts +2 -2
- package/dist/api/server.d.ts.map +1 -1
- package/dist/api/server.js +147 -184
- package/dist/api/server.js.map +1 -1
- package/dist/arbitration/index.d.ts +4 -4
- package/dist/arbitration/index.d.ts.map +1 -1
- package/dist/arbitration/index.js +41 -46
- package/dist/arbitration/index.js.map +1 -1
- package/dist/arbitration/types.d.ts +10 -10
- package/dist/arbitration/types.d.ts.map +1 -1
- package/dist/basis/evaluator.d.ts +1 -1
- package/dist/basis/evaluator.d.ts.map +1 -1
- package/dist/basis/evaluator.js +54 -56
- package/dist/basis/evaluator.js.map +1 -1
- package/dist/basis/index.d.ts +3 -3
- package/dist/basis/index.js +3 -3
- package/dist/basis/parser.d.ts +2 -2
- package/dist/basis/parser.d.ts.map +1 -1
- package/dist/basis/parser.js +25 -32
- package/dist/basis/parser.js.map +1 -1
- package/dist/basis/types.d.ts +2 -2
- package/dist/chain/index.d.ts.map +1 -1
- package/dist/chain/index.js +16 -16
- package/dist/chain/index.js.map +1 -1
- package/dist/cognigate/index.d.ts +1 -1
- package/dist/cognigate/index.d.ts.map +1 -1
- package/dist/cognigate/index.js +33 -44
- package/dist/cognigate/index.js.map +1 -1
- package/dist/common/adapters.d.ts +4 -4
- package/dist/common/adapters.d.ts.map +1 -1
- package/dist/common/adapters.js +52 -62
- package/dist/common/adapters.js.map +1 -1
- package/dist/common/config.d.ts +69 -68
- package/dist/common/config.d.ts.map +1 -1
- package/dist/common/config.js +50 -50
- package/dist/common/config.js.map +1 -1
- package/dist/common/index.d.ts +4 -4
- package/dist/common/index.js +4 -4
- package/dist/common/logger.d.ts +1 -1
- package/dist/common/logger.js +8 -8
- package/dist/common/types.d.ts +5 -5
- package/dist/common/types.js +5 -5
- package/dist/containment/index.d.ts +3 -3
- package/dist/containment/index.d.ts.map +1 -1
- package/dist/containment/index.js +105 -119
- package/dist/containment/index.js.map +1 -1
- package/dist/containment/types.d.ts +11 -11
- package/dist/containment/types.d.ts.map +1 -1
- package/dist/contracts/index.d.ts +9 -9
- package/dist/contracts/index.d.ts.map +1 -1
- package/dist/contracts/index.js +54 -59
- package/dist/contracts/index.js.map +1 -1
- package/dist/contracts/types.d.ts +12 -12
- package/dist/contracts/types.d.ts.map +1 -1
- package/dist/crewai/callback.d.ts +2 -2
- package/dist/crewai/callback.d.ts.map +1 -1
- package/dist/crewai/callback.js +27 -27
- package/dist/crewai/callback.js.map +1 -1
- package/dist/crewai/executor.d.ts +95 -4
- package/dist/crewai/executor.d.ts.map +1 -1
- package/dist/crewai/executor.js +457 -16
- package/dist/crewai/executor.js.map +1 -1
- package/dist/crewai/index.d.ts +4 -4
- package/dist/crewai/index.js +4 -4
- package/dist/crewai/tools.d.ts +1 -1
- package/dist/crewai/tools.d.ts.map +1 -1
- package/dist/crewai/tools.js +38 -39
- package/dist/crewai/tools.js.map +1 -1
- package/dist/crewai/types.d.ts +66 -3
- package/dist/crewai/types.d.ts.map +1 -1
- package/dist/enforce/index.d.ts +229 -7
- package/dist/enforce/index.d.ts.map +1 -1
- package/dist/enforce/index.js +52 -80
- package/dist/enforce/index.js.map +1 -1
- package/dist/enforce/trust-aware-enforcement-service.d.ts +8 -8
- package/dist/enforce/trust-aware-enforcement-service.d.ts.map +1 -1
- package/dist/enforce/trust-aware-enforcement-service.js +107 -125
- package/dist/enforce/trust-aware-enforcement-service.js.map +1 -1
- package/dist/governance/fluid-workflow.d.ts +8 -8
- package/dist/governance/fluid-workflow.d.ts.map +1 -1
- package/dist/governance/fluid-workflow.js +86 -114
- package/dist/governance/fluid-workflow.js.map +1 -1
- package/dist/governance/index.d.ts +7 -7
- package/dist/governance/index.d.ts.map +1 -1
- package/dist/governance/index.js +74 -81
- package/dist/governance/index.js.map +1 -1
- package/dist/governance/proof-bridge.d.ts +6 -6
- package/dist/governance/proof-bridge.d.ts.map +1 -1
- package/dist/governance/proof-bridge.js +5 -5
- package/dist/governance/proof-bridge.js.map +1 -1
- package/dist/governance/types.d.ts +9 -16
- package/dist/governance/types.d.ts.map +1 -1
- package/dist/governance/types.js.map +1 -1
- package/dist/index.d.ts +27 -29
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +25 -31
- package/dist/index.js.map +1 -1
- package/dist/intent/index.d.ts +55 -5
- package/dist/intent/index.d.ts.map +1 -1
- package/dist/intent/index.js +21 -24
- package/dist/intent/index.js.map +1 -1
- package/dist/intent/persistent-intent-service.d.ts +2 -2
- package/dist/intent/persistent-intent-service.d.ts.map +1 -1
- package/dist/intent/persistent-intent-service.js +31 -43
- package/dist/intent/persistent-intent-service.js.map +1 -1
- package/dist/intent/supabase-intent-repository.d.ts +124 -0
- package/dist/intent/supabase-intent-repository.d.ts.map +1 -0
- package/dist/intent/supabase-intent-repository.js +404 -0
- package/dist/intent/supabase-intent-repository.js.map +1 -0
- package/dist/langchain/callback.d.ts +2 -2
- package/dist/langchain/callback.d.ts.map +1 -1
- package/dist/langchain/callback.js +30 -30
- package/dist/langchain/callback.js.map +1 -1
- package/dist/langchain/executor.d.ts +4 -4
- package/dist/langchain/executor.d.ts.map +1 -1
- package/dist/langchain/executor.js +80 -82
- package/dist/langchain/executor.js.map +1 -1
- package/dist/langchain/index.d.ts +5 -5
- package/dist/langchain/index.js +5 -5
- package/dist/langchain/tools.d.ts +1 -1
- package/dist/langchain/tools.d.ts.map +1 -1
- package/dist/langchain/tools.js +34 -36
- package/dist/langchain/tools.js.map +1 -1
- package/dist/langchain/types.d.ts +3 -3
- package/dist/langchain/types.d.ts.map +1 -1
- package/dist/layers/implementations/L0-request-format.d.ts +2 -2
- package/dist/layers/implementations/L0-request-format.d.ts.map +1 -1
- package/dist/layers/implementations/L0-request-format.js +52 -54
- package/dist/layers/implementations/L0-request-format.js.map +1 -1
- package/dist/layers/implementations/L1-input-size.d.ts +2 -2
- package/dist/layers/implementations/L1-input-size.d.ts.map +1 -1
- package/dist/layers/implementations/L1-input-size.js +39 -49
- package/dist/layers/implementations/L1-input-size.js.map +1 -1
- package/dist/layers/implementations/L2-charset-sanitizer.d.ts +2 -2
- package/dist/layers/implementations/L2-charset-sanitizer.d.ts.map +1 -1
- package/dist/layers/implementations/L2-charset-sanitizer.js +71 -81
- package/dist/layers/implementations/L2-charset-sanitizer.js.map +1 -1
- package/dist/layers/implementations/L3-schema-conformance.d.ts +3 -3
- package/dist/layers/implementations/L3-schema-conformance.d.ts.map +1 -1
- package/dist/layers/implementations/L3-schema-conformance.js +73 -82
