atp-sdk 1.2.0 → 1.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +131 -32
- package/dist/client/atp.d.ts.map +1 -1
- package/dist/client/atp.js +48 -0
- package/dist/client/atp.js.map +1 -1
- package/dist/client/base.d.ts.map +1 -1
- package/dist/client/base.js +2 -1
- package/dist/client/base.js.map +1 -1
- package/dist/client/payments.d.ts.map +1 -1
- package/dist/client/payments.js +2 -2
- package/dist/client/payments.js.map +1 -1
- package/dist/index.cjs +23 -7
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +15 -4
- package/dist/index.js.map +1 -1
- package/dist/monitoring/universal-monitor.d.ts.map +1 -1
- package/dist/monitoring/universal-monitor.js +34 -13
- package/dist/monitoring/universal-monitor.js.map +1 -1
- package/dist/profiles/dev-mode.d.ts.map +1 -0
- package/dist/profiles/dev-mode.js +60 -0
- package/dist/profiles/dev-mode.js.map +1 -0
- package/dist/profiles/enterprise-locked.d.ts.map +1 -0
- package/dist/profiles/enterprise-locked.js +62 -0
- package/dist/profiles/enterprise-locked.js.map +1 -0
- package/dist/profiles/index.d.ts.map +1 -0
- package/dist/profiles/index.js +19 -0
- package/dist/profiles/index.js.map +1 -0
- package/dist/profiles/openclaw-sandbox.d.ts.map +1 -0
- package/dist/profiles/openclaw-sandbox.js +62 -0
- package/dist/profiles/openclaw-sandbox.js.map +1 -0
- package/dist/profiles/safe-default.d.ts.map +1 -0
- package/dist/profiles/safe-default.js +61 -0
- package/dist/profiles/safe-default.js.map +1 -0
- package/dist/profiles/types.d.ts.map +1 -0
- package/dist/profiles/types.js +9 -0
- package/dist/profiles/types.js.map +1 -0
- package/dist/simple-agent.d.ts.map +1 -1
- package/dist/simple-agent.js +52 -13
- package/dist/simple-agent.js.map +1 -1
- package/dist/tsconfig.tsbuildinfo +1 -1
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js.map +1 -1
- package/dist/utils/crypto.d.ts.map +1 -1
- package/dist/utils/crypto.js +3 -3
- package/dist/utils/crypto.js.map +1 -1
- package/dist/utils/zkp.js +2 -2
- package/dist/utils/zkp.js.map +1 -1
- package/docs/IP-PROTECTION.md +153 -0
- package/package.json +17 -17
|
@@ -4,6 +4,7 @@
|
|
|
4
4
|
* Provides unified monitoring across all supported AI agent protocols
|
|
5
5
|
* with ATP security, trust scoring, and audit capabilities.
|
|
6
6
|
*/
|
|
7
|
+
import { createHash } from 'crypto';
|
|
7
8
|
import { Protocol } from '../protocols/base/types.js';
|
|
8
9
|
import { ProtocolDetector } from '../protocols/base/detector.js';
|
|
9
10
|
/**
|
|
@@ -128,23 +129,31 @@ export class UniversalMonitor {
|
|
|
128
129
|
* Sign event with quantum-safe signature
|
|
129
130
|
*/
|
|
130
131
|
async signEvent(event) {
|
|
131
|
-
|
|
132
|
-
// For now, return placeholder
|
|
133
|
-
const data = JSON.stringify({
|
|
132
|
+
const canonical = JSON.stringify({
|
|
134
133
|
id: event.id,
|
|
134
|
+
protocol: event.protocol,
|
|
135
135
|
type: event.type,
|
|
136
136
|
timestamp: event.timestamp,
|
|
137
|
-
source: event.source
|
|
137
|
+
source: event.source,
|
|
138
|
+
data: event.data
|
|
138
139
|
});
|
|
139
|
-
return
|
|
140
|
+
return createHash('sha256').update(canonical).digest('hex');
|
|
140
141
|
}
|
|
141
142
|
/**
|
|
142
|
-
* Calculate trust score for event
|
|
143
|
+
* Calculate trust score for event (0-100)
|
|
143
144
|
*/
|
|
144
|
-
async calculateTrustScore(
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
145
|
+
async calculateTrustScore(event) {
|
|
146
|
+
if (event.trustScore !== undefined) {
|
|
147
|
+
return Math.min(100, Math.max(0, event.trustScore));
|
|
148
|
+
}
|
|
149
|
+
// Protocol-aware defaults: known protocols score higher
|
|
150
|
+
const protocolDefaults = {
|
|
151
|
+
'mcp': 70,
|
|
152
|
+
'swarm': 65,
|
|
153
|
+
'adk': 65,
|
|
154
|
+
'a2a': 60
|
|
155
|
+
};
|
|
156
|
+
return protocolDefaults[event.protocol] ?? 50;
|
|
148
157
|
}
|
|
149
158
|
/**
|
|
150
159
|
* Apply event filters
|
|
@@ -252,14 +261,26 @@ export class SecurityEnforcer {
|
|
|
252
261
|
* Verify event signature
|
|
253
262
|
*/
|
|
254
263
|
verifySignature(event) {
|
|
255
|
-
|
|
256
|
-
|
|
264
|
+
if (!event.signature)
|
|
265
|
+
return false;
|
|
266
|
+
const canonical = JSON.stringify({
|
|
267
|
+
id: event.id,
|
|
268
|
+
protocol: event.protocol,
|
|
269
|
+
type: event.type,
|
|
270
|
+
timestamp: event.timestamp,
|
|
271
|
+
source: event.source,
|
|
272
|
+
data: event.data
|
|
273
|
+
});
|
|
274
|
+
const expected = createHash('sha256').update(canonical).digest('hex');
|
|
275
|
+
return event.signature === expected;
|
|
257
276
|
}
|
|
258
277
|
/**
|
|
259
278
|
* Check event permissions
|
|
279
|
+
* Note: full enforcement requires a PermissionsClient wired at construction time.
|
|
280
|
+
* Without one, all events are permitted at the monitoring layer — enforce at the
|
|
281
|
+
* application layer via PermissionsClient.checkPermission() instead.
