@vorionsys/atsf-core 0.2.3 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +1 -0
- package/LICENSE +1 -1
- package/README.md +82 -29
- package/dist/adapters/base-adapter.d.ts +94 -0
- package/dist/adapters/base-adapter.d.ts.map +1 -0
- package/dist/adapters/base-adapter.js +233 -0
- package/dist/adapters/base-adapter.js.map +1 -0
- package/dist/adapters/index.d.ts +9 -0
- package/dist/adapters/index.d.ts.map +1 -0
- package/dist/adapters/index.js +5 -0
- package/dist/adapters/index.js.map +1 -0
- package/dist/adapters/types.d.ts +83 -0
- package/dist/adapters/types.d.ts.map +1 -0
- package/dist/adapters/types.js +4 -0
- package/dist/adapters/types.js.map +1 -0
- package/dist/adapters/webhook-handler.d.ts +64 -0
- package/dist/adapters/webhook-handler.d.ts.map +1 -0
- package/dist/adapters/webhook-handler.js +170 -0
- package/dist/adapters/webhook-handler.js.map +1 -0
- package/dist/api/index.d.ts +1 -1
- package/dist/api/index.d.ts.map +1 -1
- package/dist/api/index.js +3 -1
- package/dist/api/index.js.map +1 -1
- package/dist/api/server.d.ts +2 -2
- package/dist/api/server.d.ts.map +1 -1
- package/dist/api/server.js +149 -184
- package/dist/api/server.js.map +1 -1
- package/dist/arbitration/index.d.ts +4 -12
- package/dist/arbitration/index.d.ts.map +1 -1
- package/dist/arbitration/index.js +43 -46
- package/dist/arbitration/index.js.map +1 -1
- package/dist/arbitration/types.d.ts +10 -10
- package/dist/arbitration/types.d.ts.map +1 -1
- package/dist/arbitration/types.js +2 -8
- package/dist/arbitration/types.js.map +1 -1
- package/dist/basis/evaluator.d.ts +1 -6
- package/dist/basis/evaluator.d.ts.map +1 -1
- package/dist/basis/evaluator.js +56 -56
- package/dist/basis/evaluator.js.map +1 -1
- package/dist/basis/index.d.ts +3 -3
- package/dist/basis/index.d.ts.map +1 -1
- package/dist/basis/index.js +5 -3
- package/dist/basis/index.js.map +1 -1
- package/dist/basis/parser.d.ts +30 -30
- package/dist/basis/parser.d.ts.map +1 -1
- package/dist/basis/parser.js +27 -32
- package/dist/basis/parser.js.map +1 -1
- package/dist/basis/types.d.ts +2 -2
- package/dist/basis/types.d.ts.map +1 -1
- package/dist/basis/types.js +2 -3
- package/dist/basis/types.js.map +1 -1
- package/dist/chain/index.d.ts +0 -8
- package/dist/chain/index.d.ts.map +1 -1
- package/dist/chain/index.js +18 -16
- package/dist/chain/index.js.map +1 -1
- package/dist/cognigate/index.d.ts +1 -9
- package/dist/cognigate/index.d.ts.map +1 -1
- package/dist/cognigate/index.js +35 -44
- package/dist/cognigate/index.js.map +1 -1
- package/dist/common/adapters.d.ts +4 -4
- package/dist/common/adapters.d.ts.map +1 -1
- package/dist/common/adapters.js +54 -70
- package/dist/common/adapters.js.map +1 -1
- package/dist/common/config.d.ts +69 -68
- package/dist/common/config.d.ts.map +1 -1
- package/dist/common/config.js +52 -50
- package/dist/common/config.js.map +1 -1
- package/dist/common/index.d.ts +4 -4
- package/dist/common/index.d.ts.map +1 -1
- package/dist/common/index.js +6 -4
- package/dist/common/index.js.map +1 -1
- package/dist/common/logger.d.ts +1 -1
- package/dist/common/logger.d.ts.map +1 -1
- package/dist/common/logger.js +10 -8
- package/dist/common/logger.js.map +1 -1
- package/dist/common/types.d.ts +12 -12
- package/dist/common/types.d.ts.map +1 -1
- package/dist/common/types.js +7 -14
- package/dist/common/types.js.map +1 -1
- package/dist/containment/index.d.ts +3 -11
- package/dist/containment/index.d.ts.map +1 -1
- package/dist/containment/index.js +107 -119
- package/dist/containment/index.js.map +1 -1
- package/dist/containment/types.d.ts +11 -11
- package/dist/containment/types.d.ts.map +1 -1
- package/dist/containment/types.js +2 -8
- package/dist/containment/types.js.map +1 -1
- package/dist/contracts/index.d.ts +9 -17
- package/dist/contracts/index.d.ts.map +1 -1
- package/dist/contracts/index.js +56 -59
- package/dist/contracts/index.js.map +1 -1
- package/dist/contracts/types.d.ts +12 -12
- package/dist/contracts/types.d.ts.map +1 -1
- package/dist/contracts/types.js +2 -8
- package/dist/contracts/types.js.map +1 -1
- package/dist/crewai/callback.d.ts +2 -9
- package/dist/crewai/callback.d.ts.map +1 -1
- package/dist/crewai/callback.js +29 -27
- package/dist/crewai/callback.js.map +1 -1
- package/dist/crewai/executor.d.ts +95 -11
- package/dist/crewai/executor.d.ts.map +1 -1
- package/dist/crewai/executor.js +459 -16
- package/dist/crewai/executor.js.map +1 -1
- package/dist/crewai/index.d.ts +4 -4
- package/dist/crewai/index.d.ts.map +1 -1
- package/dist/crewai/index.js +6 -4
- package/dist/crewai/index.js.map +1 -1
- package/dist/crewai/tools.d.ts +1 -1
- package/dist/crewai/tools.d.ts.map +1 -1
- package/dist/crewai/tools.js +40 -46
- package/dist/crewai/tools.js.map +1 -1
- package/dist/crewai/types.d.ts +66 -3
- package/dist/crewai/types.d.ts.map +1 -1
- package/dist/crewai/types.js +2 -7
- package/dist/crewai/types.js.map +1 -1
- package/dist/enforce/index.d.ts +226 -19
- package/dist/enforce/index.d.ts.map +1 -1
- package/dist/enforce/index.js +55 -81
- package/dist/enforce/index.js.map +1 -1
- package/dist/enforce/trust-aware-enforcement-service.d.ts +8 -23
- package/dist/enforce/trust-aware-enforcement-service.d.ts.map +1 -1
- package/dist/enforce/trust-aware-enforcement-service.js +109 -125
- package/dist/enforce/trust-aware-enforcement-service.js.map +1 -1
- package/dist/governance/fluid-workflow.d.ts +8 -16
- package/dist/governance/fluid-workflow.d.ts.map +1 -1
- package/dist/governance/fluid-workflow.js +88 -114
- package/dist/governance/fluid-workflow.js.map +1 -1
- package/dist/governance/index.d.ts +7 -15
- package/dist/governance/index.d.ts.map +1 -1
- package/dist/governance/index.js +76 -81
- package/dist/governance/index.js.map +1 -1
- package/dist/governance/proof-bridge.d.ts +6 -6
- package/dist/governance/proof-bridge.d.ts.map +1 -1
- package/dist/governance/proof-bridge.js +6 -16
- package/dist/governance/proof-bridge.js.map +1 -1
- package/dist/governance/types.d.ts +9 -16
- package/dist/governance/types.d.ts.map +1 -1
- package/dist/governance/types.js +2 -8
- package/dist/governance/types.js.map +1 -1
- package/dist/index.d.ts +30 -29
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +33 -31
- package/dist/index.js.map +1 -1
