autotel-eventcatalog 10.0.0 → 11.0.0

package/CHANGELOG.md

@@ -1,5 +1,53 @@
 # Changelog
 
+## 11.0.0
+
+### Patch Changes
+
+- ec47ec8: Google Secure AI Agents observability plus MCP protocol-boundary security observability — additive defense-in-depth across planning, tool use, MCP traffic, triage, and UI surfaces.
+
+  **autotel-mcp-instrumentation**
+  - Annotation hints captured as `mcp.tool.*` span attributes (`readOnlyHint`, `destructiveHint`, `idempotentHint`, `openWorldHint`, `untrustedContentHint`) to surface malicious-manifest vectors and tool trust profiles.
+  - Payload-size signals (`mcp.tool.arguments.size` / `mcp.tool.result.size`) for token-exhaustion and contaminated-output detection without logging content.
+  - Output character budgets (`outputCharBudget` + `MCP_CHAR_BUDGETS`) that emit `mcp.security.budget_exceeded` signals and can bridge to unified `security.*` events.
+  - Pluggable injection classifier (`securityClassifier`) scanning arguments and results on both client and server, recording `mcp.security.injection.*` signals and bridging suspicious verdicts to `security.*` events without breaking traced calls.
+  - `heuristicInjectionClassifier()` as a dependency-free first-pass detector.
+  - `spotlight()` to delimit/base64 untrusted content across Node and edge runtimes.
+  - `validateToolBudget()` for WebMCP-style text-surface limits.
+  - Guard bridge via `guard` config so MCP tool calls count against an `autotel-genai` guard.
+  - `applyManifestAssessment()` bridges suspicious manifest verdicts to unified `security.*` events when `bridgeSecurityEvents` is enabled.
+  - New `mcp.security.events` counter and `autotel-mcp-instrumentation/security` subpath export.
+
+  **autotel-cli**
+  - Add `autotel security mcp` to aggregate MCP security signals: injection verdicts, output-budget breaches, and untrusted-content tool calls.
+
+  **autotel-genai/agent**
+  - `AgentPlanClassifier` + `runAgentPlanClassifier()` / `recordPlanRiskAssessment()` with `agent.plan.risk.*` attrs and optional `llm.plan.risk.elevated` security event.
+  - `heuristicPlanRiskClassifier()` as a dependency-free first-pass plan-risk tripwire.
+  - Export `agentContextFromSpan()` from the agent subpath.
+
+  **autotel-audit**
+  - Passive action-chain processor emits `llm.action_chain.suspicious` and stamps unified `security.*` attributes on the destructive span.
+  - `llm.manifest.suspicious` and `llm.plan.risk.elevated` added to the suggested security event catalogue.
+
+  **autotel-cloudflare/agents**
+  - `tool:approval` events use `recordHumanApproval()` (optional `autotel-genai` peer dependency).
+
+  **autotel-devtools**
+  - Agent timeline surfaces consent, policy, injection, guard, security-event, and plan-step badges from the new agent security attributes.
+
+  **autotel-schema**
+  - Agent security contract snapshot extended with `agent.plan.risk.*` attributes.
+
+  **autotel**
+  - Core `security-schema` remains the shared sink for unified `security.*` events consumed by the agent and MCP observability layers.
+
+  **Packaging**
+  - Drop the duplicated `src/` directory from published tarballs across all packages. The shipped `.js.map` sourcemaps already embed original source via `sourcesContent`, so source-level debugging is unchanged while install footprint shrinks ~20–30%.
+
+- Updated dependencies [ec47ec8]
+  - autotel-subscribers@41.0.0
+
 ## 10.0.0
 
 ### Patch Changes

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "autotel-eventcatalog",
-  "version": "10.0.0",
+  "version": "11.0.0",
   "description": "Diff your autotel architecture snapshot against an EventCatalog and report drift. Same model as Pact, for event architectures.",
   "type": "module",
   "main": "./dist/index.js",
@@ -23,7 +23,6 @@
   },
   "files": [
     "dist",
-    "src",
     "schemas",
     "docs",
     "action.yml",
@@ -56,7 +55,7 @@
     "tsdown": "^0.22.2",
     "typescript": "^6.0.3",
     "vitest": "^4.1.8",
-    "autotel-subscribers": "40.0.0"
+    "autotel-subscribers": "41.0.0"
   },
   "dependencies": {
     "@eventcatalog/sdk": "^2.24.1"

package/src/__fixtures__/drift-report-all.golden.json

@@ -1,33 +0,0 @@
-{
-  "spec": "autotel-eventcatalog-report/v0.2.0",
-  "mode": "all",
-  "report": {
-    "snapshotGeneratedAt": "2026-05-22T00:00:00.000Z",
-    "snapshotService": "fixture",
-    "events": {
-      "observedButUndocumented": [
-        "order.cancelled"
-      ],
-      "documentedButUnseen": [
-        "LegacyEvent"
-      ],
-      "fieldDrift": [
-        {
-          "event": "recommendation.generated",
-          "extra": [
-            "personalization_seed"
-          ],
-          "missing": []
-        }
-      ],
-      "typeDrift": [],
-      "valueDrift": []
-    },
-    "services": {
-      "observedButUndocumented": []
-    },
-    "channels": {
-      "observedButUndocumented": []
-    }
-  }
-}

