@vorionsys/atsf-core 0.4.1 → 0.4.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/basis/parser.d.ts +74 -74
- package/dist/basis/parser.js +3 -3
- package/dist/basis/parser.js.map +1 -1
- package/dist/common/config.d.ts +16 -16
- package/dist/enforce/fast-path.d.ts +134 -0
- package/dist/enforce/fast-path.d.ts.map +1 -0
- package/dist/enforce/fast-path.js +257 -0
- package/dist/enforce/fast-path.js.map +1 -0
- package/dist/enforce/pipeline-optimizer.d.ts +111 -0
- package/dist/enforce/pipeline-optimizer.d.ts.map +1 -0
- package/dist/enforce/pipeline-optimizer.js +370 -0
- package/dist/enforce/pipeline-optimizer.js.map +1 -0
- package/dist/enforce/policy-cache.d.ts +92 -0
- package/dist/enforce/policy-cache.d.ts.map +1 -0
- package/dist/enforce/policy-cache.js +186 -0
- package/dist/enforce/policy-cache.js.map +1 -0
- package/dist/enforce/trust-cache.d.ts +118 -0
- package/dist/enforce/trust-cache.d.ts.map +1 -0
- package/dist/enforce/trust-cache.js +218 -0
- package/dist/enforce/trust-cache.js.map +1 -0
- package/dist/paramesphere/gpu-svd.d.ts +102 -0
- package/dist/paramesphere/gpu-svd.d.ts.map +1 -0
- package/dist/paramesphere/gpu-svd.js +668 -0
- package/dist/paramesphere/gpu-svd.js.map +1 -0
- package/dist/paramesphere/index.d.ts +2 -0
- package/dist/paramesphere/index.d.ts.map +1 -1
- package/dist/paramesphere/index.js +1 -0
- package/dist/paramesphere/index.js.map +1 -1
- package/dist/paramesphere/paramesphere-engine.d.ts +40 -3
- package/dist/paramesphere/paramesphere-engine.d.ts.map +1 -1
- package/dist/paramesphere/paramesphere-engine.js +133 -6
- package/dist/paramesphere/paramesphere-engine.js.map +1 -1
- package/dist/paramesphere/scheduled-verifier.d.ts +136 -0
- package/dist/paramesphere/scheduled-verifier.d.ts.map +1 -0
- package/dist/paramesphere/scheduled-verifier.js +338 -0
- package/dist/paramesphere/scheduled-verifier.js.map +1 -0
- package/dist/paramesphere/svd-worker-pool.d.ts +37 -0
- package/dist/paramesphere/svd-worker-pool.d.ts.map +1 -0
- package/dist/paramesphere/svd-worker-pool.js +144 -0
- package/dist/paramesphere/svd-worker-pool.js.map +1 -0
- package/dist/paramesphere/svd-worker.d.ts +2 -0
- package/dist/paramesphere/svd-worker.d.ts.map +1 -0
- package/dist/paramesphere/svd-worker.js +103 -0
- package/dist/paramesphere/svd-worker.js.map +1 -0
- package/dist/paramesphere/types.d.ts +14 -0
- package/dist/paramesphere/types.d.ts.map +1 -1
- package/dist/paramesphere/types.js.map +1 -1
- package/dist/phase6/types.d.ts +257 -257
- package/dist/phase6/types.js +1 -1
- package/dist/phase6/types.js.map +1 -1
- package/package.json +2 -2
package/dist/basis/parser.d.ts
CHANGED
|
@@ -22,29 +22,29 @@ declare const ruleSchema: z.ZodObject<{
|
|
|
22
22
|
operator: z.ZodEnum<["equals", "not_equals", "greater_than", "less_than", "greater_than_or_equal", "less_than_or_equal", "in", "not_in", "contains", "not_contains", "matches", "exists", "not_exists"]>;
|
|
23
23
|
value: z.ZodUnknown;
|
|
24
24
|
}, "strip", z.ZodTypeAny, {
|
|
25
|
-
operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equal" | "less_than_or_equal" | "in" | "not_in" | "contains" | "not_contains" | "matches" | "exists" | "not_exists";
|
|
26
|
-
field?: string;
|
|
27
25
|
value?: unknown;
|
|
28
|
-
}, {
|
|
29
|
-
operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equal" | "less_than_or_equal" | "in" | "not_in" | "contains" | "not_contains" | "matches" | "exists" | "not_exists";
|
|
30
26
|
field?: string;
|
|
27
|
+
operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equal" | "less_than_or_equal" | "in" | "not_in" | "contains" | "not_contains" | "matches" | "exists" | "not_exists";
|
|
28
|
+
}, {
|
|
31
29
|
value?: unknown;
|
|
30
|
+
field?: string;
|
|
31
|
+
operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equal" | "less_than_or_equal" | "in" | "not_in" | "contains" | "not_contains" | "matches" | "exists" | "not_exists";
|
|
32
32
|
}>, "many">>;
|
|
33
33
|
}, "strip", z.ZodTypeAny, {
|
|
34
34
|
intentType?: string | string[];
|
|
35
35
|
entityType?: string | string[];
|
|
36
36
|
conditions?: {
|
|
37
|
-
operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equal" | "less_than_or_equal" | "in" | "not_in" | "contains" | "not_contains" | "matches" | "exists" | "not_exists";
|
|
38
|
-
field?: string;
|
|
39
37
|
value?: unknown;
|
|
38
|
+
field?: string;
|
|
39
|
+
operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equal" | "less_than_or_equal" | "in" | "not_in" | "contains" | "not_contains" | "matches" | "exists" | "not_exists";
|
|
40
40
|
}[];
|
|
41
41
|
}, {
|
|
42
42
|
intentType?: string | string[];
|
|
43
43
|
entityType?: string | string[];
|
|
44
44
|
conditions?: {
|
|
45
|
-
operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equal" | "less_than_or_equal" | "in" | "not_in" | "contains" | "not_contains" | "matches" | "exists" | "not_exists";
|
|
46
|
-
field?: string;
|
|
47
45
|
value?: unknown;
|
|
46
|
+
field?: string;
|
|
47
|
+
operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equal" | "less_than_or_equal" | "in" | "not_in" | "contains" | "not_contains" | "matches" | "exists" | "not_exists";
|
|
48
48
|
}[];
|
|
49
49
|
}>;
|
|
50
50
|
evaluate: z.ZodArray<z.ZodObject<{
|
|
@@ -57,87 +57,87 @@ declare const ruleSchema: z.ZodObject<{
|
|
|
57
57
|
requireJustification: z.ZodOptional<z.ZodBoolean>;
|
|
58
58
|
autoDenyOnTimeout: z.ZodOptional<z.ZodBoolean>;
|
|
59
59
|
}, "strip", z.ZodTypeAny, {
|
|
60
|
-
timeout?: string;
|
|
61
60
|
to?: string;
|
|
61
|
+
timeout?: string;
|
|
62
62
|
requireJustification?: boolean;
|
|
63
63
|
autoDenyOnTimeout?: boolean;
|
|
64
64
|
}, {
|
|
65
|
-
timeout?: string;
|
|
66
65
|
to?: string;
|
|
66
|
+
timeout?: string;
|
|
67
67
|
requireJustification?: boolean;
|
|
68
68
|
autoDenyOnTimeout?: boolean;
|
|
69
69
|
}>>;
|
|
70
70
|
}, "strip", z.ZodTypeAny, {
|
|
71
|
-
reason?: string;
|
|
72
71
|
condition?: string;
|
|
73
72
|
result?: "allow" | "deny" | "escalate" | "limit" | "monitor" | "terminate";
|
|
73
|
+
reason?: string;
|
|
74
74
|
escalation?: {
|
|
75
|
-
timeout?: string;
|
|
76
75
|
to?: string;
|
|
76
|
+
timeout?: string;
|
|
77
77
|
requireJustification?: boolean;
|
|
78
78
|
autoDenyOnTimeout?: boolean;
|
|
79
79
|
};
|
|
80
80
|
}, {
|
|
81
|
-
reason?: string;
|
|
82
81
|
condition?: string;
|
|
83
82
|
result?: "allow" | "deny" | "escalate" | "limit" | "monitor" | "terminate";
|
|
83
|
+
reason?: string;
|
|
84
84
|
escalation?: {
|
|
85
|
-
timeout?: string;
|
|
86
85
|
to?: string;
|
|
86
|
+
timeout?: string;
|
|
87
87
|
requireJustification?: boolean;
|
|
88
88
|
autoDenyOnTimeout?: boolean;
|
|
89
89
|
};
|
|
90
90
|
}>, "many">;
|
|
91
91
|
metadata: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
92
92
|
}, "strip", z.ZodTypeAny, {
|
|
93
|
+
id?: string;
|
|
93
94
|
name?: string;
|
|
95
|
+
description?: string;
|
|
96
|
+
priority?: number;
|
|
94
97
|
enabled?: boolean;
|
|
95
98
|
when?: {
|
|
96
99
|
intentType?: string | string[];
|
|
97
100
|
entityType?: string | string[];
|
|
98
101
|
conditions?: {
|
|
99
|
-
operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equal" | "less_than_or_equal" | "in" | "not_in" | "contains" | "not_contains" | "matches" | "exists" | "not_exists";
|
|
100
|
-
field?: string;
|
|
101
102
|
value?: unknown;
|
|
103
|
+
field?: string;
|
|
104
|
+
operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equal" | "less_than_or_equal" | "in" | "not_in" | "contains" | "not_contains" | "matches" | "exists" | "not_exists";
|
|
102
105
|
}[];
|
|
103
106
|
};
|
|
104
|
-
priority?: number;
|
|
105
|
-
id?: string;
|
|
106
|
-
description?: string;
|
|
107
107
|
evaluate?: {
|
|
108
|
-
reason?: string;
|
|
109
108
|
condition?: string;
|
|
110
109
|
result?: "allow" | "deny" | "escalate" | "limit" | "monitor" | "terminate";
|
|
110
|
+
reason?: string;
|
|
111
111
|
escalation?: {
|
|
112
|
-
timeout?: string;
|
|
113
112
|
to?: string;
|
|
113
|
+
timeout?: string;
|
|
114
114
|
requireJustification?: boolean;
|
|
115
115
|
autoDenyOnTimeout?: boolean;
|
|
116
116
|
};
|
|
117
117
|
}[];
|
|
118
118
|
metadata?: Record<string, unknown>;
|
|
119
119
|
}, {
|
|
120
|
+
id?: string;
|
|
120
121
|
name?: string;
|
|
122
|
+
description?: string;
|
|
123
|
+
priority?: number;
|
|
121
124
|
enabled?: boolean;
|
|
122
125
|
when?: {
|
|
123
126
|
intentType?: string | string[];
|
|
124
127
|
entityType?: string | string[];
|
|
125
128
|
conditions?: {
|
|
126
|
-
operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equal" | "less_than_or_equal" | "in" | "not_in" | "contains" | "not_contains" | "matches" | "exists" | "not_exists";
|
|
127
|
-
field?: string;
|
|
128
129
|
value?: unknown;
|
|
130
|
+
field?: string;
|
|
131
|
+
operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equal" | "less_than_or_equal" | "in" | "not_in" | "contains" | "not_contains" | "matches" | "exists" | "not_exists";
|
|
129
132
|
}[];
|
|
130
133
|
};
|
|
131
|
-
priority?: number;
|
|
132
|
-
id?: string;
|
|
133
|
-
description?: string;
|
|
134
134
|
evaluate?: {
|
|
135
|
-
reason?: string;
|
|
136
135
|
condition?: string;
|
|
137
136
|
result?: "allow" | "deny" | "escalate" | "limit" | "monitor" | "terminate";
|
|
137
|
+
reason?: string;
|
|
138
138
|
escalation?: {
|
|
139
|
-
timeout?: string;
|
|
140
139
|
to?: string;
|
|
140
|
+
timeout?: string;
|
|
141
141
|
requireJustification?: boolean;
|
|
142
142
|
autoDenyOnTimeout?: boolean;
|
|
143
143
|
};
|
|
@@ -165,29 +165,29 @@ declare const namespaceSchema: z.ZodObject<{
|
|
|
165
165
|
operator: z.ZodEnum<["equals", "not_equals", "greater_than", "less_than", "greater_than_or_equal", "less_than_or_equal", "in", "not_in", "contains", "not_contains", "matches", "exists", "not_exists"]>;
|
|
166
166
|
value: z.ZodUnknown;
|
|
167
167
|
}, "strip", z.ZodTypeAny, {
|
|
168
|
-
operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equal" | "less_than_or_equal" | "in" | "not_in" | "contains" | "not_contains" | "matches" | "exists" | "not_exists";
|
|
169
|
-
field?: string;
|
|
170
168
|
value?: unknown;
|
|
171
|
-
}, {
|
|
