airlock-bot 0.2.18 → 0.2.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/allowlist/engine.d.ts.map +1 -1
- package/dist/allowlist/engine.js +13 -7
- package/dist/allowlist/engine.js.map +1 -1
- package/dist/allowlist/pattern.d.ts +14 -0
- package/dist/allowlist/pattern.d.ts.map +1 -1
- package/dist/allowlist/pattern.js +33 -5
- package/dist/allowlist/pattern.js.map +1 -1
- package/dist/gateway.d.ts.map +1 -1
- package/dist/gateway.js +8 -0
- package/dist/gateway.js.map +1 -1
- package/dist/hook/api.d.ts +14 -0
- package/dist/hook/api.d.ts.map +1 -0
- package/dist/hook/api.js +74 -0
- package/dist/hook/api.js.map +1 -0
- package/dist/hook/normalizer.d.ts +26 -0
- package/dist/hook/normalizer.d.ts.map +1 -0
- package/dist/hook/normalizer.js +84 -0
- package/dist/hook/normalizer.js.map +1 -0
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../../src/allowlist/engine.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAEvD,MAAM,MAAM,QAAQ,GAAG,OAAO,GAAG,KAAK,GAAG,MAAM,CAAC;AAEhD,qBAAa,eAAe;IACd,OAAO,CAAC,MAAM;gBAAN,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC;IAEvD,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAAG,IAAI;IAIjD,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,QAAQ;
|
|
1
|
+
{"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../../src/allowlist/engine.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAEvD,MAAM,MAAM,QAAQ,GAAG,OAAO,GAAG,KAAK,GAAG,MAAM,CAAC;AAEhD,qBAAa,eAAe;IACd,OAAO,CAAC,MAAM;gBAAN,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC;IAEvD,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAAG,IAAI;IAIjD,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,QAAQ;CAkBtD"}
|
package/dist/allowlist/engine.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { bestSpecificity } from './pattern.js';
|
|
2
2
|
export class AllowlistEngine {
|
|
3
3
|
agents;
|
|
4
4
|
constructor(agents) {
|
|
@@ -11,14 +11,20 @@ export class AllowlistEngine {
|
|
|
11
11
|
const agent = this.agents[agentId];
|
|
12
12
|
if (!agent)
|
|
13
13
|
return 'deny';
|
|
14
|
-
//
|
|
15
|
-
|
|
14
|
+
// Pure specificity: most specific matching pattern wins across all tiers.
|
|
15
|
+
// Ties break deny > ask > allow (more restrictive wins).
|
|
16
|
+
const denySpec = bestSpecificity(agent.deny, toolName);
|
|
17
|
+
const askSpec = bestSpecificity(agent.ask, toolName);
|
|
18
|
+
const allowSpec = bestSpecificity(agent.allow, toolName);
|
|
19
|
+
const best = Math.max(denySpec, askSpec, allowSpec);
|
|
20
|
+
if (best < 0)
|
|
21
|
+
return 'deny'; // no match, fail-closed
|
|
22
|
+
// Tiebreaker order: deny > ask > allow
|
|
23
|
+
if (denySpec === best)
|
|
16
24
|
return 'deny';
|
|
17
|
-
if (
|
|
25
|
+
if (askSpec === best)
|
|
18
26
|
return 'ask';
|
|
19
|
-
|
|
20
|
-
return 'allow';
|
|
21
|
-
return 'deny'; // fail-closed
|
|
27
|
+
return 'allow';
|
|
22
28
|
}
|
|
23
29
|
}
|
|
24
30
|
//# sourceMappingURL=engine.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"engine.js","sourceRoot":"","sources":["../../src/allowlist/engine.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"engine.js","sourceRoot":"","sources":["../../src/allowlist/engine.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAK/C,MAAM,OAAO,eAAe;IACN;IAApB,YAAoB,MAAmC;QAAnC,WAAM,GAAN,MAAM,CAA6B;IAAG,CAAC;IAE3D,MAAM,CAAC,MAAmC;QACxC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,QAAQ,CAAC,OAAe,EAAE,QAAgB;QACxC,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACnC,IAAI,CAAC,KAAK;YAAE,OAAO,MAAM,CAAC;QAE1B,0EAA0E;QAC1E,yDAAyD;QACzD,MAAM,QAAQ,GAAG,eAAe,CAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QACvD,MAAM,OAAO,GAAG,eAAe,CAAC,KAAK,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QACrD,MAAM,SAAS,GAAG,eAAe,CAAC,KAAK,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QAEzD,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;QACpD,IAAI,IAAI,GAAG,CAAC;YAAE,OAAO,MAAM,CAAC,CAAC,wBAAwB;QAErD,uCAAuC;QACvC,IAAI,QAAQ,KAAK,IAAI;YAAE,OAAO,MAAM,CAAC;QACrC,IAAI,OAAO,KAAK,IAAI;YAAE,OAAO,KAAK,CAAC;QACnC,OAAO,OAAO,CAAC;IACjB,CAAC;CACF"}
|
|
@@ -5,6 +5,20 @@
|
|
|
5
5
|
* - Wildcard suffix: "github/*" matches "github/create_pr" but NOT "github2/foo"
|
|
6
6
|
*/
|
|
7
7
|
export declare function matches(pattern: string, toolName: string): boolean;
|
|
8
|
+
/**
|
|
9
|
+
* Return the specificity of a pattern match, or -1 if no match.