- package/dist/layers/implementations/L3-schema-conformance.js.map +1 -1
- package/dist/layers/implementations/L4-injection-detector.d.ts +4 -4
- package/dist/layers/implementations/L4-injection-detector.d.ts.map +1 -1
- package/dist/layers/implementations/L4-injection-detector.js +81 -85
- package/dist/layers/implementations/L4-injection-detector.js.map +1 -1
- package/dist/layers/implementations/L5-rate-limiter.d.ts +2 -2
- package/dist/layers/implementations/L5-rate-limiter.d.ts.map +1 -1
- package/dist/layers/implementations/L5-rate-limiter.js +20 -20
- package/dist/layers/implementations/L5-rate-limiter.js.map +1 -1
- package/dist/layers/implementations/index.d.ts +6 -6
- package/dist/layers/implementations/index.d.ts.map +1 -1
- package/dist/layers/implementations/index.js +6 -6
- package/dist/layers/implementations/index.js.map +1 -1
- package/dist/layers/index.d.ts +3 -3
- package/dist/layers/index.d.ts.map +1 -1
- package/dist/layers/index.js +71 -99
- package/dist/layers/index.js.map +1 -1
- package/dist/layers/types.d.ts +16 -16
- package/dist/layers/types.d.ts.map +1 -1
- package/dist/persistence/file.d.ts +3 -3
- package/dist/persistence/file.d.ts.map +1 -1
- package/dist/persistence/file.js +28 -32
- package/dist/persistence/file.js.map +1 -1
- package/dist/persistence/index.d.ts +7 -7
- package/dist/persistence/index.d.ts.map +1 -1
- package/dist/persistence/index.js +18 -18
- package/dist/persistence/index.js.map +1 -1
- package/dist/persistence/memory.d.ts +3 -3
- package/dist/persistence/memory.d.ts.map +1 -1
- package/dist/persistence/memory.js +8 -10
- package/dist/persistence/memory.js.map +1 -1
- package/dist/persistence/sqlite.d.ts +3 -3
- package/dist/persistence/sqlite.d.ts.map +1 -1
- package/dist/persistence/sqlite.js +40 -39
- package/dist/persistence/sqlite.js.map +1 -1
- package/dist/persistence/supabase.d.ts +3 -3
- package/dist/persistence/supabase.d.ts.map +1 -1
- package/dist/persistence/supabase.js +45 -43
- package/dist/persistence/supabase.js.map +1 -1
- package/dist/persistence/types.d.ts +5 -5
- package/dist/phase6/ceiling.d.ts +5 -5
- package/dist/phase6/ceiling.d.ts.map +1 -1
- package/dist/phase6/ceiling.js +36 -69
- package/dist/phase6/ceiling.js.map +1 -1
- package/dist/phase6/context.d.ts +3 -3
- package/dist/phase6/context.d.ts.map +1 -1
- package/dist/phase6/context.js +47 -93
- package/dist/phase6/context.js.map +1 -1
- package/dist/phase6/index.d.ts +12 -12
- package/dist/phase6/index.d.ts.map +1 -1
- package/dist/phase6/index.js +15 -15
- package/dist/phase6/index.js.map +1 -1
- package/dist/phase6/presets.d.ts +2 -2
- package/dist/phase6/presets.d.ts.map +1 -1
- package/dist/phase6/presets.js +33 -39
- package/dist/phase6/presets.js.map +1 -1
- package/dist/phase6/provenance.d.ts +4 -4
- package/dist/phase6/provenance.d.ts.map +1 -1
- package/dist/phase6/provenance.js +35 -42
- package/dist/phase6/provenance.js.map +1 -1
- package/dist/phase6/role-gates/index.d.ts +2 -2
- package/dist/phase6/role-gates/index.js +2 -2
- package/dist/phase6/role-gates/kernel.d.ts.map +1 -1
- package/dist/phase6/role-gates/kernel.js +16 -16
- package/dist/phase6/role-gates/kernel.js.map +1 -1
- package/dist/phase6/role-gates/policy.d.ts +2 -2
- package/dist/phase6/role-gates/policy.js +6 -6
- package/dist/phase6/role-gates.d.ts +4 -4
- package/dist/phase6/role-gates.d.ts.map +1 -1
- package/dist/phase6/role-gates.js +58 -80
- package/dist/phase6/role-gates.js.map +1 -1
- package/dist/phase6/types.d.ts +20 -19
- package/dist/phase6/types.d.ts.map +1 -1
- package/dist/phase6/types.js +82 -177
- package/dist/phase6/types.js.map +1 -1
- package/dist/phase6/weight-presets/canonical.d.ts.map +1 -1
- package/dist/phase6/weight-presets/canonical.js +10 -10
- package/dist/phase6/weight-presets/canonical.js.map +1 -1
- package/dist/phase6/weight-presets/deltas.d.ts +2 -2
- package/dist/phase6/weight-presets/deltas.d.ts.map +1 -1
- package/dist/phase6/weight-presets/deltas.js +27 -27
- package/dist/phase6/weight-presets/deltas.js.map +1 -1
- package/dist/phase6/weight-presets/index.d.ts +3 -3
- package/dist/phase6/weight-presets/index.js +3 -3
- package/dist/phase6/weight-presets/merger.d.ts +2 -2
- package/dist/phase6/weight-presets/merger.d.ts.map +1 -1
- package/dist/phase6/weight-presets/merger.js +43 -39
- package/dist/phase6/weight-presets/merger.js.map +1 -1
- package/dist/proof/index.d.ts +3 -3
- package/dist/proof/index.d.ts.map +1 -1
- package/dist/proof/index.js +38 -44
- package/dist/proof/index.js.map +1 -1
- package/dist/proof/merkle.d.ts +24 -3
- package/dist/proof/merkle.d.ts.map +1 -1
- package/dist/proof/merkle.js +116 -32
- package/dist/proof/merkle.js.map +1 -1
- package/dist/proof/zk-proofs.d.ts +6 -6
- package/dist/proof/zk-proofs.d.ts.map +1 -1
- package/dist/proof/zk-proofs.js +43 -42
- package/dist/proof/zk-proofs.js.map +1 -1
- package/dist/provenance/index.d.ts +3 -3
- package/dist/provenance/index.d.ts.map +1 -1
- package/dist/provenance/index.js +17 -19
- package/dist/provenance/index.js.map +1 -1
- package/dist/provenance/types.d.ts +4 -4
- package/dist/provenance/types.d.ts.map +1 -1
- package/dist/sandbox-training/challenges.d.ts +1 -1
- package/dist/sandbox-training/challenges.d.ts.map +1 -1
- package/dist/sandbox-training/challenges.js +228 -228
- package/dist/sandbox-training/challenges.js.map +1 -1
- package/dist/sandbox-training/graduation.d.ts +1 -1
- package/dist/sandbox-training/graduation.d.ts.map +1 -1
- package/dist/sandbox-training/graduation.js +15 -14
- package/dist/sandbox-training/graduation.js.map +1 -1
- package/dist/sandbox-training/index.d.ts +9 -9
- package/dist/sandbox-training/index.d.ts.map +1 -1
- package/dist/sandbox-training/index.js +6 -6
- package/dist/sandbox-training/index.js.map +1 -1
- package/dist/sandbox-training/promotion-service.d.ts +4 -4
- package/dist/sandbox-training/promotion-service.d.ts.map +1 -1
- package/dist/sandbox-training/promotion-service.js +5 -5
- package/dist/sandbox-training/promotion-service.js.map +1 -1
- package/dist/sandbox-training/runner.d.ts +1 -1
- package/dist/sandbox-training/runner.d.ts.map +1 -1
- package/dist/sandbox-training/runner.js +73 -74
- package/dist/sandbox-training/runner.js.map +1 -1
- package/dist/sandbox-training/scorer.d.ts +4 -4
- package/dist/sandbox-training/scorer.js +5 -5
- package/dist/sandbox-training/types.d.ts +4 -4
- package/dist/sandbox-training/types.d.ts.map +1 -1
- package/dist/sandbox-training/types.js +7 -11
- package/dist/sandbox-training/types.js.map +1 -1
- package/dist/trust-engine/ceiling-enforcement/audit.d.ts +1 -1
- package/dist/trust-engine/ceiling-enforcement/audit.d.ts.map +1 -1
