npm - clawsec - Versions diffs - 0.0.1 - Mend

clawsec 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (361) hide show

package/README.md +560 -0
package/dist/bin/clawsec.d.ts +7 -0
package/dist/bin/clawsec.d.ts.map +1 -0
package/dist/bin/clawsec.js +12 -0
package/dist/bin/clawsec.js.map +1 -0
package/dist/src/actions/block.d.ts +22 -0
package/dist/src/actions/block.d.ts.map +1 -0
package/dist/src/actions/block.js +83 -0
package/dist/src/actions/block.js.map +1 -0
package/dist/src/actions/confirm.d.ts +35 -0
package/dist/src/actions/confirm.d.ts.map +1 -0
package/dist/src/actions/confirm.js +156 -0
package/dist/src/actions/confirm.js.map +1 -0
package/dist/src/actions/executor.d.ts +64 -0
package/dist/src/actions/executor.d.ts.map +1 -0
package/dist/src/actions/executor.js +114 -0
package/dist/src/actions/executor.js.map +1 -0
package/dist/src/actions/index.d.ts +13 -0
package/dist/src/actions/index.d.ts.map +1 -0
package/dist/src/actions/index.js +15 -0
package/dist/src/actions/index.js.map +1 -0
package/dist/src/actions/log.d.ts +19 -0
package/dist/src/actions/log.d.ts.map +1 -0
package/dist/src/actions/log.js +63 -0
package/dist/src/actions/log.js.map +1 -0
package/dist/src/actions/types.d.ts +85 -0
package/dist/src/actions/types.d.ts.map +1 -0
package/dist/src/actions/types.js +78 -0
package/dist/src/actions/types.js.map +1 -0
package/dist/src/actions/warn.d.ts +22 -0
package/dist/src/actions/warn.d.ts.map +1 -0
package/dist/src/actions/warn.js +84 -0
package/dist/src/actions/warn.js.map +1 -0
package/dist/src/approval/agent-confirm.d.ts +104 -0
package/dist/src/approval/agent-confirm.d.ts.map +1 -0
package/dist/src/approval/agent-confirm.js +173 -0
package/dist/src/approval/agent-confirm.js.map +1 -0
package/dist/src/approval/index.d.ts +14 -0
package/dist/src/approval/index.d.ts.map +1 -0
package/dist/src/approval/index.js +9 -0
package/dist/src/approval/index.js.map +1 -0
package/dist/src/approval/native.d.ts +56 -0
package/dist/src/approval/native.d.ts.map +1 -0
package/dist/src/approval/native.js +196 -0
package/dist/src/approval/native.js.map +1 -0
package/dist/src/approval/store.d.ts +88 -0
package/dist/src/approval/store.d.ts.map +1 -0
package/dist/src/approval/store.js +192 -0
package/dist/src/approval/store.js.map +1 -0
package/dist/src/approval/types.d.ts +119 -0
package/dist/src/approval/types.d.ts.map +1 -0
package/dist/src/approval/types.js +6 -0
package/dist/src/approval/types.js.map +1 -0
package/dist/src/approval/webhook.d.ts +170 -0
package/dist/src/approval/webhook.d.ts.map +1 -0
package/dist/src/approval/webhook.js +362 -0
package/dist/src/approval/webhook.js.map +1 -0
package/dist/src/cli/commands/audit.d.ts +43 -0
package/dist/src/cli/commands/audit.d.ts.map +1 -0
package/dist/src/cli/commands/audit.js +115 -0
package/dist/src/cli/commands/audit.js.map +1 -0
package/dist/src/cli/commands/feedback.d.ts +27 -0
package/dist/src/cli/commands/feedback.d.ts.map +1 -0
package/dist/src/cli/commands/feedback.js +228 -0
package/dist/src/cli/commands/feedback.js.map +1 -0
package/dist/src/cli/commands/index.d.ts +11 -0
package/dist/src/cli/commands/index.d.ts.map +1 -0
package/dist/src/cli/commands/index.js +13 -0
package/dist/src/cli/commands/index.js.map +1 -0
package/dist/src/cli/commands/status.d.ts +20 -0
package/dist/src/cli/commands/status.d.ts.map +1 -0
package/dist/src/cli/commands/status.js +122 -0
package/dist/src/cli/commands/status.js.map +1 -0
package/dist/src/cli/commands/test.d.ts +23 -0
package/dist/src/cli/commands/test.d.ts.map +1 -0