|
|
260
282
|
*/
|
|
261
283
|
checkPermission(_event) {
|
|
262
|
-
// TODO: Implement actual permission checking
|
|
263
284
|
return true;
|
|
264
285
|
}
|
|
265
286
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"universal-monitor.js","sourceRoot":"","sources":["../../src/monitoring/universal-monitor.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;
|
|
1
|
+
{"version":3,"file":"universal-monitor.js","sourceRoot":"","sources":["../../src/monitoring/universal-monitor.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAEpC,OAAO,EACL,QAAQ,EAQT,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AAiCjE;;;;GAIG;AACH,MAAM,OAAO,gBAAgB;IAK3B,YAAY,SAAiC,EAAE;QAC7C,IAAI,CAAC,QAAQ,GAAG,IAAI,GAAG,EAAE,CAAC;QAC1B,IAAI,CAAC,cAAc,GAAG,IAAI,GAAG,EAAE,CAAC;QAChC,IAAI,CAAC,MAAM,GAAG;YACZ,aAAa,EAAE,MAAM,CAAC,aAAa,IAAI,CAAC;YACxC,aAAa,EAAE,MAAM,CAAC,aAAa,IAAI,IAAI;YAC3C,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,IAAI;YACvC,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,IAAI;YACrC,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,EAAE;SAC9B,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,QAAkB,EAAE,OAAwB;QAC1D,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,wBAAwB,QAAQ,qBAAqB,CAAC,CAAC;QACzE,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;IAED;;OAEG;IACH,iBAAiB,CAAC,QAAkB;QAClC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CAAC,KAAY;QACxB,mCAAmC;QACnC,IAAI,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;QAC9B,IAAI,CAAC,QAAQ,IAAI,QAAQ,KAAK,QAAQ,CAAC,OAAO,EAAE,CAAC;YAC/C,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACvD,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC;YAE9B,IAAI,QAAQ,KAAK,QAAQ,CAAC,OAAO,EAAE,CAAC;gBAClC,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;YACrD,CAAC;QACH,CAAC;QAED,0BAA0B;QAC1B,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC5C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,uCAAuC,QAAQ,EAAE,CAAC,CAAC;QACrE,CAAC;QAED,2BAA2B;QAC3B,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAC1C,MAAM,aAAa,GAAG,IAAI,CAAC,mBAAmB,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAEpE,uBAAuB;QACvB,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;QAElD,OAAO,aAAa,CAAC;IACvB,CAAC;IAED;;OAEG;IACK,mBAAmB,CACzB,UAAkC,EAClC,OAAwB;QAExB,MAAM,IAAI,GAAG,IAAI,CAAC;QAElB,MAAM,iBAAiB,GAA2B;YAChD,SAAS,CAAC,QAA8B;gBACtC,OAAO,UAAU,CAAC,SAAS,CAAC;oBAC1B,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;wBACpB,IAAI,CAAC;4BACH,iCAAiC;4BACjC,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;4BAE3D,gBAAgB;4BAChB,IAAI,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,EAAE,CAAC;gCACpC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;4BAC9B,CAAC;wBACH,CAAC;wBAAC,OAAO,KAAK,EAAE,CAAC;4BACf,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;gCACnB,QAAQ,CAAC,KAAK,CAAC,KAAc,CAAC,CAAC;4BACjC,CAAC;wBACH,CAAC;oBACH,CAAC;oBACD,KAAK,EAAE,QAAQ,CAAC,KAAK;oBACrB,QAAQ,EAAE,QAAQ,CAAC,QAAQ;iBAC5B,CAAC,CAAC;YACL,CAAC;YAED,IAAI,CAAC,GAAG,UAAiB;gBACvB,IAAI,MAAM,GAAoB,IAAI,CAAC;gBACnC,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;oBACnC,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;gBAC7B,CAAC;gBACD,OAAO,MAAM,CAAC;YAChB,CAAC;SACF,CAAC;QAEF,OAAO,MAAM,CAAC,MAAM,CAAC,iBAAiB,EAAE;YACtC,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,QAAQ;YACrC,QAAQ,EAAE,EAAE,EAAE,wBAAwB;YACtC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;SAC7B,CAAqB,CAAC;IACzB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,UAAU,CAAC,KAAiB,EAAE,OAAwB;QAClE,wCAAwC;QACxC,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;YAC9B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;YAC9C,KAAK,CAAC,SAAS,GAAG,SAAS,CAAC;QAC9B,CAAC;QAED,iCAAiC;QACjC,IAAI,KAAK,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;YACnC,KAAK,CAAC,UAAU,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;QAC3D,CAAC;QAED,mCAAmC;QACnC,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YAC5B,MAAM,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC7B,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,SAAS,CAAC,KAAiB;QACvC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;YAC/B,EAAE,EAAE,KAAK,CAAC,EAAE;YACZ,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,IAAI,EAAE,KAAK,CAAC,IAAI;SACjB,CAAC,CAAC;QACH,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC9D,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,mBAAmB,CAAC,KAAiB;QACjD,IAAI,KAAK,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;YACnC,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC;QACtD,CAAC;QACD,wDAAwD;QACxD,MAAM,gBAAgB,GAAsC;YAC1D,KAAK,EAAE,EAAE;YACT,OAAO,EAAE,EAAE;YACX,KAAK,EAAE,EAAE;YACT,KAAK,EAAE,EAAE;SACV,CAAC;QACF,OAAO,gBAAgB,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;IAChD,CAAC;IAED;;OAEG;IACK,YAAY,CAAC,KAAiB;QACpC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7D,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE;YACxC,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;YACtD,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;QACnE,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,KAAiB,EAAE,KAAa;QACpD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,GAAQ,KAAK,CAAC;QACvB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,KAAK,GAAG,KAAK,EAAE,CAAC,IAAI,CAAC,CAAC;QACxB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,KAAU,EAAE,QAAgB,EAAE,WAAgB;QACnE,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,IAAI;gBACP,OAAO,KAAK,KAAK,WAAW,CAAC;YAC/B,KAAK,IAAI;gBACP,OAAO,KAAK,KAAK,WAAW,CAAC;YAC/B,KAAK,IAAI;gBACP,OAAO,KAAK,GAAG,WAAW,CAAC;YAC7B,KAAK,IAAI;gBACP,OAAO,KAAK,GAAG,WAAW,CAAC;YAC7B,KAAK,UAAU;gBACb,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC;YACrD;gBACE,OAAO,IAAI,CAAC;QAChB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,