aegis-mcp-server 0.1.5 → 0.1.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +31 -0
- package/dist/index.js.map +1 -1
- package/dist/services/enforcement-engine.d.ts.map +1 -1
- package/dist/services/enforcement-engine.js +12 -8
- package/dist/services/enforcement-engine.js.map +1 -1
- package/package.json +1 -1
- package/src/index.ts +40 -0
- package/src/services/enforcement-engine.ts +12 -8
package/dist/index.js
CHANGED
|
@@ -35,6 +35,35 @@ const __filename = fileURLToPath(import.meta.url);
|
|
|
35
35
|
const __dirname = dirname(__filename);
|
|
36
36
|
const pkg = JSON.parse(readFileSync(join(__dirname, '..', 'package.json'), 'utf-8'));
|
|
37
37
|
const VERSION = pkg.version;
|
|
38
|
+
// ─── Update Checker ─────────────────────────────────────────────────────────
|
|
39
|
+
// Non-blocking check against the npm registry. If a newer version
|
|
40
|
+
// exists, prints a one-line notice to stderr. If the check fails
|
|
41
|
+
// (offline, timeout, etc.), skips silently — never blocks startup.
|
|
42
|
+
async function checkForUpdate() {
|
|
43
|
+
try {
|
|
44
|
+
const controller = new AbortController();
|
|
45
|
+
const timeout = setTimeout(() => controller.abort(), 3000);
|
|
46
|
+
const res = await fetch(`https://registry.npmjs.org/${pkg.name}/latest`, { signal: controller.signal });
|
|
47
|
+
clearTimeout(timeout);
|
|
48
|
+
if (!res.ok)
|
|
49
|
+
return;
|
|
50
|
+
const data = await res.json();
|
|
51
|
+
const latest = data.version;
|
|
52
|
+
if (!latest || latest === VERSION)
|
|
53
|
+
return;
|
|
54
|
+
const current = VERSION.split('.').map(Number);
|
|
55
|
+
const remote = latest.split('.').map(Number);
|
|
56
|
+
const isNewer = remote[0] > current[0] ||
|
|
57
|
+
(remote[0] === current[0] && remote[1] > current[1]) ||
|
|
58
|
+
(remote[0] === current[0] && remote[1] === current[1] && remote[2] > current[2]);
|
|
59
|
+
if (isNewer) {
|
|
60
|
+
log(`Update available: ${VERSION} → ${latest}. Run: npm install -g ${pkg.name}@latest`);
|
|
61
|
+
}
|
|
62
|
+
}
|
|
63
|
+
catch {
|
|
64
|
+
// Silently skip — network issues should never block the MCP server
|
|
65
|
+
}
|
|
66
|
+
}
|
|
38
67
|
// ─── Parse CLI Args ─────────────────────────────────────────────────────────
|
|
39
68
|
function parseArgs() {
|
|
40
69
|
const args = process.argv.slice(2);
|
|
@@ -105,6 +134,8 @@ TOOLS PROVIDED:
|
|
|
105
134
|
// ─── Main ───────────────────────────────────────────────────────────────────
|
|
106
135
|
async function main() {
|
|
107
136
|
const config = parseArgs();
|
|
137
|
+
// Check for updates (non-blocking, 3s timeout)
|
|
138
|
+
await checkForUpdate();
|
|
108
139
|
log(`Starting aegis-mcp-server v${VERSION}`);
|
|
109
140
|
log(` Project: ${config.projectRoot}`);
|
|
110
141
|
log(` Role: ${config.role}`);