package/dist/src/cli/commands/test.js +134 -0
package/dist/src/cli/commands/test.js.map +1 -0
package/dist/src/cli/commands/types.d.ts +81 -0
package/dist/src/cli/commands/types.d.ts.map +1 -0
package/dist/src/cli/commands/types.js +6 -0
package/dist/src/cli/commands/types.js.map +1 -0
package/dist/src/cli/index.d.ts +17 -0
package/dist/src/cli/index.d.ts.map +1 -0
package/dist/src/cli/index.js +267 -0
package/dist/src/cli/index.js.map +1 -0
package/dist/src/config/defaults.d.ts +20 -0
package/dist/src/config/defaults.d.ts.map +1 -0
package/dist/src/config/defaults.js +123 -0
package/dist/src/config/defaults.js.map +1 -0
package/dist/src/config/index.d.ts +8 -0
package/dist/src/config/index.d.ts.map +1 -0
package/dist/src/config/index.js +41 -0
package/dist/src/config/index.js.map +1 -0
package/dist/src/config/loader.d.ts +99 -0
package/dist/src/config/loader.d.ts.map +1 -0
package/dist/src/config/loader.js +242 -0
package/dist/src/config/loader.js.map +1 -0
package/dist/src/config/schema.d.ts +627 -0
package/dist/src/config/schema.d.ts.map +1 -0
package/dist/src/config/schema.js +585 -0
package/dist/src/config/schema.js.map +1 -0
package/dist/src/detectors/destructive/cloud-detector.d.ts +51 -0
package/dist/src/detectors/destructive/cloud-detector.d.ts.map +1 -0
package/dist/src/detectors/destructive/cloud-detector.js +556 -0
package/dist/src/detectors/destructive/cloud-detector.js.map +1 -0
package/dist/src/detectors/destructive/code-detector.d.ts +59 -0
package/dist/src/detectors/destructive/code-detector.d.ts.map +1 -0
package/dist/src/detectors/destructive/code-detector.js +558 -0
package/dist/src/detectors/destructive/code-detector.js.map +1 -0
package/dist/src/detectors/destructive/index.d.ts +54 -0
package/dist/src/detectors/destructive/index.d.ts.map +1 -0
package/dist/src/detectors/destructive/index.js +168 -0
package/dist/src/detectors/destructive/index.js.map +1 -0
package/dist/src/detectors/destructive/shell-detector.d.ts +43 -0
package/dist/src/detectors/destructive/shell-detector.d.ts.map +1 -0
package/dist/src/detectors/destructive/shell-detector.js +302 -0
package/dist/src/detectors/destructive/shell-detector.js.map +1 -0
package/dist/src/detectors/destructive/types.d.ts +143 -0
package/dist/src/detectors/destructive/types.d.ts.map +1 -0
package/dist/src/detectors/destructive/types.js +6 -0
package/dist/src/detectors/destructive/types.js.map +1 -0
package/dist/src/detectors/exfiltration/cloud-detector.d.ts +51 -0
package/dist/src/detectors/exfiltration/cloud-detector.d.ts.map +1 -0
package/dist/src/detectors/exfiltration/cloud-detector.js +427 -0
package/dist/src/detectors/exfiltration/cloud-detector.js.map +1 -0
package/dist/src/detectors/exfiltration/http-detector.d.ts +47 -0
package/dist/src/detectors/exfiltration/http-detector.d.ts.map +1 -0
package/dist/src/detectors/exfiltration/http-detector.js +429 -0
package/dist/src/detectors/exfiltration/http-detector.js.map +1 -0
package/dist/src/detectors/exfiltration/index.d.ts +44 -0
package/dist/src/detectors/exfiltration/index.d.ts.map +1 -0
package/dist/src/detectors/exfiltration/index.js +118 -0
package/dist/src/detectors/exfiltration/index.js.map +1 -0
package/dist/src/detectors/exfiltration/network-detector.d.ts +55 -0
package/dist/src/detectors/exfiltration/network-detector.d.ts.map +1 -0
package/dist/src/detectors/exfiltration/network-detector.js +504 -0
package/dist/src/detectors/exfiltration/network-detector.js.map +1 -0
package/dist/src/detectors/exfiltration/types.d.ts +139 -0