|
|
10
|
+
* Higher values = more specific. Used to resolve conflicts between
|
|
11
|
+
* ask and allow tiers — the most specific matching pattern wins.
|
|
12
|
+
*
|
|
13
|
+
* Exact match: pattern.length + 1 (always beats wildcards of same length)
|
|
14
|
+
* Wildcard: length of the non-wildcard prefix
|
|
15
|
+
* No match: -1
|
|
16
|
+
*/
|
|
17
|
+
export declare function specificity(pattern: string, toolName: string): number;
|
|
18
|
+
/**
|
|
19
|
+
* Find the highest specificity among all matching patterns, or -1 if none match.
|
|
20
|
+
*/
|
|
21
|
+
export declare function bestSpecificity(patterns: string[], toolName: string): number;
|
|
8
22
|
/**
|
|
9
23
|
* Match a command string against a pattern.
|
|
10
24
|
* Supports glob-style prefix matching with '*'.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"pattern.d.ts","sourceRoot":"","sources":["../../src/allowlist/pattern.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,wBAAgB,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,
|
|
1
|
+
{"version":3,"file":"pattern.d.ts","sourceRoot":"","sources":["../../src/allowlist/pattern.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,wBAAgB,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAElE;AAED;;;;;;;;GAQG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,CAkBrE;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,CAO5E;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAMxE"}
|
|
@@ -5,18 +5,46 @@
|
|
|
5
5
|
* - Wildcard suffix: "github/*" matches "github/create_pr" but NOT "github2/foo"
|
|
6
6
|
*/
|
|
7
7
|
export function matches(pattern, toolName) {
|
|
8
|
+
return specificity(pattern, toolName) >= 0;
|
|
9
|
+
}
|
|
10
|
+
/**
|
|
11
|
+
* Return the specificity of a pattern match, or -1 if no match.
|
|
12
|
+
* Higher values = more specific. Used to resolve conflicts between
|
|
13
|
+
* ask and allow tiers — the most specific matching pattern wins.
|
|
14
|
+
*
|
|
15
|
+
* Exact match: pattern.length + 1 (always beats wildcards of same length)
|
|
16
|
+
* Wildcard: length of the non-wildcard prefix
|
|
17
|
+
* No match: -1
|
|
18
|
+
*/
|
|
19
|
+
export function specificity(pattern, toolName) {
|
|
8
20
|
if (pattern === toolName)
|
|
9
|
-
return
|
|
21
|
+
return pattern.length + 1;
|
|
10
22
|
if (pattern.endsWith('/*')) {
|
|
11
23
|
const prefix = pattern.slice(0, -1); // "github/"
|
|
12
|
-
|
|
24
|
+
if (toolName.startsWith(prefix) && !toolName.slice(prefix.length).includes('/')) {
|
|
25
|
+
return prefix.length;
|
|
26
|
+
}
|
|
27
|
+
return -1;
|
|
13
28
|
}
|
|
14
29
|
if (pattern.endsWith('*')) {
|
|
15
|
-
// e.g. "git*" — simple prefix match, but must stay within same namespace
|
|
16
30
|
const prefix = pattern.slice(0, -1);
|
|
17
|
-
|
|
31
|
+
if (toolName.startsWith(prefix))
|
|
32
|
+
return prefix.length;
|
|
33
|
+
return -1;
|
|
18
34
|
}
|
|
19
|
-
return
|
|
35
|
+
return -1;
|
|
36
|
+
}
|
|
37
|
+
/**
|
|
38
|
+
* Find the highest specificity among all matching patterns, or -1 if none match.
|
|
39
|
+
*/
|
|
40
|
+
export function bestSpecificity(patterns, toolName) {
|
|
41
|
+
let best = -1;
|
|
42
|
+
for (const p of patterns) {
|
|
43
|
+
const s = specificity(p, toolName);
|
|
44
|
+
if (s > best)
|
|
45
|
+
best = s;
|
|
46
|
+
}
|
|
47
|
+
return best;
|
|
20
48
|
}
|
|
21
49
|
/**
|
|
22
50
|
* Match a command string against a pattern.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"pattern.js","sourceRoot":"","sources":["../../src/allowlist/pattern.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,MAAM,UAAU,OAAO,CAAC,OAAe,EAAE,QAAgB;IACvD,IAAI,OAAO,KAAK,QAAQ;QAAE,OAAO,
|
|
1
|
+
{"version":3,"file":"pattern.js","sourceRoot":"","sources":["../../src/allowlist/pattern.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,MAAM,UAAU,OAAO,CAAC,OAAe,EAAE,QAAgB;IACvD,OAAO,WAAW,CAAC,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;AAC7C,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,WAAW,CAAC,OAAe,EAAE,QAAgB;IAC3D,IAAI,OAAO,KAAK,QAAQ;QAAE,OAAO,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC;IAEpD,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3B,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY;QACjD,IAAI,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAChF,OAAO,MAAM,CAAC,MAAM,CAAC;QACvB,CAAC;QACD,OAAO,CAAC,CAAC,CAAC;IACZ,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACpC,IAAI,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC;YAAE,OAAO,MAAM,CAAC,MAAM,CAAC;QACtD,OAAO,CAAC,CAAC,CAAC;IACZ,CAAC;IAED,OAAO,CAAC,CAAC,CAAC;AACZ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,QAAkB,EAAE,QAAgB;IAClE,IAAI,IAAI,GAAG,CAAC,CAAC,CAAC;IACd,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,CAAC,GAAG,WAAW,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QACnC,IAAI,CAAC,GAAG,IAAI;YAAE,IAAI,GAAG,CAAC,CAAC;IACzB,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,OAAe,EAAE,OAAe;IAC7D,IAAI,OAAO,KAAK,OAAO;QAAE,OAAO,IAAI,CAAC;IACrC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,OAAO,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAClD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}