- package/dist/intent/index.d.ts +55 -18
- package/dist/intent/index.d.ts.map +1 -1
- package/dist/intent/index.js +25 -26
- package/dist/intent/index.js.map +1 -1
- package/dist/intent/persistent-intent-service.d.ts +2 -17
- package/dist/intent/persistent-intent-service.d.ts.map +1 -1
- package/dist/intent/persistent-intent-service.js +33 -43
- package/dist/intent/persistent-intent-service.js.map +1 -1
- package/dist/intent/supabase-intent-repository.d.ts +107 -0
- package/dist/intent/supabase-intent-repository.d.ts.map +1 -0
- package/dist/intent/supabase-intent-repository.js +406 -0
- package/dist/intent/supabase-intent-repository.js.map +1 -0
- package/dist/intent-gateway/index.d.ts +5 -28
- package/dist/intent-gateway/index.d.ts.map +1 -1
- package/dist/intent-gateway/index.js +341 -508
- package/dist/intent-gateway/index.js.map +1 -1
- package/dist/langchain/callback.d.ts +2 -9
- package/dist/langchain/callback.d.ts.map +1 -1
- package/dist/langchain/callback.js +32 -30
- package/dist/langchain/callback.js.map +1 -1
- package/dist/langchain/executor.d.ts +4 -11
- package/dist/langchain/executor.d.ts.map +1 -1
- package/dist/langchain/executor.js +82 -82
- package/dist/langchain/executor.js.map +1 -1
- package/dist/langchain/index.d.ts +5 -5
- package/dist/langchain/index.d.ts.map +1 -1
- package/dist/langchain/index.js +7 -5
- package/dist/langchain/index.js.map +1 -1
- package/dist/langchain/tools.d.ts +1 -1
- package/dist/langchain/tools.d.ts.map +1 -1
- package/dist/langchain/tools.js +36 -43
- package/dist/langchain/tools.js.map +1 -1
- package/dist/langchain/types.d.ts +3 -3
- package/dist/langchain/types.d.ts.map +1 -1
- package/dist/langchain/types.js +2 -7
- package/dist/langchain/types.js.map +1 -1
- package/dist/layers/implementations/L0-request-format.d.ts +2 -2
- package/dist/layers/implementations/L0-request-format.d.ts.map +1 -1
- package/dist/layers/implementations/L0-request-format.js +54 -54
- package/dist/layers/implementations/L0-request-format.js.map +1 -1
- package/dist/layers/implementations/L1-input-size.d.ts +2 -2
- package/dist/layers/implementations/L1-input-size.d.ts.map +1 -1
- package/dist/layers/implementations/L1-input-size.js +41 -49
- package/dist/layers/implementations/L1-input-size.js.map +1 -1
- package/dist/layers/implementations/L2-charset-sanitizer.d.ts +2 -2
- package/dist/layers/implementations/L2-charset-sanitizer.d.ts.map +1 -1
- package/dist/layers/implementations/L2-charset-sanitizer.js +73 -81
- package/dist/layers/implementations/L2-charset-sanitizer.js.map +1 -1
- package/dist/layers/implementations/L3-schema-conformance.d.ts +3 -3
- package/dist/layers/implementations/L3-schema-conformance.d.ts.map +1 -1
- package/dist/layers/implementations/L3-schema-conformance.js +75 -82
- package/dist/layers/implementations/L3-schema-conformance.js.map +1 -1
- package/dist/layers/implementations/L4-injection-detector.d.ts +4 -4
- package/dist/layers/implementations/L4-injection-detector.d.ts.map +1 -1
- package/dist/layers/implementations/L4-injection-detector.js +83 -85
- package/dist/layers/implementations/L4-injection-detector.js.map +1 -1
- package/dist/layers/implementations/L5-rate-limiter.d.ts +2 -2
- package/dist/layers/implementations/L5-rate-limiter.d.ts.map +1 -1
- package/dist/layers/implementations/L5-rate-limiter.js +22 -20
- package/dist/layers/implementations/L5-rate-limiter.js.map +1 -1
- package/dist/layers/implementations/index.d.ts +6 -6
- package/dist/layers/implementations/index.d.ts.map +1 -1
- package/dist/layers/implementations/index.js +8 -6
- package/dist/layers/implementations/index.js.map +1 -1
- package/dist/layers/index.d.ts +3 -11
- package/dist/layers/index.d.ts.map +1 -1
- package/dist/layers/index.js +73 -99
- package/dist/layers/index.js.map +1 -1
- package/dist/layers/types.d.ts +16 -16
- package/dist/layers/types.d.ts.map +1 -1
- package/dist/layers/types.js +2 -8
- package/dist/layers/types.js.map +1 -1
- package/dist/paramesphere/activation-collector.d.ts +128 -0
- package/dist/paramesphere/activation-collector.d.ts.map +1 -0
- package/dist/paramesphere/activation-collector.js +260 -0
- package/dist/paramesphere/activation-collector.js.map +1 -0
- package/dist/paramesphere/cognitive-envelope.d.ts +73 -0
- package/dist/paramesphere/cognitive-envelope.d.ts.map +1 -0
- package/dist/paramesphere/cognitive-envelope.js +209 -0
- package/dist/paramesphere/cognitive-envelope.js.map +1 -0
- package/dist/paramesphere/envelope-integration.d.ts +60 -0
- package/dist/paramesphere/envelope-integration.d.ts.map +1 -0
- package/dist/paramesphere/envelope-integration.js +93 -0
- package/dist/paramesphere/envelope-integration.js.map +1 -0
- package/dist/paramesphere/fingerprint-monitor.d.ts +136 -0
- package/dist/paramesphere/fingerprint-monitor.d.ts.map +1 -0
- package/dist/paramesphere/fingerprint-monitor.js +212 -0
- package/dist/paramesphere/fingerprint-monitor.js.map +1 -0
- package/dist/paramesphere/fingerprint-store.d.ts +85 -0
- package/dist/paramesphere/fingerprint-store.d.ts.map +1 -0
- package/dist/paramesphere/fingerprint-store.js +68 -0
- package/dist/paramesphere/fingerprint-store.js.map +1 -0
- package/dist/paramesphere/index.d.ts +21 -0
- package/dist/paramesphere/index.d.ts.map +1 -0
- package/dist/paramesphere/index.js +18 -0
- package/dist/paramesphere/index.js.map +1 -0
- package/dist/paramesphere/monitor-integration.d.ts +37 -0
- package/dist/paramesphere/monitor-integration.d.ts.map +1 -0
- package/dist/paramesphere/monitor-integration.js +81 -0
- package/dist/paramesphere/monitor-integration.js.map +1 -0
- package/dist/paramesphere/paramesphere-engine.d.ts +111 -0
- package/dist/paramesphere/paramesphere-engine.d.ts.map +1 -0
- package/dist/paramesphere/paramesphere-engine.js +542 -0
- package/dist/paramesphere/paramesphere-engine.js.map +1 -0
- package/dist/paramesphere/types.d.ts +142 -0
- package/dist/paramesphere/types.d.ts.map +1 -0
- package/dist/paramesphere/types.js +4 -0
- package/dist/paramesphere/types.js.map +1 -0
- package/dist/persistence/file.d.ts +3 -10
- package/dist/persistence/file.d.ts.map +1 -1
- package/dist/persistence/file.js +30 -32
- package/dist/persistence/file.js.map +1 -1
- package/dist/persistence/index.d.ts +7 -7
- package/dist/persistence/index.d.ts.map +1 -1
