aegis-mcp-server 0.1.6 → 0.1.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/services/enforcement-engine.d.ts +31 -4
- package/dist/services/enforcement-engine.d.ts.map +1 -1
- package/dist/services/enforcement-engine.js +72 -16
- package/dist/services/enforcement-engine.js.map +1 -1
- package/dist/tools/file-tools.d.ts +16 -11
- package/dist/tools/file-tools.d.ts.map +1 -1
- package/dist/tools/file-tools.js +172 -38
- package/dist/tools/file-tools.js.map +1 -1
- package/package.json +1 -1
- package/src/services/enforcement-engine.ts +100 -16
- package/src/tools/file-tools.ts +194 -40
|
@@ -7,11 +7,28 @@
|
|
|
7
7
|
* Two-layer enforcement:
|
|
8
8
|
* Layer 1 (skeleton): permissions.boundaries, scope paths, override_protocol
|
|
9
9
|
* Layer 2 (extensions): sensitive_patterns, cross_domain_rules, sensitivity_tiers
|
|
10
|
+
*
|
|
11
|
+
* Override protocol:
|
|
12
|
+
* When the governance behavior is "warn_confirm_and_log", blocked actions return
|
|
13
|
+
* an override_token. The agent surfaces the violation to the human, and if the
|
|
14
|
+
* human confirms, the agent calls aegis_request_override with the token. The
|
|
15
|
+
* override is single-use, time-limited (60s), and logged with human_confirmed: true.
|
|
16
|
+
* Immutable policies cannot be overridden regardless.
|
|
10
17
|
*/
|
|
11
18
|
import type { PolicyState, ResolvedRole, EnforcementVerdict, OverrideLogEntry } from '../types.js';
|
|
19
|
+
interface PendingOverride {
|
|
20
|
+
token: string;
|
|
21
|
+
operation: 'write' | 'read' | 'delete';
|
|
22
|
+
path: string;
|
|
23
|
+
content?: string;
|
|
24
|
+
reason: string;
|
|
25
|
+
policy_ref: string;
|
|
26
|
+
created_at: number;
|
|
27
|
+
}
|
|
12
28
|
export declare class EnforcementEngine {
|
|
13
29
|
private state;
|
|
14
30
|
private activeRole;
|
|
31
|
+
private pendingOverrides;
|
|
15
32
|
constructor(state: PolicyState, activeRole: ResolvedRole);
|
|
16
33
|
/**
|
|
17
34
|
* Update references when policy reloads.
|
|
@@ -28,12 +45,10 @@ export declare class EnforcementEngine {
|
|
|
28
45
|
validateRead(targetPath: string): EnforcementVerdict;
|
|
29
46
|
/**
|
|
30
47
|
* Scan proposed file content for sensitive patterns.
|
|
31
|
-
* Uses governance.permissions.sensitive_patterns when present.
|
|
32
48
|
*/
|
|
33
49
|
scanContent(content: string, targetPath: string): EnforcementVerdict;
|
|
34
50
|
/**
|
|
35
51
|
* Validate that a cross-domain import respects boundaries.
|
|
36
|
-
* Uses governance.cross_domain_rules when present (extension field).
|
|
37
52
|
*/
|
|
38
53
|
validateCrossDomain(sourcePath: string, importPath: string): EnforcementVerdict;
|
|
39
54
|
/**
|
|
@@ -43,13 +58,24 @@ export declare class EnforcementEngine {
|
|
|
43
58
|
behavior: 'block_and_log' | 'warn_confirm_and_log' | 'log_only';
|
|
44
59
|
isImmutable: boolean;
|
|
45
60
|
};
|
|
61
|
+
/**
|
|
62
|
+
* Create a pending override token for a blocked action.
|
|
63
|
+
* The token is single-use and expires after 60 seconds.
|
|
64
|
+
* Returns null if the policy is immutable or override behavior is block_and_log.
|
|
65
|
+
*/
|
|
66
|
+
createOverrideToken(operation: 'write' | 'read' | 'delete', path: string, reason: string, policyRef: string, content?: string): string | null;
|
|
67
|
+
/**
|
|
68
|
+
* Validate and consume an override token.