package/dist/src/detectors/exfiltration/types.d.ts.map +1 -0
package/dist/src/detectors/exfiltration/types.js +6 -0
package/dist/src/detectors/exfiltration/types.js.map +1 -0
package/dist/src/detectors/purchase/domain-detector.d.ts +44 -0
package/dist/src/detectors/purchase/domain-detector.d.ts.map +1 -0
package/dist/src/detectors/purchase/domain-detector.js +296 -0
package/dist/src/detectors/purchase/domain-detector.js.map +1 -0
package/dist/src/detectors/purchase/form-detector.d.ts +27 -0
package/dist/src/detectors/purchase/form-detector.d.ts.map +1 -0
package/dist/src/detectors/purchase/form-detector.js +344 -0
package/dist/src/detectors/purchase/form-detector.js.map +1 -0
package/dist/src/detectors/purchase/index.d.ts +65 -0
package/dist/src/detectors/purchase/index.d.ts.map +1 -0
package/dist/src/detectors/purchase/index.js +216 -0
package/dist/src/detectors/purchase/index.js.map +1 -0
package/dist/src/detectors/purchase/spend-tracker.d.ts +132 -0
package/dist/src/detectors/purchase/spend-tracker.d.ts.map +1 -0
package/dist/src/detectors/purchase/spend-tracker.js +313 -0
package/dist/src/detectors/purchase/spend-tracker.js.map +1 -0
package/dist/src/detectors/purchase/types.d.ts +139 -0
package/dist/src/detectors/purchase/types.d.ts.map +1 -0
package/dist/src/detectors/purchase/types.js +6 -0
package/dist/src/detectors/purchase/types.js.map +1 -0
package/dist/src/detectors/purchase/url-detector.d.ts +31 -0
package/dist/src/detectors/purchase/url-detector.d.ts.map +1 -0
package/dist/src/detectors/purchase/url-detector.js +292 -0
package/dist/src/detectors/purchase/url-detector.js.map +1 -0
package/dist/src/detectors/secrets/api-key-detector.d.ts +30 -0
package/dist/src/detectors/secrets/api-key-detector.d.ts.map +1 -0
package/dist/src/detectors/secrets/api-key-detector.js +297 -0
package/dist/src/detectors/secrets/api-key-detector.js.map +1 -0
package/dist/src/detectors/secrets/index.d.ts +43 -0
package/dist/src/detectors/secrets/index.d.ts.map +1 -0
package/dist/src/detectors/secrets/index.js +261 -0
package/dist/src/detectors/secrets/index.js.map +1 -0
package/dist/src/detectors/secrets/pii-detector.d.ts +54 -0
package/dist/src/detectors/secrets/pii-detector.d.ts.map +1 -0
package/dist/src/detectors/secrets/pii-detector.js +286 -0
package/dist/src/detectors/secrets/pii-detector.js.map +1 -0
package/dist/src/detectors/secrets/token-detector.d.ts +51 -0
package/dist/src/detectors/secrets/token-detector.d.ts.map +1 -0
package/dist/src/detectors/secrets/token-detector.js +233 -0
package/dist/src/detectors/secrets/token-detector.js.map +1 -0
package/dist/src/detectors/secrets/types.d.ts +157 -0
package/dist/src/detectors/secrets/types.d.ts.map +1 -0
package/dist/src/detectors/secrets/types.js +6 -0
package/dist/src/detectors/secrets/types.js.map +1 -0
package/dist/src/detectors/website/category-detector.d.ts +22 -0
package/dist/src/detectors/website/category-detector.d.ts.map +1 -0
package/dist/src/detectors/website/category-detector.js +162 -0
package/dist/src/detectors/website/category-detector.js.map +1 -0
package/dist/src/detectors/website/index.d.ts +53 -0
package/dist/src/detectors/website/index.d.ts.map +1 -0
package/dist/src/detectors/website/index.js +232 -0
package/dist/src/detectors/website/index.js.map +1 -0
package/dist/src/detectors/website/pattern-matcher.d.ts +33 -0
package/dist/src/detectors/website/pattern-matcher.d.ts.map +1 -0
package/dist/src/detectors/website/pattern-matcher.js +121 -0