- package/dist/persistence/index.js +20 -18
- package/dist/persistence/index.js.map +1 -1
- package/dist/persistence/memory.d.ts +3 -3
- package/dist/persistence/memory.d.ts.map +1 -1
- package/dist/persistence/memory.js +10 -17
- package/dist/persistence/memory.js.map +1 -1
- package/dist/persistence/sqlite.d.ts +3 -11
- package/dist/persistence/sqlite.d.ts.map +1 -1
- package/dist/persistence/sqlite.js +42 -39
- package/dist/persistence/sqlite.js.map +1 -1
- package/dist/persistence/supabase.d.ts +3 -3
- package/dist/persistence/supabase.d.ts.map +1 -1
- package/dist/persistence/supabase.js +46 -49
- package/dist/persistence/supabase.js.map +1 -1
- package/dist/persistence/types.d.ts +5 -5
- package/dist/persistence/types.d.ts.map +1 -1
- package/dist/persistence/types.js +2 -7
- package/dist/persistence/types.js.map +1 -1
- package/dist/phase6/ceiling.d.ts +5 -21
- package/dist/phase6/ceiling.d.ts.map +1 -1
- package/dist/phase6/ceiling.js +38 -69
- package/dist/phase6/ceiling.js.map +1 -1
- package/dist/phase6/context.d.ts +3 -20
- package/dist/phase6/context.d.ts.map +1 -1
- package/dist/phase6/context.js +49 -93
- package/dist/phase6/context.js.map +1 -1
- package/dist/phase6/index.d.ts +12 -12
- package/dist/phase6/index.d.ts.map +1 -1
- package/dist/phase6/index.js +17 -15
- package/dist/phase6/index.js.map +1 -1
- package/dist/phase6/presets.d.ts +2 -18
- package/dist/phase6/presets.d.ts.map +1 -1
- package/dist/phase6/presets.js +35 -39
- package/dist/phase6/presets.js.map +1 -1
- package/dist/phase6/provenance.d.ts +4 -19
- package/dist/phase6/provenance.d.ts.map +1 -1
- package/dist/phase6/provenance.js +37 -42
- package/dist/phase6/provenance.js.map +1 -1
- package/dist/phase6/role-gates/index.d.ts +2 -2
- package/dist/phase6/role-gates/index.d.ts.map +1 -1
- package/dist/phase6/role-gates/index.js +4 -2
- package/dist/phase6/role-gates/index.js.map +1 -1
- package/dist/phase6/role-gates/kernel.d.ts.map +1 -1
- package/dist/phase6/role-gates/kernel.js +18 -16
- package/dist/phase6/role-gates/kernel.js.map +1 -1
- package/dist/phase6/role-gates/policy.d.ts +2 -2
- package/dist/phase6/role-gates/policy.d.ts.map +1 -1
- package/dist/phase6/role-gates/policy.js +8 -17
- package/dist/phase6/role-gates/policy.js.map +1 -1
- package/dist/phase6/role-gates.d.ts +4 -20
- package/dist/phase6/role-gates.d.ts.map +1 -1
- package/dist/phase6/role-gates.js +60 -80
- package/dist/phase6/role-gates.js.map +1 -1
- package/dist/phase6/types.d.ts +53 -23
- package/dist/phase6/types.d.ts.map +1 -1
- package/dist/phase6/types.js +131 -177
- package/dist/phase6/types.js.map +1 -1
- package/dist/phase6/weight-presets/canonical.d.ts.map +1 -1
- package/dist/phase6/weight-presets/canonical.js +12 -10
- package/dist/phase6/weight-presets/canonical.js.map +1 -1
- package/dist/phase6/weight-presets/deltas.d.ts +2 -2
- package/dist/phase6/weight-presets/deltas.d.ts.map +1 -1
- package/dist/phase6/weight-presets/deltas.js +29 -37
- package/dist/phase6/weight-presets/deltas.js.map +1 -1
- package/dist/phase6/weight-presets/index.d.ts +3 -3
- package/dist/phase6/weight-presets/index.d.ts.map +1 -1
- package/dist/phase6/weight-presets/index.js +5 -3
- package/dist/phase6/weight-presets/index.js.map +1 -1
- package/dist/phase6/weight-presets/merger.d.ts +2 -12
- package/dist/phase6/weight-presets/merger.d.ts.map +1 -1
- package/dist/phase6/weight-presets/merger.js +45 -39
- package/dist/phase6/weight-presets/merger.js.map +1 -1
- package/dist/proof/index.d.ts +6 -13
- package/dist/proof/index.d.ts.map +1 -1
- package/dist/proof/index.js +63 -51
- package/dist/proof/index.js.map +1 -1
- package/dist/proof/merkle.d.ts +24 -19
- package/dist/proof/merkle.d.ts.map +1 -1
- package/dist/proof/merkle.js +118 -32
- package/dist/proof/merkle.js.map +1 -1
- package/dist/proof/zk-proofs.d.ts +6 -24
- package/dist/proof/zk-proofs.d.ts.map +1 -1
- package/dist/proof/zk-proofs.js +45 -42
- package/dist/proof/zk-proofs.js.map +1 -1
- package/dist/provenance/index.d.ts +3 -11
- package/dist/provenance/index.d.ts.map +1 -1
- package/dist/provenance/index.js +19 -19
- package/dist/provenance/index.js.map +1 -1
- package/dist/provenance/types.d.ts +4 -4
- package/dist/provenance/types.d.ts.map +1 -1
- package/dist/provenance/types.js +2 -8
- package/dist/provenance/types.js.map +1 -1
- package/dist/sandbox-training/challenges.d.ts +1 -1
- package/dist/sandbox-training/challenges.d.ts.map +1 -1
- package/dist/sandbox-training/challenges.js +230 -236
- package/dist/sandbox-training/challenges.js.map +1 -1
- package/dist/sandbox-training/graduation.d.ts +1 -1
- package/dist/sandbox-training/graduation.d.ts.map +1 -1
- package/dist/sandbox-training/graduation.js +17 -22
- package/dist/sandbox-training/graduation.js.map +1 -1
- package/dist/sandbox-training/index.d.ts +9 -9
- package/dist/sandbox-training/index.d.ts.map +1 -1
- package/dist/sandbox-training/index.js +8 -6
- package/dist/sandbox-training/index.js.map +1 -1
- package/dist/sandbox-training/promotion-service.d.ts +4 -4
- package/dist/sandbox-training/promotion-service.d.ts.map +1 -1
- package/dist/sandbox-training/promotion-service.js +7 -16
- package/dist/sandbox-training/promotion-service.js.map +1 -1
- package/dist/sandbox-training/runner.d.ts +1 -1
- package/dist/sandbox-training/runner.d.ts.map +1 -1
- package/dist/sandbox-training/runner.js +75 -82
- package/dist/sandbox-training/runner.js.map +1 -1
- package/dist/sandbox-training/scorer.d.ts +4 -4
- package/dist/sandbox-training/scorer.d.ts.map +1 -1
- package/dist/sandbox-training/scorer.js +7 -13
- package/dist/sandbox-training/scorer.js.map +1 -1
- package/dist/sandbox-training/types.d.ts +4 -4
- package/dist/sandbox-training/types.d.ts.map +1 -1
- package/dist/sandbox-training/types.js +9 -19
- package/dist/sandbox-training/types.js.map +1 -1
- package/dist/trust-engine/ceiling-enforcement/audit.d.ts +1 -9
- package/dist/trust-engine/ceiling-enforcement/audit.d.ts.map +1 -1
- package/dist/trust-engine/ceiling-enforcement/audit.js +6 -11
- package/dist/trust-engine/ceiling-enforcement/audit.js.map +1 -1
- package/dist/trust-engine/ceiling-enforcement/index.d.ts +2 -2
- package/dist/trust-engine/ceiling-enforcement/index.d.ts.map +1 -1