|
package/dist/gateway.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"gateway.d.ts","sourceRoot":"","sources":["../src/gateway.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"gateway.d.ts","sourceRoot":"","sources":["../src/gateway.ts"],"names":[],"mappings":"AAYA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AASjD,qBAAa,OAAO;IAWN,OAAO,CAAC,MAAM;IAV1B,OAAO,CAAC,IAAI,CAAc;IAC1B,OAAO,CAAC,QAAQ,CAAgB;IAChC,OAAO,CAAC,SAAS,CAAmB;IACpC,OAAO,CAAC,UAAU,CAAc;IAChC,OAAO,CAAC,WAAW,CAAe;IAClC,OAAO,CAAC,YAAY,CAAgB;IACpC,OAAO,CAAC,WAAW,CAAe;IAClC,OAAO,CAAC,GAAG,CAAmB;IAC9B,OAAO,CAAC,SAAS,CAAc;gBAEX,MAAM,EAAE,MAAM;IAE5B,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAqF5B,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,eAAe,GAAG,SAAS;IAkBtD,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAc9C,6DAA6D;IAC7D,gBAAgB,IAAI,IAAI;IAIlB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAU3B,+DAA+D;IAC/D,SAAS,IAAI,IAAI;CAGlB"}
|
package/dist/gateway.js
CHANGED
|
@@ -7,6 +7,7 @@ import { HitlBatcher } from './hitl/batcher.js';
|
|
|
7
7
|
import { AuditLogger } from './audit/logger.js';
|
|
8
8
|
import { hitlApiPlugin } from './hitl/api.js';
|
|
9
9
|
import { auditApiPlugin } from './audit/api.js';
|
|
10
|
+
import { hookApiPlugin } from './hook/api.js';
|
|
10
11
|
import { sseServerPlugin } from './transport/sse-server.js';
|
|
11
12
|
import { createHitlProvider } from './hitl/provider-factory.js';
|
|
12
13
|
import { getMcpConfigs } from './config/schema.js';
|
|
@@ -70,6 +71,13 @@ export class Gateway {
|
|
|
70
71
|
const secret = this.config.server.api_secret;
|
|
71
72
|
await this.app.register(hitlApiPlugin, { engine: this.hitlEngine, secret });
|
|
72
73
|
await this.app.register(auditApiPlugin, { auditLogger: this.auditLogger, secret });
|
|
74
|
+
await this.app.register(hookApiPlugin, {
|
|
75
|
+
allowlist: this.allowlist,
|
|
76
|
+
hitlEngine: this.hitlEngine,
|
|
77
|
+
hitlBatcher: this.hitlBatcher,
|
|
78
|
+
auditLogger: this.auditLogger,
|
|
79
|
+
secret,
|
|
80
|
+
});
|
|
73
81
|
await this.app.register(sseServerPlugin, {
|
|
74
82
|
getDeps: (agentId) => this.buildAgentDeps(agentId),
|
|
75
83
|
secret,
|
package/dist/gateway.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"gateway.js","sourceRoot":"","sources":["../src/gateway.ts"],"names":[],"mappings":"AAAA,OAAO,OAAO,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAI5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAE/C,MAAM,GAAG,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;AAEnC,MAAM,OAAO,OAAO;IAWE;IAVZ,IAAI,CAAc;IAClB,QAAQ,CAAgB;IACxB,SAAS,CAAmB;IAC5B,UAAU,CAAc;IACxB,WAAW,CAAe;IAC1B,YAAY,CAAgB;IAC5B,WAAW,CAAe;IAC1B,GAAG,CAAmB;IACtB,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE/B,YAAoB,MAAc;QAAd,WAAM,GAAN,MAAM,CAAQ;IAAG,CAAC;IAEtC,KAAK,CAAC,KAAK;QACT,GAAG,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QAErC,eAAe;QACf,IAAI,CAAC,WAAW,GAAG,IAAI,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACtD,IAAI,CAAC,WAAW,CAAC,iBAAiB,EAAE,CAAC;QAErC,qFAAqF;QACrF,IAAI,CAAC,WAAW,GAAG,IAAI,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QAE1E,MAAM,iBAAiB,GAAgB;YACrC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC;YAChD,IAAI,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC;SAC3D,CAAC;QAEF,IAAI,CAAC,YAAY,GAAG,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,QAAQ,EAAE,iBAAiB,CAAC,CAAC;QAE1F,IAAI,CAAC,UAAU,GAAG,IAAI,UAAU,CAC9B,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,UAAU,CACjC,CAAC;QAEF,0BAA0B;QAC1B,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,EAAE;YACnD,KAAK,IAAI,CAAC,YAAY;iBACnB,MAAM,CAAC,QAAQ,CAAC;iBAChB,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,uCAAuC,CAAC,CAAC,CAAC;QACjF,CAAC,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;QAC/B,MAAM,IAAI,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC;QAEvC,8DAA8D;QAC9D,MAAM,UAAU,GAAG,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACxD,IAAI,CAAC,IAAI,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC;QACvC,MAAM,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;QAE7B,yDAAyD;QACzD,MAAM,QAAQ,GAAG,aAAa,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QAEvD,uBAAuB;QACvB,IAAI,CAAC,SAAS,GAAG,IAAI,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACzD,IAAI,CAAC,QAAQ,GAAG,IAAI,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC/E,