package/dist/src/detectors/website/pattern-matcher.js.map +1 -0
package/dist/src/detectors/website/types.d.ts +105 -0
package/dist/src/detectors/website/types.d.ts.map +1 -0
package/dist/src/detectors/website/types.js +6 -0
package/dist/src/detectors/website/types.js.map +1 -0
package/dist/src/engine/analyzer.d.ts +87 -0
package/dist/src/engine/analyzer.d.ts.map +1 -0
package/dist/src/engine/analyzer.js +427 -0
package/dist/src/engine/analyzer.js.map +1 -0
package/dist/src/engine/cache.d.ts +80 -0
package/dist/src/engine/cache.d.ts.map +1 -0
package/dist/src/engine/cache.js +167 -0
package/dist/src/engine/cache.js.map +1 -0
package/dist/src/engine/index.d.ts +11 -0
package/dist/src/engine/index.d.ts.map +1 -0
package/dist/src/engine/index.js +11 -0
package/dist/src/engine/index.js.map +1 -0
package/dist/src/engine/llm-client.d.ts +210 -0
package/dist/src/engine/llm-client.d.ts.map +1 -0
package/dist/src/engine/llm-client.js +506 -0
package/dist/src/engine/llm-client.js.map +1 -0
package/dist/src/engine/types.d.ts +163 -0
package/dist/src/engine/types.d.ts.map +1 -0
package/dist/src/engine/types.js +21 -0
package/dist/src/engine/types.js.map +1 -0
package/dist/src/feedback/index.d.ts +9 -0
package/dist/src/feedback/index.d.ts.map +1 -0
package/dist/src/feedback/index.js +8 -0
package/dist/src/feedback/index.js.map +1 -0
package/dist/src/feedback/learner.d.ts +222 -0
package/dist/src/feedback/learner.d.ts.map +1 -0
package/dist/src/feedback/learner.js +401 -0
package/dist/src/feedback/learner.js.map +1 -0
package/dist/src/feedback/store.d.ts +113 -0
package/dist/src/feedback/store.d.ts.map +1 -0
package/dist/src/feedback/store.js +228 -0
package/dist/src/feedback/store.js.map +1 -0
package/dist/src/feedback/types.d.ts +126 -0
package/dist/src/feedback/types.d.ts.map +1 -0
package/dist/src/feedback/types.js +6 -0
package/dist/src/feedback/types.js.map +1 -0
package/dist/src/hooks/before-agent-start/handler.d.ts +37 -0
package/dist/src/hooks/before-agent-start/handler.d.ts.map +1 -0
package/dist/src/hooks/before-agent-start/handler.js +109 -0
package/dist/src/hooks/before-agent-start/handler.js.map +1 -0
package/dist/src/hooks/before-agent-start/index.d.ts +8 -0
package/dist/src/hooks/before-agent-start/index.d.ts.map +1 -0
package/dist/src/hooks/before-agent-start/index.js +7 -0
package/dist/src/hooks/before-agent-start/index.js.map +1 -0
package/dist/src/hooks/before-agent-start/prompts.d.ts +48 -0
package/dist/src/hooks/before-agent-start/prompts.d.ts.map +1 -0
package/dist/src/hooks/before-agent-start/prompts.js +103 -0
package/dist/src/hooks/before-agent-start/prompts.js.map +1 -0
package/dist/src/hooks/before-tool-call/handler.d.ts +42 -0
package/dist/src/hooks/before-tool-call/handler.d.ts.map +1 -0
package/dist/src/hooks/before-tool-call/handler.js +226 -0
package/dist/src/hooks/before-tool-call/handler.js.map +1 -0
package/dist/src/hooks/before-tool-call/index.d.ts +7 -0
package/dist/src/hooks/before-tool-call/index.d.ts.map +1 -0
package/dist/src/hooks/before-tool-call/index.js +6 -0
package/dist/src/hooks/before-tool-call/index.js.map +1 -0
package/dist/src/hooks/tool-result-persist/filter.d.ts +72 -0
package/dist/src/hooks/tool-result-persist/filter.d.ts.map +1 -0
package/dist/src/hooks/tool-result-persist/filter.js +305 -0
package/dist/src/hooks/tool-result-persist/filter.js.map +1 -0
package/dist/src/hooks/tool-result-persist/handler.d.ts +49 -0
package/dist/src/hooks/tool-result-persist/handler.d.ts.map +1 -0
package/dist/src/hooks/tool-result-persist/handler.js +217 -0