172
|
-
operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equal" | "less_than_or_equal" | "in" | "not_in" | "contains" | "not_contains" | "matches" | "exists" | "not_exists";
|
|
173
169
|
field?: string;
|
|
170
|
+
operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equal" | "less_than_or_equal" | "in" | "not_in" | "contains" | "not_contains" | "matches" | "exists" | "not_exists";
|
|
171
|
+
}, {
|
|
174
172
|
value?: unknown;
|
|
173
|
+
field?: string;
|
|
174
|
+
operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equal" | "less_than_or_equal" | "in" | "not_in" | "contains" | "not_contains" | "matches" | "exists" | "not_exists";
|
|
175
175
|
}>, "many">>;
|
|
176
176
|
}, "strip", z.ZodTypeAny, {
|
|
177
177
|
intentType?: string | string[];
|
|
178
178
|
entityType?: string | string[];
|
|
179
179
|
conditions?: {
|
|
180
|
-
operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equal" | "less_than_or_equal" | "in" | "not_in" | "contains" | "not_contains" | "matches" | "exists" | "not_exists";
|
|
181
|
-
field?: string;
|
|
182
180
|
value?: unknown;
|
|
181
|
+
field?: string;
|
|
182
|
+
operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equal" | "less_than_or_equal" | "in" | "not_in" | "contains" | "not_contains" | "matches" | "exists" | "not_exists";
|
|
183
183
|
}[];
|
|
184
184
|
}, {
|
|
185
185
|
intentType?: string | string[];
|
|
186
186
|
entityType?: string | string[];
|
|
187
187
|
conditions?: {
|
|
188
|
-
operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equal" | "less_than_or_equal" | "in" | "not_in" | "contains" | "not_contains" | "matches" | "exists" | "not_exists";
|
|
189
|
-
field?: string;
|
|
190
188
|
value?: unknown;
|
|
189
|
+
field?: string;
|
|
190
|
+
operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equal" | "less_than_or_equal" | "in" | "not_in" | "contains" | "not_contains" | "matches" | "exists" | "not_exists";
|
|
191
191
|
}[];
|
|
192
192
|
}>;
|
|
193
193
|
evaluate: z.ZodArray<z.ZodObject<{
|
|
@@ -200,87 +200,87 @@ declare const namespaceSchema: z.ZodObject<{
|
|
|
200
200
|
requireJustification: z.ZodOptional<z.ZodBoolean>;
|
|
201
201
|
autoDenyOnTimeout: z.ZodOptional<z.ZodBoolean>;
|
|
202
202
|
}, "strip", z.ZodTypeAny, {
|
|
203
|
-
timeout?: string;
|
|
204
203
|
to?: string;
|
|
204
|
+
timeout?: string;
|
|
205
205
|
requireJustification?: boolean;
|
|
206
206
|
autoDenyOnTimeout?: boolean;
|
|
207
207
|
}, {
|
|
208
|
-
timeout?: string;
|
|
209
208
|
to?: string;
|
|
209
|
+
timeout?: string;
|
|
210
210
|
requireJustification?: boolean;
|
|
211
211
|
autoDenyOnTimeout?: boolean;
|
|
212
212
|
}>>;
|
|
213
213
|
}, "strip", z.ZodTypeAny, {
|
|
214
|
-
reason?: string;
|
|
215
214
|
condition?: string;
|
|
216
215
|
result?: "allow" | "deny" | "escalate" | "limit" | "monitor" | "terminate";
|
|
216
|
+
reason?: string;
|
|
217
217
|
escalation?: {
|
|
218
|
-
timeout?: string;
|
|
219
218
|
to?: string;
|
|
219
|
+
timeout?: string;
|
|
220
220
|
requireJustification?: boolean;
|
|
221
221
|
autoDenyOnTimeout?: boolean;
|
|
222
222
|
};
|
|
223
223
|
}, {
|
|
224
|
-
reason?: string;
|
|
225
224
|
condition?: string;
|
|
226
225
|
result?: "allow" | "deny" | "escalate" | "limit" | "monitor" | "terminate";
|
|
226
|
+
reason?: string;
|
|
227
227
|
escalation?: {
|
|
228
|
-
timeout?: string;
|
|
229
228
|
to?: string;
|
|
229
|
+
timeout?: string;
|
|
230
230
|
requireJustification?: boolean;
|
|
231
231
|
autoDenyOnTimeout?: boolean;
|
|
232
232
|
};
|
|
233
233
|
}>, "many">;
|
|
234
234
|
metadata: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
235
235
|
}, "strip", z.ZodTypeAny, {
|
|
236
|
+
id?: string;
|
|
236
237
|
name?: string;
|
|
238
|
+
description?: string;
|
|
239
|
+
priority?: number;
|
|
237
240
|
enabled?: boolean;
|
|
238
241
|
when?: {
|
|
239
242
|
intentType?: string | string[];
|
|
240
243
|
entityType?: string | string[];
|
|
241
244
|
conditions?: {
|
|
242
|
-
operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equal" | "less_than_or_equal" | "in" | "not_in" | "contains" | "not_contains" | "matches" | "exists" | "not_exists";
|
|
243
|
-
field?: string;
|
|
244
245
|
value?: unknown;
|
|
246
|
+
field?: string;
|
|
247
|
+
operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equal" | "less_than_or_equal" | "in" | "not_in" | "contains" | "not_contains" | "matches" | "exists" | "not_exists";
|
|
245
248
|
}[];
|
|
246
249
|
};
|
|
247
|
-
priority?: number;
|
|
248
|
-
id?: string;
|
|
249
|
-
description?: string;
|
|
250
250
|
evaluate?: {
|
|
251
|
-
reason?: string;
|
|
252
251
|
condition?: string;
|
|
253
252
|
result?: "allow" | "deny" | "escalate" | "limit" | "monitor" | "terminate";
|
|
253
|
+
reason?: string;
|
|
254
254
|
escalation?: {
|
|
255
|
-
timeout?: string;
|
|
256
255
|
to?: string;
|
|
256
|
+
timeout?: string;
|
|
257
257
|
requireJustification?: boolean;
|
|
258
258
|
autoDenyOnTimeout?: boolean;
|
|
259
259
|
};
|
|
260
260
|
}[];
|
|
261
261
|
metadata?: Record<string, unknown>;
|
|
262
262
|
}, {
|
|
