aegis-mcp-server 0.1.15 → 0.1.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +98 -98
- package/dist/services/policy-loader.d.ts +22 -0
- package/dist/services/policy-loader.d.ts.map +1 -1
- package/dist/services/policy-loader.js +56 -0
- package/dist/services/policy-loader.js.map +1 -1
- package/dist/tools/file-tools.d.ts +13 -3
- package/dist/tools/file-tools.d.ts.map +1 -1
- package/dist/tools/file-tools.js +270 -25
- package/dist/tools/file-tools.js.map +1 -1
- package/package.json +1 -1
- package/src/services/policy-loader.ts +65 -0
- package/src/tools/file-tools.ts +303 -26
- package/.github/workflows/publish.yml +0 -47
package/README.md
CHANGED
|
@@ -1,141 +1,141 @@
|
|
|
1
|
-
#
|
|
1
|
+
# aegis-mcp-server
|
|
2
|
+
<!-- mcp-name: io.github.cleburn/aegis-mcp -->
|
|
3
|
+
**MCP enforcement layer for the [Aegis](https://github.com/cleburn/aegis-spec) agent governance specification.**
|
|
2
4
|
|
|
3
|
-
The
|
|
5
|
+
The spec writes the law. The CLI generates the law. This enforces the law.
|
|
4
6
|
|
|
5
|
-
|
|
7
|
+
## What It Does
|
|
6
8
|
|
|
7
|
-
|
|
9
|
+
`aegis-mcp-server` is an MCP server that validates every agent action against your `.agentpolicy/` files **before** it happens. Path permissions, content scanning, role boundaries, quality gates — all enforced at runtime with zero token overhead to the agent.
|
|
8
10
|
|
|
9
|
-
|
|
11
|
+
The agent never loads your governance files. The MCP server reads them into its own process memory and validates silently. The agent calls governed tools and gets back either a success or a blocked response with the specific reason.
|
|
10
12
|
|
|
11
|
-
|
|
12
|
-
- **Adam Jones** (Anthropic) [@domdomegg](https://github.com/domdomegg)
|
|
13
|
-
- **Tadas Antanavicius** (PulseMCP) [@tadasant](https://github.com/tadasant)
|
|
14
|
-
- **Toby Padilla** (GitHub) [@toby](https://github.com/toby)
|
|
13
|
+
## Quick Start
|
|
15
14
|
|
|
16
|
-
|
|
15
|
+
```bash
|
|
16
|
+
# Install globally
|
|
17
|
+
npm install -g aegis-mcp-server
|
|
18
|
+
```
|
|
17
19
|
|
|
18
|
-
|
|
20
|
+
If you generated your policy with [aegis-cli](https://github.com/cleburn/aegis-cli), the `.mcp.json` connection config is already in your project root. Just install the MCP and open your agent — it connects automatically.
|
|
19
21
|
|
|
20
|
-
|
|
22
|
+
### First Prompt
|
|
21
23
|
|
|
22
|
-
|
|
23
|
-
- **[Discussions](https://github.com/modelcontextprotocol/registry/discussions)** - Propose and discuss product/technical requirements
|
|
24
|
-
- **[Issues](https://github.com/modelcontextprotocol/registry/issues)** - Track well-scoped technical work
|
|
25
|
-
- **[Pull Requests](https://github.com/modelcontextprotocol/registry/pulls)** - Contribute work towards issues
|
|
24
|
+
When starting a new agent session in a governed project, use this as your first prompt:
|
|
26
25
|
|
|
27
|
-
|
|
26
|
+
```
|
|
27
|
+
Call aegis_policy_summary now. This is your governance contract — it defines your
|
|
28
|
+
role, your boundaries, and which tools to use. Do not take any action until you have
|
|
29
|
+
called this tool and received confirmation from the user to proceed.
|
|
30
|
+
```
|
|
28
31
|
|
|
29
|
-
|
|
32
|
+
For initial builds, the [Aegis CLI](https://github.com/cleburn/aegis-cli) generates a custom handoff prompt tailored to your project — use that instead.
|
|
30
33
|
|
|
31
|
-
|
|
32
|
-
- **Go 1.24.x**
|
|
33
|
-
- **golangci-lint v2.4.0**
|
|
34
|
+
## How It Works
|
|
34
35
|
|
|
35
|
-
|
|
36
|
+
### Universal Mode (Default)
|
|
36
37
|
|
|
37
|
-
|
|
38
|
-
# Start full development environment
|
|
39
|
-
make dev-compose
|
|
40
|
-
```
|
|
38
|
+
The MCP starts without a pre-assigned role. When the agent calls `aegis_policy_summary`, it receives the list of available roles — including the built-in **construction** role and all specialist roles from `.agentpolicy/roles/`. The agent presents them to the user, the user picks, and the agent calls `aegis_select_role` to lock in. All enforcement uses the selected role for the rest of the session.