|
|
69
|
+
* Returns the pending override if the token is valid and not expired.
|
|
70
|
+
* The token is consumed (deleted) after use — single-use only.
|
|
71
|
+
*/
|
|
72
|
+
consumeOverrideToken(token: string): PendingOverride | null;
|
|
46
73
|
/**
|
|
47
74
|
* Log an override to the append-only overrides.jsonl file.
|
|
48
75
|
*/
|
|
49
76
|
logOverride(entry: OverrideLogEntry): Promise<void>;
|
|
50
77
|
/**
|
|
51
78
|
* Build the list of commands to run for quality gate validation.
|
|
52
|
-
* Maps pre_commit booleans to build_commands from constitution or governance.
|
|
53
79
|
*/
|
|
54
80
|
getQualityGateCommands(): Array<{
|
|
55
81
|
name: string;
|
|
@@ -57,13 +83,14 @@ export declare class EnforcementEngine {
|
|
|
57
83
|
}>;
|
|
58
84
|
/**
|
|
59
85
|
* Safely access permissions.boundaries — returns empty object if missing.
|
|
60
|
-
* Handles governance files that don't have the skeleton boundaries field.
|
|
61
86
|
*/
|
|
62
87
|
private get boundaries();
|
|
88
|
+
private cleanExpiredTokens;
|
|
63
89
|
private matchesAny;
|
|
64
90
|
private toRelativePath;
|
|
65
91
|
private getDomain;
|
|
66
92
|
private compilePattern;
|
|
67
93
|
private log;
|
|
68
94
|
}
|
|
95
|
+
export {};
|
|
69
96
|
//# sourceMappingURL=enforcement-engine.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"enforcement-engine.d.ts","sourceRoot":"","sources":["../../src/services/enforcement-engine.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"enforcement-engine.d.ts","sourceRoot":"","sources":["../../src/services/enforcement-engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAMH,OAAO,KAAK,EACV,WAAW,EACX,YAAY,EACZ,kBAAkB,EAClB,gBAAgB,EAEjB,MAAM,aAAa,CAAC;AAIrB,UAAU,eAAe;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,OAAO,GAAG,MAAM,GAAG,QAAQ,CAAC;IACvC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAID,qBAAa,iBAAiB;IAI1B,OAAO,CAAC,KAAK;IACb,OAAO,CAAC,UAAU;IAJpB,OAAO,CAAC,gBAAgB,CAAsC;gBAGpD,KAAK,EAAE,WAAW,EAClB,UAAU,EAAE,YAAY;IAGlC;;OAEG;IACH,WAAW,CAAC,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI;IAOzD;;;OAGG;IACH,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,kBAAkB;IAuErD;;OAEG;IACH,YAAY,CAAC,UAAU,EAAE,MAAM,GAAG,kBAAkB;IAyCpD;;OAEG;IACH,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,kBAAkB;IAuBpE;;OAEG;IACH,mBAAmB,CAAC,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,kBAAkB;IA4B/E;;OAEG;IACH,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG;QACtC,QAAQ,EAAE,eAAe,GAAG,sBAAsB,GAAG,UAAU,CAAC;QAChE,WAAW,EAAE,OAAO,CAAC;KACtB;IAaD;;;;OAIG;IACH,mBAAmB,CACjB,SAAS,EAAE,OAAO,GAAG,MAAM,GAAG,QAAQ,EACtC,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,EACjB,OAAO,CAAC,EAAE,MAAM,GACf,MAAM,GAAG,IAAI;IAyBhB;;;;OAIG;IACH,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,eAAe,GAAG,IAAI;IAe3D;;OAEG;IACG,WAAW,CAAC,KAAK,EAAE,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC;IASzD;;OAEG;IACH,sBAAsB,IAAI,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IA+BlE;;OAEG;IACH,OAAO,KAAK,UAAU,GAErB;IAED,OAAO,CAAC,kBAAkB;IAS1B,OAAO,CAAC,UAAU;IASlB,OAAO,CAAC,cAAc;IAOtB,OAAO,CAAC,SAAS;IAajB,OAAO,CAAC,cAAc;IAStB,OAAO,CAAC,GAAG;CAGZ"}
|
|
@@ -7,13 +7,23 @@
|
|
|
7
7
|
* Two-layer enforcement:
|
|
8
8
|
* Layer 1 (skeleton): permissions.boundaries, scope paths, override_protocol
|
|
9
9
|
* Layer 2 (extensions): sensitive_patterns, cross_domain_rules, sensitivity_tiers
|
|
10
|
+
*
|
|
11
|
+
* Override protocol:
|
|
12
|
+
* When the governance behavior is "warn_confirm_and_log", blocked actions return
|
|
13
|
+
* an override_token. The agent surfaces the violation to the human, and if the
|
|
14
|
+
* human confirms, the agent calls aegis_request_override with the token. The
|
|
15
|
+
* override is single-use, time-limited (60s), and logged with human_confirmed: true.