263
|
+
id?: string;
|
|
263
264
|
name?: string;
|
|
265
|
+
description?: string;
|
|
266
|
+
priority?: number;
|
|
264
267
|
enabled?: boolean;
|
|
265
268
|
when?: {
|
|
266
269
|
intentType?: string | string[];
|
|
267
270
|
entityType?: string | string[];
|
|
268
271
|
conditions?: {
|
|
269
|
-
operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equal" | "less_than_or_equal" | "in" | "not_in" | "contains" | "not_contains" | "matches" | "exists" | "not_exists";
|
|
270
|
-
field?: string;
|
|
271
272
|
value?: unknown;
|
|
273
|
+
field?: string;
|
|
274
|
+
operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equal" | "less_than_or_equal" | "in" | "not_in" | "contains" | "not_contains" | "matches" | "exists" | "not_exists";
|
|
272
275
|
}[];
|
|
273
276
|
};
|
|
274
|
-
priority?: number;
|
|
275
|
-
id?: string;
|
|
276
|
-
description?: string;
|
|
277
277
|
evaluate?: {
|
|
278
|
-
reason?: string;
|
|
279
278
|
condition?: string;
|
|
280
279
|
result?: "allow" | "deny" | "escalate" | "limit" | "monitor" | "terminate";
|
|
280
|
+
reason?: string;
|
|
281
281
|
escalation?: {
|
|
282
|
-
timeout?: string;
|
|
283
282
|
to?: string;
|
|
283
|
+
timeout?: string;
|
|
284
284
|
requireJustification?: boolean;
|
|
285
285
|
autoDenyOnTimeout?: boolean;
|
|
286
286
|
};
|
|
@@ -288,31 +288,31 @@ declare const namespaceSchema: z.ZodObject<{
|
|
|
288
288
|
metadata?: Record<string, unknown>;
|
|
289
289
|
}>, "many">;
|
|
290
290
|
}, "strip", z.ZodTypeAny, {
|
|
291
|
-
version?: string;
|
|
292
|
-
namespace?: string;
|
|
293
291
|
description?: string;
|
|
292
|
+
namespace?: string;
|
|
293
|
+
version?: string;
|
|
294
294
|
rules?: {
|
|
295
|
+
id?: string;
|
|
295
296
|
name?: string;
|
|
297
|
+
description?: string;
|
|
298
|
+
priority?: number;
|
|
296
299
|
enabled?: boolean;
|
|
297
300
|
when?: {
|
|
298
301
|
intentType?: string | string[];
|
|
299
302
|
entityType?: string | string[];
|
|
300
303
|
conditions?: {
|
|
301
|
-
operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equal" | "less_than_or_equal" | "in" | "not_in" | "contains" | "not_contains" | "matches" | "exists" | "not_exists";
|
|
302
|
-
field?: string;
|
|
303
304
|
value?: unknown;
|
|
305
|
+
field?: string;
|
|
306
|
+
operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equal" | "less_than_or_equal" | "in" | "not_in" | "contains" | "not_contains" | "matches" | "exists" | "not_exists";
|
|
304
307
|
}[];
|
|
305
308
|
};
|
|
306
|
-
priority?: number;
|
|
307
|
-
id?: string;
|
|
308
|
-
description?: string;
|
|
309
309
|
evaluate?: {
|
|
310
|
-
reason?: string;
|
|
311
310
|
condition?: string;
|
|
312
311
|
result?: "allow" | "deny" | "escalate" | "limit" | "monitor" | "terminate";
|
|
312
|
+
reason?: string;
|
|
313
313
|
escalation?: {
|
|
314
|
-
timeout?: string;
|
|
315
314
|
to?: string;
|
|
315
|
+
timeout?: string;
|
|
316
316
|
requireJustification?: boolean;
|
|
317
317
|
autoDenyOnTimeout?: boolean;
|
|
318
318
|
};
|
|
@@ -320,31 +320,31 @@ declare const namespaceSchema: z.ZodObject<{
|
|
|
320
320
|
metadata?: Record<string, unknown>;
|
|
321
321
|
}[];
|
|
322
322
|
}, {
|
|
323
|
-
version?: string;
|
|
324
|
-
namespace?: string;
|
|
325
323
|
description?: string;
|
|
324
|
+
namespace?: string;
|
|
325
|
+
version?: string;
|
|
326
326
|
rules?: {
|
|
327
|
+
id?: string;
|
|
327
328
|
name?: string;
|
|
329
|
+
description?: string;
|
|
330
|
+
priority?: number;
|
|
328
331
|
enabled?: boolean;
|
|
329
332
|
when?: {
|
|
330
333
|
intentType?: string | string[];
|
|
331
334
|
entityType?: string | string[];
|
|
332
335
|
conditions?: {
|
|
333
|
-
operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equal" | "less_than_or_equal" | "in" | "not_in" | "contains" | "not_contains" | "matches" | "exists" | "not_exists";
|
|
334
|
-
field?: string;
|
|
335
336
|
value?: unknown;
|
|
337
|
+
field?: string;
|
|
338
|
+
operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equal" | "less_than_or_equal" | "in" | "not_in" | "contains" | "not_contains" | "matches" | "exists" | "not_exists";
|
|
336
339
|
}[];
|
|
337
340
|
};
|
|
338
|
-
priority?: number;
|
|
339
|
-
id?: string;
|
|
340
|
-
description?: string;
|
|
341
341
|
evaluate?: {
|
|
342
|
-
reason?: string;
|
|
343
342
|
condition?: string;
|
|
344
343
|
result?: "allow" | "deny" | "escalate" | "limit" | "monitor" | "terminate";
|
|
344
|
+
reason?: string;
|
|
345
345
|
escalation?: {
|
|
346
|
-
timeout?: string;
|
|
347
346
|
to?: string;
|
|
347
|
+
timeout?: string;
|
|
348
348
|
requireJustification?: boolean;
|
|
349
349
|
autoDenyOnTimeout?: boolean;
|
|
350
350
|
};
|
package/dist/basis/parser.js
CHANGED
|
@@ -67,7 +67,7 @@ const ruleSchema = z.object({
|
|
|
67
67
|
enabled: z.boolean().default(true),
|
|
68
68
|
when: whenSchema,
|
|
69
69
|
evaluate: z.array(evaluationSchema),
|
|
70
|
-
metadata: z.record(z.unknown()).default({}),
|
|
70
|
+
metadata: z.record(z.string(), z.unknown()).default({}),
|
|
71
71
|
});
|
|
72
72
|
/**
|
|
73
73
|
* Schema for rule namespace