|
|
41
39
|
|
|
42
|
-
This
|
|
40
|
+
This is the default behavior — no configuration needed beyond the `.mcp.json` that `aegis init` creates automatically.
|
|
43
41
|
|
|
44
|
-
|
|
42
|
+
### Construction Mode
|
|
45
43
|
|
|
46
|
-
|
|
47
|
-
<summary>Alternative: Running a pre-built Docker image</summary>
|
|
44
|
+
The **construction** role is always available for initial builds and major restructuring. When selected:
|
|
48
45
|
|
|
49
|
-
|
|
46
|
+
- The agent has full repository access (all paths writable and readable)
|
|
47
|
+
- The `.agentpolicy/` files serve as the blueprint — the agent reads constitution, governance, and role files to understand the project's architecture, conventions, and quality standards
|
|
48
|
+
- File operations run through native tools rather than governed tools, for speed
|
|
49
|
+
- The MCP logs the construction session start to `state/overrides.jsonl` with a timestamp and `human_confirmed: true`
|
|
50
|
+
- When the build is complete, the agent calls `aegis_complete_task` to run quality gates and close construction mode — the closing timestamp is logged alongside the opening entry
|
|
51
|
+
- All future sessions after construction should select a specialist role for governed operations
|
|
50
52
|
|
|
51
|
-
|
|
52
|
-
# Run latest stable release
|
|
53
|
-
docker run -p 8080:8080 ghcr.io/modelcontextprotocol/registry:latest
|
|
53
|
+
Construction mode is not a bypass — the agent still follows the governance files as its blueprint. It's a speed optimization for greenfield builds where enforcing write restrictions on every file would be counterproductive.
|
|
54
54
|
|
|
55
|
-
|
|
56
|
-
docker run -p 8080:8080 ghcr.io/modelcontextprotocol/registry:main
|
|
55
|
+
### Fixed Mode
|
|
57
56
|
|
|
58
|
-
|
|
59
|
-
docker run -p 8080:8080 ghcr.io/modelcontextprotocol/registry:v1.0.0
|
|
57
|
+
If you know which role to assign at startup:
|
|
60
58
|
|
|
61
|
-
|
|
62
|
-
|
|
59
|
+
```json
|
|
60
|
+
{
|
|
61
|
+
"mcpServers": {
|
|
62
|
+
"aegis": {
|
|
63
|
+
"command": "aegis-mcp",
|
|
64
|
+
"args": ["--project", ".", "--role", "backend"]
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
}
|
|
63
68
|
```
|
|
64
69
|
|
|
65
|
-
|
|
66
|
-
- **Releases**: `latest`, `v1.0.0`, `v1.1.0`, etc.
|
|
67
|
-
- **Continuous**: `main` (latest main branch build)
|
|
68
|
-
- **Development**: `main-<date>-<sha>` (specific commit builds)
|
|
70
|
+
The MCP locks to that role immediately. `aegis_policy_summary` returns the role's boundaries directly, skipping role selection.
|
|
69
71
|
|
|
70
|
-
|
|
72
|
+
## Tools
|
|
71
73
|
|
|
72
|
-
|
|
74
|
+
| Tool | What it does | Token cost |
|
|
75
|
+
|------|-------------|------------|
|
|
76
|
+
| `aegis_policy_summary` | Role boundaries and governance summary (or available roles in universal mode) | ~200 tokens |
|
|
77
|
+
| `aegis_select_role` | Select a role (including construction) in universal mode | Tiny |
|
|
78
|
+
| `aegis_check_permissions` | Pre-check if an operation is allowed | Tiny |
|
|
79
|
+
| `aegis_write_file` | Governed write with path + content validation | Same as a normal write |
|
|
80
|
+
| `aegis_read_file` | Governed read with path validation | Same as a normal read |
|
|
81
|
+
| `aegis_delete_file` | Governed delete with path validation | Tiny |
|
|
82
|
+
| `aegis_execute` | Governed command execution | Command output only |
|
|
83
|
+
| `aegis_complete_task` | Run quality gates and close construction mode if active | Gate results only |
|
|
84
|
+
| `aegis_request_override` | Execute a blocked action after human confirmation | Tiny |
|
|
73
85
|
|
|
74
|
-
|
|
86
|
+
## Zero Token Overhead
|
|
75
87
|
|
|
76
|
-
|
|
77
|
-
# Build the latest CLI
|
|
78
|
-
make publisher
|
|
88
|
+
Traditional approach: load governance files into the agent's context window. Token cost scales with policy complexity.
|
|
79
89
|
|
|
80
|
-
|
|
81
|
-
./bin/mcp-publisher --help
|
|
82
|
-
```
|
|
90
|
+
Aegis MCP approach: the server loads policy into its own process memory. The agent calls tools and gets structured results. A project with 200 lines of governance has the same token cost as one with 20 lines. The complexity is absorbed by the server, not the agent.