|
|
16
|
+
* Immutable policies cannot be overridden regardless.
|
|
10
17
|
*/
|
|
18
|
+
import { randomBytes } from 'node:crypto';
|
|
11
19
|
import { appendFile, mkdir } from 'node:fs/promises';
|
|
12
20
|
import { dirname, join, relative, isAbsolute } from 'node:path';
|
|
13
21
|
import { minimatch } from 'minimatch';
|
|
22
|
+
const OVERRIDE_TTL_MS = 60_000; // 60 seconds
|
|
14
23
|
export class EnforcementEngine {
|
|
15
24
|
state;
|
|
16
25
|
activeRole;
|
|
26
|
+
pendingOverrides = new Map();
|
|
17
27
|
constructor(state, activeRole) {
|
|
18
28
|
this.state = state;
|
|
19
29
|
this.activeRole = activeRole;
|
|
@@ -42,15 +52,19 @@ export class EnforcementEngine {
|
|
|
42
52
|
immutable: true,
|
|
43
53
|
};
|
|
44
54
|
}
|
|
45
|
-
// 2. Governance-level read_only paths
|
|
55
|
+
// 2. Governance-level read_only paths — but writable overrides read_only.
|
|
56
|
+
// A path in both writable and read_only is writable (explicit grant wins).
|
|
46
57
|
const readOnly = this.boundaries.read_only;
|
|
58
|
+
const writable = this.boundaries.writable;
|
|
47
59
|
if (readOnly && this.matchesAny(relPath, readOnly)) {
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
60
|
+
if (!writable || !this.matchesAny(relPath, writable)) {
|
|
61
|
+
return {
|
|
62
|
+
allowed: false,
|
|
63
|
+
reason: `Path "${relPath}" is read-only per governance policy.`,
|
|
64
|
+
policy_ref: 'governance.json > permissions > boundaries > read_only',
|
|
65
|
+
immutable: false,
|
|
66
|
+
};
|
|
67
|
+
}
|
|
54
68
|
}
|
|
55
69
|
// 3. Role excluded paths
|
|
56
70
|
if (this.activeRole.excluded_paths.length > 0 &&
|
|
@@ -77,7 +91,6 @@ export class EnforcementEngine {
|
|
|
77
91
|
}
|
|
78
92
|
}
|
|
79
93
|
// 5. Governance-level writable whitelist (if defined, path must match)
|
|
80
|
-
const writable = this.boundaries.writable;
|
|
81
94
|
if (writable && writable.length > 0 && !this.matchesAny(relPath, writable)) {
|
|
82
95
|
return {
|
|
83
96
|
allowed: false,
|
|
@@ -129,7 +142,6 @@ export class EnforcementEngine {
|
|
|
129
142
|
// ─── Content Scanning ─────────────────────────────────────────────────────
|
|
130
143
|
/**
|
|
131
144
|
* Scan proposed file content for sensitive patterns.
|
|
132
|
-
* Uses governance.permissions.sensitive_patterns when present.