|
|
@@ -125,7 +125,7 @@ export function validateRule(definition) {
|
|
|
125
125
|
if (error instanceof z.ZodError) {
|
|
126
126
|
return {
|
|
127
127
|
valid: false,
|
|
128
|
-
errors: error.
|
|
128
|
+
errors: (error.issues ?? []).map((e) => `${e.path.join('.')}: ${e.message}`),
|
|
129
129
|
};
|
|
130
130
|
}
|
|
131
131
|
return { valid: false, errors: ['Unknown validation error'] };
|
|
@@ -143,7 +143,7 @@ export function validateNamespace(definition) {
|
|
|
143
143
|
if (error instanceof z.ZodError) {
|
|
144
144
|
return {
|
|
145
145
|
valid: false,
|
|
146
|
-
errors: error.
|
|
146
|
+
errors: (error.issues ?? []).map((e) => `${e.path.join('.')}: ${e.message}`),
|
|
147
147
|
};
|
|
148
148
|
}
|
|
149
149
|
return { valid: false, errors: ['Unknown validation error'] };
|
package/dist/basis/parser.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"parser.js","sourceRoot":"","sources":["../../src/basis/parser.ts"],"names":[],"mappings":"AAAA,sCAAsC;AACtC,iCAAiC;AAEjC;;;;GAIG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAGnD,MAAM,MAAM,GAAG,YAAY,CAAC,EAAE,SAAS,EAAE,cAAc,EAAE,CAAC,CAAC;AAE3D;;GAEG;AACH,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;IACjB,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC;QACf,QAAQ;QACR,YAAY;QACZ,cAAc;QACd,WAAW;QACX,uBAAuB;QACvB,oBAAoB;QACpB,IAAI;QACJ,QAAQ;QACR,UAAU;QACV,cAAc;QACd,SAAS;QACT,QAAQ;QACR,YAAY;KACb,CAAC;IACF,KAAK,EAAE,CAAC,CAAC,OAAO,EAAE;CACnB,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1B,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACjE,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACjE,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,QAAQ,EAAE;CAChD,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChC,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE;IACd,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;IACnB,oBAAoB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC5C,iBAAiB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC1C,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;IAC9E,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,UAAU,EAAE,gBAAgB,CAAC,QAAQ,EAAE;CACxC,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1B,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;IACnC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC;IACjC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,IAAI,EAAE,UAAU;IAChB,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC;IACnC,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"parser.js","sourceRoot":"","sources":["../../src/basis/parser.ts"],"names":[],"mappings":"AAAA,sCAAsC;AACtC,iCAAiC;AAEjC;;;;GAIG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAGnD,MAAM,MAAM,GAAG,YAAY,CAAC,EAAE,SAAS,EAAE,cAAc,EAAE,CAAC,CAAC;AAE3D;;GAEG;AACH,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;IACjB,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC;QACf,QAAQ;QACR,YAAY;QACZ,cAAc;QACd,WAAW;QACX,uBAAuB;QACvB,oBAAoB;QACpB,IAAI;QACJ,QAAQ;QACR,UAAU;QACV,cAAc;QACd,SAAS;QACT,QAAQ;QACR,YAAY;KACb,CAAC;IACF,KAAK,EAAE,CAAC,CAAC,OAAO,EAAE;CACnB,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1B,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACjE,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACjE,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,QAAQ,EAAE;CAChD,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChC,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE;IACd,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;IACnB,oBAAoB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC5C,iBAAiB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC1C,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;IAC9E,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,UAAU,EAAE,gBAAgB,CAAC,QAAQ,EAAE;CACxC,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1B,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;IACnC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC;IACjC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,IAAI,EAAE,UAAU;IAChB,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC;IACnC,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;CACxD,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;IACnC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC;IACpC,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC;CAC3B,CAAC,CAAC;AAKH;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,UAAmB;IAChD,MAAM,MAAM,GAAG,eAAe,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IACjD,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAE3C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACrC,GAAG,CAAC;QACJ,IAAI,EAAE;YACJ,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU;YAC7B,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU;YAC7B,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACzC,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,KAAK,EAAE,CAAC,CAAC,KAAK;aACf,CAAC,CAAC;SACJ;QACD,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC/B,SAAS,EAAE,CAAC,CAAC,SAAS;YACtB,MAAM,EAAE,CAAC,CAAC,MAAM;YAChB,MAAM,EAAE,CAAC,CAAC,MAAM;YAChB