|
|
83
91
|
|
|
84
|
-
|
|
92
|
+
## Enforcement
|
|
85
93
|
|
|
86
|
-
|
|
94
|
+
- **Governance boundaries** — `writable`, `read_only`, `forbidden` path lists
|
|
95
|
+
- **Role scoping** — agents confined to their role's writable and readable paths
|
|
96
|
+
- **Sensitive pattern detection** — content scanned against governance-defined regex patterns (content only, not path-based)
|
|
97
|
+
- **Cross-domain boundaries** — imports validated against shared interface rules
|
|
98
|
+
- **Quality gate validation** — `pre_commit` flags mapped to `build_commands` and executed
|
|
99
|
+
- **Override logging** — every blocked action logged to append-only `overrides.jsonl`
|
|
100
|
+
- **Immutable policies** — designated rules that cannot be overridden, ever
|
|
101
|
+
- **Construction session logging** — start and end timestamps for initial builds
|
|
87
102
|
|
|
88
|
-
|
|
89
|
-
# Run lint, unit tests and integration tests
|
|
90
|
-
make check
|
|
91
|
-
```
|
|
103
|
+
## Override Protocol
|
|
92
104
|
|
|
93
|
-
|
|
105
|
+
When an action is blocked and the governance override behavior is `warn_confirm_and_log`:
|
|
94
106
|
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
107
|
+
1. The blocked response includes an `override_token` and the specific policy violated
|
|
108
|
+
2. The agent presents the violation to the user
|
|
109
|
+
3. If the user confirms, the agent calls `aegis_request_override` with the token and the user's rationale
|
|
110
|
+
4. The action proceeds — the override is logged with `human_confirmed: true`
|
|
111
|
+
5. Normal governance resumes immediately — the override is a one-time exception
|
|
98
112
|
|
|
99
|
-
|
|
113
|
+
Immutable policies (e.g., HIPAA compliance, ITAR data sovereignty, audit completeness) return `override_available: false` and cannot be overridden. The user must modify the governance through `aegis init`.
|
|
114
|
+
|
|
115
|
+
## Consent-Based Governance
|
|
100
116
|
|
|
101
|
-
|
|
117
|
+
The Aegis MCP does not override the agent's native directives. It introduces itself through tool descriptions, explains why governance is active, and asks the agent to seek user permission to route write operations through Aegis tools. The user's authority is the enforcement mechanism.
|
|
118
|
+
|
|
119
|
+
Native tools for reading, searching, and exploring the codebase work fine without governance gating. Only write, delete, and execute operations benefit from routing through Aegis.
|
|
120
|
+
|
|
121
|
+
## Architecture
|
|
102
122
|
|
|
103
123
|
```
|
|
104
|
-
|
|
105
|
-
│
|
|
106
|
-
├──
|
|
107
|
-
├──
|
|
108
|
-
├──
|
|
109
|
-
├──
|
|
110
|
-
|
|
111
|
-
│ ├── auth/ # Authentication (GitHub OAuth, JWT, namespace blocking)
|
|
112
|
-
│ ├── config/ # Configuration management
|
|
113
|
-
│ ├── database/ # Data persistence (PostgreSQL)
|
|
114
|
-
│ ├── service/ # Business logic
|
|
115
|
-
│ ├── telemetry/ # Metrics and monitoring
|
|
116
|
-
│ └── validators/ # Input validation
|
|
117
|
-
├── pkg/ # Public packages
|
|
118
|
-
│ ├── api/ # API types and structures
|
|
119
|
-
│ │ └── v0/ # Version 0 API types
|
|
120
|
-
│ └── model/ # Data models for server.json
|
|
121
|
-
├── scripts/ # Development and testing scripts
|
|
122
|
-
├── tests/ # Integration tests
|
|
123
|
-
└── tools/ # CLI tools and utilities
|
|
124
|
-
└── validate-*.sh # Schema validation tools
|
|
124
|
+
Agent ──→ aegis-mcp-server ──→ File System
|
|
125
|
+
│
|
|
126
|
+
├── Loads .agentpolicy/ into process memory (once)
|
|
127
|
+
├── Watches for policy changes (auto-reload)
|
|
128
|
+
├── Validates every tool call against policy
|
|
129
|
+
├── Returns success or blocked with override option
|
|
130
|
+
└── Logs all enforcement decisions to overrides.jsonl
|
|
125
131
|
```
|
|
126
132
|
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
Publishing supports multiple authentication methods:
|
|
130
|
-
- **GitHub OAuth** - For publishing by logging into GitHub
|
|
131
|
-
- **GitHub OIDC** - For publishing from GitHub Actions
|
|
132
|
-
- **DNS verification** - For proving ownership of a domain and its subdomains
|
|
133
|
-
- **HTTP verification** - For proving ownership of a domain
|
|
133
|
+
Three artifacts, one governance framework:
|
|
134
134
|
|
|
135
|
-
|
|
136
|
-
-
|
|
137
|
-
-
|
|
135
|
+
- [**aegis-spec**](https://github.com/cleburn/aegis-spec) — The governance standard
|
|
136
|
+
- [**aegis-cli**](https://github.com/cleburn/aegis-cli) — Generates the governance
|
|
137
|
+
- **aegis-mcp-server** — Enforces the governance
|
|
138
138
|
|
|
139
|
-
##
|
|
139
|
+
## License
|
|
140
140
|
|
|
141
|
-
|
|
141
|
+
MIT
|
|
@@ -7,6 +7,11 @@
|
|
|
7
7
|
* Supports "auto" role mode: when config.role is "auto" (or not specified),
|
|
8
8
|
* no role is locked at startup. The agent selects a role at runtime via
|
|
9
9
|
* aegis_select_role, and all enforcement uses the selected role thereafter.