- package/dist/trust-engine/ceiling-enforcement/audit.js +4 -3
- package/dist/trust-engine/ceiling-enforcement/audit.js.map +1 -1
- package/dist/trust-engine/ceiling-enforcement/index.d.ts +2 -2
- package/dist/trust-engine/ceiling-enforcement/index.js +2 -2
- package/dist/trust-engine/ceiling-enforcement/kernel.d.ts +12 -10
- package/dist/trust-engine/ceiling-enforcement/kernel.d.ts.map +1 -1
- package/dist/trust-engine/ceiling-enforcement/kernel.js +26 -20
- package/dist/trust-engine/ceiling-enforcement/kernel.js.map +1 -1
- package/dist/trust-engine/context-policy/enforcement.d.ts.map +1 -1
- package/dist/trust-engine/context-policy/factory.d.ts +1 -1
- package/dist/trust-engine/context-policy/factory.d.ts.map +1 -1
- package/dist/trust-engine/context-policy/factory.js +1 -1
- package/dist/trust-engine/context-policy/factory.js.map +1 -1
- package/dist/trust-engine/context-policy/index.d.ts +2 -2
- package/dist/trust-engine/context-policy/index.js +2 -2
- package/dist/trust-engine/creation-modifiers/index.d.ts +1 -1
- package/dist/trust-engine/creation-modifiers/index.js +1 -1
- package/dist/trust-engine/creation-modifiers/types.d.ts.map +1 -1
- package/dist/trust-engine/creation-modifiers/types.js +3 -2
- package/dist/trust-engine/creation-modifiers/types.js.map +1 -1
- package/dist/trust-engine/decay-profiles.d.ts +37 -136
- package/dist/trust-engine/decay-profiles.d.ts.map +1 -1
- package/dist/trust-engine/decay-profiles.js +68 -178
- package/dist/trust-engine/decay-profiles.js.map +1 -1
- package/dist/trust-engine/index.d.ts +135 -168
- package/dist/trust-engine/index.d.ts.map +1 -1
- package/dist/trust-engine/index.js +239 -525
- package/dist/trust-engine/index.js.map +1 -1
- package/dist/trust-engine/phase6-types.d.ts +18 -11
- package/dist/trust-engine/phase6-types.d.ts.map +1 -1
- package/dist/trust-engine/phase6-types.js +33 -29
- package/dist/trust-engine/phase6-types.js.map +1 -1
- package/package.json +1 -1
- package/dist/enforce/types.d.ts +0 -234
- package/dist/enforce/types.d.ts.map +0 -1
- package/dist/enforce/types.js +0 -10
- package/dist/enforce/types.js.map +0 -1
- package/dist/intent/types.d.ts +0 -69
- package/dist/intent/types.d.ts.map +0 -1
- package/dist/intent/types.js +0 -10
- package/dist/intent/types.js.map +0 -1
- package/dist/intent-gateway/index.d.ts +0 -522
- package/dist/intent-gateway/index.d.ts.map +0 -1
- package/dist/intent-gateway/index.js +0 -1499
- package/dist/intent-gateway/index.js.map +0 -1
- package/dist/trust-engine/types.d.ts +0 -77
- package/dist/trust-engine/types.d.ts.map +0 -1
- package/dist/trust-engine/types.js +0 -20
- package/dist/trust-engine/types.js.map +0 -1
|
@@ -2,6 +2,6 @@
|
|
|
2
2
|
* Q3: Role Gates
|
|
3
3
|
* Dual-layer validation: kernel fast-path + BASIS policy engine
|
|
4
4
|
*/
|
|
5
|
-
export { AgentRole, TrustTier, ROLE_GATE_MATRIX, validateRoleAndTier, isValidRole, isValidTier, getMaxTierForRole, getMinRoleForTier, RoleGateValidationError, } from
|
|
6
|
-
export { BasisPolicyEngine, } from
|
|
5
|
+
export { AgentRole, TrustTier, ROLE_GATE_MATRIX, validateRoleAndTier, isValidRole, isValidTier, getMaxTierForRole, getMinRoleForTier, RoleGateValidationError, } from './kernel.js';
|
|
6
|
+
export { BasisPolicyEngine, } from './policy.js';
|
|
7
7
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"kernel.d.ts","sourceRoot":"","sources":["../../../src/phase6/role-gates/kernel.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH;;;GAGG;AACH,oBAAY,SAAS;IACnB,IAAI,SAAS,CAAE,uCAAuC;IACtD,IAAI,SAAS,CAAE,mCAAmC;IAClD,IAAI,SAAS,CAAE,sCAAsC;IACrD,IAAI,SAAS,CAAE,uCAAuC;IACtD,IAAI,SAAS,CAAE,yCAAyC;IACxD,IAAI,SAAS,CAAE,kCAAkC;IACjD,IAAI,SAAS,CAAE,0CAA0C;IACzD,IAAI,SAAS,CAAE,6CAA6C;IAC5D,IAAI,SAAS;CACd;AAED;;;GAGG;AACH,oBAAY,SAAS;IACnB,EAAE,OAAO,CAAE,gCAAgC;IAC3C,EAAE,OAAO,CAAE,0CAA0C;IACrD,EAAE,OAAO,CAAE,qCAAqC;IAChD,EAAE,OAAO,CAAE,yCAAyC;IACpD,EAAE,OAAO,CAAE,8CAA8C;IACzD,EAAE,OAAO;CACV;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,gBAAgB,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,CAyE1E,CAAC;AAEF;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,GAAG,OAAO,CAK7E;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,IAAI,SAAS,CAG5D;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,IAAI,SAAS,CAG5D;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,SAAS,GAAG,SAAS,
|
|
1
|
+
{"version":3,"file":"kernel.d.ts","sourceRoot":"","sources":["../../../src/phase6/role-gates/kernel.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH;;;GAGG;AACH,oBAAY,SAAS;IACnB,IAAI,SAAS,CAAE,uCAAuC;IACtD,IAAI,SAAS,CAAE,mCAAmC;IAClD,IAAI,SAAS,CAAE,sCAAsC;IACrD,IAAI,SAAS,CAAE,uCAAuC;IACtD,IAAI,SAAS,CAAE,yCAAyC;IACxD,IAAI,SAAS,CAAE,kCAAkC;IACjD,IAAI,SAAS,CAAE,0CAA0C;IACzD,IAAI,SAAS,CAAE,6CAA6C;IAC5D,IAAI,SAAS;CACd;AAED;;;GAGG;AACH,oBAAY,SAAS;IACnB,EAAE,OAAO,CAAE,gCAAgC;IAC3C,EAAE,OAAO,CAAE,0CAA0C;IACrD,EAAE,OAAO,CAAE,qCAAqC;IAChD,EAAE,OAAO,CAAE,yCAAyC;IACpD,EAAE,OAAO,CAAE,8CAA8C;IACzD,EAAE,OAAO;CACV;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,gBAAgB,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,CAyE1E,CAAC;AAEF;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,GAAG,OAAO,CAK7E;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,IAAI,SAAS,CAG5D;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,IAAI,SAAS,CAG5D;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,SAAS,GAAG,SAAS,CA4D5D;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,SAAS,GAAG,SAAS,CAyB5D;AAED;;GAEG;AACH,qBAAa,uBAAwB,SAAQ,KAAK;IAEvC,IAAI,EAAE,SAAS;IACf,IAAI,EAAE,SAAS;gBADf,IAAI,EAAE,SAAS,EACf,IAAI,EAAE,SAAS,EACtB,OAAO,CAAC,EAAE,MAAM;CAKnB"}
|
|
@@ -141,7 +141,7 @@ export function validateRoleAndTier(role, tier) {
|
|
|
141
141
|
* Check if value is a valid AgentRole
|
|
142
142
|
*/
|
|
143
143
|
export function isValidRole(role) {
|
|
144
|
-
if (typeof role !==
|
|
144
|
+
if (typeof role !== 'string')
|
|
145
145
|
return false;
|
|
146
146
|
return Object.values(AgentRole).includes(role);
|
|
147
147
|
}
|
|
@@ -149,7 +149,7 @@ export function isValidRole(role) {
|
|
|
149
149
|
* Check if value is a valid TrustTier
|
|
150
150
|
*/
|
|
151
151
|
export function isValidTier(tier) {
|
|
152
|
-
if (typeof tier !==
|
|
152
|
+
if (typeof tier !== 'string')
|
|
153
153
|
return false;
|
|
154
154
|
return Object.values(TrustTier).includes(tier);
|
|
155
155
|
}
|
|
@@ -165,55 +165,55 @@ export function getMaxTierForRole(role) {
|
|
|
165
165
|
return TrustTier.T0;
|
|
166
166
|
}
|
|
167
167
|
// Debug logging for R-L0
|
|
168
|
-
const isDebug = role ===
|
|
168
|
+
const isDebug = role === 'R-L0';
|
|
169
169
|
if (isDebug) {
|
|
170
|
-
console.log(
|
|
171
|
-