,UAAU,EAAE,CAAC,CAAC,UAAU;SACzB,CAAC,CAAC;KACJ,CAAC,CAAW,CAAC;IAEd,MAAM,CAAC,IAAI,CACT,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,SAAS,EAAE,KAAK,CAAC,MAAM,EAAE,EACxD,kBAAkB,CACnB,CAAC;IAEF,OAAO;QACL,EAAE,EAAE,MAAM,CAAC,UAAU,EAAE;QACvB,IAAI,EAAE,MAAM,CAAC,SAAS;QACtB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,KAAK;QACL,SAAS,EAAE,SAAS;QACpB,SAAS,EAAE,SAAS;KACrB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,UAAmB;IAI9C,IAAI,CAAC;QACH,UAAU,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAC7B,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;IACrC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,CAAC,CAAC,QAAQ,EAAE,CAAC;YAChC,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,CAAC,KAAK,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;aAC7E,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,0BAA0B,CAAC,EAAE,CAAC;IAChE,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,UAAmB;IAInD,IAAI,CAAC;QACH,eAAe,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAClC,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;IACrC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,CAAC,CAAC,QAAQ,EAAE,CAAC;YAChC,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,CAAC,KAAK,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;aAC7E,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,0BAA0B,CAAC,EAAE,CAAC;IAChE,CAAC;AACH,CAAC"}
|
package/dist/common/config.d.ts
CHANGED
|
@@ -39,16 +39,16 @@ declare const configSchema: z.ZodObject<{
|
|
|
39
39
|
poolMin: z.ZodDefault<z.ZodNumber>;
|
|
40
40
|
poolMax: z.ZodDefault<z.ZodNumber>;
|
|
41
41
|
}, "strip", z.ZodTypeAny, {
|
|
42
|
-
user?: string;
|
|
43
42
|
name?: string;
|
|
43
|
+
user?: string;
|
|
44
44
|
port?: number;
|
|
45
45
|
host?: string;
|
|
46
46
|
password?: string;
|
|
47
47
|
poolMin?: number;
|
|
48
48
|
poolMax?: number;
|
|
49
49
|
}, {
|
|
50
|
-
user?: string;
|
|
51
50
|
name?: string;
|
|
51
|
+
user?: string;
|
|
52
52
|
port?: number;
|
|
53
53
|
host?: string;
|
|
54
54
|
password?: string;
|
|
@@ -141,6 +141,11 @@ declare const configSchema: z.ZodObject<{
|
|
|
141
141
|
maxConcurrent?: number;
|
|
142
142
|
}>;
|
|
143
143
|
}, "strip", z.ZodTypeAny, {
|
|
144
|
+
basis?: {
|
|
145
|
+
evalTimeout?: number;
|
|
146
|
+
maxRules?: number;
|
|
147
|
+
cacheEnabled?: boolean;
|
|
148
|
+
};
|
|
144
149
|
cognigate?: {
|
|
145
150
|
timeout?: number;
|
|
146
151
|
maxMemoryMb?: number;
|
|
@@ -153,8 +158,8 @@ declare const configSchema: z.ZodObject<{
|
|
|
153
158
|
retentionDays?: number;
|
|
154
159
|
};
|
|
155
160
|
database?: {
|
|
156
|
-
user?: string;
|
|
157
161
|
name?: string;
|
|
162
|
+
user?: string;
|
|
158
163
|
port?: number;
|
|
159
164
|
host?: string;
|
|
160
165
|
password?: string;
|
|
@@ -169,18 +174,13 @@ declare const configSchema: z.ZodObject<{
|
|
|
169
174
|
rateLimit?: number;
|
|
170
175
|
apiKey?: string;
|
|
171
176
|
};
|
|
172
|
-
basis?: {
|
|
173
|
-
evalTimeout?: number;
|
|
174
|
-
maxRules?: number;
|
|
175
|
-
cacheEnabled?: boolean;
|
|
176
|
-
};
|
|
177
177
|
trust?: {
|
|
178
178
|
calcInterval?: number;
|
|
179
179
|
cacheTtl?: number;
|
|
180
180
|
decayRate?: number;
|
|
181
181
|
};
|
|
182
182
|
env?: "production" | "development" | "staging";
|
|
183
|
-
logLevel?: "
|
|
183
|
+
logLevel?: "error" | "warn" | "info" | "debug";
|
|
184
184
|
redis?: {
|
|
185
185
|
port?: number;
|
|
186
186
|
host?: string;
|
|
@@ -193,6 +193,11 @@ declare const configSchema: z.ZodObject<{
|
|
|
193
193
|
refreshExpiration?: string;
|
|
194
194
|
};
|
|
195
195
|
}, {
|
|
196
|
+
basis?: {
|
|
197
|
+
evalTimeout?: number;
|
|
198
|
+
maxRules?: number;
|
|
199
|
+
cacheEnabled?: boolean;
|
|
200
|
+
};
|
|
196
201
|
cognigate?: {
|
|
197
202
|
timeout?: number;
|
|
198
203
|
maxMemoryMb?: number;
|
|
@@ -205,8 +210,8 @@ declare const configSchema: z.ZodObject<{
|
|
|
205
210
|
retentionDays?: number;
|
|
206
211
|
};
|
|
207
212
|
database?: {
|
|
208
|
-
user?: string;
|
|
209
213
|
name?: string;
|
|
214
|
+
user?: string;
|
|
210
215
|
port?: number;
|
|
211
216
|
host?: string;
|
|
212
217
|
password?: string;
|
|
@@ -221,18 +226,13 @@ declare const configSchema: z.ZodObject<{
|
|
|
221
226
|
rateLimit?: number;
|
|
222
227
|
apiKey?: string;
|
|
223
228
|
};
|
|
224
|
-
basis?: {
|
|
225
|
-
evalTimeout?: number;
|
|
226
|
-
maxRules?: number;
|
|
227
|
-
cacheEnabled?: boolean;
|
|
228
|
-
};
|
|
229
229
|
trust?: {
|
|
230
230
|
calcInterval?: number;
|
|
231
231
|
cacheTtl?: number;
|
|
232
232
|
decayRate?: number;
|
|
233
233
|
};
|
|
234
234
|
env?: "production" | "development" | "staging";
|
|
235
|
-
logLevel?: "
|
|
235
|
+
logLevel?: "error" | "warn" | "info" | "debug";
|
|
236
236
|
redis?: {
|
|
237
237
|
port?: number;
|
|
238
238
|
host?: string;
|
|
@@ -0,0 +1,134 @@
|
|
|
1
|
+
import type { TrustLevel, ID } from '../common/types.js';
|
|
2
|
+
/**
|
|
3
|
+
* The fast-path verdict. CONDITIONAL means the request cannot be resolved
|
|
4
|
+
* by the matrix and must fall through to the full policy evaluation.