|
|
10
|
+
*
|
|
11
|
+
* Construction mode: The "construction" role is always available for initial
|
|
12
|
+
* builds and major restructuring. It grants full repo access using native
|
|
13
|
+
* tools, with governance files serving as the blueprint. The MCP logs the
|
|
14
|
+
* session start and end to overrides.jsonl for audit trail purposes.
|
|
10
15
|
*/
|
|
11
16
|
import type { PolicyState, ResolvedRole, AegisMcpConfig } from '../types.js';
|
|
12
17
|
export declare class PolicyLoader {
|
|
@@ -15,6 +20,8 @@ export declare class PolicyLoader {
|
|
|
15
20
|
private watcher;
|
|
16
21
|
private onReload?;
|
|
17
22
|
private selectedRole;
|
|
23
|
+
private constructionMode;
|
|
24
|
+
private constructionStartedAt;
|
|
18
25
|
constructor(config: AegisMcpConfig);
|
|
19
26
|
/**
|
|
20
27
|
* Load all policy files into memory. Call once on startup.
|
|
@@ -40,12 +47,27 @@ export declare class PolicyLoader {
|
|
|
40
47
|
* Whether a role has been selected in auto mode.
|
|
41
48
|
*/
|
|
42
49
|
hasSelectedRole(): boolean;
|
|
50
|
+
/**
|
|
51
|
+
* Whether construction mode is currently active.
|
|
52
|
+
*/
|
|
53
|
+
isConstructionMode(): boolean;
|
|
54
|
+
/**
|
|
55
|
+
* Get the timestamp when construction mode was started.
|
|
56
|
+
*/
|
|
57
|
+
getConstructionStartedAt(): string | null;
|
|
43
58
|
/**
|
|
44
59
|
* Select a role in auto mode. Returns the resolved role, or null if not found.
|
|
60
|
+
* Recognizes "construction" as a synthetic role that activates construction mode.
|
|
45
61
|
*/
|
|
46
62
|
selectRole(roleId: string): ResolvedRole | null;
|
|
63
|
+
/**
|
|
64
|
+
* End construction mode. Called when aegis_complete_task fires
|
|
65
|
+
* during a construction session.
|
|
66
|
+
*/
|
|
67
|
+
endConstructionMode(): void;
|
|
47
68
|
/**
|
|
48
69
|
* Get all available roles as a summary list.
|
|
70
|
+
* Always includes the synthetic "construction" role.