QAAgB;QAC7B,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACvC,CAAC;IAED;;OAEG;IACH,iBAAiB;QACf,OAAO,IAAI,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACtC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO;QACX,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC;QAE5B,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;QACpD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;QAC1B,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;IACxB,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,OAAO,gBAAgB;IAG3B,YAAY,MAAsB;QAChC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,KAAiB;QAC7B,oBAAoB;QACpB,IAAI,KAAK,CAAC,UAAU,KAAK,SAAS,IAAI,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;YACnF,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,+BAA+B;QAC/B,IAAI,IAAI,CAAC,MAAM,CAAC,iBAAiB,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC;YACtD,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,iBAAiB,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;YACrD,MAAM,cAAc,GAAG,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YACnD,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QAED,gCAAgC;QAChC,IAAI,IAAI,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC;YACnC,MAAM,aAAa,GAAG,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAClD,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,KAAiB;QACvC,IAAI,CAAC,KAAK,CAAC,SAAS;YAAE,OAAO,KAAK,CAAC;QACnC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;YAC/B,EAAE,EAAE,KAAK,CAAC,EAAE;YACZ,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,IAAI,EAAE,KAAK,CAAC,IAAI;SACjB,CAAC,CAAC;QACH,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACtE,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,CAAC;IACtC,CAAC;IAED;;;;;OAKG;IACK,eAAe,CAAC,MAAkB;QACxC,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,OAAgC;QAC3C,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,OAAO,EAAE,CAAC;IAC/C,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;IAC5B,CAAC;CACF"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dev-mode.d.ts","sourceRoot":"","sources":["../../src/profiles/dev-mode.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAEhD,eAAO,MAAM,gBAAgB,EAAE,kBA0D9B,CAAC"}
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
export const DEV_MODE_PROFILE = {
|
|
2
|
+
id: "dev-mode",
|
|
3
|
+
name: "Dev Mode",
|
|
4
|
+
description: "Permissive profile for local development: most tools allowed, minimal restrictions.",
|
|
5
|
+
version: "1.0.0",
|
|
6
|
+
runtime_targets: ["openclaw", "mcp", "langchain", "custom"],
|
|
7
|
+
environment_defaults: {
|
|
8
|
+
dev: "dev-mode",
|
|
9
|
+
staging: "safe-default",
|
|
10
|
+
prod: "enterprise-locked",
|
|
11
|
+
},
|
|
12
|
+
controls: {
|
|
13
|
+
shell: { allowed: true, require_approval: false, allowed_commands: ["*"] },
|
|
14
|
+
filesystem: {
|
|
15
|
+
allowed: true,
|
|
16
|
+
modes: ["read", "write"],
|
|
17
|
+
allowed_paths: ["*"],
|
|
18
|
+
blocked_paths: [],
|
|
19
|
+
},
|
|
20
|
+
network: {
|
|
21
|
+
allowed: true,
|
|
22
|
+
allowed_domains: ["*"],
|
|
23
|
+
blocked_domains: [],
|
|
24
|
+
require_approval_for_external: false,
|
|
25
|
+
},
|
|
26
|
+
credentials: { allowed: true, require_approval: false },
|
|
27
|
+
messaging: { allowed: true, require_approval_for_external: false },
|
|
28
|
+
},
|
|
29
|
+
state_policies: {
|
|
30
|
+
planning: {
|
|
31
|
+
allowed_tools: ["filesystem", "network"],
|
|
32
|
+
restricted_tools: [],
|
|
33
|
+
},
|
|
34
|
+
executing: {
|
|
35
|
+
allowed_tools: ["shell", "filesystem", "network", "credentials", "messaging"],
|
|
36
|
+
restricted_tools: [],
|
|
37
|
+
},
|
|
38
|
+
communicating: {
|
|
39
|
+
allowed_tools: ["messaging", "network"],
|
|
40
|
+
restricted_tools: [],
|
|
41
|
+
},
|
|
42
|
+
completed: {
|
|
43
|
+
allowed_tools: ["logs-read", "filesystem"],
|
|
44
|
+
restricted_tools: [],
|
|
45
|
+
},
|
|
46
|
+
},
|
|
47
|
+
logging: {
|
|
48
|
+
log_all_actions: true,
|
|
49
|
+
log_sensitive_inputs: false,
|
|
50
|
+
redact_fields: [],
|
|
51
|
+
},
|
|
52
|
+
trust_scoring: {
|
|
53
|
+
start_score: 0.7,
|
|
54
|
+
max_score: 1.0,
|
|
55
|
+
min_score: 0.0,
|
|
56
|
+
increase_on: ["successful_safe_actions"],
|
|
57
|
+
decrease_on: ["policy_violations"],
|
|
58
|
+
},
|
|
59
|
+
};
|
|
60
|
+
//# sourceMappingURL=dev-mode.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dev-mode.js","sourceRoot":"","sources":["../../src/profiles/dev-mode.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,gBAAgB,GAAuB;IAClD,EAAE,EAAE,UAAU;IACd,IAAI,EAAE,UAAU;IAChB,WAAW,EAAE,qFAAqF;IAClG,OAAO,EAAE,OAAO;IAChB,eAAe,EAAE,CAAC,UAAU,EAAE,KAAK,EAAE,WAAW,EAAE,QAAQ,CAAC;IAC3D,oBAAoB,EAAE;QACpB,GAAG,EAAE,UAAU;QACf,OAAO,EAAE,cAAc;QACvB,IAAI,EAAE,mBAAmB;KAC1B;IACD,QAAQ,EAAE;QACR,KAAK,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,GAAG,CAAC,EAAE;QAC1E,UAAU,EAAE;YACV,OAAO,EAAE,IAAI;YACb,KAAK,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC;YACxB,aAAa,EAAE,CAAC,GAAG,CAAC;YACpB,aAAa,EAAE,EAAE;SAClB;QACD,OAAO,EAAE;YACP,OAAO,EAAE,IAAI;YACb,eAAe,EAAE,CAAC,GAAG,CAAC;YACtB,eAAe,EAAE,EAAE;YACnB,6BAA6B,EAAE,KAAK;SACrC;QACD,WAAW,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,KAAK,EAAE;QACvD,SAAS,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,6BAA6B,EAAE,KAAK,EAAE;KACnE;IACD,cAAc,EAAE;QACd,QAAQ,EAAE;YACR,aAAa,EAAE,CAAC,YAAY,EAAE,SAAS,CAAC;YACxC,gBAAgB,EAAE,EAAE;SACrB;QACD,SAAS,EAAE;YACT,aAAa,EAAE,CAAC,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,aAAa,EAAE,WAAW,CAAC;YAC7E,gBAAgB,EAAE,EAAE;SACrB;QACD,aAAa,EAAE;YACb,aAAa,EAAE,CAAC,WAAW,EAAE,SAAS,CAAC;YACvC,gBAAgB,EAAE,EAAE;SACrB;QACD,SAAS,EAAE;YACT,aAAa,EAAE,CAAC,WAAW,EAAE,YAAY,CAAC;YAC1C,gBAAgB,EAAE,EAAE;SACrB;KACF;IACD,OAAO,EAAE;QACP,eAAe,EAAE,IAAI;QACrB,oBAAoB,EAAE,KAAK;QAC3B,aAAa,EAAE,EAAE;KAClB;IACD,aAAa,EAAE;QACb,WAAW,EAAE,GAAG;QAChB,SAAS,EAAE,GAAG;QACd,SAAS,EAAE,GAAG;QACd,WAAW,EAAE,CAAC,yBAAyB,CAAC;QACxC,WAAW,EAAE,CAAC,mBAAmB,CAAC;KACnC;CACF,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"enterprise-locked.d.ts","sourceRoot":"","sources":["../../src/profiles/enterprise-locked.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAEhD,eAAO,MAAM,yBAAyB,EAAE,kBA4DvC,CAAC"}