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAGtD,+EAA+E;AAE/E,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClD,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;AACtC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,cAAc,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;AACrF,MAAM,OAAO,GAAW,GAAG,CAAC,OAAO,CAAC;AAEpC,+EAA+E;AAE/E,SAAS,SAAS;IAChB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACnC,IAAI,WAAW,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAChC,IAAI,IAAI,GAAG,SAAS,CAAC;IACrB,IAAI,SAA6B,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,QAAQ,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YAChB,KAAK,WAAW,CAAC;YACjB,KAAK,IAAI;gBACP,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC;gBACxC,MAAM;YACR,KAAK,QAAQ,CAAC;YACd,KAAK,IAAI;gBACP,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,SAAS,CAAC;gBAC9B,MAAM;YACR,KAAK,cAAc;gBACjB,SAAS,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;gBACtB,MAAM;YACR,KAAK,QAAQ,CAAC;YACd,KAAK,IAAI;gBACP,SAAS,EAAE,CAAC;gBACZ,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAChB,MAAM;YACR,KAAK,WAAW,CAAC;YACjB,KAAK,IAAI;gBACP,GAAG,CAAC,qBAAqB,OAAO,EAAE,CAAC,CAAC;gBACpC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAChB,MAAM;QACV,CAAC;IACH,CAAC;IAED,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;AAC1C,CAAC;AAED,SAAS,SAAS;IAChB,GAAG,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA+BL,CAAC,CAAC;AACH,CAAC;AAED,+EAA+E;AAE/E,KAAK,UAAU,IAAI;IACjB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAE3B,GAAG,CAAC,8BAA8B,OAAO,EAAE,CAAC,CAAC;IAC7C,GAAG,CAAC,cAAc,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;IACxC,GAAG,CAAC,WAAW,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;IAC9B,GAAG,CAAC,iBAAiB,MAAM,CAAC,SAAS,IAAI,cAAc,EAAE,CAAC,CAAC;IAE3D,qCAAqC;IACrC,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;IACxC,IAAI,KAAK,GAAG,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;IAChC,IAAI,UAAU,GAAG,MAAM,CAAC,aAAa,EAAE,CAAC;IACxC,IAAI,MAAM,GAAG,IAAI,iBAAiB,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;IAEtD,8CAA8C;IAC9C,MAAM,CAAC,aAAa,CAAC,GAAG,EAAE;QACxB,KAAK,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;QAC1B,UAAU,GAAG,MAAM,CAAC,aAAa,EAAE,CAAC;QACpC,MAAM,CAAC,WAAW,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;QACtC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACzB,CAAC,CAAC,CAAC;IAEH,uBAAuB;IACvB,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;QAC3B,IAAI,EAAE,kBAAkB;QACxB,OAAO,EAAE,OAAO;KACjB,CAAC,CAAC;IAEH,6BAA6B;IAC7B,aAAa,CACX,MAAM,EACN,GAAG,EAAE,CAAC,MAAM,EACZ,GAAG,EAAE,CAAC,KAAK,EACX,GAAG,EAAE,CAAC,UAAU,CACjB,CAAC;IAEF,iCAAiC;IACjC,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAEhC,GAAG,CAAC,0CAA0C,CAAC,CAAC;IAEhD,oBAAoB;IACpB,MAAM,QAAQ,GAAG,KAAK,IAAmB,EAAE;QACzC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QACxB,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;QAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC;IAEF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC/B,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;AAClC,CAAC;AAED,SAAS,GAAG,CAAC,OAAe;IAC1B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,OAAO,IAAI,CAAC,CAAC;AACnD,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,sBAAsB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAC3E,CAAC;IACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAGtD,+EAA+E;AAE/E,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClD,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;AACtC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,cAAc,