console.log(
|
|
172
|
-
console.log(
|
|
173
|
-
console.log(
|
|
170
|
+
console.log('getMaxTierForRole debug for R-L0:');
|
|
171
|
+
console.log(' roleEntry:', roleEntry);
|
|
172
|
+
console.log(' TrustTier.T1:', TrustTier.T1);
|
|
173
|
+
console.log(' roleEntry[TrustTier.T1]:', roleEntry[TrustTier.T1]);
|
|
174
174
|
}
|
|
175
175
|
// Check tiers from highest to lowest
|
|
176
176
|
const t5Val = roleEntry[TrustTier.T5];
|
|
177
177
|
if (t5Val === true) {
|
|
178
178
|
if (isDebug)
|
|
179
|
-
console.log(
|
|
179
|
+
console.log(' returning T5');
|
|
180
180
|
return TrustTier.T5;
|
|
181
181
|
}
|
|
182
182
|
const t4Val = roleEntry[TrustTier.T4];
|
|
183
183
|
if (t4Val === true) {
|
|
184
184
|
if (isDebug)
|
|
185
|
-
console.log(
|
|
185
|
+
console.log(' returning T4');
|
|
186
186
|
return TrustTier.T4;
|
|
187
187
|
}
|
|
188
188
|
const t3Val = roleEntry[TrustTier.T3];
|
|
189
189
|
if (t3Val === true) {
|
|
190
190
|
if (isDebug)
|
|
191
|
-
console.log(
|
|
191
|
+
console.log(' returning T3');
|
|
192
192
|
return TrustTier.T3;
|
|
193
193
|
}
|
|
194
194
|
const t2Val = roleEntry[TrustTier.T2];
|
|
195
195
|
if (t2Val === true) {
|
|
196
196
|
if (isDebug)
|
|
197
|
-
console.log(
|
|
197
|
+
console.log(' returning T2');
|
|
198
198
|
return TrustTier.T2;
|
|
199
199
|
}
|
|
200
200
|
const t1Val = roleEntry[TrustTier.T1];
|
|
201
201
|
if (isDebug)
|
|
202
|
-
console.log(
|
|
202
|
+
console.log(' t1Val:', t1Val, 't1Val === true:', t1Val === true);
|
|
203
203
|
if (t1Val === true) {
|
|
204
204
|
if (isDebug)
|
|
205
|
-
console.log(
|
|
205
|
+
console.log(' returning T1');
|
|
206
206
|
return TrustTier.T1;
|
|
207
207
|
}
|
|
208
208
|
const t0Val = roleEntry[TrustTier.T0];
|
|
209
209
|
if (t0Val === true) {
|
|
210
210
|
if (isDebug)
|
|
211
|
-
console.log(
|
|
211
|
+
console.log(' returning T0');
|
|
212
212
|
return TrustTier.T0;
|
|
213
213
|
}
|
|
214
214
|
// Fallback
|
|
215
215
|
if (isDebug)
|
|
216
|
-
console.log(
|
|
216
|
+
console.log(' returning fallback T0');
|
|
217
217
|
return TrustTier.T0;
|
|
218
218
|
}
|
|
219
219
|
/**
|
|
@@ -252,7 +252,7 @@ export class RoleGateValidationError extends Error {
|
|
|
252
252
|
super(message || `Invalid role+tier combination: ${role} + ${tier}`);
|
|
253
253
|
this.role = role;
|
|
254
254
|
this.tier = tier;
|
|
255
|
-
this.name =
|
|
255
|
+
this.name = 'RoleGateValidationError';
|
|
256
256
|
}
|
|
257
257
|
}
|
|
258
258
|
//# sourceMappingURL=kernel.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"kernel.js","sourceRoot":"","sources":["../../../src/phase6/role-gates/kernel.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH;;;GAGG;AACH,MAAM,CAAN,IAAY,SAUX;AAVD,WAAY,SAAS;IACnB,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;AACf,CAAC,EAVW,SAAS,KAAT,SAAS,QAUpB;AAED;;;GAGG;AACH,MAAM,CAAN,IAAY,SAOX;AAPD,WAAY,SAAS;IACnB,sBAAS,CAAA;IACT,sBAAS,CAAA;IACT,sBAAS,CAAA;IACT,sBAAS,CAAA;IACT,sBAAS,CAAA;IACT,sBAAS,CAAA;AACX,CAAC,EAPW,SAAS,KAAT,SAAS,QAOpB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAkD;IAC7E,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;QACrB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;QACrB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;QACrB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;KACtB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;QACrB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;QACrB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;KACtB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;QACrB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;KACtB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;KACtB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;KACtB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;KACtB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;KACrB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;KACrB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;KACrB;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAAe,EAAE,IAAe;IAClE,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7C,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC;AACjD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,IAAa;IACvC,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC3C,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,IAAiB,CAAC,CAAC;AAC9D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,IAAa;IACvC,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC3C,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,IAAiB,CAAC,CAAC;AAC9D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAe;IAC/C,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC;IAC3C,CAAC;IAED,MAAM,SAAS,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACzC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,SAAS,CAAC,EAAE,CAAC;IACtB,CAAC;IAED,yBAAyB;IACzB,MAAM,OAAO,GAAG,IAAI,KAAK,MAAM,CAAC;IAChC,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,SAAS,CAAC,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,SAAS,CAAC,EAAE,CAAC,CAAC;QAC7C,OAAO,CAAC,GAAG,CAAC,4BAA4B,EAAE,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC;IACrE,CAAC;IAED,qCAAqC;IACrC,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACtC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,IAAI,OAAO;YAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC3C,OAAO,SAAS,CAAC,EAAE,CAAC;IACtB,CAAC;IAED,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACtC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,IAAI,OAAO;YAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC3C,OAAO,SAAS,CAAC,EAAE,CAAC;IACtB,CAAC;IAED,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACtC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,IAAI,OAAO;YAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC3C,OAAO,SAAS,CAAC,EAAE,CAAC;IACtB,CAAC;IAED,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACtC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,IAAI,OAAO;YAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC3C,OAAO,SAAS,CAAC,EAAE,CAAC;IACtB,CAAC;IAED,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACtC,IAAI,OAAO;
|
|
1
|
+