package/src/__fixtures__/drift-summary-clean.golden.json

@@ -1,17 +0,0 @@
-{
-  "spec": "autotel-eventcatalog-drift-summary/v0.2.0",
-  "mode": "all",
-  "shouldFail": false,
-  "reason": "No drift detected.",
-  "counts": {
-    "observedButUndocumentedEvents": 0,
-    "documentedButUnseenEvents": 0,
-    "fieldDriftEvents": 0,
-    "fieldDriftPaths": 0,
-    "typeDriftPaths": 0,
-    "valueDriftPaths": 0,
-    "undocumentedServices": 0,
-    "undocumentedChannels": 0,
-    "total": 0
-  }
-}

package/src/__fixtures__/drift-summary-drifty.golden.json

@@ -1,17 +0,0 @@
-{
-  "spec": "autotel-eventcatalog-drift-summary/v0.2.0",
-  "mode": "all",
-  "shouldFail": true,
-  "reason": "Drift detected in current snapshot.",
-  "counts": {
-    "observedButUndocumentedEvents": 1,
-    "documentedButUnseenEvents": 1,
-    "fieldDriftEvents": 1,
-    "fieldDriftPaths": 1,
-    "typeDriftPaths": 0,
-    "valueDriftPaths": 0,
-    "undocumentedServices": 0,
-    "undocumentedChannels": 0,
-    "total": 3
-  }
-}

package/src/__fixtures__/stamp-summary-noop.golden.json

@@ -1,10 +0,0 @@
-{
-  "spec": "autotel-eventcatalog-stamp-summary/v0.1.0",
-  "dryRun": false,
-  "attempted": 0,
-  "skipped": 0,
-  "inserts": 0,
-  "replaces": 0,
-  "changedFiles": 0,
-  "hadChanges": false
-}

package/src/catalog.test.ts

@@ -1,63 +0,0 @@
-import { describe, it, expect } from 'vitest';
-import { extractDeclaredFieldPaths } from './catalog';
-
-describe('extractDeclaredFieldPaths', () => {
-  it('extracts scalar properties', () => {
-    expect(
-      extractDeclaredFieldPaths({
-        type: 'object',
-        properties: {
-          orderId: { type: 'string' },
-          totalCents: { type: 'integer' },
-        },
-      }),
-    ).toEqual(['orderId', 'totalCents']);
-  });
-
-  it('collapses array items under `[]`', () => {
-    expect(
-      extractDeclaredFieldPaths({
-        type: 'object',
-        properties: {
-          items: {
-            type: 'array',
-            items: {
-              type: 'object',
-              properties: {
-                sku: { type: 'string' },
-                quantity: { type: 'integer' },
-              },
-            },
-          },
-        },
-      }),
-    ).toEqual(['items', 'items[].quantity', 'items[].sku']);
-  });
-
-  it('walks nested objects', () => {
-    expect(
-      extractDeclaredFieldPaths({
-        type: 'object',
-        properties: {
-          usage: {
-            type: 'object',
-            properties: {
-              promptTokens: { type: 'integer' },
-              completionTokens: { type: 'integer' },
-            },
-          },
-        },
-      }),
-    ).toEqual(['usage', 'usage.completionTokens', 'usage.promptTokens']);
-  });
-
-  it('returns an empty list for non-object schemas', () => {
-    expect(extractDeclaredFieldPaths({ type: 'string' })).toEqual([]);
-    expect(extractDeclaredFieldPaths(null)).toEqual([]);
-    expect(extractDeclaredFieldPaths()).toEqual([]);
-  });
-});
-
-// Path classification and frontmatter parsing now live in @eventcatalog/sdk
-// (since v2.21); the cross-platform path tests that used to live here are
-// covered by the SDK's own test suite.