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
export const ENTERPRISE_LOCKED_PROFILE = {
|
|
2
|
+
id: "enterprise-locked",
|
|
3
|
+
name: "Enterprise Locked",
|
|
4
|
+
description: "Maximum security for production environments: strict controls, full audit trail, approval required for sensitive actions.",
|
|
5
|
+
version: "1.0.0",
|
|
6
|
+
runtime_targets: ["openclaw", "mcp", "langchain", "custom"],
|
|
7
|
+
environment_defaults: {
|
|
8
|
+
dev: "safe-default",
|
|
9
|
+
staging: "enterprise-locked",
|
|
10
|
+
prod: "enterprise-locked",
|
|
11
|
+
},
|
|
12
|
+
controls: {
|
|
13
|
+
shell: { allowed: false, require_approval: false, allowed_commands: [] },
|
|
14
|
+
filesystem: {
|
|
15
|
+
allowed: true,
|
|
16
|
+
modes: ["read"],
|
|
17
|
+
allowed_paths: ["/workspace/approved"],
|
|
18
|
+
blocked_paths: ["/", "/etc", "/home", "/tmp", "/var"],
|
|
19
|
+
},
|
|
20
|
+
network: {
|
|
21
|
+
allowed: true,
|
|
22
|
+
allowed_domains: ["*.internal.corp"],
|
|
23
|
+
blocked_domains: ["*"],
|
|
24
|
+
require_approval_for_external: true,
|
|
25
|
+
},
|
|
26
|
+
credentials: { allowed: false, require_approval: false },
|
|
27
|
+
messaging: { allowed: true, require_approval_for_external: true },
|
|
28
|
+
},
|
|
29
|
+
state_policies: {
|
|
30
|
+
planning: {
|
|
31
|
+
allowed_tools: [],
|
|
32
|
+
restricted_tools: ["shell", "filesystem", "network", "credentials", "messaging"],
|
|
33
|
+
},
|
|
34
|
+
executing: {
|
|
35
|
+
allowed_tools: ["filesystem", "network"],
|
|
36
|
+
restricted_tools: ["shell", "credentials"],
|
|
37
|
+
require_approval_for: ["messaging"],
|
|
38
|
+
},
|
|
39
|
+
communicating: {
|
|
40
|
+
allowed_tools: ["messaging"],
|
|
41
|
+
restricted_tools: ["shell", "filesystem", "credentials"],
|
|
42
|
+
require_approval_for: ["external-messaging"],
|
|
43
|
+
},
|
|
44
|
+
completed: {
|
|
45
|
+
allowed_tools: ["logs-read"],
|
|
46
|
+
restricted_tools: ["shell", "filesystem", "network", "credentials", "messaging"],
|
|
47
|
+
},
|
|
48
|
+
},
|
|
49
|
+
logging: {
|
|
50
|
+
log_all_actions: true,
|
|
51
|
+
log_sensitive_inputs: true,
|
|
52
|
+
redact_fields: ["password", "ssn", "card_number", "api_key", "secret", "token"],
|
|
53
|
+
},
|
|
54
|
+
trust_scoring: {
|
|
55
|
+
start_score: 0.3,
|
|
56
|
+
max_score: 1.0,
|
|
57
|
+
min_score: 0.0,
|
|
58
|
+
increase_on: ["successful_safe_actions", "approved_actions"],
|
|
59
|
+
decrease_on: ["policy_violations", "denied_actions", "unapproved_attempts"],
|
|
60
|
+
},
|
|
61
|
+
};
|
|
62
|
+
//# sourceMappingURL=enterprise-locked.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"enterprise-locked.js","sourceRoot":"","sources":["../../src/profiles/enterprise-locked.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,yBAAyB,GAAuB;IAC3D,EAAE,EAAE,mBAAmB;IACvB,IAAI,EAAE,mBAAmB;IACzB,WAAW,EAAE,2HAA2H;IACxI,OAAO,EAAE,OAAO;IAChB,eAAe,EAAE,CAAC,UAAU,EAAE,KAAK,EAAE,WAAW,EAAE,QAAQ,CAAC;IAC3D,oBAAoB,EAAE;QACpB,GAAG,EAAE,cAAc;QACnB,OAAO,EAAE,mBAAmB;QAC5B,IAAI,EAAE,mBAAmB;KAC1B;IACD,QAAQ,EAAE;QACR,KAAK,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAE,KAAK,EAAE,gBAAgB,EAAE,EAAE,EAAE;QACxE,UAAU,EAAE;YACV,OAAO,EAAE,IAAI;YACb,KAAK,EAAE,CAAC,MAAM,CAAC;YACf,aAAa,EAAE,CAAC,qBAAqB,CAAC;YACtC,aAAa,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC;SACtD;QACD,OAAO,EAAE;YACP,OAAO,EAAE,IAAI;YACb,eAAe,EAAE,CAAC,iBAAiB,CAAC;YACpC,eAAe,EAAE,CAAC,GAAG,CAAC;YACtB,6BAA6B,EAAE,IAAI;SACpC;QACD,WAAW,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAE,KAAK,EAAE;QACxD,SAAS,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,6BAA6B,EAAE,IAAI,EAAE;KAClE;IACD,cAAc,EAAE;QACd,QAAQ,EAAE;YACR,aAAa,EAAE,EAAE;YACjB,gBAAgB,EAAE,CAAC,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,aAAa,EAAE,WAAW,CAAC;SACjF;QACD,SAAS,EAAE;YACT,aAAa,EAAE,CAAC,YAAY,EAAE,SAAS,CAAC;YACxC,gBAAgB,EAAE,CAAC,OAAO,EAAE,aAAa,CAAC;YAC1C,oBAAoB,EAAE,CAAC,WAAW,CAAC;SACpC;QACD,aAAa,EAAE;YACb,aAAa,EAAE,CAAC,WAAW,CAAC;YAC5B,gBAAgB,EAAE,CAAC,OAAO,EAAE,YAAY,EAAE,aAAa,CAAC;YACxD,oBAAoB,EAAE,CAAC,oBAAoB,CAAC;SAC7C;QACD,SAAS,EAAE;YACT,aAAa,EAAE,CAAC,WAAW,CAAC;YAC5B,gBAAgB,EAAE,CAAC,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,aAAa,EAAE,WAAW,CAAC;SACjF;KACF;IACD,OAAO,EAAE;QACP,eAAe,EAAE,IAAI;QACrB,oBAAoB,EAAE,IAAI;QAC1B,aAAa,EAAE,CAAC,UAAU,EAAE,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO,CAAC;KAChF;IACD,aAAa,EAAE;QACb,WAAW,EAAE,GAAG;QAChB,SAAS,EAAE,GAAG;QACd,SAAS,EAAE,GAAG;QACd,WAAW,EAAE,CAAC,yBAAyB,EAAE,kBAAkB,CAAC;QAC5D,WAAW,EAAE,CAAC,mBAAmB,EAAE,gBAAgB,EAAE,qBAAqB,CAAC;KAC5E;CACF,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/profiles/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAChD,OAAO,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACjD,OAAO,EAAE,yBAAyB,EAAE,MAAM,wBAAwB,CAAC;AACnE,OAAO,EAAE,wBAAwB,EAAE,MAAM,uBAAuB,CAAC;AAEjE,eAAO,MAAM,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,kBAAkB,CAK/D,CAAC;AAEF,OAAO,EACL,oBAAoB,EACpB,gBAAgB,EAChB,yBAAyB,EACzB,wBAAwB,GACzB,CAAC;AAEF,cAAc,YAAY,CAAC"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* ATP Security Profiles - Built-in profiles inlined into the SDK
|
|
3
|
+
*
|
|
4
|
+
* Runtime-agnostic security profiles that define what actions an agent
|
|
5
|
+
* can take, under what conditions, and how those actions are logged and scored.