{"version":3,"file":"kernel.js","sourceRoot":"","sources":["../../../src/phase6/role-gates/kernel.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH;;;GAGG;AACH,MAAM,CAAN,IAAY,SAUX;AAVD,WAAY,SAAS;IACnB,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;AACf,CAAC,EAVW,SAAS,KAAT,SAAS,QAUpB;AAED;;;GAGG;AACH,MAAM,CAAN,IAAY,SAOX;AAPD,WAAY,SAAS;IACnB,sBAAS,CAAA;IACT,sBAAS,CAAA;IACT,sBAAS,CAAA;IACT,sBAAS,CAAA;IACT,sBAAS,CAAA;IACT,sBAAS,CAAA;AACX,CAAC,EAPW,SAAS,KAAT,SAAS,QAOpB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAkD;IAC7E,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;QACrB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;QACrB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;QACrB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;KACtB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;QACrB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;QACrB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;KACtB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;QACrB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;KACtB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;KACtB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;KACtB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;KACtB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;KACrB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;KACrB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;KACrB;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAAe,EAAE,IAAe;IAClE,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7C,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC;AACjD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,IAAa;IACvC,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC3C,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,IAAiB,CAAC,CAAC;AAC9D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,IAAa;IACvC,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC3C,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,IAAiB,CAAC,CAAC;AAC9D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAe;IAC/C,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC;IAC3C,CAAC;IAED,MAAM,SAAS,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACzC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,SAAS,CAAC,EAAE,CAAC;IACtB,CAAC;IAED,yBAAyB;IACzB,MAAM,OAAO,GAAG,IAAI,KAAK,MAAM,CAAC;IAChC,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,SAAS,CAAC,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,SAAS,CAAC,EAAE,CAAC,CAAC;QAC7C,OAAO,CAAC,GAAG,CAAC,4BAA4B,EAAE,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC;IACrE,CAAC;IAED,qCAAqC;IACrC,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACtC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,IAAI,OAAO;YAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC3C,OAAO,SAAS,CAAC,EAAE,CAAC;IACtB,CAAC;IAED,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACtC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,IAAI,OAAO;YAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC3C,OAAO,SAAS,CAAC,EAAE,CAAC;IACtB,CAAC;IAED,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACtC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,IAAI,OAAO;YAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC3C,OAAO,SAAS,CAAC,EAAE,CAAC;IACtB,CAAC;IAED,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACtC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,IAAI,OAAO;YAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC3C,OAAO,SAAS,CAAC,EAAE,CAAC;IACtB,CAAC;IAED,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACtC,IAAI,OAAO;QAAE,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,EAAE,iBAAiB,EAAE,KAAK,KAAK,IAAI,CAAC,CAAC;IAC/E,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,IAAI,OAAO;YAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC3C,OAAO,SAAS,CAAC,EAAE,CAAC;IACtB,CAAC;IAED,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACtC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,IAAI,OAAO;YAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC3C,OAAO,SAAS,CAAC,EAAE,CAAC;IACtB,CAAC;IAED,WAAW;IACX,IAAI,OAAO;QAAE,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;IACpD,OAAO,SAAS,CAAC,EAAE,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAe;IAC/C,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC;IAC3C,CAAC;IAED,MAAM,SAAS,GAAG;QAChB,SAAS,CAAC,IAAI;QACd,SAAS,CAAC,IAAI;QACd,SAAS,CAAC,IAAI;QACd,SAAS,CAAC,IAAI;QACd,SAAS,CAAC,IAAI;QACd,SAAS,CAAC,IAAI;QACd,SAAS,CAAC,IAAI;QACd,SAAS,CAAC,IAAI;QACd,SAAS,CAAC,IAAI;KACf,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC7B,IAAI,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACnC,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,WAAW;IACX,OAAO,SAAS,CAAC,IAAI,CAAC;AACxB,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,uBAAwB,SAAQ,KAAK;IAEvC;IACA;IAFT,YACS,IAAe,EACf,IAAe,EACtB,OAAgB;QAEhB,KAAK,CAAC,OAAO,IAAI,kCAAkC,IAAI,MAAM,IAAI,EAAE,CAAC,CAAC;QAJ9D,SAAI,GAAJ,IAAI,CAAW;QACf,SAAI,GAAJ,IAAI,CAAW;QAItB,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;IACxC,CAAC;CACF"}
|
|
@@ -9,7 +9,7 @@
|
|
|
9
9
|
* - Full audit trail of all evaluations
|
|
10
10
|
* - Version tracking on policy changes
|
|
11
11
|
*/
|
|
12
|
-
import { AgentRole, TrustTier } from
|
|
12
|
+
import { AgentRole, TrustTier } from './kernel.js';
|
|
13
13
|
/**
|
|
14
14
|
* Policy rule definition
|
|
15
15
|
*/
|
|
@@ -38,7 +38,7 @@ export interface PolicyException {
|
|
|
38
38
|
export interface PolicyDecision {
|
|
39
39
|
allowed: boolean;
|
|
40
40
|
reason: string;
|
|
41
|
-
source:
|
|
41
|
+
source: 'exception' | 'rule' | 'default';
|
|
42
42
|
appliedAt: Date;
|
|
43
43
|
}
|
|
44
44
|
/**
|
|
@@ -16,7 +16,7 @@ export class BasisPolicyEngine {
|
|
|
16
16
|
rules = new Map();
|
|
17
17
|
exceptions = new Map();
|
|
18
18
|
auditLog = [];
|
|
19
|
-
policyVersion =
|
|
19
|
+
policyVersion = '1.0.0';
|
|
20
20
|
versionCounter = 0;
|
|
21
21
|
/**
|
|
22
22
|
* Add a policy rule
|
|
@@ -76,7 +76,7 @@ export class BasisPolicyEngine {
|
|
|
76
76
|
const decision = {
|
|
77
77
|
allowed: exception.allowed,
|
|
78
78
|
reason: exception.reason,
|
|
79
|
-
source:
|
|
79
|
+
source: 'exception',
|
|
80
80
|
appliedAt: timestamp,
|
|
81
81
|
};
|
|
82
82
|
this.logAudit({ timestamp, agentId, role, tier, domain, decision });
|
|
@@ -95,7 +95,7 @@ export class BasisPolicyEngine {
|
|
|
95
95
|
const decision = {
|
|
96
96
|
allowed: rule.allowed,
|
|
97
97
|
reason: rule.reason,
|
|
98
|
-
source:
|
|
98
|
+
source: 'rule',
|
|
99
99
|
appliedAt: timestamp,
|
|
100
100
|
};
|
|
101
101
|
this.logAudit({ timestamp, agentId, role, tier, domain, decision });
|
|
@@ -105,8 +105,8 @@ export class BasisPolicyEngine {
|
|
|
105
105
|
// Default: allow
|
|
106
106
|
const decision = {
|
|
107
107
|
allowed: true,
|
|
108
|
-
reason:
|
|
109
|
-
source:
|
|
108
|
+
reason: 'No matching rule or exception (default allow)',
|
|
109
|
+
source: 'default',
|
|
110
110
|
appliedAt: timestamp,
|
|
111
111
|
};
|
|
112
112
|
this.logAudit({ timestamp, agentId, role, tier, domain, decision });
|
|
@@ -150,7 +150,7 @@ export class BasisPolicyEngine {
|
|
|
150
150
|
*/
|
|
151
151
|
incrementVersion() {
|
|
152
152
|
this.versionCounter++;
|
|