package/dist/src/hooks/tool-result-persist/handler.js.map +1 -0
package/dist/src/hooks/tool-result-persist/index.d.ts +11 -0
package/dist/src/hooks/tool-result-persist/index.d.ts.map +1 -0
package/dist/src/hooks/tool-result-persist/index.js +11 -0
package/dist/src/hooks/tool-result-persist/index.js.map +1 -0
package/dist/src/index.d.ts +256 -0
package/dist/src/index.d.ts.map +1 -0
package/dist/src/index.js +222 -0
package/dist/src/index.js.map +1 -0
package/dist/src/notifications/discord.d.ts +10 -0
package/dist/src/notifications/discord.d.ts.map +1 -0
package/dist/src/notifications/discord.js +218 -0
package/dist/src/notifications/discord.js.map +1 -0
package/dist/src/notifications/index.d.ts +37 -0
package/dist/src/notifications/index.d.ts.map +1 -0
package/dist/src/notifications/index.js +68 -0
package/dist/src/notifications/index.js.map +1 -0
package/dist/src/notifications/slack.d.ts +10 -0
package/dist/src/notifications/slack.d.ts.map +1 -0
package/dist/src/notifications/slack.js +218 -0
package/dist/src/notifications/slack.js.map +1 -0
package/dist/src/notifications/telegram.d.ts +10 -0
package/dist/src/notifications/telegram.d.ts.map +1 -0
package/dist/src/notifications/telegram.js +242 -0
package/dist/src/notifications/telegram.js.map +1 -0
package/dist/src/notifications/types.d.ts +119 -0
package/dist/src/notifications/types.d.ts.map +1 -0
package/dist/src/notifications/types.js +6 -0
package/dist/src/notifications/types.js.map +1 -0
package/dist/src/proxy/index.d.ts +8 -0
package/dist/src/proxy/index.d.ts.map +1 -0
package/dist/src/proxy/index.js +9 -0
package/dist/src/proxy/index.js.map +1 -0
package/dist/src/proxy/middleware.d.ts +55 -0
package/dist/src/proxy/middleware.d.ts.map +1 -0
package/dist/src/proxy/middleware.js +215 -0
package/dist/src/proxy/middleware.js.map +1 -0
package/dist/src/proxy/server.d.ts +57 -0
package/dist/src/proxy/server.d.ts.map +1 -0
package/dist/src/proxy/server.js +298 -0
package/dist/src/proxy/server.js.map +1 -0
package/dist/src/proxy/types.d.ts +136 -0
package/dist/src/proxy/types.d.ts.map +1 -0
package/dist/src/proxy/types.js +6 -0
package/dist/src/proxy/types.js.map +1 -0
package/dist/src/sanitization/index.d.ts +10 -0
package/dist/src/sanitization/index.d.ts.map +1 -0
package/dist/src/sanitization/index.js +9 -0
package/dist/src/sanitization/index.js.map +1 -0
package/dist/src/sanitization/patterns.d.ts +51 -0
package/dist/src/sanitization/patterns.d.ts.map +1 -0
package/dist/src/sanitization/patterns.js +266 -0
package/dist/src/sanitization/patterns.js.map +1 -0
package/dist/src/sanitization/scanner.d.ts +29 -0
package/dist/src/sanitization/scanner.d.ts.map +1 -0
package/dist/src/sanitization/scanner.js +328 -0
package/dist/src/sanitization/scanner.js.map +1 -0
package/dist/src/sanitization/types.d.ts +57 -0
package/dist/src/sanitization/types.d.ts.map +1 -0
package/dist/src/sanitization/types.js +5 -0
package/dist/src/sanitization/types.js.map +1 -0
package/openclaw.plugin.json +114 -0
package/package.json +63 -0
package/rules/builtin/README.md +139 -0
package/rules/builtin/ai-services.yaml +70 -0
package/rules/builtin/api-keys.yaml +64 -0
package/rules/builtin/authentication.yaml +56 -0
package/rules/builtin/aws-security.yaml +57 -0
package/rules/builtin/azure-security.yaml +58 -0
package/rules/builtin/cicd-security.yaml +64 -0
package/rules/builtin/cloud-storage.yaml +64 -0
package/rules/builtin/container-registry.yaml +55 -0
package/rules/builtin/crypto-wallets.yaml +71 -0
package/rules/builtin/database-nosql.yaml +58 -0