|
|
5
|
+
*/
|
|
6
|
+
export type FastPathVerdict = 'ALLOW' | 'DENY' | 'CONDITIONAL';
|
|
7
|
+
/**
|
|
8
|
+
* Action types recognised by the decision matrix.
|
|
9
|
+
*/
|
|
10
|
+
export type ActionType = 'read' | 'write' | 'delete' | 'execute' | 'transfer';
|
|
11
|
+
/**
|
|
12
|
+
* Risk levels recognised by the decision matrix.
|
|
13
|
+
*/
|
|
14
|
+
export type RiskLevel = 'read' | 'low' | 'medium' | 'high' | 'critical';
|
|
15
|
+
/**
|
|
16
|
+
* A single cell in the decision matrix.
|
|
17
|
+
*/
|
|
18
|
+
export interface MatrixCell {
|
|
19
|
+
verdict: FastPathVerdict;
|
|
20
|
+
reasoning: string;
|
|
21
|
+
}
|
|
22
|
+
/**
|
|
23
|
+
* The decision matrix key is a composite string: `${trustTier}:${actionType}:${riskLevel}`.
|
|
24
|
+
*/
|
|
25
|
+
export type MatrixKey = string;
|
|
26
|
+
/**
|
|
27
|
+
* Policy thresholds used to build the matrix.
|
|
28
|
+
*/
|
|
29
|
+
export interface FastPathThresholds {
|
|
30
|
+
/** Trust tier at or above which actions are auto-approved (default: 4) */
|
|
31
|
+
autoApproveTier: TrustLevel;
|
|
32
|
+
/** Trust tier below which refinement is required (default: 2) */
|
|
33
|
+
requireRefinementTier: TrustLevel;
|
|
34
|
+
/** Trust tier below which actions are auto-denied (default: 0) */
|
|
35
|
+
autoDenyTier: TrustLevel;
|
|
36
|
+
}
|
|
37
|
+
/**
|
|
38
|
+
* Configuration for FastPathEnforcer.
|
|
39
|
+
*/
|
|
40
|
+
export interface FastPathConfig {
|
|
41
|
+
thresholds: FastPathThresholds;
|
|
42
|
+
/** Trust tiers to include in the matrix (default: 0-7) */
|
|
43
|
+
trustTiers?: TrustLevel[];
|
|
44
|
+
/** Action types to include (default: all) */
|
|
45
|
+
actionTypes?: ActionType[];
|
|
46
|
+
/** Risk levels to include (default: all) */
|
|
47
|
+
riskLevels?: RiskLevel[];
|
|
48
|
+
}
|
|
49
|
+
/**
|
|
50
|
+
* Enforcement request input for fast-path check.
|
|
51
|
+
*/
|
|
52
|
+
export interface FastPathRequest {
|
|
53
|
+
agentId: ID;
|
|
54
|
+
trustTier: TrustLevel;
|
|
55
|
+
actionType: string;
|
|
56
|
+
riskLevel: string;
|
|
57
|
+
/** If true, the request has policy-engine conditions that require full evaluation */
|
|
58
|
+
hasConditionalRules?: boolean;
|
|
59
|
+
}
|
|
60
|
+
/**
|
|
61
|
+
* Fast-path result.
|
|
62
|
+
*/
|
|
63
|
+
export interface FastPathResult {
|
|
64
|
+
hit: boolean;
|
|
65
|
+
verdict: FastPathVerdict;
|
|
66
|
+
reasoning: string;
|
|
67
|
+
lookupTimeNs?: number;
|
|
68
|
+
}
|
|
69
|
+
/**
|
|
70
|
+
* Metrics snapshot.
|
|
71
|
+
*/
|
|
72
|
+
export interface FastPathMetrics {
|
|
73
|
+
fastPathHits: number;
|
|
74
|
+
fastPathMisses: number;
|
|
75
|
+
fastPathHitRate: number;
|
|
76
|
+
fastPathMissRate: number;
|
|
77
|
+
avgFastPathLatencyMs: number;
|
|
78
|
+
avgFullEvalLatencyMs: number;
|
|
79
|
+
matrixSize: number;
|
|
80
|
+
}
|
|
81
|
+
export declare class FastPathEnforcer {
|
|
82
|
+
private matrix;
|
|
83
|
+
private thresholds;
|
|
84
|
+
private trustTiers;
|
|
85
|
+
private actionTypes;
|
|
86
|
+
private riskLevels;
|
|
87
|
+
private _hits;
|
|
88
|
+
private _misses;
|
|
89
|
+
private _totalFastPathLatencyMs;
|
|
90
|
+
private _totalFullEvalLatencyMs;
|
|
91
|
+
private _fullEvalCount;
|
|
92
|
+
constructor(config?: Partial<FastPathConfig>);
|
|
93
|
+
/**
|
|
94
|
+
* Check the fast-path decision matrix for an enforcement request.