- package/dist/trust-engine/ceiling-enforcement/index.js +4 -2
- package/dist/trust-engine/ceiling-enforcement/index.js.map +1 -1
- package/dist/trust-engine/ceiling-enforcement/kernel.d.ts +12 -10
- package/dist/trust-engine/ceiling-enforcement/kernel.d.ts.map +1 -1
- package/dist/trust-engine/ceiling-enforcement/kernel.js +28 -20
- package/dist/trust-engine/ceiling-enforcement/kernel.js.map +1 -1
- package/dist/trust-engine/context-policy/enforcement.d.ts +0 -9
- package/dist/trust-engine/context-policy/enforcement.d.ts.map +1 -1
- package/dist/trust-engine/context-policy/enforcement.js +2 -9
- package/dist/trust-engine/context-policy/enforcement.js.map +1 -1
- package/dist/trust-engine/context-policy/factory.d.ts +1 -1
- package/dist/trust-engine/context-policy/factory.d.ts.map +1 -1
- package/dist/trust-engine/context-policy/factory.js +3 -1
- package/dist/trust-engine/context-policy/factory.js.map +1 -1
- package/dist/trust-engine/context-policy/index.d.ts +2 -2
- package/dist/trust-engine/context-policy/index.d.ts.map +1 -1
- package/dist/trust-engine/context-policy/index.js +4 -2
- package/dist/trust-engine/context-policy/index.js.map +1 -1
- package/dist/trust-engine/creation-modifiers/index.d.ts +1 -1
- package/dist/trust-engine/creation-modifiers/index.d.ts.map +1 -1
- package/dist/trust-engine/creation-modifiers/index.js +3 -1
- package/dist/trust-engine/creation-modifiers/index.js.map +1 -1
- package/dist/trust-engine/creation-modifiers/types.d.ts.map +1 -1
- package/dist/trust-engine/creation-modifiers/types.js +5 -2
- package/dist/trust-engine/creation-modifiers/types.js.map +1 -1
- package/dist/trust-engine/decay-profiles.d.ts +37 -136
- package/dist/trust-engine/decay-profiles.d.ts.map +1 -1
- package/dist/trust-engine/decay-profiles.js +61 -183
- package/dist/trust-engine/decay-profiles.js.map +1 -1
- package/dist/trust-engine/index.d.ts +327 -22
- package/dist/trust-engine/index.d.ts.map +1 -1
- package/dist/trust-engine/index.js +706 -130
- package/dist/trust-engine/index.js.map +1 -1
- package/dist/trust-engine/phase6-types.d.ts +15 -18
- package/dist/trust-engine/phase6-types.d.ts.map +1 -1
- package/dist/trust-engine/phase6-types.js +32 -36
- package/dist/trust-engine/phase6-types.js.map +1 -1
- package/dist/trust-engine/trust-verifier.d.ts +121 -0
- package/dist/trust-engine/trust-verifier.d.ts.map +1 -0
- package/dist/trust-engine/trust-verifier.js +226 -0
- package/dist/trust-engine/trust-verifier.js.map +1 -0
- package/package.json +140 -135
- package/dist/enforce/types.d.ts +0 -234
- package/dist/enforce/types.d.ts.map +0 -1
- package/dist/enforce/types.js +0 -10
- package/dist/enforce/types.js.map +0 -1
- package/dist/intent/types.d.ts +0 -69
- package/dist/intent/types.d.ts.map +0 -1
- package/dist/intent/types.js +0 -10
- package/dist/intent/types.js.map +0 -1
- package/dist/trust-engine/types.d.ts +0 -77
- package/dist/trust-engine/types.d.ts.map +0 -1
- package/dist/trust-engine/types.js +0 -20
- package/dist/trust-engine/types.js.map +0 -1
package/dist/common/types.js
CHANGED
|
@@ -1,12 +1,5 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
*
|
|
4
|
-
* These types provide backwards compatibility with legacy code.
|
|
5
|
-
* For new code, prefer using canonical types from @vorion/contracts.
|
|
6
|
-
*
|
|
7
|
-
* @see {@link @vorion/contracts} for canonical type definitions
|
|
8
|
-
* @packageDocumentation
|
|
9
|
-
*/
|
|
1
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
2
|
+
// Copyright 2024-2026 Vorion LLC
|
|
10
3
|
/**
|
|
11
4
|
* Error types
|
|
12
5
|
*/
|
|
@@ -17,7 +10,7 @@ export class VorionError extends Error {
|
|
|
17
10
|
super(message);
|
|
18
11
|
this.code = code;
|
|
19
12
|
this.details = details;
|
|
20
|
-
this.name =
|
|
13
|
+
this.name = 'VorionError';
|
|
21
14
|
}
|
|
22
15
|
}
|
|
23
16
|
export class ConstraintViolationError extends VorionError {
|
|
@@ -25,21 +18,21 @@ export class ConstraintViolationError extends VorionError {
|
|
|
25
18
|
constraintName;
|
|
26
19
|
suggestion;
|
|
27
20
|
constructor(constraintId, constraintName, message, suggestion) {
|
|
28
|
-
super(message,
|
|
21
|
+
super(message, 'CONSTRAINT_VIOLATION', { constraintId, constraintName });
|
|
29
22
|
this.constraintId = constraintId;
|
|
30
23
|
this.constraintName = constraintName;
|
|
31
24
|
this.suggestion = suggestion;
|
|
32
|
-
this.name =
|
|
25
|
+
this.name = 'ConstraintViolationError';
|
|
33
26
|
}
|
|
34
27
|
}
|
|
35
28
|
export class TrustInsufficientError extends VorionError {
|
|
36
29
|
required;
|
|
37
30
|
actual;
|
|
38
31
|
constructor(required, actual) {
|
|
39
|
-
super(`Trust level ${actual} insufficient, requires ${required}`,
|
|
32
|
+
super(`Trust level ${actual} insufficient, requires ${required}`, 'TRUST_INSUFFICIENT', { required, actual });
|
|
40
33
|
this.required = required;
|
|
41
34
|
this.actual = actual;
|
|
42
|
-
this.name =
|
|
35
|
+
this.name = 'TrustInsufficientError';
|
|
43
36
|
}
|
|
44
37
|
}
|
|
45
38
|
//# sourceMappingURL=types.js.map
|
package/dist/common/types.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/common/types.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/common/types.ts"],"names":[],"mappings":"AAAA,sCAAsC;AACtC,iCAAiC;AA4QjC;;GAEG;AACH,MAAM,OAAO,WAAY,SAAQ,KAAK;IAG3B;IACA;IAHT,YACE,OAAe,EACR,IAAY,EACZ,OAAiC;QAExC,KAAK,CAAC,OAAO,CAAC,CAAC;QAHR,SAAI,GAAJ,IAAI,CAAQ;QACZ,YAAO,GAAP,OAAO,CAA0B;QAGxC,IAAI,CAAC,IAAI,GAAG,aAAa,CAAC;IAC5B,CAAC;CACF;AAED,MAAM,OAAO,wBAAyB,SAAQ,WAAW;IAE9C;IACA;IAEA;IAJT,YACS,YAAgB,EAChB,cAAsB,EAC7B,OAAe,EACR,UAAmB;QAE1B,KAAK,CAAC,OAAO,EAAE,sBAAsB,EAAE,EAAE,YAAY,EAAE,cAAc,EAAE,CAAC,CAAC;QALlE,iBAAY,GAAZ,YAAY,CAAI;QAChB,mBAAc,GAAd,cAAc,CAAQ;QAEtB,eAAU,GAAV,UAAU,CAAS;QAG1B,IAAI,CAAC,IAAI,GAAG,0BAA0B,CAAC;IACzC,CAAC;CACF;AAED,MAAM,OAAO,sBAAuB,SAAQ,WAAW;IAE5C;IACA;IAFT,YACS,QAAoB,EACpB,MAAkB;QAEzB,KAAK,CACH,eAAe,MAAM,2BAA2B,QAAQ,EAAE,EAC1D,oBAAoB,EACpB,EAAE,QAAQ,EAAE,MAAM,EAAE,CACrB,CAAC;QAPK,aAAQ,GAAR,QAAQ,CAAY;QACpB,WAAM,GAAN,MAAM,CAAY;QAOzB,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAC;IACvC,CAAC;CACF"}
|
|
@@ -1,14 +1,6 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
*
|
|
4
|
-
* Implements graded containment levels for proportional response
|
|
5
|
-
* to detected issues, replacing binary kill switch.