153
|
-
const [major, minor] = this.policyVersion.split(
|
|
153
|
+
const [major, minor] = this.policyVersion.split('.').map(Number);
|
|
154
154
|
this.policyVersion = `${major}.${minor + 1}`;
|
|
155
155
|
}
|
|
156
156
|
}
|
|
@@ -14,7 +14,7 @@
|
|
|
14
14
|
*
|
|
15
15
|
* @packageDocumentation
|
|
16
16
|
*/
|
|
17
|
-
import { type RoleGateEntry, type RoleGatePolicy, type RoleGateEvaluation, AgentRole, TrustTier, ContextType } from
|
|
17
|
+
import { type RoleGateEntry, type RoleGatePolicy, type RoleGateEvaluation, AgentRole, TrustTier, ContextType } from './types.js';
|
|
18
18
|
/**
|
|
19
19
|
* Get all role gate entries
|
|
20
20
|
*/
|
|
@@ -54,7 +54,7 @@ export interface PolicyLayerResult {
|
|
|
54
54
|
valid: boolean;
|
|
55
55
|
appliedRuleId?: string;
|
|
56
56
|
appliedPolicyVersion?: number;
|
|
57
|
-
action:
|
|
57
|
+
action: 'ALLOW' | 'DENY' | 'ESCALATE';
|
|
58
58
|
reason: string;
|
|
59
59
|
}
|
|
60
60
|
/**
|
|
@@ -151,7 +151,7 @@ export declare class RoleGateService {
|
|
|
151
151
|
*/
|
|
152
152
|
getStats(): {
|
|
153
153
|
totalEvaluations: number;
|
|
154
|
-
byDecision: Record<
|
|
154
|
+
byDecision: Record<'ALLOW' | 'DENY' | 'ESCALATE', number>;
|
|
155
155
|
byRole: Record<AgentRole, number>;
|
|
156
156
|
policyCount: number;
|
|
157
157
|
};
|
|
@@ -160,5 +160,5 @@ export declare class RoleGateService {
|
|
|
160
160
|
* Create a new role gate service
|
|
161
161
|
*/
|
|
162
162
|
export declare function createRoleGateService(): RoleGateService;
|
|
163
|
-
export { type RoleGateEntry, type RoleGatePolicy, type RoleGatePolicyRule, type RoleGateCondition, type RoleGateEvaluation, AgentRole, TrustTier, ROLE_GATE_MATRIX, validateRoleGateKernel, } from
|
|
163
|
+
export { type RoleGateEntry, type RoleGatePolicy, type RoleGatePolicyRule, type RoleGateCondition, type RoleGateEvaluation, AgentRole, TrustTier, ROLE_GATE_MATRIX, validateRoleGateKernel, } from './types.js';
|
|
164
164
|
//# sourceMappingURL=role-gates.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"role-gates.d.ts","sourceRoot":"","sources":["../../src/phase6/role-gates.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,cAAc,EAGnB,KAAK,kBAAkB,EACvB,SAAS,EACT,SAAS,EACT,WAAW,EAKZ,MAAM,YAAY,CAAC;AAuBpB;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,SAAS,aAAa,EAAE,
|
|
1
|
+
{"version":3,"file":"role-gates.d.ts","sourceRoot":"","sources":["../../src/phase6/role-gates.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,cAAc,EAGnB,KAAK,kBAAkB,EACvB,SAAS,EACT,SAAS,EACT,WAAW,EAKZ,MAAM,YAAY,CAAC;AAuBpB;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,SAAS,aAAa,EAAE,CA0B5D;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,SAAS,GAAG,SAAS,CAOhE;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,OAAO,CAAC;IACf,YAAY,EAAE,OAAO,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,GAAG,iBAAiB,CAgBvF;AAMD;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,SAAS,CAAC;IAChB,IAAI,EAAE,SAAS,CAAC;IAChB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,WAAW,CAAC,EAAE,IAAI,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AA2DD;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,OAAO,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,MAAM,EAAE,OAAO,GAAG,MAAM,GAAG,UAAU,CAAC;IACtC,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,uBAAuB,EAChC,MAAM,EAAE,cAAc,GACrB,iBAAiB,CAsBnB;AAMD;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,IAAI,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,kBAAkB,EAAE;QAClB,YAAY,CAAC,EAAE,SAAS,EAAE,CAAC;QAC3B,WAAW,CAAC,EAAE,SAAS,EAAE,CAAC;QAC1B,gBAAgB,CAAC,EAAE,OAAO,CAAC;QAC3B,eAAe,CAAC,EAAE,eAAe,CAAC;KACnC,CAAC;CACH;AAqBD;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,OAAO,CAAC;IACf,gBAAgB,EAAE,OAAO,CAAC;IAC1B,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC9B,qBAAqB,EAAE,OAAO,CAAC;IAC/B,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,IAAI,EAAE,SAAS,EACf,OAAO,EAAE,iBAAiB,GACzB,gBAAgB,CA4DlB;AAMD;;GAEG;AACH,wBAAsB,gBAAgB,CACpC,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,SAAS,EACf,IAAI,EAAE,SAAS,EACf,MAAM,EAAE,cAAc,EACtB,YAAY,EAAE,iBAAiB,EAC/B,aAAa,CAAC,EAAE,OAAO,CAAC,uBAAuB,CAAC,GAC/C,OAAO,CAAC,kBAAkB,CAAC,CAyF7B;AAMD;;GAEG;AACH,wBAAsB,2BAA2B,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,CAyF5F;AAMD;;GAEG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAA4C;IAC5D,OAAO,CAAC,WAAW,CAAgD;IACnE,OAAO,CAAC,aAAa,CAAC,CAAiB;IAEvC;;OAEG;IACG,UAAU,CAAC,SAAS,GAAE,MAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAO7D;;OAEG;IACH,cAAc,CAAC,MAAM,EAAE,cAAc,GAAG,IAAI;IAO5C;;OAEG;IACH,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,cAAc,GAAG,SAAS;IAKvD;;OAEG;IACH,gBAAgB,IAAI,cAAc,GAAG,SAAS;IAI9C;;OAEG;IACG,QAAQ,CACZ,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,SAAS,EACf,IAAI,EAAE,SAAS,EACf,YAAY,EAAE,iBAAiB,EAC/B,OAAO,CAAC,EAAE;QACR,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,aAAa,CAAC,EAAE,OAAO,CAAC,uBAAuB,CAAC,CAAC;KAClD,GACA,OAAO,CAAC,kBAAkB,CAAC;IA4B9B;;OAEG;IACH,UAAU,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,GAAG,OAAO;IAIrD;;OAEG;IACH,oBAAoB,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,kBAAkB,EAAE;IAIpE;;OAEG;IACH,oBAAoB,IAAI,SAAS,kBAAkB,EAAE;IAcrD;;OAEG;IACH,QAAQ,IAAI;QACV,gBAAgB,EAAE,MAAM,CAAC;QACzB,UAAU,EAAE,MAAM,CAAC,OAAO,GAAG,MAAM,GAAG,UAAU,EAAE,MAAM,CAAC,CAAC;QAC1D,MAAM,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAClC,WAAW,EAAE,MAAM,CAAC;KACrB;CAyBF;AAED;;GAEG;AACH,wBAAgB,qBAAqB,IAAI,eAAe,CAEvD;AAMD,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,cAAc,EACnB,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACtB,KAAK,kBAAkB,EACvB,SAAS,EACT,SAAS,EACT,gBAAgB,EAChB,sBAAsB,GACvB,MAAM,YAAY,CAAC"}
|
|
@@ -14,9 +14,9 @@
|
|
|
14
14
|
*
|
|
15
15
|
* @packageDocumentation
|
|
16
16
|
*/
|
|
17
|
-
import { createLogger } from
|
|
18
|
-
import { AgentRole, TrustTier, ContextType, ROLE_GATE_MATRIX, validateRoleGateKernel, roleGateEvaluationSchema, } from
|
|
19
|
-
const logger = createLogger({ component:
|
|
17
|
+
import { createLogger } from '../common/logger.js';
|
|
18
|
+
import { AgentRole, TrustTier, ContextType, ROLE_GATE_MATRIX, validateRoleGateKernel, roleGateEvaluationSchema, } from './types.js';
|
|
19
|
+
const logger = createLogger({ component: 'phase6:role-gates' });
|
|
20
20
|
// =============================================================================
|
|
21
21
|
// HASH UTILITIES
|
|
22
22
|
// =============================================================================
|
|
@@ -26,9 +26,9 @@ const logger = createLogger({ component: "phase6:role-gates" });
|
|
|
26
26
|
async function calculateHash(data) {
|
|
27
27
|
const encoder = new TextEncoder();
|