|
|
133
145
|
*/
|
|
134
146
|
scanContent(content, targetPath) {
|
|
135
147
|
const patterns = this.state.governance.permissions?.sensitive_patterns;
|
|
@@ -153,7 +165,6 @@ export class EnforcementEngine {
|
|
|
153
165
|
// ─── Cross-Domain Validation ──────────────────────────────────────────────
|
|
154
166
|
/**
|
|
155
167
|
* Validate that a cross-domain import respects boundaries.
|
|
156
|
-
* Uses governance.cross_domain_rules when present (extension field).
|
|
157
168
|
*/
|
|
158
169
|
validateCrossDomain(sourcePath, importPath) {
|
|
159
170
|
const rules = this.state.governance.cross_domain_rules;
|
|
@@ -164,11 +175,9 @@ export class EnforcementEngine {
|
|
|
164
175
|
return { allowed: true };
|
|
165
176
|
const sourceDomain = this.getDomain(sourcePath, domains);
|
|
166
177
|
const importDomain = this.getDomain(importPath, domains);
|
|
167
|
-
// Same domain or can't determine — allow
|
|
168
178
|
if (!sourceDomain || !importDomain || sourceDomain === importDomain) {
|
|
169
179
|
return { allowed: true };
|
|
170
180
|
}
|
|
171
|
-
// Cross-domain — must go through shared interfaces
|
|
172
181
|
if (!importPath.includes(rules.shared_interfaces_path)) {
|
|
173
182
|
return {
|
|
174
183
|
allowed: false,
|
|
@@ -193,6 +202,49 @@ export class EnforcementEngine {
|
|
|
193
202
|
isImmutable,
|
|
194
203
|
};
|
|
195
204
|
}
|
|
205
|
+
/**
|
|
206
|
+
* Create a pending override token for a blocked action.
|
|
207
|
+
* The token is single-use and expires after 60 seconds.
|
|
208
|
+
* Returns null if the policy is immutable or override behavior is block_and_log.
|
|
209
|
+
*/
|
|
210
|
+
createOverrideToken(operation, path, reason, policyRef, content) {
|
|
211
|
+
const { behavior, isImmutable } = this.getOverrideBehavior(policyRef);
|
|
212
|
+
// Immutable policies and block_and_log cannot be overridden
|
|
213
|
+
if (isImmutable || behavior === 'block_and_log') {
|
|
214
|
+
return null;
|
|
215
|
+
}
|
|
216
|
+
// Clean up expired tokens
|
|
217
|
+
this.cleanExpiredTokens();
|
|
218
|
+
const token = randomBytes(16).toString('hex');
|
|
219
|
+
this.pendingOverrides.set(token, {
|
|
220
|
+
token,
|
|
221
|
+
operation,
|
|
222
|
+
path,
|
|
223
|
+
content,
|
|
224
|
+
reason,
|
|
225
|
+
policy_ref: policyRef,
|
|
226
|
+
created_at: Date.now(),
|
|
227
|
+
});
|
|
228
|
+
return token;
|
|
229
|
+
}
|
|
230
|
+
/**
|
|
231
|
+
* Validate and consume an override token.
|
|
232
|
+
* Returns the pending override if the token is valid and not expired.
|
|
233
|
+
* The token is consumed (deleted) after use — single-use only.
|
|
234
|
+
*/
|
|
235
|
+
consumeOverrideToken(token) {
|
|
236
|
+
const pending = this.pendingOverrides.get(token);
|
|
237
|
+
if (!pending)
|
|
238
|
+
return null;
|
|
239
|
+
// Check expiration
|
|
240
|
+
if (Date.now() - pending.created_at > OVERRIDE_TTL_MS) {
|
|
241
|
+
this.pendingOverrides.delete(token);
|
|
242
|
+
return null;
|
|
243
|
+
}
|
|
244
|
+
// Consume — single use
|
|
245
|
+
this.pendingOverrides.delete(token);
|
|
246
|
+
return pending;
|
|
247
|
+
}
|
|
196
248
|
/**
|
|
197
249
|
* Log an override to the append-only overrides.jsonl file.
|
|
198
250
|
*/
|
|
@@ -205,7 +257,6 @@ export class EnforcementEngine {
|
|
|
205
257
|
// ─── Quality Gates ────────────────────────────────────────────────────────
|
|
206
258
|
/**
|
|
207
259
|
* Build the list of commands to run for quality gate validation.