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;AACrF,MAAM,OAAO,GAAW,GAAG,CAAC,OAAO,CAAC;AAEpC,+EAA+E;AAC/E,kEAAkE;AAClE,iEAAiE;AACjE,mEAAmE;AAEnE,KAAK,UAAU,cAAc;IAC3B,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,CAAC;QAE3D,MAAM,GAAG,GAAG,MAAM,KAAK,CACrB,8BAA8B,GAAG,CAAC,IAAI,SAAS,EAC/C,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAC9B,CAAC;QACF,YAAY,CAAC,OAAO,CAAC,CAAC;QAEtB,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO;QAEpB,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAA0B,CAAC;QACtD,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC;QAC5B,IAAI,CAAC,MAAM,IAAI,MAAM,KAAK,OAAO;YAAE,OAAO;QAE1C,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC7C,MAAM,OAAO,GACX,MAAM,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC;YACtB,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,OAAO,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YACpD,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,OAAO,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,OAAO,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;QAEnF,IAAI,OAAO,EAAE,CAAC;YACZ,GAAG,CAAC,qBAAqB,OAAO,MAAM,MAAM,yBAAyB,GAAG,CAAC,IAAI,SAAS,CAAC,CAAC;QAC1F,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,mEAAmE;IACrE,CAAC;AACH,CAAC;AAED,+EAA+E;AAE/E,SAAS,SAAS;IAChB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACnC,IAAI,WAAW,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAChC,IAAI,IAAI,GAAG,SAAS,CAAC;IACrB,IAAI,SAA6B,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,QAAQ,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YAChB,KAAK,WAAW,CAAC;YACjB,KAAK,IAAI;gBACP,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC;gBACxC,MAAM;YACR,KAAK,QAAQ,CAAC;YACd,KAAK,IAAI;gBACP,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,SAAS,CAAC;gBAC9B,MAAM;YACR,KAAK,cAAc;gBACjB,SAAS,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;gBACtB,MAAM;YACR,KAAK,QAAQ,CAAC;YACd,KAAK,IAAI;gBACP,SAAS,EAAE,CAAC;gBACZ,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAChB,MAAM;YACR,KAAK,WAAW,CAAC;YACjB,KAAK,IAAI;gBACP,GAAG,CAAC,qBAAqB,OAAO,EAAE,CAAC,CAAC;gBACpC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAChB,MAAM;QACV,CAAC;IACH,CAAC;IAED,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;AAC1C,CAAC;AAED,SAAS,SAAS;IAChB,GAAG,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA+BL,CAAC,CAAC;AACH,CAAC;AAED,+EAA+E;AAE/E,KAAK,UAAU,IAAI;IACjB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAE3B,+CAA+C;IAC/C,MAAM,cAAc,EAAE,CAAC;IAEvB,GAAG,CAAC,8BAA8B,OAAO,EAAE,CAAC,CAAC;IAC7C,GAAG,CAAC,cAAc,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;IACxC,GAAG,CAAC,WAAW,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;IAC9B,GAAG,CAAC,iBAAiB,MAAM,CAAC,SAAS,IAAI,cAAc,EAAE,CAAC,CAAC;IAE3D,qCAAqC;IACrC,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;IACxC,IAAI,KAAK,GAAG,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;IAChC,IAAI,UAAU,GAAG,MAAM,CAAC,aAAa,EAAE,CAAC;IACxC,IAAI,MAAM,GAAG,IAAI,iBAAiB,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;IAEtD,8CAA8C;IAC9C,MAAM,CAAC,aAAa,CAAC,GAAG,EAAE;QACxB,KAAK,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;QAC1B,UAAU,GAAG,MAAM,CAAC,aAAa,EAAE,CAAC;QACpC,MAAM,CAAC,WAAW,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;QACtC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACzB,CAAC,CAAC,CAAC;IAEH,uBAAuB;IACvB,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;QAC3B,IAAI,EAAE,kBAAkB;QACxB,OAAO,EAAE,OAAO;KACjB,CAAC,CAAC;IAEH,6BAA6B;IAC7B,aAAa,CACX,MAAM,EACN,GAAG,EAAE,CAAC,MAAM,EACZ,GAAG,EAAE,CAAC,KAAK,EACX,GAAG,EAAE,CAAC,UAAU,CACjB,CAAC;IAEF,iCAAiC;IACjC,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAEhC,GAAG,CAAC,0CAA0C,CAAC,CAAC;IAEhD,oBAAoB;IACpB,MAAM,QAAQ,GAAG,KAAK,IAAmB,EAAE;QACzC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QACxB,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;QAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC;IAEF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC/B,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;AAClC,CAAC;AAED,SAAS,GAAG,CAAC,OAAe;IAC1B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,OAAO,IAAI,CAAC,CAAC;AACnD,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,sBAAsB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAC3E,CAAC;IACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"enforcement-engine.d.ts","sourceRoot":"","sources":["../../src/services/enforcement-engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAKH,OAAO,KAAK,EACV,WAAW,EACX,YAAY,EACZ,kBAAkB,EAClB,gBAAgB,EAEjB,MAAM,aAAa,CAAC;AAErB,qBAAa,iBAAiB;IAE1B,OAAO,CAAC,KAAK;IACb,OAAO,CAAC,UAAU;gBADV,KAAK,EAAE,WAAW,EAClB,UAAU,EAAE,YAAY;IAGlC;;OAEG;IACH,WAAW,CAAC,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI;IAOzD;;;OAGG;IACH,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,kBAAkB;
|
|
1
|
+
{"version":3,"file":"enforcement-engine.d.ts","sourceRoot":"","sources":["../../src/services/enforcement-engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAKH,OAAO,KAAK,EACV,WAAW,EACX,YAAY,EACZ,kBAAkB,EAClB,gBAAgB,EAEjB,MAAM,aAAa,CAAC;AAErB,qBAAa,iBAAiB;IAE1B,OAAO,CAAC,KAAK;IACb,OAAO,CAAC,UAAU;gBADV,KAAK,EAAE,WAAW,EAClB,UAAU,EAAE,YAAY;IAGlC;;OAEG;IACH,WAAW,CAAC,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI;IAOzD;;;OAGG;IACH,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,kBAAkB;IAwErD;;OAEG;IACH,YAAY,CAAC,UAAU,EAAE,MAAM,GAAG,kBAAkB;IAyCpD;;;OAGG;IACH,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,kBAAkB;IAuBpE;;;OAGG;IACH,mBAAmB,CAAC,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,kBAAkB;IA8B/E;;OAEG;IACH,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG;QACtC,QAAQ,EAAE,eAAe,GAAG,sBAAsB,GAAG,UAAU,CAAC;QAChE,WAAW,EAAE,OAAO,CAAC;KACtB;IAaD;;OAEG;IACG,WAAW,CAAC,KAAK,EAAE,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC;IASzD;;;OAGG;IACH,sBAAsB,IAAI,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IAgClE;;;OAGG;IACH,OAAO,KAAK,UAAU,GAErB;IAED,OAAO,CAAC,UAAU;IAUlB,OAAO,CAAC,cAAc;IAOtB,OAAO,CAAC,SAAS;IAajB,OAAO,CAAC,cAAc;IAStB,OAAO,CAAC,GAAG;CAGZ"}
|
|
@@ -42,15 +42,20 @@ export class EnforcementEngine {
|
|
|
42
42
|
immutable: true,
|
|
43
43
|
};
|
|
44
44
|
}
|
|
45
|
-
// 2. Governance-level read_only paths
|
|
45
|
+
// 2. Governance-level read_only paths — but writable overrides read_only.
|
|
46
|
+
// A path in both writable and read_only is writable (explicit grant wins).