package/src/catalog.ts

@@ -1,169 +0,0 @@
-// Read the current state of an EventCatalog using @eventcatalog/sdk. We
-// re-use SDK types (`Event`, `Service`, `Channel`) verbatim and only add the
-// two fields the SDK doesn't expose: the resolved on-disk `filePath`, and the
-// dotted field-path + schema-constraint extractions our drift diff consumes.
-// Inventing our own catalog types would silently drift from the SDK as it
-// evolves.
-
-import utils from '@eventcatalog/sdk';
-import type { Channel, Event, Service } from '@eventcatalog/sdk';
-
-export type SchemaConstraint = {
-  types?: string[];
-  enumValues?: unknown[];
-};
-
-export type CatalogEvent = Event & {
-  /** Absolute path to the event's `index.mdx`, resolved via SDK. */
-  filePath: string;
-  /** Field paths declared in the event's JSON Schema (if present). */
-  declaredFieldPaths?: string[];
-  declaredSchemaConstraints?: Record<string, SchemaConstraint>;
-};
-
-export type CatalogService = Service & {
-  filePath: string;
-};
-
-export type CatalogChannel = Channel & {
-  filePath: string;
-};
-
-export type CatalogState = {
-  events: Map<string, CatalogEvent>;
-  services: Map<string, CatalogService>;
-  channels: Map<string, CatalogChannel>;
-};
-
-export async function readCatalogState(
-  catalogPath: string,
-): Promise<CatalogState> {
-  const sdk = utils(catalogPath);
-
-  const [events, services, channels] = await Promise.all([
-    sdk.getEvents({ latestOnly: true, attachSchema: true }),
-    sdk.getServices({ latestOnly: true }),
-    sdk.getChannels({ latestOnly: true }),
-  ]);
-
-  const state: CatalogState = {
-    events: new Map(),
-    services: new Map(),
-    channels: new Map(),
-  };
-
-  // SDK quirk (as of 2.21.2): unlike the other helpers, `getResourcePath` is
-  // not curried with `catalogDir`, so we pass the catalog path explicitly.
-  const resolveFilePath = async (id: string, version?: string) => {
-    const paths = await sdk.getResourcePath(catalogPath, id, version);
-    return paths?.fullPath ?? '';
-  };
-
-  for (const e of events ?? []) {
-    const filePath = await resolveFilePath(e.id, e.version);
-    const schemaExtractions = e.schema
-      ? {
-          declaredFieldPaths: extractDeclaredFieldPaths(e.schema),
-          declaredSchemaConstraints: extractDeclaredSchemaConstraints(e.schema),
-        }
-      : {};
-    state.events.set(e.id, { ...e, filePath, ...schemaExtractions });
-  }
-
-  for (const s of services ?? []) {
-    const filePath = await resolveFilePath(s.id, s.version);
-    state.services.set(s.id, { ...s, filePath });
-  }
-
-  for (const c of channels ?? []) {
-    const filePath = await resolveFilePath(c.id, c.version);
-    state.channels.set(c.id, { ...c, filePath });
-  }
-
-  return state;
-}
-
-/**
- * Extract field paths from a JSON Schema. Mirrors the dotted-path convention
- * used by the snapshot subscriber: arrays collapse to `[]`, nested objects
- * use `.`. We walk `properties` (objects) and `items` (arrays).
- */
-export function extractDeclaredFieldPaths(
-  schema: unknown,
-  prefix = '',
-): string[] {
-  const out = new Set<string>();
-  walkSchema(schema, prefix, out);
-  return [...out].toSorted();
-}
-
-function walkSchema(schema: unknown, prefix: string, out: Set<string>): void {
-  if (!schema || typeof schema !== 'object') return;
-  const s = schema as Record<string, unknown>;
-
-  if (s.properties && typeof s.properties === 'object') {
-    for (const [key, sub] of Object.entries(
-      s.properties as Record<string, unknown>,
-    )) {
-      const path = prefix === '' ? key : `${prefix}.${key}`;
-      out.add(path);
-      walkSchema(sub, path, out);
-    }
-  }
-
-  if (s.items) {
-    const arrayPrefix = prefix + '[]';
-    walkSchema(s.items, arrayPrefix, out);
-  }
-}
-
-export function extractDeclaredSchemaConstraints(
-  schema: unknown,
-  prefix = '',
-): Record<string, SchemaConstraint> {
-  const out = new Map<string, SchemaConstraint>();
-  walkSchemaConstraints(schema, prefix, out);
-  const obj: Record<string, SchemaConstraint> = {};
-  for (const [path, c] of out) obj[path] = c;
-  return obj;
-}
-
-function walkSchemaConstraints(
-  schema: unknown,
-  prefix: string,
-  out: Map<string, SchemaConstraint>,
-): void {
-  if (!schema || typeof schema !== 'object') return;
-  const s = schema as Record<string, unknown>;
-  const typeVal = s.type;
-  const enumVal = s.enum;
-  if (prefix !== '' && (typeVal !== undefined || enumVal !== undefined)) {
-    const types = toTypeArray(typeVal);
-    const enumValues = Array.isArray(enumVal) ? [...enumVal] : undefined;
-    out.set(prefix, {
-      ...(types.length > 0 ? { types } : {}),
-      ...(enumValues ? { enumValues } : {}),
-    });
-  }
-
-  if (s.properties && typeof s.properties === 'object') {
-    for (const [key, sub] of Object.entries(
-      s.properties as Record<string, unknown>,
-    )) {
-      const path = prefix === '' ? key : `${prefix}.${key}`;
-      walkSchemaConstraints(sub, path, out);
-    }
-  }
-  if (s.items) {
-    const arrayPrefix = prefix + '[]';
-    walkSchemaConstraints(s.items, arrayPrefix, out);
-  }
-}
-
-function toTypeArray(typeVal: unknown): string[] {
-  if (typeof typeVal === 'string') return [typeVal];
-  if (Array.isArray(typeVal)) {
-    return typeVal.filter((t): t is string => typeof t === 'string').toSorted();
-  }
-  return [];
-}