|
|
49
71
|
*/
|
|
50
72
|
getAvailableRoles(): Array<{
|
|
51
73
|
id: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"policy-loader.d.ts","sourceRoot":"","sources":["../../src/services/policy-loader.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"policy-loader.d.ts","sourceRoot":"","sources":["../../src/services/policy-loader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAKH,OAAO,KAAK,EACV,WAAW,EAIX,YAAY,EACZ,cAAc,EACf,MAAM,aAAa,CAAC;AAgBrB,qBAAa,YAAY;IAQX,OAAO,CAAC,MAAM;IAP1B,OAAO,CAAC,KAAK,CAA4B;IACzC,OAAO,CAAC,OAAO,CAAyC;IACxD,OAAO,CAAC,QAAQ,CAAC,CAAa;IAC9B,OAAO,CAAC,YAAY,CAA6B;IACjD,OAAO,CAAC,gBAAgB,CAAS;IACjC,OAAO,CAAC,qBAAqB,CAAuB;gBAEhC,MAAM,EAAE,cAAc;IAE1C;;OAEG;IACG,IAAI,IAAI,OAAO,CAAC,WAAW,CAAC;IA4BlC;;OAEG;IACH,QAAQ,IAAI,WAAW;IAOvB;;OAEG;IACH,aAAa,CAAC,QAAQ,CAAC,EAAE,MAAM,IAAI,GAAG,IAAI;IAgB1C;;OAEG;IACG,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC;IAOnC;;OAEG;IACH,UAAU,IAAI,OAAO;IAIrB;;OAEG;IACH,eAAe,IAAI,OAAO;IAI1B;;OAEG;IACH,kBAAkB,IAAI,OAAO;IAI7B;;OAEG;IACH,wBAAwB,IAAI,MAAM,GAAG,IAAI;IAIzC;;;OAGG;IACH,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,YAAY,GAAG,IAAI;IAmB/C;;;OAGG;IACH,mBAAmB,IAAI,IAAI;IAK3B;;;OAGG;IACH,iBAAiB,IAAI,KAAK,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IAmBzE;;;;OAIG;IACH,aAAa,IAAI,YAAY;IAiD7B,OAAO,CAAC,gBAAgB;YAOV,QAAQ;YAYR,SAAS;IAyBvB;;OAEG;IACH,OAAO,CAAC,WAAW;YAoCL,YAAY;YAYZ,YAAY;IAQ1B,OAAO,CAAC,GAAG;CAGZ"}
|
|
@@ -7,16 +7,35 @@
|
|
|
7
7
|
* Supports "auto" role mode: when config.role is "auto" (or not specified),
|
|
8
8
|
* no role is locked at startup. The agent selects a role at runtime via
|
|
9
9
|
* aegis_select_role, and all enforcement uses the selected role thereafter.
|
|
10
|
+
*
|
|
11
|
+
* Construction mode: The "construction" role is always available for initial
|
|
12
|
+
* builds and major restructuring. It grants full repo access using native
|
|
13
|
+
* tools, with governance files serving as the blueprint. The MCP logs the
|
|
14
|
+
* session start and end to overrides.jsonl for audit trail purposes.
|
|
10
15
|
*/
|
|
11
16
|
import { readFile, readdir, access } from 'node:fs/promises';
|
|
12
17
|
import { join, basename } from 'node:path';
|
|
13
18
|
import { watch } from 'chokidar';
|
|
19
|
+
// ─── Construction Role (synthetic, always available) ────────────────────────
|
|
20
|
+
const CONSTRUCTION_ROLE = {
|
|
21
|
+
id: 'construction',
|
|
22
|
+
name: 'Construction',
|
|
23
|
+
purpose: 'Initial build or major restructuring — full repo access using native tools, governance files serve as blueprint. MCP logs the session but does not enforce write restrictions. Select this for greenfield builds or significant overhauls.',
|
|
24
|
+
writable_paths: ['**/*'],
|
|
25
|
+
secondary_paths: [],
|
|
26
|
+
excluded_paths: [],
|
|
27
|
+
readable_paths: ['**/*'],
|
|
28
|
+
autonomy: 'delegated',
|
|
29
|
+
forbidden_actions: [],
|
|
30
|
+
};
|
|
14
31
|
export class PolicyLoader {
|
|
15
32
|
config;
|
|
16
33
|
state = null;
|
|
17
34
|
watcher = null;
|
|
18
35
|
onReload;
|
|
19
36
|
selectedRole = null;
|
|
37
|
+
constructionMode = false;
|
|
38
|
+
constructionStartedAt = null;
|
|
20
39
|
constructor(config) {
|
|
21
40
|
this.config = config;
|
|
22
41
|
}
|
|
@@ -84,10 +103,31 @@ export class PolicyLoader {
|
|
|
84
103
|
hasSelectedRole() {
|
|
85
104
|
return this.selectedRole !== null;
|
|
86
105
|
}
|
|
106
|
+
/**
|
|
107
|
+
* Whether construction mode is currently active.
|
|
108
|
+
*/
|
|
109
|
+
isConstructionMode() {
|
|
110
|
+
return this.constructionMode;
|
|
111
|
+
}
|
|
112
|
+
/**
|
|
113
|
+
* Get the timestamp when construction mode was started.
|
|
114
|
+
*/
|
|
115
|
+
getConstructionStartedAt() {
|
|
116
|
+
return this.constructionStartedAt;
|
|
117
|
+
}
|
|
87
118
|
/**
|
|
88
119
|
* Select a role in auto mode. Returns the resolved role, or null if not found.
|
|
120
|
+
* Recognizes "construction" as a synthetic role that activates construction mode.