|
28
28
|
const dataBuffer = encoder.encode(data);
|
|
29
|
-
const hashBuffer = await crypto.subtle.digest(
|
|
29
|
+
const hashBuffer = await crypto.subtle.digest('SHA-256', dataBuffer);
|
|
30
30
|
const hashArray = Array.from(new Uint8Array(hashBuffer));
|
|
31
|
-
return hashArray.map((b) => b.toString(16).padStart(2,
|
|
31
|
+
return hashArray.map((b) => b.toString(16).padStart(2, '0')).join('');
|
|
32
32
|
}
|
|
33
33
|
// =============================================================================
|
|
34
34
|
// KERNEL LAYER (Pre-computed Matrix)
|
|
@@ -45,14 +45,7 @@ export function getRoleGateMatrix() {
|
|
|
45
45
|
if (ROLE_GATE_MATRIX[role][tier]) {
|
|
46
46
|
allowedTiers.push(tier);
|
|
47
47
|
// Track minimum tier
|
|
48
|
-
const tierOrder = [
|
|
49
|
-
TrustTier.T0,
|
|
50
|
-
TrustTier.T1,
|
|
51
|
-
TrustTier.T2,
|
|
52
|
-
TrustTier.T3,
|
|
53
|
-
TrustTier.T4,
|
|
54
|
-
TrustTier.T5,
|
|
55
|
-
];
|
|
48
|
+
const tierOrder = [TrustTier.T0, TrustTier.T1, TrustTier.T2, TrustTier.T3, TrustTier.T4, TrustTier.T5, TrustTier.T6, TrustTier.T7];
|
|
56
49
|
if (tierOrder.indexOf(tier) < tierOrder.indexOf(minimumTier)) {
|
|
57
50
|
minimumTier = tier;
|
|
58
51
|
}
|
|
@@ -70,14 +63,7 @@ export function getRoleGateMatrix() {
|
|
|
70
63
|
* Get minimum required tier for a role
|
|
71
64
|
*/
|
|
72
65
|
export function getMinimumTierForRole(role) {
|
|
73
|
-
for (const tier of [
|
|
74
|
-
TrustTier.T0,
|
|
75
|
-
TrustTier.T1,
|
|
76
|
-
TrustTier.T2,
|
|
77
|
-
TrustTier.T3,
|
|
78
|
-
TrustTier.T4,
|
|
79
|
-
TrustTier.T5,
|
|
80
|
-
]) {
|
|
66
|
+
for (const tier of [TrustTier.T0, TrustTier.T1, TrustTier.T2, TrustTier.T3, TrustTier.T4, TrustTier.T5, TrustTier.T6, TrustTier.T7]) {
|
|
81
67
|
if (ROLE_GATE_MATRIX[role][tier]) {
|
|
82
68
|
return tier;
|
|
83
69
|
}
|
|
@@ -121,30 +107,26 @@ function conditionMatches(condition, context) {
|
|
|
121
107
|
}
|
|
122
108
|
// Check context types
|
|
123
109
|
if (condition.contextTypes && condition.contextTypes.length > 0) {
|
|
124
|
-
if (!context.contextType ||
|
|
125
|
-
!condition.contextTypes.includes(context.contextType)) {
|
|
110
|
+
if (!context.contextType || !condition.contextTypes.includes(context.contextType)) {
|
|
126
111
|
return false;
|
|
127
112
|
}
|
|
128
113
|
}
|
|
129
114
|
// Check domains
|
|
130
115
|
if (condition.domains && condition.domains.length > 0) {
|
|
131
|
-
if (!context.domains ||
|
|
132
|
-
!condition.domains.some((d) => context.domains.includes(d))) {
|
|
116
|
+
if (!context.domains || !condition.domains.some((d) => context.domains.includes(d))) {
|
|
133
117
|
return false;
|
|
134
118
|
}
|
|
135
119
|
}
|
|
136
120
|
// Check time window
|
|
137
121
|
if (condition.timeWindow) {
|
|
138
122
|
const now = context.currentTime ?? new Date();
|
|
139
|
-
const currentHHMM = `${now.getHours().toString().padStart(2,
|
|
140
|
-
if (currentHHMM < condition.timeWindow.start ||
|
|
141
|
-
currentHHMM > condition.timeWindow.end) {
|
|
123
|
+
const currentHHMM = `${now.getHours().toString().padStart(2, '0')}:${now.getMinutes().toString().padStart(2, '0')}`;
|
|
124
|
+
if (currentHHMM < condition.timeWindow.start || currentHHMM > condition.timeWindow.end) {
|
|
142
125
|
return false;
|
|
143
126
|
}
|
|
144
127
|
}
|
|
145
128
|
// Check attestations
|
|
146
|
-
if (condition.requiresAttestation &&
|
|
147
|
-
condition.requiresAttestation.length > 0) {
|
|
129
|
+
if (condition.requiresAttestation && condition.requiresAttestation.length > 0) {
|
|
148
130
|
if (!context.attestations) {
|
|
149
131
|
return false;
|
|
150
132
|
}
|
|
@@ -165,7 +147,7 @@ export function evaluatePolicyLayer(context, policy) {
|
|
|
165
147
|
for (const rule of sortedRules) {
|
|
166
148
|
if (conditionMatches(rule.condition, context)) {
|
|
167
149
|
return {
|
|
168
|
-
valid: rule.action ===
|
|
150
|
+
valid: rule.action === 'ALLOW',
|
|
169
151
|
appliedRuleId: rule.ruleId,
|
|
170
152
|
appliedPolicyVersion: policy.version,
|
|
171
153
|
action: rule.action,
|
|
@@ -176,8 +158,8 @@ export function evaluatePolicyLayer(context, policy) {
|
|
|
176
158
|
// No rules matched - default allow (kernel already validated)
|
|
177
159
|
return {
|
|
178
160
|
valid: true,
|
|
179
|
-
action:
|
|
180
|
-
reason:
|
|
161
|
+
action: 'ALLOW',
|
|
162
|
+
reason: 'No policy rules matched - default allow',
|
|
181
163
|
};
|
|
182
164
|
}
|
|
183
165
|
/**
|
|
@@ -187,14 +169,11 @@ function validateOverride(override) {
|
|
|
187
169
|
const now = new Date();
|
|
188
170
|
// Check expiration
|
|
189
171
|
if (override.expiresAt < now) {
|
|
190
|
-
return { valid: false, reason:
|
|
172
|
+
return { valid: false, reason: 'Override has expired' };
|
|
191
173
|
}
|
|
192
174
|
// Check dual-control (requester != approver)
|
|
193
175
|
if (override.requestedBy === override.approvedBy) {
|
|
194
|
-
return {
|
|
195
|
-
valid: false,
|
|
196
|
-
reason: "Override requires dual-control (different requester and approver)",
|
|
197
|
-
};
|
|
176
|
+
return { valid: false, reason: 'Override requires dual-control (different requester and approver)' };
|
|
198
177
|
}
|
|
199
178
|
return { valid: true };
|
|
200
179
|
}
|
|
@@ -212,8 +191,7 @@ export function evaluateBasisLayer(role, context) {
|
|
|
212
191
|
};
|
|
213
192
|
}
|
|
214
193
|
// Check allowed roles (if specified, role must be in list)
|
|
215
|
-
if (context.contextConstraints.allowedRoles &&
|
|
216
|
-
context.contextConstraints.allowedRoles.length > 0) {
|
|
194
|
+
if (context.contextConstraints.allowedRoles && context.contextConstraints.allowedRoles.length > 0) {
|
|
217
195
|
if (!context.contextConstraints.allowedRoles.includes(role)) {
|
|
218
196
|
return {
|
|
219
197
|
valid: false,
|
|
@@ -230,7 +208,7 @@ export function evaluateBasisLayer(role, context) {
|
|
|
230
208
|
valid: false,
|
|
231
209
|
requiresOverride: true,
|
|
232
210
|
contextConstraintsMet: true,
|
|
233
|
-
reason:
|
|
211
|
+
reason: 'Override required but not provided',
|
|
234
212
|
};
|
|
235
213
|
}
|
|
236
214
|
const overrideResult = validateOverride(context.contextConstraints.overrideRequest);
|
|
@@ -281,16 +259,16 @@ export async function evaluateRoleGate(agentId, role, tier, policy, basisContext
|
|
|
281
259
|
let decision;
|
|
282
260
|
if (!kernelResult.valid) {
|
|
283
261
|
// Kernel denial cannot be overridden
|
|
284
|
-
decision =
|
|
262
|
+
decision = 'DENY';
|
|
285
263
|
}
|
|
286
264
|
else if (!policyResult.valid) {
|
|
287
265
|
decision = policyResult.action;
|
|
288
266
|
}
|
|
289
267
|
else if (!basisResult.valid) {
|
|
290
|
-
decision = basisResult.requiresOverride ?