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;QAE9B,qEAAqE;QACrE,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,EAAE,EAAE,EAAE;YAC7B,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,4CAA4C,CAAC,CAAC;YAC/D,IAAI,CAAC,QAAQ;iBACV,OAAO,EAAE;iBACT,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,4CAA4C,CAAC,CAAC,CAAC;QACtF,CAAC,CAAC,CAAC;QAEH,cAAc;QACd,IAAI,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QAEtC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC;QAE7C,MAAM,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,CAAC,CAAC;QAC5E,MAAM,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,cAAc,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,CAAC,CAAC;QACnF,MAAM,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,eAAe,EAAE;YACvC,OAAO,EAAE,CAAC,OAAe,EAAE,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;YAC1D,MAAM;SACP,CAAC,CAAC;QAEH,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,GAAG,EAAE;YAC3B,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YAC1C,MAAM,gBAAgB,GAAG,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC,MAAM,CAAC;YAC7D,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC;YAChE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,gBAAgB,EAAE,MAAM,EAAE,CAAC;QAC/D,CAAC,CAAC,CAAC;QAEH,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;QAC1C,MAAM,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QACtC,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,2BAA2B,CAAC,CAAC;IACxD,CAAC;IAED,cAAc,CAAC,OAAe;QAC5B,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAChD,IAAI,CAAC,WAAW;YAAE,OAAO,SAAS,CAAC;QAEnC,OAAO;YACL,OAAO;YACP,WAAW;YACX,cAAc,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,WAAW;YAChE,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;SACrC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,SAAiB;QAC5B,GAAG,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QACrC,IAAI,CAAC,MAAM,GAAG,SAAS,CAAC;QACxB,MAAM,UAAU,GAAG,aAAa,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QACtD,MAAM,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACnC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACxC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QAC7C,4CAA4C;QAC5C,MAAM,QAAQ,GAAG,aAAa,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QACrD,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QACpC,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;QAC9B,GAAG,CAAC,IAAI,CAAC,4EAA4E,CAAC,CAAC;IACzF,CAAC;IAED,6DAA6D;IAC7D,gBAAgB;QACd,IAAI,CAAC,IAAI,EAAE,gBAAgB,EAAE,CAAC;IAChC,CAAC;IAED,KAAK,CAAC,IAAI;QACR,GAAG,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QACrC,IAAI,CAAC,IAAI,EAAE,gBAAgB,EAAE,CAAC;QAC9B,MAAM,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC;QACxB,MAAM,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC;QACxB,MAAM,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,CAAC;QAC/B,MAAM,IAAI,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC;QAChC,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,+DAA+D;IAC/D,SAAS;QACP,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,CAAC;IACzB,CAAC;CACF"}
|
|
1
|
+
{"version":3,"file":"gateway.js","sourceRoot":"","sources":["../src/gateway.ts"],"names":[],"mappings":"AAAA,OAAO,OAAO,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC9C,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAI5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAE/C,MAAM,GAAG,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;AAEnC,MAAM,OAAO,OAAO;IAWE;IAVZ,IAAI,CAAc;IAClB,QAAQ,CAAgB;IACxB,SAAS,CAAmB;IAC5B,UAAU,CAAc;IACxB,WAAW,CAAe;IAC1B,YAAY,CAAgB;IAC5B,WAAW,CAAe;IAC1B,GAAG,CAAmB;IACtB,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE/B,YAAoB,MAAc;QAAd,WAAM,GAAN,MAAM,CAAQ;IAAG,CAAC;IAEtC,KAAK,CAAC,KAAK;QACT,GAAG,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QAErC,eAAe;QACf,IAAI,CAAC,WAAW,GAAG,IAAI,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACtD,IAAI,CAAC,WAAW,CAAC,iBAAiB,EAAE,CAAC;QAErC,qFAAqF;QACrF,IAAI,CAAC,WAAW,GAAG,IAAI,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QAE1E,MAAM,iBAAiB,GAAgB;YACrC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC;YAChD,IAAI,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC;SAC3D,CAAC;QAEF,IAAI,CAAC,YAAY,GAAG,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,QAAQ,EAAE,iBAAiB,CAAC,CAAC;QAE1F,IAAI,CAAC,UAAU,GAAG,IAAI,UAAU,CAC9B,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,UAAU,CACjC,CAAC;QAEF,0BAA0B;QAC1B,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,EAAE;YACnD,KAAK,IAAI,CAAC,YAAY;iBACnB,MAAM,CAAC,QAAQ,CAAC;iBAChB,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,uCAAuC,CAAC,CAAC,CAAC;QACjF,CAAC,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;QAC/B,MAAM,IAAI,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC;QAEvC,8DAA8D;QAC9D,MAAM,UAAU,GAAG,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACxD,IAAI,CAAC,IAAI,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC;QACvC,MAAM,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;QAE7B,yDAAyD;QACzD,MAAM,QAAQ,GAAG,aAAa,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QAEvD,uBAAuB;QACvB,IAAI,CAAC,SAAS,GAAG,IAAI,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACzD,IAAI,CAAC,QAAQ,GAAG,IAAI,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC/E,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;QAE9B,qEAAqE;QACrE,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,EAAE,EAAE,EAAE;YAC7B,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,4CAA4C,CAAC,CAAC;YAC/D,IAAI,CAAC,QAAQ;iBACV,OAAO,EAAE;iBACT,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,4CAA4C,CAAC,CAAC,CAAC;QACtF,CAAC,CAAC,CAAC;QAEH,cAAc;QACd,IAAI,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QAEtC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC;QAE7C,MAAM,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,CAAC,CAAC;QAC5E,MAAM,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,cAAc,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,CAAC,CAAC;QACnF,MAAM,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,EAAE;YACrC,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,MAAM;SACP,CAAC,CAAC;QACH,MAAM,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,eAAe,EAAE;YACvC,OAAO,EAAE,CAAC,OAAe,EAAE,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;YAC1D,MAAM;SACP,CAAC,CAAC;QAEH,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,GAAG,EAAE;YAC3B,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YAC1C,MAAM,gBAAgB,GAAG,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC,MAAM,CAAC;YAC7D,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC;YAChE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,gBAAgB,EAAE,MAAM,EAAE,CAAC;QAC/D,CAAC,CAAC,CAAC;QAEH,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;QAC1C,MAAM,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QACtC,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,2BAA2B,CAAC,CAAC;IACxD,CAAC;IAED,cAAc,CAAC,OAAe;QAC5B,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAChD,IAAI,CAAC,WAAW;YAAE,OAAO,SAAS,CAAC;QAEnC,OAAO;YACL,OAAO;YACP,WAAW;YACX,cAAc,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,WAAW;YAChE,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;SACrC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,SAAiB;QAC5B,GAAG,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QACrC,IAAI,CAAC,MAAM,GAAG,SAAS,CAAC;QACxB,MAAM,UAAU,GAAG,aAAa,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QACtD,MAAM,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACnC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACxC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QAC7C,4CAA4C;QAC5C,MAAM,QAAQ,GAAG,aAAa,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QACrD,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QACpC,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;QAC9B,GAAG,CAAC,IAAI,CAAC,4EAA4E,CAAC,CAAC;IACzF,CAAC;IAED,6DAA6D;IAC7D,gBAAgB;QACd,IAAI,CAAC,IAAI,EAAE,gBAAgB,EAAE,CAAC;IAChC,CAAC;IAED,KAAK,CAAC,IAAI;QACR,GAAG,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QACrC,IAAI,CAAC,IAAI,EAAE,gBAAgB,EAAE,CAAC;QAC9B,MAAM,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC;QACxB,MAAM,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC;QACxB,MAAM,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,CAAC;QAC/B,MAAM,IAAI,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC;QAChC,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,+DAA+D;IAC/D,SAAS;QACP,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,CAAC;IACzB,CAAC;CACF"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import type { FastifyInstance } from 'fastify';
|
|
2
|
+
import type { AllowlistEngine } from '../allowlist/engine.js';
|
|
3
|
+
import type { HitlEngine } from '../hitl/engine.js';
|
|
4
|
+
import type { HitlBatcher } from '../hitl/batcher.js';
|
|
5
|
+
import type { AuditLogger } from '../audit/logger.js';
|
|
6
|
+
export interface HookApiOpts {
|
|
7
|
+
allowlist: AllowlistEngine;
|
|
8
|
+
hitlEngine: HitlEngine;
|
|
9
|
+
hitlBatcher: HitlBatcher;
|
|
10
|
+
auditLogger: AuditLogger;
|
|
11
|
+
secret?: string;
|
|
12
|
+
}
|
|
13
|
+
export declare function hookApiPlugin(app: FastifyInstance, opts: HookApiOpts): Promise<void>;
|
|
14
|
+
//# sourceMappingURL=api.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../../src/hook/api.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAC/C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAatD,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,eAAe,CAAC;IAC3B,UAAU,EAAE,UAAU,CAAC;IACvB,WAAW,EAAE,WAAW,CAAC;IACzB,WAAW,EAAE,WAAW,CAAC;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAWD,wBAAsB,aAAa,CAAC,GAAG,EAAE,eAAe,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CA2E1F"}