|
|
89
121
|
*/
|
|
90
122
|
selectRole(roleId) {
|
|
123
|
+
// Handle construction role selection
|
|
124
|
+
if (roleId === 'construction') {
|
|
125
|
+
this.selectedRole = CONSTRUCTION_ROLE;
|
|
126
|
+
this.constructionMode = true;
|
|
127
|
+
this.constructionStartedAt = new Date().toISOString();
|
|
128
|
+
this.log('Construction mode activated');
|
|
129
|
+
return CONSTRUCTION_ROLE;
|
|
130
|
+
}
|
|
91
131
|
const state = this.getState();
|
|
92
132
|
const role = state.roles.get(roleId);
|
|
93
133
|
if (!role)
|
|
@@ -96,12 +136,28 @@ export class PolicyLoader {
|
|
|
96
136
|
this.log(`Role selected: ${roleId}`);
|
|
97
137
|
return role;
|
|
98
138
|
}
|
|
139
|
+
/**
|
|
140
|
+
* End construction mode. Called when aegis_complete_task fires
|
|
141
|
+
* during a construction session.
|
|
142
|
+
*/
|
|
143
|
+
endConstructionMode() {
|
|
144
|
+
this.constructionMode = false;
|
|
145
|
+
this.log('Construction mode ended');
|
|
146
|
+
}
|
|
99
147
|
/**
|
|
100
148
|
* Get all available roles as a summary list.
|
|
149
|
+
* Always includes the synthetic "construction" role.
|
|
101
150
|
*/
|
|
102
151
|
getAvailableRoles() {
|
|
103
152
|
const state = this.getState();
|
|
104
153
|
const roles = [];
|
|
154
|
+
// Construction role is always first in the list
|
|
155
|
+
roles.push({
|
|
156
|
+
id: CONSTRUCTION_ROLE.id,
|
|
157
|
+
name: CONSTRUCTION_ROLE.name,
|
|
158
|
+
purpose: CONSTRUCTION_ROLE.purpose,
|
|
159
|
+
});
|
|
160
|
+
// Then all project-defined roles
|
|
105
161
|
for (const [id, role] of state.roles) {
|
|
106
162
|
roles.push({ id, name: role.name, purpose: role.purpose });
|
|
107
163
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"policy-loader.js","sourceRoot":"","sources":["../../src/services/policy-loader.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"policy-loader.js","sourceRoot":"","sources":["../../src/services/policy-loader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC7D,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EAAE,KAAK,EAAE,MAAM,UAAU,CAAC;AAUjC,+EAA+E;AAE/E,MAAM,iBAAiB,GAAiB;IACtC,EAAE,EAAE,cAAc;IAClB,IAAI,EAAE,cAAc;IACpB,OAAO,EAAE,4OAA4O;IACrP,cAAc,EAAE,CAAC,MAAM,CAAC;IACxB,eAAe,EAAE,EAAE;IACnB,cAAc,EAAE,EAAE;IAClB,cAAc,EAAE,CAAC,MAAM,CAAC;IACxB,QAAQ,EAAE,WAAW;IACrB,iBAAiB,EAAE,EAAE;CACtB,CAAC;AAEF,MAAM,OAAO,YAAY;IAQH;IAPZ,KAAK,GAAuB,IAAI,CAAC;IACjC,OAAO,GAAoC,IAAI,CAAC;IAChD,QAAQ,CAAc;IACtB,YAAY,GAAwB,IAAI,CAAC;IACzC,gBAAgB,GAAG,KAAK,CAAC;IACzB,qBAAqB,GAAkB,IAAI,CAAC;IAEpD,YAAoB,MAAsB;QAAtB,WAAM,GAAN,MAAM,CAAgB;IAAG,CAAC;IAE9C;;OAEG;IACH,KAAK,CAAC,IAAI;QACR,MAAM,SAAS,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC1C,MAAM,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAC;QAEvD,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,QAAQ,CACtC,IAAI,CAAC,SAAS,EAAE,mBAAmB,CAAC,EACpC,mBAAmB,CACpB,CAAC;QAEF,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,QAAQ,CACpC,IAAI,CAAC,SAAS,EAAE,iBAAiB,CAAC,EAClC,iBAAiB,CAClB,CAAC;QAEF,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC;QAE7D,IAAI,CAAC,KAAK,GAAG;YACX,YAAY;YACZ,UAAU;YACV,KAAK;YACL,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW;YACpC,SAAS;SACV,CAAC;QAEF,IAAI,CAAC,GAAG,CAAC,kBAAkB,KAAK,CAAC,IAAI,UAAU,CAAC,CAAC;QACjD,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED;;OAEG;IACH,QAAQ;QACN,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,QAAqB;QACjC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,MAAM,SAAS,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAE1C,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC,SAAS,EAAE;YAC9B,aAAa,EAAE,IAAI;YACnB,gBAAgB,EAAE,EAAE,kBAAkB,EAAE,GAAG,EAAE;SAC9C,CAAC,CAAC;QAEH,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;QAC7D,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;QAC1D,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;QAE7D,IAAI,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;IACpD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY;QAChB,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YAC3B,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACtB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