|
|
46
47
|
const readOnly = this.boundaries.read_only;
|
|
48
|
+
const writable = this.boundaries.writable;
|
|
47
49
|
if (readOnly && this.matchesAny(relPath, readOnly)) {
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
50
|
+
// If the path is also in the writable list, writable wins
|
|
51
|
+
if (!writable || !this.matchesAny(relPath, writable)) {
|
|
52
|
+
return {
|
|
53
|
+
allowed: false,
|
|
54
|
+
reason: `Path "${relPath}" is read-only per governance policy.`,
|
|
55
|
+
policy_ref: 'governance.json > permissions > boundaries > read_only',
|
|
56
|
+
immutable: false,
|
|
57
|
+
};
|
|
58
|
+
}
|
|
54
59
|
}
|
|
55
60
|
// 3. Role excluded paths
|
|
56
61
|
if (this.activeRole.excluded_paths.length > 0 &&
|
|
@@ -77,7 +82,6 @@ export class EnforcementEngine {
|
|
|
77
82
|
}
|
|
78
83
|
}
|
|
79
84
|
// 5. Governance-level writable whitelist (if defined, path must match)
|
|
80
|
-
const writable = this.boundaries.writable;
|
|
81
85
|
if (writable && writable.length > 0 && !this.matchesAny(relPath, writable)) {
|
|
82
86
|
return {
|
|
83
87
|
allowed: false,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"enforcement-engine.js","sourceRoot":"","sources":["../../src/services/enforcement-engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAChE,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAStC,MAAM,OAAO,iBAAiB;IAElB;IACA;IAFV,YACU,KAAkB,EAClB,UAAwB;QADxB,UAAK,GAAL,KAAK,CAAa;QAClB,eAAU,GAAV,UAAU,CAAc;IAC/B,CAAC;IAEJ;;OAEG;IACH,WAAW,CAAC,KAAkB,EAAE,IAAkB;QAChD,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;IACzB,CAAC;IAED,6EAA6E;IAE7E;;;OAGG;IACH,aAAa,CAAC,UAAkB;QAC9B,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;QAEhD,yDAAyD;QACzD,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;QAC5C,IAAI,SAAS,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,SAAS,CAAC,EAAE,CAAC;YACrD,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,SAAS,OAAO,uEAAuE;gBAC/F,UAAU,EAAE,wDAAwD;gBACpE,SAAS,EAAE,IAAI;aAChB,CAAC;QACJ,CAAC;QAED,
|
|
1
|
+
{"version":3,"file":"enforcement-engine.js","sourceRoot":"","sources":["../../src/services/enforcement-engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAChE,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAStC,MAAM,OAAO,iBAAiB;IAElB;IACA;IAFV,YACU,KAAkB,EAClB,UAAwB;QADxB,UAAK,GAAL,KAAK,CAAa;QAClB,eAAU,GAAV,UAAU,CAAc;IAC/B,CAAC;IAEJ;;OAEG;IACH,WAAW,CAAC,KAAkB,EAAE,IAAkB;QAChD,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;IACzB,CAAC;IAED,6EAA6E;IAE7E;;;OAGG;IACH,aAAa,CAAC,UAAkB;QAC9B,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;QAEhD,yDAAyD;QACzD,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;QAC5C,IAAI,SAAS,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,SAAS,CAAC,EAAE,CAAC;YACrD,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,SAAS,OAAO,uEAAuE;gBAC/F,UAAU,EAAE,wDAAwD;gBACpE,SAAS,EAAE,IAAI;aAChB,CAAC;QACJ,CAAC;QAED,0EAA0E;QAC1E,8EAA8E;QAC9E,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;QAC3C,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;QAC1C,IAAI,QAAQ,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC;YACnD,0DAA0D;YAC1D,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC;gBACrD,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,SAAS,OAAO,uCAAuC;oBAC/D,UAAU,EAAE,wDAAwD;oBACpE,SAAS,EAAE,KAAK;iBACjB,CAAC;YACJ,CAAC;QACH,CAAC;QAED,yBAAyB;QACzB,IAAI,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC;YACzC,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;YAC7D,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,SAAS,OAAO,2BAA2B,IAAI,CAAC,UAAU,CAAC,EAAE,IAAI;gBACzE,UAAU,EAAE,SAAS,IAAI,CAAC,UAAU,CAAC,EAAE,gCAAgC;gBACvE,SAAS,EAAE,KAAK;aACjB,CAAC;QACJ,CAAC;QAED,wEAAwE;QACxE,IAAI,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;YAC5E,MAAM,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC;gBAC5D,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;YAE5D,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,EAAE,CAAC;gBAChC,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,SAAS,OAAO,4CAA4C,IAAI,CAAC,UAAU,CAAC,EAAE,IAAI;oBAC1F,UAAU,EAAE,SAAS,IAAI,CAAC,UAAU,CAAC,EAAE,eAAe;oBACtD,SAAS,EAAE,KAAK;iBACjB,CAAC;YACJ,CAAC;QACH,CAAC;QAED,uEAAuE;QACvE,IAAI,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC;YAC3E,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,SAAS,OAAO,2CAA2C;gBACnE,UAAU,EAAE,uDAAuD;gBACnE,SAAS,EAAE,KAAK;aACjB,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,6EAA6E;IAE7E;;OAEG;IACH,YAAY,CAAC,UAAkB;QAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;QAEhD,6BAA6B;QAC7B,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;QAC5C,IAAI,SAAS,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,SAAS,CAAC,EAAE,CAAC;YACrD,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,SAAS,OAAO,2DAA2D;gBACnF,UAAU,EAAE,wDAAwD;gBACpE,SAAS,EAAE,IAAI;aAChB,CAAC;QACJ,CAAC;QAED,sCAAsC;QACtC,IAAI,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC;YACzC,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;YAC7D,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,SAAS,OAAO,2BAA2B,IAAI,CAAC,UAAU,CAAC,EAAE,IAAI;gBACzE,UAAU,EAAE,SAAS,IAAI,CAAC,UAAU,CAAC,EAAE,gCAAgC;gBACvE,SAAS,EAAE,KAAK;aACjB,CAAC;QACJ,CAAC;QAED,+CAA+C;QAC/C,IAAI,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC;YACzC,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;YAC9D,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,SAAS,OAAO,4CAA4C,IAAI,CAAC,UAAU,CAAC,EAAE,IAAI;gBAC1F,UAAU,EAAE,SAAS,IAAI,CAAC,UAAU,CAAC,EAAE,sBAAsB;gBAC7D,SAAS,EAAE,KAAK;aACjB,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,6EAA6E;IAE7E;;;OAGG;IACH,WAAW,CAAC,OAAe,EAAE,UAAkB;QAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,WAAW,EAAE,kBAAkB,CAAC;QACvE,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAEjE,KAAK,MAAM,EAAE,IAAI,QAAQ,EAAE,CAAC;YAC1B,MAAM,KAAK,GAAG,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC;YAC9C,IAAI,CAAC,KAAK;gBAAE,SAAS;YAErB,IAAI,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACxB,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,gBAAgB,UAAU,mCAAmC,EAAE,CAAC,MAAM,EAAE;oBAChF,UAAU,EAAE,oDAAoD;oBAChE,SAAS,EAAE,KAAK;iBACjB,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,6EAA6E;IAE7E;;;OAGG;IACH,mBAAmB,CAAC,UAAkB,EAAE,UAAkB;QACxD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,kBAAkB,CAAC;QACvD,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,sBAAsB;YAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAEtE,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC;QACxD,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAE/D,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACzD,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAEzD,yCAAyC;QACzC,IAAI,CAAC,YAAY,IAAI,CAAC,YAAY,IAAI,YAAY,KAAK,YAAY,EAAE,CAAC;YACpE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3B,CAAC;QAED,mDAAmD;QACnD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,sBAAsB,CAAC,EAAE,CAAC;YACvD,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,6BAA6B,YAAY,SAAS,YAAY,sBAAsB,KAAK,CAAC,sBAAsB,wBAAwB,UAAU,mBAAmB;gBAC7K,UAAU,EAAE,sCAAsC;gBAClD,SAAS,EAAE,KAAK;aACjB,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,6EAA6E;IAE7E;;OAEG;IACH,mBAAmB,CAAC,SAAiB;QAInC