package/rules/builtin/database-sql.yaml +62 -0
package/rules/builtin/development-env.yaml +67 -0
package/rules/builtin/docker.yaml +57 -0
package/rules/builtin/filesystem.yaml +71 -0
package/rules/builtin/financial-pci.yaml +61 -0
package/rules/builtin/gcp-security.yaml +57 -0
package/rules/builtin/git-operations.yaml +68 -0
package/rules/builtin/healthcare-hipaa.yaml +64 -0
package/rules/builtin/kubernetes.yaml +60 -0
package/rules/builtin/messaging-services.yaml +53 -0
package/rules/builtin/minimal.yaml +47 -0
package/rules/builtin/mobile-development.yaml +61 -0
package/rules/builtin/monitoring.yaml +63 -0
package/rules/builtin/network-security.yaml +57 -0
package/rules/builtin/package-managers.yaml +74 -0
package/rules/builtin/payment-processing.yaml +66 -0
package/rules/builtin/pii-protection.yaml +48 -0
package/rules/builtin/production-strict.yaml +55 -0
package/rules/builtin/secrets-management.yaml +63 -0
package/rules/builtin/serverless.yaml +74 -0
package/rules/builtin/ssh-security.yaml +66 -0
package/rules/builtin/terraform.yaml +51 -0
package/rules/builtin/web-security.yaml +62 -0

package/dist/src/approval/native.js ADDED Viewed

@@ -0,0 +1,196 @@
+/**
+ * Native Approval Handler
+ * Handles the /approve and /deny commands for OpenClaw native approval flow
+ */
+import { getDefaultApprovalStore } from './store.js';
+/**
+ * Default implementation of the native approval handler
+ */
+export class DefaultNativeApprovalHandler {
+    store;
+    constructor(config = {}) {
+        this.store = config.store ?? getDefaultApprovalStore();
+    }
+    /**
+     * Handle an /approve command
+     */
+    handleApprove(id, userId) {
+        // Validate ID format
+        if (!id || typeof id !== 'string' || id.trim() === '') {
+            return {
+                success: false,
+                message: 'Invalid approval ID: ID cannot be empty',
+            };
+        }
+        const trimmedId = id.trim();
+        // Get the record
+        const record = this.store.get(trimmedId);
+        if (!record) {
+            return {
+                success: false,
+                message: `Approval not found: No pending approval with ID "${trimmedId}"`,
+            };
+        }
+        // Check status
+        if (record.status === 'expired') {
+            return {
+                success: false,
+                message: `Approval expired: The approval "${trimmedId}" has expired`,
+                record,
+            };
+        }
+        if (record.status === 'approved') {
+            return {
+                success: false,
+                message: `Already approved: The approval "${trimmedId}" was already approved`,
+                record,
+            };
+        }
+        if (record.status === 'denied') {
+            return {
+                success: false,
+                message: `Already denied: The approval "${trimmedId}" was already denied`,
+                record,
+            };
+        }
+        // Attempt to approve
+        const success = this.store.approve(trimmedId, userId);
+        if (!success) {
+            // This shouldn't happen if our logic is correct, but handle it gracefully
+            return {
+                success: false,
+                message: `Failed to approve: Unable to approve "${trimmedId}"`,
+                record: this.store.get(trimmedId),
+            };
+        }
+        // Get the updated record
+        const approvedRecord = this.store.get(trimmedId);
+        return {