|
|
6
|
+
*/
|
|
7
|
+
import { SAFE_DEFAULT_PROFILE } from "./safe-default.js";
|
|
8
|
+
import { DEV_MODE_PROFILE } from "./dev-mode.js";
|
|
9
|
+
import { ENTERPRISE_LOCKED_PROFILE } from "./enterprise-locked.js";
|
|
10
|
+
import { OPENCLAW_SANDBOX_PROFILE } from "./openclaw-sandbox.js";
|
|
11
|
+
export const BUILTIN_PROFILES = {
|
|
12
|
+
"safe-default": SAFE_DEFAULT_PROFILE,
|
|
13
|
+
"dev-mode": DEV_MODE_PROFILE,
|
|
14
|
+
"enterprise-locked": ENTERPRISE_LOCKED_PROFILE,
|
|
15
|
+
"openclaw-sandbox": OPENCLAW_SANDBOX_PROFILE,
|
|
16
|
+
};
|
|
17
|
+
export { SAFE_DEFAULT_PROFILE, DEV_MODE_PROFILE, ENTERPRISE_LOCKED_PROFILE, OPENCLAW_SANDBOX_PROFILE, };
|
|
18
|
+
export * from "./types.js";
|
|
19
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/profiles/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACjD,OAAO,EAAE,yBAAyB,EAAE,MAAM,wBAAwB,CAAC;AACnE,OAAO,EAAE,wBAAwB,EAAE,MAAM,uBAAuB,CAAC;AAEjE,MAAM,CAAC,MAAM,gBAAgB,GAAuC;IAClE,cAAc,EAAE,oBAAoB;IACpC,UAAU,EAAE,gBAAgB;IAC5B,mBAAmB,EAAE,yBAAyB;IAC9C,kBAAkB,EAAE,wBAAwB;CAC7C,CAAC;AAEF,OAAO,EACL,oBAAoB,EACpB,gBAAgB,EAChB,yBAAyB,EACzB,wBAAwB,GACzB,CAAC;AAEF,cAAc,YAAY,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"openclaw-sandbox.d.ts","sourceRoot":"","sources":["../../src/profiles/openclaw-sandbox.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAEhD,eAAO,MAAM,wBAAwB,EAAE,kBA4DtC,CAAC"}
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
export const OPENCLAW_SANDBOX_PROFILE = {
|
|
2
|
+
id: "openclaw-sandbox",
|
|
3
|
+
name: "OpenClaw Sandbox",
|
|
4
|
+
description: "Sandbox profile tuned for OpenClaw/NemoClaw agents: controlled tool access with state-based enforcement.",
|
|
5
|
+
version: "1.0.0",
|
|
6
|
+
runtime_targets: ["openclaw"],
|
|
7
|
+
environment_defaults: {
|
|
8
|
+
dev: "dev-mode",
|
|
9
|
+
staging: "openclaw-sandbox",
|
|
10
|
+
prod: "enterprise-locked",
|
|
11
|
+
},
|
|
12
|
+
controls: {
|
|
13
|
+
shell: { allowed: false, require_approval: true, allowed_commands: ["ls", "cat", "echo"] },
|
|
14
|
+
filesystem: {
|
|
15
|
+
allowed: true,
|
|
16
|
+
modes: ["read", "write"],
|
|
17
|
+
allowed_paths: ["/workspace", "/workspace/sandbox"],
|
|
18
|
+
blocked_paths: ["/", "/etc", "/home", "/var"],
|
|
19
|
+
},
|
|
20
|
+
network: {
|
|
21
|
+
allowed: true,
|
|
22
|
+
allowed_domains: ["internal.api.local", "company.com"],
|
|
23
|
+
blocked_domains: ["*"],
|
|
24
|
+
require_approval_for_external: true,
|
|
25
|
+
},
|
|
26
|
+
credentials: { allowed: false, require_approval: true },
|
|
27
|
+
messaging: { allowed: true, require_approval_for_external: true },
|
|
28
|
+
},
|
|
29
|
+
state_policies: {
|
|
30
|
+
planning: {
|
|
31
|
+
allowed_tools: [],
|
|
32
|
+
restricted_tools: ["shell", "filesystem", "network", "credentials"],
|
|
33
|
+
},
|
|
34
|
+
executing: {
|
|
35
|
+
allowed_tools: ["filesystem", "network"],
|
|
36
|
+
restricted_tools: ["shell"],
|
|
37
|
+
require_approval_for: ["credentials", "messaging"],
|
|
38
|
+
},
|
|
39
|
+
communicating: {
|
|
40
|
+
allowed_tools: ["messaging"],
|
|
41
|
+
restricted_tools: ["shell", "filesystem"],
|
|
42
|
+
require_approval_for: ["external-messaging"],
|
|
43
|
+
},
|
|
44
|
+
completed: {
|
|
45
|
+
allowed_tools: ["logs-read"],
|
|
46
|
+
restricted_tools: ["shell", "filesystem", "network", "credentials", "messaging"],
|
|
47
|
+
},
|
|
48
|
+
},
|
|
49
|
+
logging: {
|
|
50
|
+
log_all_actions: true,
|
|
51
|
+
log_sensitive_inputs: true,
|
|
52
|
+
redact_fields: ["password", "api_key", "secret", "apiKey"],
|
|
53
|
+
},
|
|
54
|
+
trust_scoring: {
|
|
55
|
+
start_score: 0.5,
|
|
56
|
+
max_score: 1.0,
|
|
57
|
+
min_score: 0.0,
|
|
58
|
+
increase_on: ["successful_safe_actions", "approved_actions"],
|
|
59
|
+
decrease_on: ["policy_violations", "denied_actions"],
|
|
60
|
+
},
|
|
61
|
+
};
|
|
62
|
+
//# sourceMappingURL=openclaw-sandbox.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"openclaw-sandbox.js","sourceRoot":"","sources":["../../src/profiles/openclaw-sandbox.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,wBAAwB,GAAuB;IAC1D,EAAE,EAAE,kBAAkB;IACtB,IAAI,EAAE,kBAAkB;IACxB,WAAW,EAAE,0GAA0G;IACvH,OAAO,EAAE,OAAO;IAChB,eAAe,EAAE,CAAC,UAAU,CAAC;IAC7B,oBAAoB,EAAE;QACpB,GAAG,EAAE,UAAU;QACf,OAAO,EAAE,kBAAkB;QAC3B,IAAI,EAAE,mBAAmB;KAC1B;IACD,QAAQ,EAAE;QACR,KAAK,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,EAAE;QAC1F,UAAU,EAAE;YACV,OAAO,EAAE,IAAI;YACb,KAAK,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC;YACxB,aAAa,EAAE,CAAC,YAAY,EAAE,oBAAoB,CAAC;YACnD,aAAa,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC;SAC9C;QACD,OAAO,EAAE;YACP,OAAO,EAAE,IAAI;YACb,eAAe,EAAE,CAAC,oBAAoB,EAAE,aAAa,CAAC;YACtD,eAAe,EAAE,CAAC,GAAG,CAAC;YACtB,6BAA6B,EAAE,IAAI;SACpC;QACD,WAAW,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAE,IAAI,EAAE;QACvD,SAAS,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,6BAA6B,EAAE,IAAI,EAAE;KAClE;IACD,cAAc,EAAE;QACd,QAAQ,EAAE;YACR,aAAa,EAAE,EAAE;YACjB,gBAAgB,EAAE,CAAC,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,aAAa,CAAC;SACpE;QACD,SAAS,EAAE;YACT,aAAa,EAAE,CAAC,YAAY,EAAE,SAAS,CAAC;YACxC,gBAAgB,EAAE,CAAC,OAAO,CAAC;YAC3B,oBAAoB,EAAE,CAAC,aAAa,EAAE,WAAW,CAAC;SACnD;QACD,aAAa,EAAE;YACb,aAAa,EAAE,CAAC,WAAW,CAAC;YAC5B,gBAAgB,EAAE,CAAC,OAAO,EAAE,YAAY,CAAC;YACzC,oBAAoB,EAAE,CAAC,oBAAoB,CAAC;SAC7C;QACD,SAAS,EAAE;YACT,aAAa,EAAE,CAAC,WAAW,CAAC;YAC5B,gBAAgB,EAAE,CAAC,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,aAAa,EAAE,WAAW,CAAC;SACjF;KACF;IACD,OAAO,EAAE;QACP,eAAe,EAAE,IAAI;QACrB,oBAAoB,EAAE,IAAI;QAC1B,aAAa,EAAE,CAAC,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,CAAC;KAC3D;IACD,aAAa,EAAE;QACb,WAAW,EAAE,GAAG;QAChB,SAAS,EAAE,GAAG;QACd,SAAS,EAAE,GAAG;QACd,WAAW,EAAE,CAAC,yBAAyB,EAAE,kBAAkB,CAAC;QAC5D,WAAW,EAAE,CAAC,mBAAmB,EAAE,gBAAgB,CAAC;KACrD;CACF,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"safe-default.d.ts","sourceRoot":"","sources":["../../src/profiles/safe-default.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAEhD,eAAO,MAAM,oBAAoB,EAAE,kBA2DlC,CAAC"}
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