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,iBAAiB,CAAC;QACzD,MAAM,QAAQ,GAAG,QAAQ,EAAE,QAAQ,IAAI,sBAAsB,CAAC;QAC9D,MAAM,SAAS,GAAG,QAAQ,EAAE,kBAAkB,IAAI,EAAE,CAAC;QAErD,MAAM,WAAW,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QAEjE,OAAO;YACL,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,QAAQ;YAClD,WAAW;SACZ,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,KAAuB;QACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,OAAO,EAAE,iBAAiB,CAAC,CAAC;QACvE,MAAM,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACnD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;QAC1C,MAAM,UAAU,CAAC,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IAC3C,CAAC;IAED,6EAA6E;IAE7E;;;OAGG;IACH,sBAAsB;QACpB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,YAAY,EAAE,UAAU,CAAC;QAC7D,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,cAAc;YACtC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,cAAc;YACpC,EAAE,CAAC;QAEpB,MAAM,MAAM,GAA6C,EAAE,CAAC;QAE5D,IAAI,CAAC,KAAK;YAAE,OAAO,MAAM,CAAC;QAE1B,IAAI,KAAK,CAAC,eAAe,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC;YAC3C,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;QACzD,CAAC;QACD,IAAI,KAAK,CAAC,cAAc,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC;YAC1C,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;QACD,IAAI,KAAK,CAAC,mBAAmB,IAAI,QAAQ,CAAC,SAAS,EAAE,CAAC;YACpD,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,CAAC,SAAS,EAAE,CAAC,CAAC;QAClE,CAAC;QAED,kCAAkC;QAClC,IAAI,KAAK,CAAC,aAAa,EAAE,CAAC;YACxB,KAAK,MAAM,KAAK,IAAI,KAAK,CAAC,aAAa,EAAE,CAAC;gBACxC,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC5D,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,6EAA6E;IAE7E;;;OAGG;IACH,IAAY,UAAU;QACpB,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,WAAW,EAAE,UAAU,IAAI,EAAE,CAAC;IAC7D,CAAC;IAEO,UAAU,CAAC,IAAY,EAAE,QAAkB;QACjD,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;YAC/B,kEAAkE;YAClE,MAAM,UAAU,GAAG,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;gBACtC,CAAC,CAAC,OAAO,GAAG,IAAI;gBAChB,CAAC,CAAC,OAAO,CAAC;YACZ,OAAO,SAAS,CAAC,IAAI,EAAE,UAAU,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,cAAc,CAAC,UAAkB;QACvC,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3B,OAAO,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QACtD,CAAC;QACD,OAAO,UAAU,CAAC;IACpB,CAAC;IAEO,SAAS,CACf,QAAgB,EAChB,OAA8C;QAE9C,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YAClD,IAAI,QAAQ,CAAC,UAAU,CAAC,UAAU,GAAG,GAAG,CAAC,IAAI,QAAQ,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC7E,OAAO,MAAM,CAAC,IAAI,CAAC;YACrB,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,cAAc,CAAC,OAAe;QACpC,IAAI,CAAC;YACH,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QACnC,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,GAAG,CAAC,wCAAwC,OAAO,EAAE,CAAC,CAAC;YAC5D,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAEO,GAAG,CAAC,OAAe;QACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,OAAO,IAAI,CAAC,CAAC;IACvD,CAAC;CACF"}
|
package/package.json
CHANGED
package/src/index.ts
CHANGED
|
@@ -41,6 +41,43 @@ const __dirname = dirname(__filename);
|
|
|
41
41
|
const pkg = JSON.parse(readFileSync(join(__dirname, '..', 'package.json'), 'utf-8'));
|
|
42
42
|
const VERSION: string = pkg.version;
|
|
43
43
|
|
|
44
|
+
// ─── Update Checker ─────────────────────────────────────────────────────────
|
|
45
|
+
// Non-blocking check against the npm registry. If a newer version
|
|
46
|
+
// exists, prints a one-line notice to stderr. If the check fails
|
|
47
|
+
// (offline, timeout, etc.), skips silently — never blocks startup.