+            success: true,
+            message: this.formatApprovalMessage(approvedRecord),
+            record: approvedRecord,
+        };
+    }
+    /**
+     * Handle a deny/reject command
+     */
+    handleDeny(id) {
+        // Validate ID format
+        if (!id || typeof id !== 'string' || id.trim() === '') {
+            return {
+                success: false,
+                message: 'Invalid approval ID: ID cannot be empty',
+            };
+        }
+        const trimmedId = id.trim();
+        // Get the record
+        const record = this.store.get(trimmedId);
+        if (!record) {
+            return {
+                success: false,
+                message: `Approval not found: No pending approval with ID "${trimmedId}"`,
+            };
+        }
+        // Check status
+        if (record.status === 'expired') {
+            return {
+                success: false,
+                message: `Approval expired: The approval "${trimmedId}" has expired`,
+                record,
+            };
+        }
+        if (record.status === 'approved') {
+            return {
+                success: false,
+                message: `Already approved: The approval "${trimmedId}" was already approved and cannot be denied`,
+                record,
+            };
+        }
+        if (record.status === 'denied') {
+            return {
+                success: false,
+                message: `Already denied: The approval "${trimmedId}" was already denied`,
+                record,
+            };
+        }
+        // Attempt to deny
+        const success = this.store.deny(trimmedId);
+        if (!success) {
+            return {
+                success: false,
+                message: `Failed to deny: Unable to deny "${trimmedId}"`,
+                record: this.store.get(trimmedId),
+            };
+        }
+        // Get the updated record
+        const deniedRecord = this.store.get(trimmedId);
+        return {
+            success: true,
+            message: `Denied: The action for tool "${deniedRecord.toolCall.toolName}" has been denied`,
+            record: deniedRecord,
+        };
+    }
+    /**
+     * Check if a specific approval has been granted
+     */
+    isApproved(id) {
+        if (!id || typeof id !== 'string') {
+            return false;
+        }
+        const record = this.store.get(id.trim());
+        return record?.status === 'approved';
+    }
+    /**
+     * Get all pending approval records
+     */
+    getPendingApprovals() {
+        return this.store.getPending();
+    }
+    /**
+     * Format a success message for an approved action
+     */
+    formatApprovalMessage(record) {
+        const toolName = record.toolCall.toolName;
+        const category = this.formatCategory(record.detection.category);
+        return `Approved: You may now retry the ${category.toLowerCase()} action using tool "${toolName}"`;
+    }
+    /**
+     * Format a threat category for display
+     */
+    formatCategory(category) {
+        const categoryNames = {
+            purchase: 'Purchase/Payment',
+            website: 'Website Access',
+            destructive: 'Destructive Command',
+            secrets: 'Secrets/PII',
+            exfiltration: 'Data Transfer',
+        };
+        return categoryNames[category] || category;
+    }
+}
+/**
+ * Create a native approval handler with the given configuration
+ */
+export function createNativeApprovalHandler(config) {