|
package/dist/hook/api.js
ADDED
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
import { timingSafeEqual } from 'crypto';
|
|
2
|
+
import { normalizeTool } from './normalizer.js';
|
|
3
|
+
import { childLogger } from '../util/logger.js';
|
|
4
|
+
const log = childLogger('hook-api');
|
|
5
|
+
function constantTimeEqual(a, b) {
|
|
6
|
+
const bufA = Buffer.from(a);
|
|
7
|
+
const bufB = Buffer.from(b);
|
|
8
|
+
if (bufA.length !== bufB.length)
|
|
9
|
+
return false;
|
|
10
|
+
return timingSafeEqual(bufA, bufB);
|
|
11
|
+
}
|
|
12
|
+
// eslint-disable-next-line @typescript-eslint/require-await
|
|
13
|
+
export async function hookApiPlugin(app, opts) {
|
|
14
|
+
const { allowlist, hitlEngine, hitlBatcher, auditLogger, secret } = opts;
|
|
15
|
+
app.addHook('preHandler', async (request, reply) => {
|
|
16
|
+
if (!secret)
|
|
17
|
+
return;
|
|
18
|
+
const auth = request.headers.authorization ?? '';
|
|
19
|
+
if (!constantTimeEqual(auth, `Bearer ${secret}`)) {
|
|
20
|
+
return reply.status(401).send({ error: 'Unauthorized' });
|
|
21
|
+
}
|
|
22
|
+
});
|
|
23
|
+
app.post('/hook', async (request, reply) => {
|
|
24
|
+
const body = request.body;
|
|
25
|
+
if (!body?.client || !body?.tool) {
|
|
26
|
+
return reply.status(400).send({ error: 'Missing required fields: client, tool' });
|
|
27
|
+
}
|
|
28
|
+
const { client, agent, tool, input = {}, session_id } = body;
|
|
29
|
+
// Explicit agent takes precedence, otherwise fall back to client name
|
|
30
|
+
const agentId = agent ?? client;
|
|
31
|
+
const normalized = normalizeTool(client, tool, input);
|
|
32
|
+
log.info({ client, agent: agentId, tool, normalized: normalized.name, session_id }, 'Hook evaluation request');
|
|
33
|
+
const decision = allowlist.evaluate(agentId, normalized.name);
|
|
34
|
+
// Log to audit
|
|
35
|
+
auditLogger.log({
|
|
36
|
+
agent_id: agentId,
|
|
37
|
+
tool: normalized.name,
|
|
38
|
+
args: JSON.stringify(input),
|
|
39
|
+
result: `hook_${decision}`,
|
|
40
|
+
});
|
|
41
|
+
if (decision === 'allow') {
|
|
42
|
+
return reply.send({ decision: 'allow', tool: normalized.name });
|
|
43
|
+
}
|
|
44
|
+
if (decision === 'deny') {
|
|
45
|
+
return reply.send({
|
|
46
|
+
decision: 'deny',
|
|
47
|
+
tool: normalized.name,
|
|
48
|
+
reason: 'Tool not allowed by policy',
|
|
49
|
+
});
|
|
50
|
+
}
|
|
51
|
+
// decision === 'ask' — create HITL ticket and long-poll
|
|
52
|
+
const ticket = hitlEngine.create({
|
|
53
|
+
agentId,
|
|
54
|
+
tool: normalized.name,
|
|
55
|
+
args: input,
|
|
56
|
+
});
|
|
57
|
+
hitlBatcher.add({
|
|
58
|
+
id: ticket.id,
|
|
59
|
+
code: ticket.code,
|
|
60
|
+
agentId,
|
|
61
|
+
tool: normalized.name,
|
|
62
|
+
args: input,
|
|
63
|
+
timeoutMs: hitlEngine.timeoutMs,
|
|
64
|
+
});
|
|
65
|
+
log.info({ ticket: ticket.id, code: ticket.code }, 'Hook waiting for HITL approval');
|
|
66
|
+
const result = await ticket.result;
|
|
67
|
+
if (result === 'approved') {
|
|
68
|
+
return reply.send({ decision: 'allow', tool: normalized.name });
|
|
69
|
+
}
|
|
70
|
+
const reason = result === 'timeout' ? 'Approval timed out' : 'Denied by operator';
|
|
71
|
+
return reply.send({ decision: 'deny', tool: normalized.name, reason });
|
|
72
|
+
});
|
|
73
|
+
}
|
|
74
|
+
//# sourceMappingURL=api.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"api.js","sourceRoot":"","sources":["../../src/hook/api.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AAMzC,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,MAAM,GAAG,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC;AAEpC,SAAS,iBAAiB,CAAC,CAAS,EAAE,CAAS;IAC7C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC5B,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC5B,IAAI,IAAI,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC9C,OAAO,eAAe,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;AACrC,CAAC;AAkBD,4DAA4D;AAC5D,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,GAAoB,EAAE,IAAiB;IACzE,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IAEzE,GAAG,CAAC,OAAO,CAAC,YAAY,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACjD,IAAI,CAAC,MAAM;YAAE,OAAO;QACpB,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,IAAI,EAAE,CAAC;QACjD,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,UAAU,MAAM,EAAE,CAAC,EAAE,CAAC;YACjD,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACzC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAmC,CAAC;QAEzD,IAAI,CAAC,IAAI,EAAE,MAAM,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC;YACjC,