|
|
95
|
+
*
|
|
96
|
+
* Returns `hit: true` with a definitive ALLOW or DENY when the matrix
|
|
97
|
+
* can resolve the request without full policy evaluation.
|
|
98
|
+
*
|
|
99
|
+
* Returns `hit: false` with verdict CONDITIONAL when the request must
|
|
100
|
+
* fall through to the full pipeline.
|
|
101
|
+
*/
|
|
102
|
+
check(request: FastPathRequest): FastPathResult;
|
|
103
|
+
/**
|
|
104
|
+
* Rebuild the decision matrix from current thresholds.
|
|
105
|
+
* Call this when policies change.
|
|
106
|
+
*/
|
|
107
|
+
rebuildMatrix(thresholds?: FastPathThresholds): void;
|
|
108
|
+
/**
|
|
109
|
+
* Get the raw matrix size (number of pre-computed cells).
|
|
110
|
+
*/
|
|
111
|
+
get matrixSize(): number;
|
|
112
|
+
/**
|
|
113
|
+
* Get a specific matrix cell for inspection/debugging.
|
|
114
|
+
*/
|
|
115
|
+
getCell(trustTier: TrustLevel, actionType: ActionType, riskLevel: RiskLevel): MatrixCell | undefined;
|
|
116
|
+
/**
|
|
117
|
+
* Record a full evaluation latency (for metrics comparison).
|
|
118
|
+
* Call this from the pipeline optimizer when a full eval is performed.
|
|
119
|
+
*/
|
|
120
|
+
recordFullEvalLatency(latencyMs: number): void;
|
|
121
|
+
getMetrics(): FastPathMetrics;
|
|
122
|
+
resetMetrics(): void;
|
|
123
|
+
private buildKey;
|
|
124
|
+
/**
|
|
125
|
+
* Compute a single matrix cell.
|
|
126
|
+
*
|
|
127
|
+
* The logic mirrors TrustAwareEnforcementService.determineTier() but
|
|
128
|
+
* without evaluation context (no specific violated rules). This means
|
|
129
|
+
* we can only produce definitive answers for cases that DON'T depend on
|
|
130
|
+
* per-request policy evaluation results.
|
|
131
|
+
*/
|
|
132
|
+
private computeCell;
|
|
133
|
+
}
|
|
134
|
+
//# sourceMappingURL=fast-path.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"fast-path.d.ts","sourceRoot":"","sources":["../../src/enforce/fast-path.ts"],"names":[],"mappings":"AAyBA,OAAO,KAAK,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,oBAAoB,CAAC;AAQzD;;;GAGG;AACH,MAAM,MAAM,eAAe,GAAG,OAAO,GAAG,MAAM,GAAG,aAAa,CAAC;AAE/D;;GAEG;AACH,MAAM,MAAM,UAAU,GAAG,MAAM,GAAG,OAAO,GAAG,QAAQ,GAAG,SAAS,GAAG,UAAU,CAAC;AAE9E;;GAEG;AACH,MAAM,MAAM,SAAS,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAExE;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,eAAe,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,MAAM,SAAS,GAAG,MAAM,CAAC;AAE/B;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,0EAA0E;IAC1E,eAAe,EAAE,UAAU,CAAC;IAC5B,iEAAiE;IACjE,qBAAqB,EAAE,UAAU,CAAC;IAClC,kEAAkE;IAClE,YAAY,EAAE,UAAU,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,kBAAkB,CAAC;IAC/B,0DAA0D;IAC1D,UAAU,CAAC,EAAE,UAAU,EAAE,CAAC;IAC1B,6CAA6C;IAC7C,WAAW,CAAC,EAAE,UAAU,EAAE,CAAC;IAC3B,4CAA4C;IAC5C,UAAU,CAAC,EAAE,SAAS,EAAE,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,EAAE,CAAC;IACZ,SAAS,EAAE,UAAU,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,qFAAqF;IACrF,mBAAmB,CAAC,EAAE,OAAO,CAAC;CAC/B;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,GAAG,EAAE,OAAO,CAAC;IACb,OAAO,EAAE,eAAe,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;IACvB,eAAe,EAAE,MAAM,CAAC;IACxB,gBAAgB,EAAE,MAAM,CAAC;IACzB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;CACpB;AAoBD,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,MAAM,CAAoC;IAClD,OAAO,CAAC,UAAU,CAAqB;IACvC,OAAO,CAAC,UAAU,CAAe;IACjC,OAAO,CAAC,WAAW,CAAe;IAClC,OAAO,CAAC,UAAU,CAAc;IAGhC,OAAO,CAAC,KAAK,CAAK;IAClB,OAAO,CAAC,OAAO,CAAK;IACpB,OAAO,CAAC,uBAAuB,CAAK;IACpC,OAAO,CAAC,uBAAuB,CAAK;IACpC,OAAO,CAAC,cAAc,CAAK;gBAEf,MAAM,CAAC,EAAE,OAAO,CAAC,cAAc,CAAC;IAa5C;;;;;;;;OAQG;IACH,KAAK,CAAC,OAAO,EAAE,eAAe,GAAG,cAAc;IA+C/C;;;OAGG;IACH,aAAa,CAAC,UAAU,CAAC,EAAE,kBAAkB,GAAG,IAAI;IAsBpD;;OAEG;IACH,IAAI,UAAU,IAAI,MAAM,CAEvB;IAED;;OAEG;IACH,OAAO,CAAC,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,GAAG,UAAU,GAAG,SAAS;IAQpG;;;OAGG;IACH,qBAAqB,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;IAS9C,UAAU,IAAI,eAAe;IAa7B,YAAY,IAAI,IAAI;IAYpB,OAAO,CAAC,QAAQ;IAIhB;;;;;;;OAOG;IACH,OAAO,CAAC,WAAW;CAiFpB"}
|