|
|
6
|
-
*
|
|
7
|
-
* @packageDocumentation
|
|
8
|
-
*/
|
|
9
|
-
import type { ID } from "../common/types.js";
|
|
10
|
-
import { type ContainmentLevel, type ContainmentState, type ContainmentRequest, type ContainmentResult, type ContainmentRestriction, type ContainmentReason, type ContainmentInitiator, type DeescalationCondition, type ContainmentPolicy, type ContainmentConfig, type ContainmentQuery, type ContainmentAuditReport, type RestrictionType } from "./types.js";
|
|
11
|
-
export * from "./types.js";
|
|
1
|
+
import type { ID } from '../common/types.js';
|
|
2
|
+
import { type ContainmentLevel, type ContainmentState, type ContainmentRequest, type ContainmentResult, type ContainmentRestriction, type ContainmentReason, type ContainmentInitiator, type DeescalationCondition, type ContainmentPolicy, type ContainmentConfig, type ContainmentQuery, type ContainmentAuditReport, type RestrictionType } from './types.js';
|
|
3
|
+
export * from './types.js';
|
|
12
4
|
/**
|
|
13
5
|
* Progressive Containment Service
|
|
14
6
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/containment/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/containment/index.ts"],"names":[],"mappings":"AAaA,OAAO,KAAK,EAAE,EAAE,EAAE,MAAM,oBAAoB,CAAC;AAC7C,OAAO,EAEL,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EAEtB,KAAK,sBAAsB,EAC3B,KAAK,iBAAiB,EACtB,KAAK,oBAAoB,EAEzB,KAAK,qBAAqB,EAE1B,KAAK,iBAAiB,EACtB,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACrB,KAAK,sBAAsB,EAC3B,KAAK,eAAe,EACrB,MAAM,YAAY,CAAC;AAEpB,cAAc,YAAY,CAAC;AAiH3B;;GAEG;AACH,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAAoB;IAClC,OAAO,CAAC,MAAM,CAAwC;IACtD,OAAO,CAAC,QAAQ,CAA2B;gBAE/B,MAAM,GAAE,OAAO,CAAC,iBAAiB,CAAM;IAInD;;OAEG;IACH,QAAQ,CAAC,QAAQ,EAAE,EAAE,GAAG,gBAAgB,GAAG,SAAS;IAIpD;;OAEG;IACH,QAAQ,CAAC,QAAQ,EAAE,EAAE,GAAG,gBAAgB;IAKxC;;OAEG;IACH,aAAa,CAAC,QAAQ,EAAE,EAAE,EAAE,KAAK,EAAE,gBAAgB,GAAG,OAAO;IAK7D;;OAEG;IACH,cAAc,CAAC,QAAQ,EAAE,EAAE,EAAE,eAAe,EAAE,eAAe,GAAG,OAAO;IAMvE;;OAEG;IACG,OAAO,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAmJtE;;OAEG;IACG,QAAQ,CACZ,QAAQ,EAAE,EAAE,EACZ,MAAM,EAAE,iBAAiB,EACzB,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,oBAAoB,GAC9B,OAAO,CAAC,iBAAiB,CAAC;IA+B7B;;OAEG;IACG,UAAU,CACd,QAAQ,EAAE,EAAE,EACZ,MAAM,EAAE,iBAAiB,EACzB,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,oBAAoB,GAC9B,OAAO,CAAC,iBAAiB,CAAC;IA+C7B;;OAEG;IACG,OAAO,CACX,QAAQ,EAAE,EAAE,EACZ,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,oBAAoB,GAC9B,OAAO,CAAC,iBAAiB,CAAC;IAU7B;;OAEG;IACG,iBAAiB,CAAC,QAAQ,EAAE,EAAE,GAAG,OAAO,CAAC;QAC7C,QAAQ,EAAE,OAAO,CAAC;QAClB,UAAU,EAAE,qBAAqB,EAAE,CAAC;KACrC,CAAC;IA8BF;;OAEG;IACH,WAAW,CACT,QAAQ,EAAE,EAAE,EACZ,MAAM,EAAE,MAAM,EACd,UAAU,CAAC,EAAE,MAAM,GAClB;QACD,OAAO,EAAE,OAAO,CAAC;QACjB,YAAY,EAAE,sBAAsB,EAAE,CAAC;QACvC,OAAO,EAAE,MAAM,CAAC;KACjB;IAgED;;OAEG;IACG,gBAAgB,CACpB,SAAS,EAAE,EAAE,EACb,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/B,OAAO,CAAC;QACT,iBAAiB,EAAE,iBAAiB,EAAE,CAAC;QACvC,gBAAgB,EAAE,gBAAgB,CAAC;QACnC,YAAY,EAAE,sBAAsB,EAAE,CAAC;KACxC,CAAC;IA+BF;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAsB7B;;OAEG;IACH,OAAO,CAAC,2BAA2B;IA6BnC;;OAEG;IACH,OAAO,CAAC,mBAAmB;IA6B3B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAqB1B;;OAEG;IACG,KAAK,CAAC,KAAK,EAAE,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC;IAqCjE;;OAEG;IACG,mBAAmB,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAuE9F;;OAEG;IACH,QAAQ,IAAI;QACV,kBAAkB,EAAE,MAAM,CAAC;QAC3B,OAAO,EAAE,MAAM,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC;QAC1C,WAAW,EAAE,MAAM,CAAC;KACrB;CAqBF;AAED;;GAEG;AACH,wBAAgB,wBAAwB,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,iBAAiB,CAAC,GAAG,kBAAkB,CAEhG;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,aAAa,EAAE,MAAM,GAAG,oBAAoB,CAOjF;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,oBAAoB,CAOrG"}
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
2
|
+
// Copyright 2024-2026 Vorion LLC
|
|
1
3
|
/**
|
|
2
4
|
* Progressive Containment System
|
|
3
5
|
*
|
|
@@ -6,29 +8,29 @@
|
|
|
6
8
|
*
|
|
7
9
|
* @packageDocumentation
|
|
8
10
|
*/
|
|
9
|
-
import { createLogger } from
|
|
10
|
-
import { ContainmentLevelValue, } from
|
|
11
|
-
export * from
|
|
12
|
-
const logger = createLogger({ component:
|
|
11
|
+
import { createLogger } from '../common/logger.js';
|
|
12
|
+
import { ContainmentLevelValue, } from './types.js';
|
|
13
|
+
export * from './types.js';
|
|
14
|
+
const logger = createLogger({ component: 'containment' });
|
|
13
15
|
/**
|
|
14
16
|
* Default containment configuration
|
|
15
17
|
*/
|
|
16
18
|
const DEFAULT_CONFIG = {
|
|
17
|
-
defaultLevel:
|
|
19
|
+
defaultLevel: 'monitored',
|
|
18
20
|
allowAutoDeescalation: true,
|
|
19
21
|
minLevelChangeIntervalMs: 60000, // 1 minute
|
|
20
22
|
maxHistoryEntries: 100,
|
|
21
23
|
defaultDeescalationConditions: [
|
|
22
24
|
{
|
|
23
|
-
type:
|
|
24
|
-
description:
|
|
25
|
+
type: 'time_elapsed',
|
|
26
|
+
description: 'Wait period completed',
|
|
25
27
|
target: 3600000, // 1 hour
|
|
26
28
|
progress: 0,
|
|
27
29
|
met: false,
|
|
28
30
|
},
|
|
29
31
|
{
|
|
30
|
-
type:
|
|
31
|
-
description:
|
|
32
|
+
type: 'behavior_normalized',
|
|
33
|
+
description: 'No violations detected',
|
|
32
34
|
target: 10, // 10 successful actions
|
|
33
35
|
progress: 0,
|
|
34
36
|
met: false,
|
|
@@ -43,77 +45,77 @@ const DEFAULT_LEVEL_RESTRICTIONS = {
|
|
|
43
45
|
full_autonomy: [],
|
|
44
46
|
monitored: [
|
|
45
47
|
{
|
|
46
|
-
type:
|
|
47
|
-
target:
|
|
48
|
-
severity:
|
|
48
|
+
type: 'logging_enhanced',
|
|
49
|
+
target: '*',
|
|
50
|
+
severity: 'soft',
|
|
49
51
|
bypassable: false,
|
|
50
|
-
message:
|
|
52
|
+
message: 'All actions are being logged for monitoring',
|
|
51
53
|
},
|
|
52
54
|
],
|
|
53
55
|
tool_restricted: [
|
|
54
56
|
{
|
|
55
|
-
type:
|
|
56
|
-
target:
|
|
57
|
-
severity:
|
|
57
|
+
type: 'capability_blocked',
|
|
58
|
+
target: 'high_risk_capabilities',
|
|
59
|
+
severity: 'hard',
|
|
58
60
|
bypassable: true,
|
|
59
|
-
message:
|
|
61
|
+
message: 'High-risk capabilities are restricted',
|
|
60
62
|
},
|
|
61
63
|
{
|
|
62
|
-
type:
|
|
63
|
-
target:
|
|
64
|
-
severity:
|
|
64
|
+
type: 'logging_enhanced',
|
|
65
|
+
target: '*',
|
|
66
|
+
severity: 'soft',
|
|
65
67
|
bypassable: false,
|
|
66
|
-
message:
|
|
68
|
+
message: 'Enhanced logging active',
|
|
67
69
|
},
|
|
68
70
|
],
|
|
69
71
|
human_in_loop: [
|
|
70
72
|
{
|
|
71
|
-
type:
|
|
72
|
-
target:
|
|
73
|
-
severity:
|
|
73
|
+
type: 'approval_required',
|
|
74
|
+
target: '*',
|
|
75
|
+
severity: 'hard',
|
|
74
76
|
bypassable: false,
|
|
75
|
-
message:
|
|
77
|
+
message: 'Human approval required for all actions',
|
|
76
78
|
},
|
|
77
79
|
],
|
|
78
80
|
simulation_only: [
|
|
79
81
|
{
|
|
80
|
-
type:
|
|
81
|
-
target:
|
|
82
|
-
severity:
|
|
82
|
+
type: 'capability_blocked',
|
|
83
|
+
target: '*',
|
|
84
|
+
severity: 'hard',
|
|
83
85
|
bypassable: false,
|
|
84
|
-
message:
|
|
86
|
+
message: 'Actions are simulated only - no real execution',
|
|
85
87
|
},
|
|
86
88
|
],
|
|
87
89
|
read_only: [
|
|
88
90
|
{
|
|
89
|
-
type:
|
|
90
|
-
target:
|
|
91
|
-
severity:
|
|
91
|
+
type: 'capability_blocked',
|
|
92
|
+
target: 'write_capabilities',
|
|
93
|
+
severity: 'hard',
|
|
92
94
|
bypassable: false,
|
|
93
|
-
message:
|
|
95
|
+
message: 'Write operations are blocked',
|
|
94
96
|
},
|
|
95
97
|
{
|
|
96
|
-
type:
|
|
97
|
-
target:
|
|
98
|
-
severity:
|
|
98
|
+
type: 'capability_blocked',
|
|
99
|
+
target: 'execute_capabilities',
|
|
100
|
+
severity: 'hard',
|
|
99
101
|
bypassable: false,
|
|
100
|
-
message:
|
|
102
|
+
message: 'Execute operations are blocked',
|
|
101
103
|
},
|
|
102
104
|
],
|
|
103
105
|
halted: [
|
|
104
106
|
{
|
|
105
|
-
type:
|
|
106
|
-
target:
|
|
107
|
-
severity:
|
|
107
|
+
type: 'capability_blocked',
|
|
108
|
+
target: '*',
|
|
109
|
+
severity: 'hard',
|
|
108
110
|
bypassable: false,
|
|
109
|
-
message:
|
|
111
|
+
message: 'All operations are blocked - entity is halted',
|
|
110
112
|
},
|
|
111
113
|
{
|
|
112
|
-
type:
|
|
113
|
-
target:
|
|
114
|
-
severity:
|
|
114
|
+
type: 'session_terminated',
|
|
115
|
+
target: '*',
|
|
116
|
+
severity: 'hard',
|
|
115
117
|
bypassable: false,
|
|
116
|
-
message:
|
|
118
|
+
message: 'All sessions terminated',
|
|
117
119
|
},
|
|
118
120
|
],
|
|
119
121
|
};
|
|
@@ -169,26 +171,24 @@ export class ContainmentService {
|
|
|
169
171
|
requestedLevel: request.level,
|
|
170
172
|
reason: request.reason,
|
|
171
173
|
initiator: request.initiator.id,
|
|
172
|
-
},
|
|
174
|
+
}, 'Processing containment request');
|
|
173
175
|
// Get current state
|
|
174
176
|
const currentState = this.states.get(request.entityId);
|
|
175
177
|
const previousLevel = currentState?.level ?? this.config.defaultLevel;
|
|
176
178
|
// Check minimum interval between changes
|
|
177
179
|
if (currentState && !request.force) {
|
|
178
|
-
const lastChangeTime = new Date(currentState.history[currentState.history.length - 1]?.timestamp ??
|
|
179
|
-
currentState.appliedAt).getTime();
|
|
180
|
+
const lastChangeTime = new Date(currentState.history[currentState.history.length - 1]?.timestamp ?? currentState.appliedAt).getTime();
|
|
180
181
|
const elapsed = Date.now() - lastChangeTime;
|
|
181
182
|
if (elapsed < this.config.minLevelChangeIntervalMs) {
|
|
182
183
|
warnings.push(`Minimum interval not met (${elapsed}ms < ${this.config.minLevelChangeIntervalMs}ms)`);
|
|
183
|
-
if (ContainmentLevelValue[request.level] <
|
|
184
|
-
ContainmentLevelValue[previousLevel]) {
|
|
184
|
+
if (ContainmentLevelValue[request.level] < ContainmentLevelValue[previousLevel]) {
|
|
185
185
|
// Don't allow rapid de-escalation
|
|
186
186
|
return {
|
|
187
187
|
success: false,
|
|
188
188
|
previousState: currentState,
|
|
189
189
|
newState: currentState,
|
|
190
190
|
actionsTaken: [],
|
|
191
|
-
errors: [
|
|
191
|
+
errors: ['Cannot de-escalate: minimum interval not met'],
|
|
192
192
|
warnings,
|
|
193
193
|
};
|
|
194
194
|
}
|
|
@@ -226,10 +226,7 @@ export class ContainmentService {
|
|
|
226
226
|
expiresAt,
|
|
227
227
|
initiator: request.initiator,
|
|
228
228
|
history: currentState
|
|
229
|
-
? [
|
|
230
|
-
...currentState.history.slice(-this.config.maxHistoryEntries + 1),
|
|
231
|
-
historyEntry,
|
|
232
|
-
]
|
|
229
|
+
? [...currentState.history.slice(-this.config.maxHistoryEntries + 1), historyEntry]
|
|
233
230
|
: [historyEntry],
|
|
234
231
|
deescalationConditions,
|
|
235
232
|
escalationPath,
|
|
@@ -238,7 +235,7 @@ export class ContainmentService {
|
|
|
238
235
|
this.states.set(request.entityId, newState);
|
|
239
236
|
// Record action
|
|
240
237
|
actionsTaken.push({
|
|
241
|
-
type:
|
|
238
|
+
type: 'level_changed',
|
|
242
239
|
target: request.entityId,
|
|
243
240
|
details: {
|
|
244
241
|
previousLevel,
|
|
@@ -250,18 +247,18 @@ export class ContainmentService {
|
|
|
250
247
|
// Apply restrictions
|
|
251
248
|
for (const restriction of allRestrictions) {
|
|
252
249
|
actionsTaken.push({
|
|
253
|
-
type:
|
|
250
|
+
type: 'restriction_added',
|
|
254
251
|
target: restriction.target,
|
|
255
252
|
details: { restriction },
|
|
256
253
|
timestamp: now,
|
|
257
254
|
});
|
|
258
255
|
}
|
|
259
256
|
// If halted, terminate sessions
|
|
260
|
-
if (request.level ===
|
|
257
|
+
if (request.level === 'halted') {
|
|
261
258
|
actionsTaken.push({
|
|
262
|
-
type:
|
|
259
|
+
type: 'session_terminated',
|
|
263
260
|
target: request.entityId,
|
|
264
|
-
details: { reason:
|
|
261
|
+
details: { reason: 'Entity halted' },
|
|
265
262
|
timestamp: now,
|
|
266
263
|
});
|
|
267
264
|
}
|
|
@@ -273,7 +270,7 @@ export class ContainmentService {
|
|
|
273
270
|
newLevel: request.level,
|
|
274
271
|
restrictionCount: allRestrictions.length,
|
|
275
272
|
expiresAt,
|
|
276
|
-
},
|
|
273
|
+
}, 'Containment applied');
|
|
277
274
|
return {
|
|
278
275
|
success: true,
|
|
279
276
|
previousState: currentState ?? this.createDefaultState(request.entityId),
|
|
@@ -296,7 +293,7 @@ export class ContainmentService {
|
|
|
296
293
|
previousState: currentState,
|
|
297
294
|
newState: currentState,
|
|
298
295
|
actionsTaken: [],
|
|
299
|
-
errors: [
|
|
296
|
+
errors: ['Already at maximum containment level'],
|
|
300
297
|
warnings: [],
|
|
301
298
|
};
|
|
302
299
|
}
|
|
@@ -304,7 +301,7 @@ export class ContainmentService {
|
|
|
304
301
|
const levels = Object.entries(ContainmentLevelValue)
|
|
305
302
|
.sort((a, b) => a[1] - b[1])
|
|
306
303
|
.map((e) => e[0]);
|
|
307
|
-
const nextLevel = levels[levelValue + 1] ??