export const SAFE_DEFAULT_PROFILE = {
|
|
2
|
+
id: "safe-default",
|
|
3
|
+
name: "Safe Default",
|
|
4
|
+
description: "Conservative profile for most agents: limited tools, strong auditing.",
|
|
5
|
+
version: "1.0.0",
|
|
6
|
+
runtime_targets: ["openclaw", "mcp", "langchain", "custom"],
|
|
7
|
+
environment_defaults: {
|
|
8
|
+
dev: "dev-mode",
|
|
9
|
+
staging: "safe-default",
|
|
10
|
+
prod: "enterprise-locked",
|
|
11
|
+
},
|
|
12
|
+
controls: {
|
|
13
|
+
shell: { allowed: false, require_approval: true, allowed_commands: [] },
|
|
14
|
+
filesystem: {
|
|
15
|
+
allowed: true,
|
|
16
|
+
modes: ["read"],
|
|
17
|
+
allowed_paths: ["/workspace/read-only"],
|
|
18
|
+
blocked_paths: ["/", "/etc", "/home"],
|
|
19
|
+
},
|
|
20
|
+
network: {
|
|
21
|
+
allowed: true,
|
|
22
|
+
allowed_domains: ["internal.api.local"],
|
|
23
|
+
blocked_domains: ["*"],
|
|
24
|
+
require_approval_for_external: true,
|
|
25
|
+
},
|
|
26
|
+
credentials: { allowed: false, require_approval: true },
|
|
27
|
+
messaging: { allowed: true, require_approval_for_external: true },
|
|
28
|
+
},
|
|
29
|
+
state_policies: {
|
|
30
|
+
planning: {
|
|
31
|
+
allowed_tools: [],
|
|
32
|
+
restricted_tools: ["shell", "filesystem", "network"],
|
|
33
|
+
},
|
|
34
|
+
executing: {
|
|
35
|
+
allowed_tools: ["filesystem", "network"],
|
|
36
|
+
restricted_tools: ["shell"],
|
|
37
|
+
require_approval_for: ["credentials", "messaging"],
|
|
38
|
+
},
|
|
39
|
+
communicating: {
|
|
40
|
+
allowed_tools: ["messaging"],
|
|
41
|
+
require_approval_for: ["external-messaging"],
|
|
42
|
+
},
|
|
43
|
+
completed: {
|
|
44
|
+
allowed_tools: ["logs-read"],
|
|
45
|
+
restricted_tools: ["shell", "filesystem", "network", "credentials", "messaging"],
|
|
46
|
+
},
|
|
47
|
+
},
|
|
48
|
+
logging: {
|
|
49
|
+
log_all_actions: true,
|
|
50
|
+
log_sensitive_inputs: true,
|
|
51
|
+
redact_fields: ["password", "ssn", "card_number"],
|
|
52
|
+
},
|
|
53
|
+
trust_scoring: {
|
|
54
|
+
start_score: 0.5,
|
|
55
|
+
max_score: 1.0,
|
|
56
|
+
min_score: 0.0,
|
|
57
|
+
increase_on: ["successful_safe_actions"],
|
|
58
|
+
decrease_on: ["policy_violations", "denied_actions"],
|
|
59
|
+
},
|
|
60
|
+
};
|
|
61
|
+
//# sourceMappingURL=safe-default.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"safe-default.js","sourceRoot":"","sources":["../../src/profiles/safe-default.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,oBAAoB,GAAuB;IACtD,EAAE,EAAE,cAAc;IAClB,IAAI,EAAE,cAAc;IACpB,WAAW,EAAE,uEAAuE;IACpF,OAAO,EAAE,OAAO;IAChB,eAAe,EAAE,CAAC,UAAU,EAAE,KAAK,EAAE,WAAW,EAAE,QAAQ,CAAC;IAC3D,oBAAoB,EAAE;QACpB,GAAG,EAAE,UAAU;QACf,OAAO,EAAE,cAAc;QACvB,IAAI,EAAE,mBAAmB;KAC1B;IACD,QAAQ,EAAE;QACR,KAAK,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAE,IAAI,EAAE,gBAAgB,EAAE,EAAE,EAAE;QACvE,UAAU,EAAE;YACV,OAAO,EAAE,IAAI;YACb,KAAK,EAAE,CAAC,MAAM,CAAC;YACf,aAAa,EAAE,CAAC,sBAAsB,CAAC;YACvC,aAAa,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC;SACtC;QACD,OAAO,EAAE;YACP,OAAO,EAAE,IAAI;YACb,eAAe,EAAE,CAAC,oBAAoB,CAAC;YACvC,eAAe,EAAE,CAAC,GAAG,CAAC;YACtB,6BAA6B,EAAE,IAAI;SACpC;QACD,WAAW,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAE,IAAI,EAAE;QACvD,SAAS,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,6BAA6B,EAAE,IAAI,EAAE;KAClE;IACD,cAAc,EAAE;QACd,QAAQ,EAAE;YACR,aAAa,EAAE,EAAE;YACjB,gBAAgB,EAAE,CAAC,OAAO,EAAE,YAAY,EAAE,SAAS,CAAC;SACrD;QACD,SAAS,EAAE;YACT,aAAa,EAAE,CAAC,YAAY,EAAE,SAAS,CAAC;YACxC,gBAAgB,EAAE,CAAC,OAAO,CAAC;YAC3B,oBAAoB,EAAE,CAAC,aAAa,EAAE,WAAW,CAAC;SACnD;QACD,aAAa,EAAE;YACb,aAAa,EAAE,CAAC,WAAW,CAAC;YAC5B,oBAAoB,EAAE,CAAC,oBAAoB,CAAC;SAC7C;QACD,SAAS,EAAE;YACT,aAAa,EAAE,CAAC,WAAW,CAAC;YAC5B,gBAAgB,EAAE,CAAC,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,aAAa,EAAE,WAAW,CAAC;SACjF;KACF;IACD,OAAO,EAAE;QACP,eAAe,EAAE,IAAI;QACrB,oBAAoB,EAAE,IAAI;QAC1B,aAAa,EAAE,CAAC,UAAU,EAAE,KAAK,EAAE,aAAa,CAAC;KAClD;IACD,aAAa,EAAE;QACb,WAAW,EAAE,GAAG;QAChB,SAAS,EAAE,GAAG;QACd,SAAS,EAAE,GAAG;QACd,WAAW,EAAE,CAAC,yBAAyB,CAAC;QACxC,WAAW,EAAE,CAAC,mBAAmB,EAAE,gBAAgB,CAAC;KACrD;CACF,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/profiles/types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,MAAM,MAAM,aAAa,GAAG,UAAU,GAAG,KAAK,GAAG,WAAW,GAAG,QAAQ,CAAC;AAExE,MAAM,WAAW,kBAAkB;IACjC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,eAAe,EAAE,aAAa,EAAE,CAAC;IACjC,oBAAoB,CAAC,EAAE;QACrB,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,IAAI,CAAC,EAAE,MAAM,CAAC;KACf,CAAC;IACF,QAAQ,EAAE;QACR,KAAK,CAAC,EAAE;YACN,OAAO,EAAE,OAAO,CAAC;YACjB,gBAAgB,CAAC,EAAE,OAAO,CAAC;YAC3B,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;SAC7B,CAAC;QACF,UAAU,CAAC,EAAE;YACX,OAAO,EAAE,OAAO,CAAC;YACjB,KAAK,EAAE,CAAC,MAAM,GAAG,OAAO,CAAC,EAAE,CAAC;YAC5B,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;YACzB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;SAC1B,CAAC;QACF,OAAO,CAAC,EAAE;YACR,OAAO,EAAE,OAAO,CAAC;YACjB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;YAC3B,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;YAC3B,6BAA6B,CAAC,EAAE,OAAO,CAAC;SACzC,CAAC;QACF,WAAW,CAAC,EAAE;YACZ,OAAO,EAAE,OAAO,CAAC;YACjB,gBAAgB,CAAC,EAAE,OAAO,CAAC;SAC5B,CAAC;QACF,SAAS,CAAC,EAAE;YACV,OAAO,EAAE,OAAO,CAAC;YACjB,6BAA6B,CAAC,EAAE,OAAO,CAAC;SACzC,CAAC;KACH,CAAC;IACF,cAAc,CAAC,EAAE;QACf,CAAC,KAAK,EAAE,MAAM,GAAG;YACf,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;YACzB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;YAC5B,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC;SACjC,CAAC;KACH,CAAC;IACF,OAAO,CAAC,EAAE;QACR,eAAe,EAAE,OAAO,CAAC;QACzB,oBAAoB,CAAC,EAAE,OAAO,CAAC;QAC/B,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;KAC1B,CAAC;IACF,aAAa,CAAC,EAAE;QACd,WAAW,EAAE,MAAM,CAAC;QACpB,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,MAAM,CAAC;QAClB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;QACvB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;KACxB,CAAC;CACH"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* ATP Security Profiles - Type Definitions
|
|
3
|
+
*
|
|
4
|
+
* Runtime-agnostic security profile schema for Agent Trust Protocol.