|
|
208
|
-
* Maps pre_commit booleans to build_commands from constitution or governance.
|
|
209
260
|
*/
|
|
210
261
|
getQualityGateCommands() {
|
|
211
262
|
const gates = this.state.governance.quality_gate?.pre_commit;
|
|
@@ -224,7 +275,6 @@ export class EnforcementEngine {
|
|
|
224
275
|
if (gates.must_pass_typecheck && commands.typecheck) {
|
|
225
276
|
result.push({ name: 'typecheck', command: commands.typecheck });
|
|
226
277
|
}
|
|
227
|
-
// Custom checks from quality gate
|
|
228
278
|
if (gates.custom_checks) {
|
|
229
279
|
for (const check of gates.custom_checks) {
|
|
230
280
|
result.push({ name: check.name, command: check.command });
|
|
@@ -235,14 +285,20 @@ export class EnforcementEngine {
|
|
|
235
285
|
// ─── Private Helpers ──────────────────────────────────────────────────────
|
|
236
286
|
/**
|
|
237
287
|
* Safely access permissions.boundaries — returns empty object if missing.
|
|
238
|
-
* Handles governance files that don't have the skeleton boundaries field.
|
|
239
288
|
*/
|
|
240
289
|
get boundaries() {
|
|
241
290
|
return this.state.governance.permissions?.boundaries ?? {};
|
|
242
291
|
}
|
|
292
|
+
cleanExpiredTokens() {
|
|
293
|
+
const now = Date.now();
|
|
294
|
+
for (const [token, pending] of this.pendingOverrides) {
|
|
295
|
+
if (now - pending.created_at > OVERRIDE_TTL_MS) {
|
|
296
|
+
this.pendingOverrides.delete(token);
|
|
297
|
+
}
|
|
298
|
+
}
|
|
299
|
+
}
|
|
243
300
|
matchesAny(path, patterns) {
|
|
244
301
|
return patterns.some((pattern) => {
|
|
245
|
-
// Normalize: "compliance/" should match "compliance/src/index.ts"
|
|
246
302
|
const normalized = pattern.endsWith('/')
|
|
247
303
|
? pattern + '**'
|
|
248
304
|
: pattern;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"enforcement-engine.js","sourceRoot":"","sources":["../../src/services/enforcement-engine.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"enforcement-engine.js","sourceRoot":"","sources":["../../src/services/enforcement-engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAChE,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAqBtC,MAAM,eAAe,GAAG,MAAM,CAAC,CAAC,aAAa;AAE7C,MAAM,OAAO,iBAAiB;IAIlB;IACA;IAJF,gBAAgB,GAAG,IAAI,GAAG,EAA2B,CAAC;IAE9D,YACU,KAAkB,EAClB,UAAwB;QADxB,UAAK,GAAL,KAAK,CAAa;QAClB,eAAU,GAAV,UAAU,CAAc;IAC/B,CAAC;IAEJ;;OAEG;IACH,WAAW,CAAC,KAAkB,EAAE,IAAkB;QAChD,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;IACzB,CAAC;IAED,6EAA6E;IAE7E;;;OAGG;IACH,aAAa,CAAC,UAAkB;QAC9B,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;QAEhD,yDAAyD;QACzD,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;QAC5C,IAAI,SAAS,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,SAAS,CAAC,EAAE,CAAC;YACrD,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,SAAS,OAAO,uEAAuE;gBAC/F,UAAU,EAAE,wDAAwD;gBACpE,SAAS,EAAE,IAAI;aAChB,CAAC;QACJ,CAAC;QAED,0EAA0E;QAC1E,8EAA8E;QAC9E,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;QAC3C,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;QAC1C,IAAI,QAAQ,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC;YACnD,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC;gBACrD,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,SAAS,OAAO,uCAAuC;oBAC/D,UAAU,EAAE,wDAAwD;oBACpE,SAAS,EAAE,KAAK;iBACjB,CAAC;YACJ,CAAC;QACH,CAAC;QAED,yBAAyB;QACzB,IAAI,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC;YACzC,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;YAC7D,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,SAAS,OAAO,2BAA2B,IAAI,CAAC,UAAU,CAAC,EAAE,IAAI;gBACzE,UAAU,EAAE,SAAS,IAAI,CAAC,UAAU,CAAC,EAAE,gCAAgC;gBACvE,SAAS,EAAE,KAAK;aACjB,CAAC;QACJ,CAAC;QAED,wEAAwE;QACxE,IAAI,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;YAC5E,MAAM,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC;gBAC5D,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;YAE5D,