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uCAAuC,EAAE,CAAC,CAAC;QACpF,CAAC;QAED,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,GAAG,EAAE,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC;QAE7D,sEAAsE;QACtE,MAAM,OAAO,GAAG,KAAK,IAAI,MAAM,CAAC;QAChC,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;QAEtD,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,UAAU,CAAC,IAAI,EAAE,UAAU,EAAE,EAAE,yBAAyB,CAAC,CAAC;QAE/G,MAAM,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC;QAE9D,eAAe;QACf,WAAW,CAAC,GAAG,CAAC;YACd,QAAQ,EAAE,OAAO;YACjB,IAAI,EAAE,UAAU,CAAC,IAAI;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;YAC3B,MAAM,EAAE,QAAQ,QAAQ,EAAE;SAC3B,CAAC,CAAC;QAEH,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;YACzB,OAAO,KAAK,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC;QAClE,CAAC;QAED,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;YACxB,OAAO,KAAK,CAAC,IAAI,CAAC;gBAChB,QAAQ,EAAE,MAAM;gBAChB,IAAI,EAAE,UAAU,CAAC,IAAI;gBACrB,MAAM,EAAE,4BAA4B;aACrC,CAAC,CAAC;QACL,CAAC;QAED,wDAAwD;QACxD,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC;YAC/B,OAAO;YACP,IAAI,EAAE,UAAU,CAAC,IAAI;YACrB,IAAI,EAAE,KAAK;SACZ,CAAC,CAAC;QAEH,WAAW,CAAC,GAAG,CAAC;YACd,EAAE,EAAE,MAAM,CAAC,EAAE;YACb,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,OAAO;YACP,IAAI,EAAE,UAAU,CAAC,IAAI;YACrB,IAAI,EAAE,KAAK;YACX,SAAS,EAAE,UAAU,CAAC,SAAS;SAChC,CAAC,CAAC;QAEH,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,gCAAgC,CAAC,CAAC;QAErF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC;QAEnC,IAAI,MAAM,KAAK,UAAU,EAAE,CAAC;YAC1B,OAAO,KAAK,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC;QAClE,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,oBAAoB,CAAC;QAClF,OAAO,KAAK,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;IACzE,CAAC,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
export interface NormalizedTool {
|
|
2
|
+
/** Airlock tool name, e.g. "bash/git", "file/edit", "bash/_complex" */
|
|
3
|
+
name: string;
|
|
4
|
+
/** Extracted executable for bash commands, e.g. "git", "npm" */
|
|
5
|
+
executable?: string;
|
|
6
|
+
}
|
|
7
|
+
/**
|
|
8
|
+
* Check if a command string is "simple" — a single command with no
|
|
9
|
+
* shell metacharacters that could chain or inject additional commands.
|
|
10
|
+
*/
|
|
11
|
+
export declare function isSimpleCommand(command: string): boolean;
|
|
12
|
+
/**
|
|
13
|
+
* Extract the executable name from a simple command string.
|
|
14
|
+
* Handles path-prefixed commands (e.g. /usr/bin/git → git)
|
|
15
|
+
* and leading env vars (e.g. FOO=bar git status → git).
|
|
16
|
+
*/
|
|
17
|
+
export declare function extractExecutable(command: string): string | null;
|
|
18
|
+
/**
|
|
19
|
+
* Normalize an external tool name into Airlock's namespaced format.
|
|
20
|
+
*
|
|
21
|
+
* For bash/shell tools, inspects the command to produce fine-grained
|
|
22
|
+
* names like "bash/git", "bash/npm", or "bash/_complex" for commands
|
|
23
|
+
* with shell metacharacters.
|
|
24
|
+
*/
|
|
25
|
+
export declare function normalizeTool(client: string, tool: string, input: Record<string, unknown>): NormalizedTool;
|
|
26
|
+
//# sourceMappingURL=normalizer.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"normalizer.d.ts","sourceRoot":"","sources":["../../src/hook/normalizer.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,cAAc;IAC7B,uEAAuE;IACvE,IAAI,EAAE,MAAM,CAAC;IACb,gEAAgE;IAChE,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AA2BD;;;GAGG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAExD;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAgBhE;AAED;;;;;;GAMG;AACH,wBAAgB,aAAa,CAC3B,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC7B,cAAc,CA+BhB"}
|
|
@@ -0,0 +1,84 @@
|
|
|
1
|
+
import path from 'path';
|
|
2
|
+
/** Shell metacharacters that indicate a non-simple command */
|
|
3
|
+
const COMPLEX_COMMAND_RE = /[;|&`$(){}><]/;
|
|
4
|
+
/**
|
|
5
|
+
* Tool name mappings per client.
|
|
6
|
+
* Maps external tool names → Airlock namespace/tool format.
|
|
7
|
+
* Unknown tools pass through as-is.
|
|
8
|
+
*/
|
|
9
|
+
const CLIENT_TOOL_MAPS = {
|
|
10
|
+
'claude-code': {
|
|
11
|
+
Bash: 'bash',
|
|
12
|
+
Edit: 'file/edit',
|
|
13
|
+
Read: 'file/read',
|
|
14
|
+
Write: 'file/write',
|
|
15
|
+
Glob: 'file/glob',
|
|
16
|
+
Grep: 'file/grep',
|
|
17
|
+
WebFetch: 'http/fetch',
|
|
18
|
+
WebSearch: 'http/search',
|
|
19
|
+
Agent: 'agent/spawn',
|
|
20
|
+
TodoRead: 'todo/read',
|
|
21
|
+
TodoWrite: 'todo/write',
|
|
22
|
+
NotebookEdit: 'notebook/edit',
|
|
23
|
+
},
|
|
24
|
+
};
|
|
25
|
+
/**
|
|
26
|
+
* Check if a command string is "simple" — a single command with no
|
|
27
|
+
* shell metacharacters that could chain or inject additional commands.