|
|
5
|
+
* Profiles define what actions an agent can take, under what conditions,
|
|
6
|
+
* and how those actions are logged and scored.
|
|
7
|
+
*/
|
|
8
|
+
export {};
|
|
9
|
+
//# sourceMappingURL=types.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/profiles/types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"simple-agent.d.ts","sourceRoot":"","sources":["../src/simple-agent.ts"],"names":[],"mappings":"AAAA;;;;;GAKG
|
|
1
|
+
{"version":3,"file":"simple-agent.d.ts","sourceRoot":"","sources":["../src/simple-agent.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AAGtC,OAAO,EAAgB,gBAAgB,EAAgC,MAAM,kBAAkB,CAAC;AAWhG,OAAO,KAAK,EAEV,YAAY,EACZ,cAAc,EACd,cAAc,EACd,aAAa,EACb,aAAa,EACb,oBAAoB,EAEpB,oBAAoB,EACrB,MAAM,YAAY,CAAC;AAEpB;;GAEG;AACH,MAAM,MAAM,cAAc,GACtB,SAAS,GACT,eAAe,GACf,oBAAoB,GACpB,oBAAoB,GACpB,qBAAqB,GACrB,oBAAoB,GACpB,iBAAiB,GACjB,kBAAkB,GAClB,OAAO,CAAC;AAEZ,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,cAAc,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,GAAG,CAAC;CACZ;AAED,MAAM,WAAW,YAAa,SAAQ,UAAU;IAC9C,IAAI,EAAE,SAAS,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,GAAG,MAAM,CAAC;IACzB,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAED,MAAM,WAAW,UAAW,SAAQ,UAAU;IAC5C,IAAI,EAAE,eAAe,CAAC;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,kBAAkB;IACjC,2EAA2E;IAC3E,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,0CAA0C;IAC1C,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,yDAAyD;IACzD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,gEAAgE;IAChE,GAAG,CAAC,EAAE,OAAO,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,iFAAiF;IACjF,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,wFAAwF;IACxF,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,qBAAa,KAAM,SAAQ,YAAY;IACrC,OAAO,CAAC,MAAM,CAAY;IAC1B,OAAO,CAAC,GAAG,CAAuB;IAClC,OAAO,CAAC,UAAU,CAAuB;IACzC,OAAO,CAAC,IAAI,CAAS;IACrB,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,YAAY,CAAkB;IACtC,OAAO,CAAC,WAAW,CAAkB;IACrC,OAAO,CAAC,aAAa,CAA4D;IAEjF,OAAO,CAAC,mBAAmB,CAAuB;IAClD,OAAO,CAAC,oBAAoB,CAAuB;IAEnD,OAAO,CAAC,YAAY,CAAoC;IAExD,OAAO,CAAC,YAAY,CAAgD;IACpE,OAAO,CAAC,aAAa,CAA4F;IAEjH,OAAO,CAAC,iBAAiB,CAAwC;IAEjE,OAAO,CAAC,WAAW,CAA4B;IAE/C,OAAO,CAAC,iBAAiB,CAA8B;IAEvD,OAAO;IAgCP;;;;;;;OAOG;WACU,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,KAAK,CAAC;IAS/E;;;;;;;OAOG;WACU,UAAU,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,KAAK,CAAC;YAIrE,UAAU;IAwDxB,OAAO,CAAC,SAAS;IASjB;;;;;;;;;;;;;OAaG;IACG,IAAI,CACR,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,MAAM,GAAG,MAAM,EACxB,OAAO,CAAC,EAAE,WAAW,GACpB,OAAO,CAAC;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC;IA6CrD;;;;;;;;;;;;OAYG;IACH,cAAc,CAAC,gBAAgB,EAAE,MAAM,GAAG,MAAM;IAOhD;;;;;;;;;OASG;IACH,sBAAsB,IAAI,MAAM;IAOhC;;;;;;;;OAQG;IACG,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAuBtD;;;;;;;;;;;OAWG;IACG,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAwD9D;;;;;;;OAOG;IACG,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAc1E;;;;;;;OAOG;IACG,eAAe,CACnB,UAAU,EAAE,MAAM,EAClB,cAAc,EAAE,MAAM,EACtB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAC1B,OAAO,CAAC,MAAM,CAAC;IAelB;;OAEG;IACH,MAAM,IAAI,MAAM;IAOhB;;OAEG;IACH,OAAO,IAAI,MAAM;IAIjB;;OAEG;IACH,aAAa,IAAI,OAAO;IAIxB;;OAEG;IACH,aAAa,IAAI,OAAO;IAIxB;;OAEG;IACH,YAAY,IAAI,OAAO;IAIvB;;;;;;;;;OASG;IACH,EAAE,CAAC,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,IAAI,EAAE,GAAG,KAAK,IAAI,GAAG,IAAI;IAY7D;;;;;;;OAOG;IACH,IAAI,CAAC,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,IAAI,EAAE,GAAG,KAAK,IAAI,GAAG,IAAI;IAK/D;;;;;;;OAOG;IACH,GAAG,CAAC,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,IAAI,EAAE,GAAG,KAAK,IAAI,GAAG,IAAI;IAQ9D;;OAEG;IACH,kBAAkB,CAAC,KAAK,CAAC,EAAE,cAAc,GAAG,IAAI;IAUhD;;;OAGG;IACH,SAAS,CAAC,cAAc,CAAC,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,GAAG,OAAO;IASnF;;OAEG;IACH,aAAa,CAAC,KAAK,EAAE,cAAc,GAAG,MAAM;IAI5C;;OAEG;IACH,mBAAmB,IAAI,cAAc,EAAE;IAIvC;;OAEG;IACH,YAAY,CAAC,KAAK,EAAE,cAAc,GAAG,OAAO;IAI5C;;;;;;;;;;OAUG;IACG,cAAc,CAClB,QAAQ,EAAE,MAAM,EAChB,aAAa,GAAE,MAAY,GAC1B,OAAO,CAAC;QAAE,WAAW,EAAE,OAAO,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IAiCnD;;;;;;;;;;;;OAYG;IACH,iBAAiB,CAAC,aAAa,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,GAAG,WAAW,GAAG,IAAI;IAqBhF;;OAEG;IACH,gBAAgB,IAAI;QAAE,YAAY,EAAE,MAAM,CAAC;QAAC,cAAc,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE;IAOxF;;;;;;;;;;;;OAYG;IACG,WAAW,CACf,SAAS,EAAE,MAAM,EACjB,YAAY,EAAE,cAAc,EAAE,GAC7B,OAAO,CAAC,YAAY,CAAC;IA0BxB;;;;;;;;;;OAUG;IACG,kBAAkB,CAAC,SAAS,EAAE,YAAY,GAAG,OAAO,CAAC,cAAc,CAAC;IAwD1E;;;;;;;;;;;;OAYG;IACG,kBAAkB,CACtB,QAAQ,EAAE,cAAc,EACxB,WAAW,CAAC,EAAE,MAAM,GACnB,OAAO,CAAC,aAAa,CAAC;IAkDzB;;;;;;;;;;;;;;;;;;;OAmBG;IACG,UAAU,CACd,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,cAAc,EAAE,EAChC,iBAAiB,EAAE,cAAc,EAAE,GAClC,OAAO,CAAC;QAAE,SAAS,EAAE,aAAa,CAAC;QAAC,YAAY,EAAE,aAAa,CAAA;KAAE,CAAC;IAmCrE;;;;;;;;;;;;;;;;;;;;;OAqBG;IACG,aAAa,CAAC,OAAO,EAAE,oBAAoB,GAAG,OAAO,CAAC,aAAa,CAAC;IAa1E;;;;;;;;;;;OAWG;IACG,mBAAmB,CACvB,KAAK,EAAE,aAAa,EACpB,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC,OAAO,CAAC;IAInB;;;;;;;;OAQG;IACH,aAAa,CAAC,UAAU,EAAE,oBAAoB,GAAG,IAAI;IAIrD;;OAEG;IACH,cAAc,IAAI,oBAAoB,EAAE;IAIxC;;OAEG;IACH,OAAO,CAAC,wBAAwB;CAejC;AAGD,eAAe,KAAK,CAAC"}