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,EAAE,CAAC;gBAChC,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,SAAS,OAAO,4CAA4C,IAAI,CAAC,UAAU,CAAC,EAAE,IAAI;oBAC1F,UAAU,EAAE,SAAS,IAAI,CAAC,UAAU,CAAC,EAAE,eAAe;oBACtD,SAAS,EAAE,KAAK;iBACjB,CAAC;YACJ,CAAC;QACH,CAAC;QAED,uEAAuE;QACvE,IAAI,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC;YAC3E,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,SAAS,OAAO,2CAA2C;gBACnE,UAAU,EAAE,uDAAuD;gBACnE,SAAS,EAAE,KAAK;aACjB,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,6EAA6E;IAE7E;;OAEG;IACH,YAAY,CAAC,UAAkB;QAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;QAEhD,6BAA6B;QAC7B,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;QAC5C,IAAI,SAAS,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,SAAS,CAAC,EAAE,CAAC;YACrD,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,SAAS,OAAO,2DAA2D;gBACnF,UAAU,EAAE,wDAAwD;gBACpE,SAAS,EAAE,IAAI;aAChB,CAAC;QACJ,CAAC;QAED,sCAAsC;QACtC,IAAI,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC;YACzC,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;YAC7D,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,SAAS,OAAO,2BAA2B,IAAI,CAAC,UAAU,CAAC,EAAE,IAAI;gBACzE,UAAU,EAAE,SAAS,IAAI,CAAC,UAAU,CAAC,EAAE,gCAAgC;gBACvE,SAAS,EAAE,KAAK;aACjB,CAAC;QACJ,CAAC;QAED,+CAA+C;QAC/C,IAAI,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC;YACzC,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;YAC9D,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,SAAS,OAAO,4CAA4C,IAAI,CAAC,UAAU,CAAC,EAAE,IAAI;gBAC1F,UAAU,EAAE,SAAS,IAAI,CAAC,UAAU,CAAC,EAAE,sBAAsB;gBAC7D,SAAS,EAAE,KAAK;aACjB,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,6EAA6E;IAE7E;;OAEG;IACH,WAAW,CAAC,OAAe,EAAE,UAAkB;QAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,WAAW,EAAE,kBAAkB,CAAC;QACvE,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAEjE,KAAK,MAAM,EAAE,IAAI,QAAQ,EAAE,CAAC;YAC1B,MAAM,KAAK,GAAG,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC;YAC9C,IAAI,CAAC,KAAK;gBAAE,SAAS;YAErB,IAAI,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACxB,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,gBAAgB,UAAU,mCAAmC,EAAE,CAAC,MAAM,EAAE;oBAChF,UAAU,EAAE,oDAAoD;oBAChE,SAAS,EAAE,KAAK;iBACjB,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,6EAA6E;IAE7E;;OAEG;IACH,mBAAmB,CAAC,UAAkB,EAAE,UAAkB;QACxD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,kBAAkB,CAAC;QACvD,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,sBAAsB;YAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAEtE,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC;QACxD,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAE/D,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACzD,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAEzD,IAAI,CAAC,YAAY,IAAI,CAAC,YAAY,IAAI,YAAY,KAAK,YAAY,EAAE,CAAC;YACpE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3B,CAAC;QAED,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,sBAAsB,CAAC,EAAE,CAAC;YACvD,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,6BAA6B,YAAY,SAAS,YAAY,sBAAsB,KAAK,CAAC,sBAAsB,wBAAwB,UAAU,mBAAmB;gBAC7K,UAAU,EAAE,sCAAsC;gBAClD,SAAS,EAAE,KAAK;aACjB,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,6EAA6E;IAE7E;;OAEG;IACH,mBAAmB,CAAC,SAAiB;QAInC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,iBAAiB,CAAC;QACzD,MAAM,QAAQ,GAAG,QAAQ,EAAE,QAAQ,IAAI,sBAAsB,CAAC;QAC9D,MAAM,SAAS,GAAG,QAAQ,EAAE,kBAAkB,IAAI,EAAE,CAAC;QAErD,MAAM,WAAW,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QAEjE,OAAO;YACL,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,QAAQ;YAClD,WAAW;SACZ,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACH,mBAAmB,CACjB,SAAsC,EACtC,IAAY,EACZ,MAAc,EACd,SAAiB,EACjB,OAAgB;QAEhB,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC;QAEtE,4DAA4D;QAC5D,IAAI,WAAW,IAAI,QAAQ,KAAK,eAAe,EAAE,CAAC;YAChD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,0BAA0B;QAC1B,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAE1B,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC9C,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,KAAK,EAAE;YAC/B,KAAK;YACL,SAAS;YACT,IAAI;YACJ,OAAO;YACP,MAAM;YACN,UAAU,EAAE,SAAS;YACrB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;SACvB,CAAC,CAAC;QAEH,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;OAIG;IACH,oBAAoB,CAAC,KAAa;QAChC,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACjD,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC;QAE1B,mBAAmB;QACnB,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,UAAU,GAAG,eAAe,EAAE,CAAC;YACtD,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACpC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,uBAAuB;QACvB,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACpC,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,KAAuB;QACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,OAAO,EAAE,iBAAiB,CAAC,CAAC;QACvE,MAAM,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACnD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;QAC1C,MAAM,UAAU,CAAC,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IAC3C,CAAC;IAED,6EAA6E;IAE7E;;OAEG;IACH,sBAAsB;QACpB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,YAAY,EAAE,UAAU,CAAC;QAC7D,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,cAAc;YACtC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,cAAc;YACpC,EAAE,CAAC;QAEpB,MAAM,MAAM,GAA6C,EAAE,CAAC;QAE5D,IAAI,CAAC,KAAK;YAAE,OAAO,MAAM,CAAC;QAE1B,IAAI,KAAK,CAAC,eAAe,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC;YAC3C,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;QACzD,CAAC;QACD,IAAI,KAAK,CAAC,cAAc,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC;YAC1C,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;QACD,IAAI,KAAK,CAAC,mBAAmB,IAAI,QAAQ,CAAC,SAAS,EAAE,CAAC;YACpD,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,CAAC,SAAS,EAAE,CAAC,CAAC;QAClE,CAAC;QAED,IAAI,KAAK,CAAC,aAAa,EAAE,CAAC;YACxB,KAAK,MAAM,KAAK,IAAI,KAAK,CAAC,aAAa,EAAE,CAAC;gBACxC,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC5D,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,6EAA6E;IAE7E;;OAEG;IACH,IAAY,UAAU;QACpB,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,WAAW,EAAE,UAAU,IAAI,EAAE,CAAC;IAC7D,CAAC;IAEO,kBAAkB;QACxB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,KAAK,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACrD,IAAI,GAAG,GAAG,OAAO,CAAC,UAAU,GAAG,eAAe,EAAE,CAAC;gBAC/C,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACtC,CAAC;QACH,CAAC;IACH,CAAC;IAEO,UAAU,CAAC,IAAY,EAAE,QAAkB;QACjD,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;YAC/B,MAAM,UAAU,GAAG,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;gBACtC,CAAC,CAAC,OAAO,GAAG,IAAI;gBAChB,CAAC,CAAC,OAAO,CAAC;YACZ,OAAO,SAAS,CAAC,IAAI,EAAE,UAAU,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,cAAc,CAAC,UAAkB;QACvC,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3B,OAAO,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QACtD,CAAC;QACD,OAAO,UAAU,CAAC;IACpB,CAAC;IAEO,SAAS,CACf,QAAgB,EAChB,OAA8C;QAE9C,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YAClD,IAAI,QAAQ,CAAC,UAAU,CAAC,UAAU,GAAG,GAAG,CAAC,IAAI,QAAQ,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC7E,OAAO,MAAM,CAAC,IAAI,CAAC;YACrB,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,cAAc,CAAC,OAAe;QACpC,IAAI,CAAC;YACH,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QACnC,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,GAAG,CAAC,wCAAwC,OAAO,EAAE,CAAC,CAAC;YAC5D,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAEO,GAAG,CAAC,OAAe;QACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,OAAO,IAAI,CAAC,CAAC;IACvD,CAAC;CACF"}
|
|
@@ -1,27 +1,32 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Governed File Tools — MCP tool registrations for file operations.