|
|
28
|
+
*/
|
|
29
|
+
export function isSimpleCommand(command) {
|
|
30
|
+
return !COMPLEX_COMMAND_RE.test(command);
|
|
31
|
+
}
|
|
32
|
+
/**
|
|
33
|
+
* Extract the executable name from a simple command string.
|
|
34
|
+
* Handles path-prefixed commands (e.g. /usr/bin/git → git)
|
|
35
|
+
* and leading env vars (e.g. FOO=bar git status → git).
|
|
36
|
+
*/
|
|
37
|
+
export function extractExecutable(command) {
|
|
38
|
+
const trimmed = command.trim();
|
|
39
|
+
if (!trimmed)
|
|
40
|
+
return null;
|
|
41
|
+
const tokens = trimmed.split(/\s+/);
|
|
42
|
+
// Skip leading env var assignments (KEY=VALUE)
|
|
43
|
+
let i = 0;
|
|
44
|
+
while (i < tokens.length && /^[A-Za-z_]\w*=/.test(tokens[i])) {
|
|
45
|
+
i++;
|
|
46
|
+
}
|
|
47
|
+
const exe = tokens[i];
|
|
48
|
+
if (!exe)
|
|
49
|
+
return null;
|
|
50
|
+
return path.basename(exe);
|
|
51
|
+
}
|
|
52
|
+
/**
|
|
53
|
+
* Normalize an external tool name into Airlock's namespaced format.
|
|
54
|
+
*
|
|
55
|
+
* For bash/shell tools, inspects the command to produce fine-grained
|
|
56
|
+
* names like "bash/git", "bash/npm", or "bash/_complex" for commands
|
|
57
|
+
* with shell metacharacters.
|
|
58
|
+
*/
|
|
59
|
+
export function normalizeTool(client, tool, input) {
|
|
60
|
+
const mapping = CLIENT_TOOL_MAPS[client] ?? {};
|
|
61
|
+
const mapped = mapping[tool];
|
|
62
|
+
// No mapping → pass through as-is (e.g. mcp__server__tool)
|
|
63
|
+
if (mapped === undefined) {
|
|
64
|
+
return { name: tool };
|
|
65
|
+
}
|
|
66
|
+
// Non-bash tools → return the mapped name directly
|
|
67
|
+
if (mapped !== 'bash') {
|
|
68
|
+
return { name: mapped };
|
|
69
|
+
}
|
|
70
|
+
// Bash tool — inspect the command for granular matching
|
|
71
|
+
const command = typeof input.command === 'string' ? input.command : '';
|
|
72
|
+
if (!command.trim()) {
|
|
73
|
+
return { name: 'bash/_empty' };
|
|
74
|
+
}
|
|
75
|
+
if (!isSimpleCommand(command)) {
|
|
76
|
+
return { name: 'bash/_complex', executable: undefined };
|
|
77
|
+
}
|
|
78
|
+
const exe = extractExecutable(command);
|
|
79
|
+
if (!exe) {
|
|
80
|
+
return { name: 'bash/_complex' };
|
|
81
|
+
}
|
|
82
|
+
return { name: `bash/${exe}`, executable: exe };
|
|
83
|
+
}
|
|
84
|
+
//# sourceMappingURL=normalizer.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"normalizer.js","sourceRoot":"","sources":["../../src/hook/normalizer.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,MAAM,CAAC;AASxB,8DAA8D;AAC9D,MAAM,kBAAkB,GAAG,eAAe,CAAC;AAE3C;;;;GAIG;AACH,MAAM,gBAAgB,GAA2C;IAC/D,aAAa,EAAE;QACb,IAAI,EAAE,MAAM;QACZ,IAAI,EAAE,WAAW;QACjB,IAAI,EAAE,WAAW;QACjB,KAAK,EAAE,YAAY;QACnB,IAAI,EAAE,WAAW;QACjB,IAAI,EAAE,WAAW;QACjB,QAAQ,EAAE,YAAY;QACtB,SAAS,EAAE,aAAa;QACxB,KAAK,EAAE,aAAa;QACpB,QAAQ,EAAE,WAAW;QACrB,SAAS,EAAE,YAAY;QACvB,YAAY,EAAE,eAAe;KAC9B;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,OAAe;IAC7C,OAAO,CAAC,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AAC3C,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAe;IAC/C,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAC/B,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAE1B,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAEpC,+CAA+C;IAC/C,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,IAAI,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7D,CAAC,EAAE,CAAC;IACN,CAAC;IAED,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;IACtB,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IAEtB,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;AAC5B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,aAAa,CAC3B,MAAc,EACd,IAAY,EACZ,KAA8B;IAE9B,MAAM,OAAO,GAAG,gBAAgB,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IAC/C,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7B,2DAA2D;IAC3D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,mDAAmD;IACnD,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;IAC1B,CAAC;IAED,wDAAwD;IACxD,MAAM,OAAO,GAAG,OAAO,KAAK,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;IAEvE,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;QACpB,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,CAAC;IACjC,CAAC;IAED,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;QAC9B,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;IAC1D,CAAC;IAED,MAAM,GAAG,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;IACnC,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,QAAQ,GAAG,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC;AAClD,CAAC"}
|