,UAAU;QACR,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,MAAM,CAAC;IACrC,CAAC;IAED;;OAEG;IACH,eAAe;QACb,OAAO,IAAI,CAAC,YAAY,KAAK,IAAI,CAAC;IACpC,CAAC;IAED;;OAEG;IACH,kBAAkB;QAChB,OAAO,IAAI,CAAC,gBAAgB,CAAC;IAC/B,CAAC;IAED;;OAEG;IACH,wBAAwB;QACtB,OAAO,IAAI,CAAC,qBAAqB,CAAC;IACpC,CAAC;IAED;;;OAGG;IACH,UAAU,CAAC,MAAc;QACvB,qCAAqC;QACrC,IAAI,MAAM,KAAK,cAAc,EAAE,CAAC;YAC9B,IAAI,CAAC,YAAY,GAAG,iBAAiB,CAAC;YACtC,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC;YAC7B,IAAI,CAAC,qBAAqB,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;YACtD,IAAI,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;YACxC,OAAO,iBAAiB,CAAC;QAC3B,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC9B,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACrC,IAAI,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC;QAEvB,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;QACzB,IAAI,CAAC,GAAG,CAAC,kBAAkB,MAAM,EAAE,CAAC,CAAC;QACrC,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;OAGG;IACH,mBAAmB;QACjB,IAAI,CAAC,gBAAgB,GAAG,KAAK,CAAC;QAC9B,IAAI,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;IACtC,CAAC;IAED;;;OAGG;IACH,iBAAiB;QACf,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC9B,MAAM,KAAK,GAAyD,EAAE,CAAC;QAEvE,gDAAgD;QAChD,KAAK,CAAC,IAAI,CAAC;YACT,EAAE,EAAE,iBAAiB,CAAC,EAAE;YACxB,IAAI,EAAE,iBAAiB,CAAC,IAAI;YAC5B,OAAO,EAAE,iBAAiB,CAAC,OAAO;SACnC,CAAC,CAAC;QAEH,iCAAiC;QACjC,KAAK,MAAM,CAAC,EAAE,EAAE,IAAI,CAAC,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;YACrC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;QAC7D,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;OAIG;IACH,aAAa;QACX,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;QAE9B,kDAAkD;QAClD,IAAI,IAAI,CAAC,UAAU,EAAE,EAAE,CAAC;YACtB,IAAI,IAAI,CAAC,YAAY;gBAAE,OAAO,IAAI,CAAC,YAAY,CAAC;YAEhD,0DAA0D;YAC1D,OAAO;gBACL,EAAE,EAAE,YAAY;gBAChB,IAAI,EAAE,YAAY;gBAClB,OAAO,EAAE,0FAA0F;gBACnG,cAAc,EAAE,EAAE;gBAClB,eAAe,EAAE,EAAE;gBACnB,cAAc,EAAE,EAAE;gBAClB,cAAc,EAAE,EAAE;gBAClB,QAAQ,EAAE,cAAc;gBACxB,iBAAiB,EAAE,CAAC,8CAA8C,CAAC;aACpE,CAAC;QACJ,CAAC;QAED,mCAAmC;QACnC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;QAEhC,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACrC,IAAI,IAAI;YAAE,OAAO,IAAI,CAAC;QAEtB,MAAM,WAAW,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC/C,IAAI,WAAW,EAAE,CAAC;YAChB,IAAI,CAAC,GAAG,CAAC,SAAS,MAAM,4BAA4B,CAAC,CAAC;YACtD,OAAO,WAAW,CAAC;QACrB,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,2DAA2D,CAAC,CAAC;QACtE,OAAO;YACL,EAAE,EAAE,SAAS;YACb,IAAI,EAAE,SAAS;YACf,OAAO,EAAE,gDAAgD;YACzD,cAAc,EAAE,CAAC,MAAM,CAAC;YACxB,eAAe,EAAE,EAAE;YACnB,cAAc,EAAE,EAAE;YAClB,cAAc,EAAE,CAAC,MAAM,CAAC;YACxB,QAAQ,EAAE,UAAU;YACpB,iBAAiB,EAAE,EAAE;SACtB,CAAC;IACJ,CAAC;IAED,+EAA+E;IAEvE,gBAAgB;QACtB,OAAO,IAAI,CACT,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,cAAc,CACxC,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,QAAQ,CAAI,IAAY,EAAE,KAAa;QACnD,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QACrC,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC1C,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAM,CAAC;QAC9B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CACb,mBAAmB,KAAK,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAChF,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,SAAS,CAAC,QAAgB;QACtC,MAAM,KAAK,GAAG,IAAI,GAAG,EAAwB,CAAC;QAE9C,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;QACzB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,QAAQ,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QACjE,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;gBAAE,SAAS;YAE/D,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YAC7C,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,QAAQ,CAC7B,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,EAC1B,SAAS,KAAK,CAAC,IAAI,EAAE,CACtB,CAAC;YAEF,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;QACnD,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACK,WAAW,CAAC,EAAU,EAAE,GAAa;QAC3C,MAAM,IAAI,GAAG,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC7E,MAAM,OAAO,GAAG,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ;YAC1C,