|
|
48
|
+
|
|
49
|
+
async function checkForUpdate(): Promise<void> {
|
|
50
|
+
try {
|
|
51
|
+
const controller = new AbortController();
|
|
52
|
+
const timeout = setTimeout(() => controller.abort(), 3000);
|
|
53
|
+
|
|
54
|
+
const res = await fetch(
|
|
55
|
+
`https://registry.npmjs.org/${pkg.name}/latest`,
|
|
56
|
+
{ signal: controller.signal }
|
|
57
|
+
);
|
|
58
|
+
clearTimeout(timeout);
|
|
59
|
+
|
|
60
|
+
if (!res.ok) return;
|
|
61
|
+
|
|
62
|
+
const data = await res.json() as { version?: string };
|
|
63
|
+
const latest = data.version;
|
|
64
|
+
if (!latest || latest === VERSION) return;
|
|
65
|
+
|
|
66
|
+
const current = VERSION.split('.').map(Number);
|
|
67
|
+
const remote = latest.split('.').map(Number);
|
|
68
|
+
const isNewer =
|
|
69
|
+
remote[0] > current[0] ||
|
|
70
|
+
(remote[0] === current[0] && remote[1] > current[1]) ||
|
|
71
|
+
(remote[0] === current[0] && remote[1] === current[1] && remote[2] > current[2]);
|
|
72
|
+
|
|
73
|
+
if (isNewer) {
|
|
74
|
+
log(`Update available: ${VERSION} → ${latest}. Run: npm install -g ${pkg.name}@latest`);
|
|
75
|
+
}
|
|
76
|
+
} catch {
|
|
77
|
+
// Silently skip — network issues should never block the MCP server
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
|
|
44
81
|
// ─── Parse CLI Args ─────────────────────────────────────────────────────────
|
|
45
82
|
|
|
46
83
|
function parseArgs(): AegisMcpConfig {
|
|
@@ -118,6 +155,9 @@ TOOLS PROVIDED:
|
|
|
118
155
|
async function main(): Promise<void> {
|
|
119
156
|
const config = parseArgs();
|
|
120
157
|
|
|
158
|
+
// Check for updates (non-blocking, 3s timeout)
|
|
159
|
+
await checkForUpdate();
|
|
160
|
+
|
|
121
161
|
log(`Starting aegis-mcp-server v${VERSION}`);
|
|
122
162
|
log(` Project: ${config.projectRoot}`);
|
|
123
163
|
log(` Role: ${config.role}`);
|
|
@@ -54,15 +54,20 @@ export class EnforcementEngine {
|
|
|
54
54
|
};
|
|
55
55
|
}
|
|
56
56
|
|
|
57
|
-
// 2. Governance-level read_only paths
|
|
57
|
+
// 2. Governance-level read_only paths — but writable overrides read_only.
|
|
58
|
+
// A path in both writable and read_only is writable (explicit grant wins).
|
|
58
59
|
const readOnly = this.boundaries.read_only;
|
|
60
|
+
const writable = this.boundaries.writable;
|
|
59
61
|
if (readOnly && this.matchesAny(relPath, readOnly)) {
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
62
|
+
// If the path is also in the writable list, writable wins
|
|
63
|
+
if (!writable || !this.matchesAny(relPath, writable)) {
|
|
64
|
+
return {
|
|
65
|
+
allowed: false,
|
|
66
|
+
reason: `Path "${relPath}" is read-only per governance policy.`,
|
|
67
|
+
policy_ref: 'governance.json > permissions > boundaries > read_only',
|
|
68
|
+
immutable: false,
|
|
69
|
+
};
|
|
70
|
+
}
|
|
66
71
|
}
|
|
67
72
|
|
|
68
73
|
// 3. Role excluded paths
|
|
@@ -93,7 +98,6 @@ export class EnforcementEngine {
|
|
|
93
98
|
}
|
|
94
99
|
|
|
95
100
|
// 5. Governance-level writable whitelist (if defined, path must match)
|
|
96
|
-
const writable = this.boundaries.writable;
|
|
97
101
|
if (writable && writable.length > 0 && !this.matchesAny(relPath, writable)) {
|
|
98
102
|
return {
|
|
99
103
|
allowed: false,
|