|
|
304
|
+
const nextLevel = levels[levelValue + 1] ?? 'halted';
|
|
308
305
|
return this.contain({
|
|
309
306
|
entityId,
|
|
310
307
|
level: nextLevel,
|
|
@@ -326,7 +323,7 @@ export class ContainmentService {
|
|
|
326
323
|
previousState: currentState,
|
|
327
324
|
newState: currentState,
|
|
328
325
|
actionsTaken: [],
|
|
329
|
-
errors: [
|
|
326
|
+
errors: ['Already at minimum containment level'],
|
|
330
327
|
warnings: [],
|
|
331
328
|
};
|
|
332
329
|
}
|
|
@@ -334,13 +331,13 @@ export class ContainmentService {
|
|
|
334
331
|
const state = this.states.get(entityId);
|
|
335
332
|
if (state && !this.config.allowAutoDeescalation) {
|
|
336
333
|
const unmetConditions = state.deescalationConditions.filter((c) => !c.met);
|
|
337
|
-
if (unmetConditions.length > 0 && initiator.type ===
|
|
334
|
+
if (unmetConditions.length > 0 && initiator.type === 'system') {
|
|
338
335
|
return {
|
|
339
336
|
success: false,
|
|
340
337
|
previousState: state,
|
|
341
338
|
newState: state,
|
|
342
339
|
actionsTaken: [],
|
|
343
|
-
errors: [
|
|
340
|
+
errors: ['De-escalation conditions not met'],
|
|
344
341
|
warnings: unmetConditions.map((c) => c.description),
|
|
345
342
|
};
|
|
346
343
|
}
|
|
@@ -349,7 +346,7 @@ export class ContainmentService {
|
|
|
349
346
|
const levels = Object.entries(ContainmentLevelValue)
|
|
350
347
|
.sort((a, b) => a[1] - b[1])
|
|
351
348
|
.map((e) => e[0]);
|
|
352
|
-
const previousLevel = levels[levelValue - 1] ??
|
|
349
|
+
const previousLevel = levels[levelValue - 1] ?? 'full_autonomy';
|
|
353
350
|
return this.contain({
|
|
354
351
|
entityId,
|
|
355
352
|
level: previousLevel,
|
|
@@ -364,8 +361,8 @@ export class ContainmentService {
|
|
|
364
361
|
async release(entityId, explanation, initiator) {
|
|
365
362
|
return this.contain({
|
|
366
363
|
entityId,
|
|
367
|
-
level:
|
|
368
|
-
reason:
|
|
364
|
+
level: 'full_autonomy',
|
|
365
|
+
reason: 'manual_override',
|
|
369
366
|
explanation,
|
|
370
367
|
initiator,
|
|
371
368
|
});
|
|
@@ -383,13 +380,12 @@ export class ContainmentService {
|
|
|
383
380
|
// Update condition progress
|
|
384
381
|
for (const condition of state.deescalationConditions) {
|
|
385
382
|
switch (condition.type) {
|
|
386
|
-
case
|
|
383
|
+
case 'time_elapsed':
|
|
387
384
|
const targetMs = condition.target;
|
|
388
385
|
const elapsed = now - appliedAt;
|
|
389
386
|
condition.progress = Math.min(1, elapsed / targetMs);
|
|
390
387
|
condition.met = elapsed >= targetMs;
|
|
391
388
|
break;
|
|
392
|
-
}
|
|
393
389
|
// Other conditions would be updated by external events
|
|
394
390
|
}
|
|
395
391
|
}
|
|
@@ -405,28 +401,24 @@ export class ContainmentService {
|
|
|
405
401
|
checkAction(entityId, action, capability) {
|
|
406
402
|
const state = this.states.get(entityId);
|
|
407
403
|
if (!state) {
|
|
408
|
-
return {
|
|
409
|
-
allowed: true,
|
|
410
|
-
restrictions: [],
|
|
411
|
-
message: "No containment in effect",
|
|
412
|
-
};
|
|
404
|
+
return { allowed: true, restrictions: [], message: 'No containment in effect' };
|
|
413
405
|
}
|
|
414
406
|
const level = state.level;
|
|
415
407
|
// Halted blocks everything
|
|
416
|
-
if (level ===
|
|
408
|
+
if (level === 'halted') {
|
|
417
409
|
return {
|
|
418
410
|
allowed: false,
|
|
419
411
|
restrictions: state.restrictions,
|
|
420
|
-
message:
|
|
412
|
+
message: 'Entity is halted - all actions blocked',
|
|
421
413
|
};
|
|
422
414
|
}
|
|
423
415
|
// Check each restriction
|
|
424
416
|
const blockingRestrictions = [];
|
|
425
417
|
for (const restriction of state.restrictions) {
|
|
426
|
-
const matches = restriction.target ===
|
|
418
|
+
const matches = restriction.target === '*' ||
|
|
427
419
|
restriction.target === action ||
|
|
428
420
|
restriction.target === capability;
|
|
429
|
-
if (matches && restriction.severity ===
|
|
421
|
+
if (matches && restriction.severity === 'hard') {
|
|
430
422
|
blockingRestrictions.push(restriction);
|
|
431
423
|
}
|
|
432
424
|
}
|
|
@@ -434,29 +426,29 @@ export class ContainmentService {
|
|
|
434
426
|
return {
|
|
435
427
|
allowed: false,
|
|
436
428
|
restrictions: blockingRestrictions,
|
|
437
|
-
message: blockingRestrictions.map((r) => r.message).join(
|
|
429
|
+
message: blockingRestrictions.map((r) => r.message).join('; '),
|
|
438
430
|
};
|
|
439
431
|
}
|
|
440
432
|
// Special handling for human-in-loop
|
|
441
|
-
if (level ===
|
|
433
|
+
if (level === 'human_in_loop') {
|
|
442
434
|
return {
|
|
443
435
|
allowed: false,
|
|
444
|
-
restrictions: state.restrictions.filter((r) => r.type ===
|
|
445
|
-
message:
|
|
436
|
+
restrictions: state.restrictions.filter((r) => r.type === 'approval_required'),
|
|
437
|
+
message: 'Human approval required',
|
|
446
438
|
};
|
|
447
439
|
}
|
|
448
440
|
// Simulation-only mode
|
|
449
|
-
if (level ===
|
|
441
|
+
if (level === 'simulation_only') {
|
|
450
442
|
return {
|
|
451
443
|
allowed: true, // Allow but flag as simulation
|
|
452
444
|
restrictions: state.restrictions,
|
|
453
|
-
message:
|
|
445
|
+
message: 'Action will be simulated only',
|
|
454
446
|
};
|
|
455
447
|
}
|
|
456
448
|
return {
|
|