|
package/dist/simple-agent.js
CHANGED
|
@@ -16,6 +16,7 @@ export class Agent extends EventEmitter {
|
|
|
16
16
|
this.privateKey = null;
|
|
17
17
|
this.initialized = false;
|
|
18
18
|
this._quantumSafe = false;
|
|
19
|
+
this._standalone = false;
|
|
19
20
|
this.eventHandlers = new Map();
|
|
20
21
|
// X25519 key pair for message encryption (separate from signing keys)
|
|
21
22
|
this.encryptionPublicKey = null;
|
|
@@ -66,8 +67,22 @@ export class Agent extends EventEmitter {
|
|
|
66
67
|
static async create(name, options) {
|
|
67
68
|
const agent = new Agent(name, options);
|
|
68
69
|
await agent.initialize();
|
|
70
|
+
if (options?.log) {
|
|
71
|
+
agent.logBanner();
|
|
72
|
+
}
|
|
69
73
|
return agent;
|
|
70
74
|
}
|
|
75
|
+
/**
|
|
76
|
+
* Create an agent and print its status — the 1-line quick start.
|
|
77
|
+
*
|
|
78
|
+
* @example
|
|
79
|
+
* ```typescript
|
|
80
|
+
* await Agent.quickstart('MyBot');
|
|
81
|
+
* ```
|
|
82
|
+
*/
|
|
83
|
+
static async quickstart(name, options) {
|
|
84
|
+
return Agent.create(name, { ...options, log: true });
|
|
85
|
+
}
|
|
71
86
|
async initialize() {
|
|
72
87
|
if (this.initialized)
|
|
73
88
|
return;
|
|
@@ -77,22 +92,32 @@ export class Agent extends EventEmitter {
|
|
|
77
92
|
// Generate hybrid quantum-safe keypair (Ed25519 + ML-DSA)
|
|
78
93
|
// This provides protection against both classical and quantum attacks
|
|
79
94
|
const keyPair = await CryptoUtils.generateKeyPair(true); // quantumSafe = true by default
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
95
|
+
try {
|
|
96
|
+
const identity = await this.client.identity.registerDID({
|
|
97
|
+
publicKey: keyPair.publicKey,
|
|
98
|
+
metadata: {
|
|
99
|
+
name: this.name,
|
|
100
|
+
quantumSafe: keyPair.quantumSafe,
|
|
101
|
+
algorithm: keyPair.quantumSafe ? 'hybrid-ed25519-mldsa65' : 'ed25519'
|
|
102
|
+
}
|
|
103
|
+
});
|
|
104
|
+
if (identity.data) {
|
|
105
|
+
this.did = identity.data.did;
|
|
106
|
+
this.privateKey = keyPair.privateKey;
|
|
107
|
+
this._quantumSafe = keyPair.quantumSafe;
|
|
86
108
|
}
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
109
|
+
else {
|
|
110
|
+
throw new Error('No DID returned from identity service');
|
|
111
|
+
}
|
|
112
|
+
}
|
|
113
|
+
catch {
|
|
114
|
+
// Standalone mode: no ATP services available — generate DID locally
|
|
115
|
+
const pubKeyShort = keyPair.publicKey.slice(0, 16);
|
|
116
|
+
this.did = `did:atp:${pubKeyShort}`;
|
|
90
117
|
this.privateKey = keyPair.privateKey;
|
|
91
|
-
// Store quantum-safe flag for signing operations
|
|
92
118
|
this._quantumSafe = keyPair.quantumSafe;
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
throw new Error('Failed to register DID');
|
|
119
|
+
this._standalone = true;
|
|
120
|
+
console.log('\u26A1 Running in standalone mode (no ATP services detected). DID generated locally.');
|
|
96
121
|
}
|
|
97
122
|
}
|
|
98
123
|
// Generate X25519 key pair for message encryption
|
|
@@ -111,6 +136,14 @@ export class Agent extends EventEmitter {
|
|
|
111
136
|
throw new Error(`Failed to initialize agent: ${error instanceof Error ? error.message : 'Unknown error'}`);
|
|
112
137
|
}
|
|
113
138
|
}
|
|
139
|
+
logBanner() {
|
|
140
|
+
const mode = this._standalone ? 'standalone (local)' : 'connected';
|
|
141
|
+
const qs = this.isQuantumSafe() ? 'yes' : 'no';
|
|
142
|
+
console.log(`\n\u26A1 ${this.name} ready!`);
|
|
143
|
+
console.log(` DID: ${this.did}`);
|
|
144
|
+
console.log(` Quantum-safe: ${qs}`);
|
|
145
|
+
console.log(` Mode: ${mode}\n`);
|
|
146
|
+
}
|
|
114
147
|
/**
|
|
115
148
|
* Send a secure message to another agent
|
|
116
149
|
*
|
|
@@ -357,6 +390,12 @@ export class Agent extends EventEmitter {
|
|
|
357
390
|
isQuantumSafe() {
|
|
358
391
|
return this._quantumSafe === true || !!(this.privateKey && this.privateKey.length > 8000); // Hybrid keys are ~8000 hex chars (4032 bytes)
|
|
359
392
|
}
|
|
393
|
+
/**
|
|
394
|
+
* Check if the agent is running in standalone mode (no ATP services)
|
|
395
|
+
*/
|
|
396
|
+
isStandalone() {
|
|
397
|
+
return this._standalone;
|
|
398
|
+
}
|
|
360
399
|
/**
|
|
361
400
|
* Subscribe to agent events
|
|
362
401
|
*
|