|
|
3
3
|
*
|
|
4
|
-
* These are the tools agents call instead of raw file system access.
|
|
5
|
-
* Every call is validated against the loaded policy before execution.
|
|
6
|
-
* The agent never sees the policy — only the verdict.
|
|
7
|
-
*
|
|
8
4
|
* GOVERNANCE MODEL: The Aegis MCP does not override the agent's native
|
|
9
5
|
* directives. It introduces itself, explains why governance is active,
|
|
10
6
|
* identifies which operations benefit from compliance validation, and
|
|
11
7
|
* asks the agent to seek user permission to route governed operations
|
|
12
8
|
* through Aegis tools. The user's authority is the enforcement mechanism.
|
|
13
9
|
*
|
|
10
|
+
* OVERRIDE HANDSHAKE: When a write/delete is blocked and the override
|
|
11
|
+
* protocol allows overrides (warn_confirm_and_log), the blocked response
|
|
12
|
+
* includes an override_token. The agent presents the violation to the
|
|
13
|
+
* human. If the human confirms, the agent calls aegis_request_override
|
|
14
|
+
* with the token. The action proceeds and is logged with human_confirmed: true.
|
|
15
|
+
* The token is single-use and expires after 60 seconds.
|
|
16
|
+
* Immutable policies cannot be overridden.
|
|
17
|
+
*
|
|
14
18
|
* LOGGING: Every denied action is logged to overrides.jsonl by the server
|
|
15
19
|
* process — no agent involvement required.
|
|
16
20
|
*
|
|
17
21
|
* Tools:
|
|
18
|
-
* aegis_check_permissions
|
|
19
|
-
* aegis_write_file
|
|
20
|
-
* aegis_read_file
|
|
21
|
-
* aegis_delete_file
|
|
22
|
-
* aegis_execute
|
|
23
|
-
* aegis_complete_task
|
|
24
|
-
* aegis_policy_summary
|
|
22
|
+
* aegis_check_permissions — Pre-check before writing
|
|
23
|
+
* aegis_write_file — Governed write with path + content validation
|
|
24
|
+
* aegis_read_file — Governed read with path validation
|
|
25
|
+
* aegis_delete_file — Governed delete (uses write permissions)
|
|
26
|
+
* aegis_execute — Governed command execution
|
|
27
|
+
* aegis_complete_task — Task completion with quality gate validation
|
|
28
|
+
* aegis_policy_summary — Minimal role/permissions summary
|
|
29
|
+
* aegis_request_override — Consume an override token after human confirmation
|
|
25
30
|
*/
|
|
26
31
|
import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
|
|
27
32
|
import type { EnforcementEngine } from '../services/enforcement-engine.js';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"file-tools.d.ts","sourceRoot":"","sources":["../../src/tools/file-tools.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"file-tools.d.ts","sourceRoot":"","sources":["../../src/tools/file-tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AAKH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEzE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mCAAmC,CAAC;AAC3E,OAAO,KAAK,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAM7D,wBAAgB,aAAa,CAC3B,MAAM,EAAE,SAAS,EACjB,SAAS,EAAE,MAAM,iBAAiB,EAClC,QAAQ,EAAE,MAAM,WAAW,EAC3B,OAAO,EAAE,MAAM,YAAY,GAC1B,IAAI,CA4hBN"}
|