|
|
268
|
+
decision = basisResult.requiresOverride ? 'ESCALATE' : 'DENY';
|
|
291
269
|
}
|
|
292
270
|
else {
|
|
293
|
-
decision =
|
|
271
|
+
decision = 'ALLOW';
|
|
294
272
|
}
|
|
295
273
|
const evaluationData = {
|
|
296
274
|
evaluationId: crypto.randomUUID(),
|
|
@@ -330,7 +308,7 @@ export async function evaluateRoleGate(agentId, role, tier, policy, basisContext
|
|
|
330
308
|
if (!parsed.success) {
|
|
331
309
|
throw new Error(`Invalid role gate evaluation: ${parsed.error.message}`);
|
|
332
310
|
}
|
|
333
|
-
if (decision !==
|
|
311
|
+
if (decision !== 'ALLOW') {
|
|
334
312
|
logger.warn({
|
|
335
313
|
agentId,
|
|
336
314
|
role,
|
|
@@ -339,7 +317,7 @@ export async function evaluateRoleGate(agentId, role, tier, policy, basisContext
|
|
|
339
317
|
kernelValid: kernelResult.valid,
|
|
340
318
|
policyValid: policyResult.valid,
|
|
341
319
|
basisValid: basisResult.valid,
|
|
342
|
-
},
|
|
320
|
+
}, 'Role gate denied or escalated');
|
|
343
321
|
}
|
|
344
322
|
return evaluation;
|
|
345
323
|
}
|
|
@@ -352,82 +330,82 @@ export async function evaluateRoleGate(agentId, role, tier, policy, basisContext
|
|
|
352
330
|
export async function createDefaultRoleGatePolicy(createdBy) {
|
|
353
331
|
const now = new Date();
|
|
354
332
|
const policy = {
|
|
355
|
-
policyId:
|
|
333
|
+
policyId: 'default:role-gate-policy',
|
|
356
334
|
version: 1,
|
|
357
335
|
rules: [
|
|
358
336
|
// Rule 1: Block sovereign roles (R-L6+) in non-sovereign contexts
|
|
359
337
|
{
|
|
360
|
-
ruleId:
|
|
361
|
-
name:
|
|
338
|
+
ruleId: 'rule:sovereign-context-required',
|
|
339
|
+
name: 'Sovereign Context Required for High Roles',
|
|
362
340
|
condition: {
|
|
363
341
|
roles: [AgentRole.R_L6, AgentRole.R_L7, AgentRole.R_L8],
|
|
364
342
|
contextTypes: [ContextType.LOCAL, ContextType.ENTERPRISE],
|
|
365
343
|
},
|
|
366
|
-
action:
|
|
344
|
+
action: 'DENY',
|
|
367
345
|
priority: 10,
|
|
368
|
-
reason:
|
|
346
|
+
reason: 'Sovereign roles (R-L6+) require sovereign context',
|
|
369
347
|
},
|
|
370
348
|
// Rule 2: Require attestation for orchestrators
|
|
371
349
|
{
|
|
372
|
-
ruleId:
|
|
373
|
-
name:
|
|
350
|
+
ruleId: 'rule:orchestrator-attestation',
|
|
351
|
+
name: 'Orchestrator Attestation Required',
|
|
374
352
|
condition: {
|
|
375
353
|
roles: [AgentRole.R_L3],
|
|
376
|
-
requiresAttestation: [
|
|
354
|
+
requiresAttestation: ['capability:orchestration'],
|
|
377
355
|
},
|
|
378
|
-
action:
|
|
356
|
+
action: 'ALLOW',
|
|
379
357
|
priority: 20,
|
|
380
|
-
reason:
|
|
358
|
+
reason: 'Orchestrators require capability attestation',
|
|
381
359
|
},
|
|
382
360
|
{
|
|
383
|
-
ruleId:
|
|
384
|
-
name:
|
|
361
|
+
ruleId: 'rule:orchestrator-no-attestation',
|
|
362
|
+
name: 'Orchestrator Without Attestation',
|
|
385
363
|
condition: {
|
|
386
364
|
roles: [AgentRole.R_L3],
|
|
387
365
|
},
|
|
388
|
-
action:
|
|
366
|
+
action: 'ESCALATE',
|
|
389
367
|
priority: 21,
|
|
390
|
-
reason:
|
|
368
|
+
reason: 'Orchestrator without attestation requires approval',
|
|
391
369
|
},
|
|
392
370
|
// Rule 3: Allow basic roles everywhere
|
|
393
371
|
{
|
|
394
|
-
ruleId:
|
|
395
|
-
name:
|
|
372
|
+
ruleId: 'rule:basic-roles-allowed',
|
|
373
|
+
name: 'Basic Roles Allowed',
|
|
396
374
|
condition: {
|
|
397
375
|
roles: [AgentRole.R_L0, AgentRole.R_L1],
|
|
398
376
|
},
|
|
399
|
-
action:
|
|
377
|
+
action: 'ALLOW',
|
|
400
378
|
priority: 100,
|
|
401
|
-
reason:
|
|
379
|
+
reason: 'Listener and executor roles are generally allowed',
|
|
402
380
|
},
|
|
403
381
|
// Rule 4: Business hours restriction for architects
|
|
404
382
|
{
|
|
405
|
-
ruleId:
|
|
406
|
-
name:
|
|
383
|
+
ruleId: 'rule:architect-business-hours',
|
|
384
|
+
name: 'Architect Business Hours Only',
|
|
407
385
|
condition: {
|
|
408
386
|
roles: [AgentRole.R_L4],
|
|
409
|
-
timeWindow: { start:
|
|
387
|
+
timeWindow: { start: '09:00', end: '17:00' },
|
|
410
388
|
},
|
|
411
|
-
action:
|
|
389
|
+
action: 'ALLOW',
|
|
412
390
|
priority: 30,
|
|
413
|
-
reason:
|
|
391
|
+
reason: 'Architects allowed during business hours',
|
|
414
392
|
},
|
|
415
393
|
{
|
|
416
|
-
ruleId:
|
|
417
|
-
name:
|
|
394
|
+
ruleId: 'rule:architect-outside-hours',
|
|
395
|
+
name: 'Architect Outside Hours Escalation',
|
|
418
396
|
condition: {
|
|
419
397
|
roles: [AgentRole.R_L4],
|
|
420
398
|
},
|
|
421
|
-
action:
|
|
399
|
+
action: 'ESCALATE',
|
|
422
400
|
priority: 31,
|
|
423
|
-
reason:
|
|
401
|
+
reason: 'Architect operations outside business hours require approval',
|
|
424
402
|
},
|
|
425
403
|
],
|
|
426
404
|
effectiveFrom: now,
|
|
427
405
|
createdAt: now,
|
|
428
406
|
createdBy,
|
|
429
407
|
policyHash: await calculateHash(JSON.stringify({
|
|
430
|
-
policyId:
|
|
408
|
+
policyId: 'default:role-gate-policy',
|
|
431
409
|
version: 1,
|
|
432
410
|
createdAt: now.toISOString(),
|
|
433
411
|
})),
|
|
@@ -447,11 +425,11 @@ export class RoleGateService {
|
|
|
447
425
|
/**
|
|
448
426
|
* Initialize with default policy
|
|
449
427
|
*/
|
|
450
|
-
async initialize(createdBy =
|
|
428
|
+
async initialize(createdBy = 'system') {
|
|
451
429
|
this.defaultPolicy = await createDefaultRoleGatePolicy(createdBy);
|
|
452
430
|
const versions = [this.defaultPolicy];
|
|
453
431
|
this.policies.set(this.defaultPolicy.policyId, versions);
|
|
454
|
-
logger.info(
|
|
432
|
+
logger.info('Role gate service initialized with default policy');
|
|
455
433
|
}
|
|
456
434
|
/**
|
|
457
435
|
* Register a custom policy
|
|
@@ -460,7 +438,7 @@ export class RoleGateService {
|
|
|
460
438
|
const versions = this.policies.get(policy.policyId) ?? [];
|
|
461
439
|
versions.push(policy);
|
|
462
440
|
this.policies.set(policy.policyId, versions);
|
|
463
|
-
logger.info({ policyId: policy.policyId, version: policy.version },
|
|
441
|
+
logger.info({ policyId: policy.policyId, version: policy.version }, 'Policy registered');
|
|
464
442
|
}
|
|
465
443
|
/**
|
|
466
444
|
* Get current policy version
|
|
@@ -484,7 +462,7 @@ export class RoleGateService {
|
|
|
484
462
|
? this.getPolicy(options.policyId)
|
|
485
463
|
: this.defaultPolicy;
|
|
486
464
|
if (!policy) {
|
|
487
|
-
throw new Error(
|
|
465
|
+
throw new Error('No policy available for evaluation');
|
|
488
466
|
}
|
|
489
467
|
// Evaluate
|
|
490
468
|
const evaluation = await evaluateRoleGate(agentId, role, tier, policy, basisContext, options?.policyContext);
|
|
@@ -513,7 +491,7 @@ export class RoleGateService {
|
|
|
513
491
|
const denied = [];
|
|
514
492
|
for (const evaluations of this.evaluations.values()) {
|
|
515
493
|
for (const evaluation of evaluations) {
|
|
516
|
-
if (evaluation.decision !==
|
|
494
|
+
if (evaluation.decision !== 'ALLOW') {
|
|
517
495
|
denied.push(evaluation);
|
|
518
496
|
}
|
|
519
497
|
}
|
|
@@ -554,5 +532,5 @@ export function createRoleGateService() {
|
|
|
554
532
|
// =============================================================================
|
|
555
533
|
// EXPORTS
|
|
556
534
|
// =============================================================================
|
|
557
|
-
export { AgentRole, TrustTier, ROLE_GATE_MATRIX, validateRoleGateKernel, } from
|
|
535
|
+
export { AgentRole, TrustTier, ROLE_GATE_MATRIX, validateRoleGateKernel, } from './types.js';
|
|
558
536
|
//# sourceMappingURL=role-gates.js.map
|