457
449
|
allowed: true,
|
|
458
|
-
restrictions: state.restrictions.filter((r) => r.severity ===
|
|
459
|
-
message:
|
|
450
|
+
restrictions: state.restrictions.filter((r) => r.severity === 'soft'),
|
|
451
|
+
message: 'Action allowed',
|
|
460
452
|
};
|
|
461
453
|
}
|
|
462
454
|
/**
|
|
@@ -473,8 +465,7 @@ export class ContainmentService {
|
|
|
473
465
|
if (triggered) {
|
|
474
466
|
triggeredPolicies.push(policy);
|
|
475
467
|
// Take highest containment level
|
|
476
|
-
if (ContainmentLevelValue[policy.action.level] >
|
|
477
|
-
ContainmentLevelValue[highestLevel]) {
|
|
468
|
+
if (ContainmentLevelValue[policy.action.level] > ContainmentLevelValue[highestLevel]) {
|
|
478
469
|
highestLevel = policy.action.level;
|
|
479
470
|
}
|
|
480
471
|
allRestrictions.push(...policy.action.restrictions);
|
|
@@ -493,18 +484,15 @@ export class ContainmentService {
|
|
|
493
484
|
*/
|
|
494
485
|
evaluatePolicyTrigger(trigger, context) {
|
|
495
486
|
switch (trigger.type) {
|
|
496
|
-
case
|
|
497
|
-
const trustScore = context[
|
|
487
|
+
case 'trust_threshold':
|
|
488
|
+
const trustScore = context['trustScore'];
|
|
498
489
|
return trustScore !== undefined && trustScore < trigger.threshold;
|
|
499
|
-
|
|
500
|
-
|
|
501
|
-
const errorRate = context["errorRate"];
|
|
490
|
+
case 'error_rate':
|
|
491
|
+
const errorRate = context['errorRate'];
|
|
502
492
|
return errorRate !== undefined && errorRate > trigger.threshold;
|
|
503
|
-
|
|
504
|
-
|
|
505
|
-
const anomalyScore = context["anomalyScore"];
|
|
493
|
+
case 'anomaly_score':
|
|
494
|
+
const anomalyScore = context['anomalyScore'];
|
|
506
495
|
return anomalyScore !== undefined && anomalyScore > trigger.threshold;
|
|
507
|
-
}
|
|
508
496
|
default:
|
|
509
497
|
return false;
|
|
510
498
|
}
|
|
@@ -516,19 +504,19 @@ export class ContainmentService {
|
|
|
516
504
|
const conditions = [...this.config.defaultDeescalationConditions];
|
|
517
505
|
// Add level-specific conditions
|
|
518
506
|
switch (request.level) {
|
|
519
|
-
case
|
|
507
|
+
case 'halted':
|
|
520
508
|
conditions.push({
|
|
521
|
-
type:
|
|
522
|
-
description:
|
|
523
|
-
target:
|
|
509
|
+
type: 'manual_approval',
|
|
510
|
+
description: 'Manual approval from administrator required',
|
|
511
|
+
target: 'admin_approval',
|
|
524
512
|
progress: 0,
|
|
525
513
|
met: false,
|
|
526
514
|
});
|
|
527
515
|
break;
|
|
528
|
-
case
|
|
516
|
+
case 'human_in_loop':
|
|
529
517
|
conditions.push({
|
|
530
|
-
type:
|
|
531
|
-
description:
|
|
518
|
+
type: 'behavior_normalized',
|
|
519
|
+
description: '5 consecutive approved actions',
|
|
532
520
|
target: 5,
|
|
533
521
|
progress: 0,
|
|
534
522
|
met: false,
|
|
@@ -555,9 +543,9 @@ export class ContainmentService {
|
|
|
555
543
|
additionalRestrictions: DEFAULT_LEVEL_RESTRICTIONS[level] ?? [],
|
|
556
544
|
notifications: [
|
|
557
545
|
{
|
|
558
|
-
channel: level ===
|
|
559
|
-
recipients: [
|
|
560
|
-
severity: level ===
|
|
546
|
+
channel: level === 'halted' ? 'pagerduty' : 'slack',
|
|
547
|
+
recipients: ['security-team'],
|
|
548
|
+
severity: level === 'halted' ? 'critical' : 'warning',
|
|
561
549
|
template: `containment_escalation_${level}`,
|
|
562
550
|
},
|
|
563
551
|
],
|
|
@@ -573,15 +561,15 @@ export class ContainmentService {
|
|
|
573
561
|
return {
|
|
574
562
|
entityId,
|
|
575
563
|
level: this.config.defaultLevel,
|
|
576
|
-
reason:
|
|
577
|
-
explanation:
|
|
564
|
+
reason: 'precautionary',
|
|
565
|
+
explanation: 'Default containment state',
|
|
578
566
|
restrictions: DEFAULT_LEVEL_RESTRICTIONS[this.config.defaultLevel] ?? [],
|
|
579
567
|
appliedAt: now,
|
|
580
568
|
initiator: {
|
|
581
|
-
type:
|
|
582
|
-
id:
|
|
583
|
-
name:
|
|
584
|
-
authority:
|
|
569
|
+
type: 'system',
|
|
570
|
+
id: 'containment-service',
|
|
571
|
+
name: 'Containment Service',
|
|
572
|
+
authority: 'system',
|
|
585
573
|
},
|
|
586
574
|
history: [],
|
|
587
575
|
deescalationConditions: [],
|
|
@@ -639,7 +627,7 @@ export class ContainmentService {
|
|
|
639
627
|
let escalationCount = 0;
|
|
640
628
|
let deescalationCount = 0;
|
|
641
629
|
for (const event of events) {
|
|
642
|
-
if (event.type ===
|
|
630
|
+
if (event.type === 'level_changed') {
|
|
643
631
|
const details = event.details;
|
|
644
632
|
levelCounts[details.newLevel]++;
|
|
645
633
|
reasonCounts[details.reason] = (reasonCounts[details.reason] ?? 0) + 1;
|
|
@@ -711,10 +699,10 @@ export function createContainmentService(config) {
|
|
|
711
699
|
*/
|
|
712
700
|
export function createSystemInitiator(componentName) {
|
|
713
701
|
return {
|
|
714
|
-
type:
|
|
702
|
+
type: 'system',
|
|
715
703
|
id: componentName,
|
|
716
704
|
name: componentName,
|
|
717
|
-
authority:
|
|
705
|
+
authority: 'automated',
|
|
718
706
|
};
|
|
719
707
|
}
|
|
720
708
|
/**
|
|
@@ -722,7 +710,7 @@ export function createSystemInitiator(componentName) {
|
|
|
722
710
|
*/
|
|
723
711
|
export function createHumanInitiator(userId, userName, role) {
|
|
724
712
|
return {
|
|
725
|
-
type:
|
|
713
|
+
type: 'human',
|
|
726
714
|
id: userId,
|
|
727
715
|
name: userName,
|
|
728
716
|
authority: role,
|