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO;YAClB,CAAC,CAAC,CAAC,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;QAE5B,MAAM,cAAc,GAAG,GAAG,CAAC,KAAK,EAAE,aAAa,EAAE,MAAM;YACrD,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,aAAa;YACzB,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;QAE7B,MAAM,eAAe,GAAG,GAAG,CAAC,KAAK,EAAE,eAAe,IAAI,EAAE,CAAC;QACzD,MAAM,cAAc,GAAG,GAAG,CAAC,KAAK,EAAE,cAAc,IAAI,EAAE,CAAC;QAEvD,MAAM,cAAc,GAAG,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,MAAM;YAC5C,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI;YAChB,CAAC,CAAC,CAAC,GAAG,cAAc,EAAE,GAAG,eAAe,CAAC,CAAC;QAE5C,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ;YAC3B,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;YACtB,CAAC,CAAC,UAAU,CAAC;QAEf,MAAM,iBAAiB,GAAG,GAAG,CAAC,iBAAiB,IAAI,EAAE,CAAC;QAEtD,OAAO;YACL,EAAE;YACF,IAAI;YACJ,OAAO;YACP,cAAc;YACd,eAAe;YACf,cAAc;YACd,cAAc;YACd,QAAQ;YACR,iBAAiB;SAClB,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,YAAY,CAAC,IAAY;QACrC,IAAI,CAAC,GAAG,CAAC,wBAAwB,IAAI,EAAE,CAAC,CAAC;QACzC,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAClB,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;QACpB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,GAAG,CACN,4BAA4B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAC/E,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,YAAY,CAAC,IAAY,EAAE,KAAa;QACpD,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;QACrB,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,kBAAkB,IAAI,EAAE,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAEO,GAAG,CAAC,OAAe;QACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,OAAO,IAAI,CAAC,CAAC;IACnD,CAAC;CACF"}
|
|
@@ -5,15 +5,25 @@
|
|
|
5
5
|
* governance, and asks the agent to seek user permission.
|
|
6
6
|
*
|
|
7
7
|
* ROLE SELECTION: In universal/auto mode, aegis_policy_summary returns
|
|
8
|
-
* available roles
|
|
9
|
-
*
|
|
10
|
-
* the selected role thereafter.
|
|
8
|
+
* available roles (including the synthetic "construction" role). The agent
|
|
9
|
+
* presents them to the user, who picks one. The agent calls aegis_select_role
|
|
10
|
+
* to lock in. All enforcement uses the selected role thereafter.
|
|
11
|
+
*
|
|
12
|
+
* CONSTRUCTION MODE: When "construction" is selected, the MCP logs the
|
|
13
|
+
* session start to overrides.jsonl and instructs the agent to use native
|
|
14
|
+
* tools for file operations while following .agentpolicy/ as a blueprint.
|
|
15
|
+
* When aegis_complete_task is called during construction, the MCP logs
|
|
16
|
+
* the session end with a closing timestamp.
|
|
11
17
|
*
|
|
12
18
|
* OVERRIDE HANDSHAKE: Blocked actions return override tokens when policy
|
|
13
19
|
* allows. Human confirms → agent calls aegis_request_override → action
|
|
14
20
|
* proceeds and is logged with human_confirmed: true. Single-use, 5-min TTL.
|
|
15
21
|
*
|
|
16
22
|
* LOGGING: Every denied action is logged automatically by the server.
|
|
23
|
+
*
|
|
24
|
+
* LEDGER: aegis_complete_task writes a task entry to the ledger on every
|
|
25
|
+
* completion — construction or normal. This makes the ledger useful for
|
|
26
|
+
* single-agent workflows, not just multi-agent coordination.
|
|
17
27
|
*/
|
|
18
28
|
import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
|
|
19
29
|
import type { EnforcementEngine } from '../services/enforcement-engine.js';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"file-tools.d.ts","sourceRoot":"","sources":["../../src/tools/file-tools.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"file-tools.d.ts","sourceRoot":"","sources":["../../src/tools/file-tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAKH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEzE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mCAAmC,CAAC;AAC3E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,KAAK,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAM7D,wBAAgB,aAAa,CAC3B,MAAM,EAAE,SAAS,EACjB,SAAS,EAAE,MAAM,iBAAiB,EAClC,QAAQ,EAAE,MAAM,WAAW,EAC3B,OAAO,EAAE,MAAM,YAAY,EAC3B,MAAM,EAAE,YAAY,EACpB,cAAc,EAAE,CAAC,IAAI,EAAE,YAAY,KAAK,IAAI,GAC3C,IAAI,CA6vBN"}
|