+    return new DefaultNativeApprovalHandler(config);
+}
+/**
+ * Default singleton handler instance
+ */
+let defaultHandler = null;
+/**
+ * Get the default native approval handler singleton
+ */
+export function getDefaultNativeApprovalHandler() {
+    if (!defaultHandler) {
+        defaultHandler = createNativeApprovalHandler();
+    }
+    return defaultHandler;
+}
+/**
+ * Reset the default handler (mainly for testing)
+ */
+export function resetDefaultNativeApprovalHandler() {
+    defaultHandler = null;
+}
+//# sourceMappingURL=native.js.map

package/dist/src/approval/native.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"native.js","sourceRoot":"","sources":["../../../src/approval/native.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAQH,OAAO,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAUrD;;GAEG;AACH,MAAM,OAAO,4BAA4B;IAC/B,KAAK,CAAgB;IAE7B,YAAY,SAAsC,EAAE;QAClD,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,uBAAuB,EAAE,CAAC;IACzD,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,EAAU,EAAE,MAAe;QACvC,qBAAqB;QACrB,IAAI,CAAC,EAAE,IAAI,OAAO,EAAE,KAAK,QAAQ,IAAI,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YACtD,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,yCAAyC;aACnD,CAAC;QACJ,CAAC;QAED,MAAM,SAAS,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC;QAE5B,iBAAiB;QACjB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAEzC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,oDAAoD,SAAS,GAAG;aAC1E,CAAC;QACJ,CAAC;QAED,eAAe;QACf,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAChC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,mCAAmC,SAAS,eAAe;gBACpE,MAAM;aACP,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YACjC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,mCAAmC,SAAS,wBAAwB;gBAC7E,MAAM;aACP,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,iCAAiC,SAAS,sBAAsB;gBACzE,MAAM;aACP,CAAC;QACJ,CAAC;QAED,qBAAqB;QACrB,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAEtD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,0EAA0E;YAC1E,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,yCAAyC,SAAS,GAAG;gBAC9D,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC;aAClC,CAAC;QACJ,CAAC;QAED,yBAAyB;QACzB,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAEjD,OAAO;YACL,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,IAAI,CAAC,qBAAqB,CAAC,cAAe,CAAC;YACpD,MAAM,EAAE,cAAc;SACvB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,EAAU;QACnB,qBAAqB;QACrB,IAAI,CAAC,EAAE,IAAI,OAAO,EAAE,KAAK,QAAQ,IAAI,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YACtD,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,yCAAyC;aACnD,CAAC;QACJ,CAAC;QAED,MAAM,SAAS,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC;QAE5B,iBAAiB;QACjB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAEzC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,oDAAoD,SAAS,GAAG;aAC1E,CAAC;QACJ,CAAC;QAED,eAAe;QACf,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAChC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,mCAAmC,SAAS,eAAe;gBACpE,MAAM;aACP,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YACjC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,mCAAmC,SAAS,6CAA6C;gBAClG,MAAM;aACP,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,iCAAiC,SAAS,sBAAsB;gBACzE,MAAM;aACP,CAAC;QACJ,CAAC;QAED,kBAAkB;QAClB,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAE3C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,mCAAmC,SAAS,GAAG;gBACxD,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC;aAClC,CAAC;QACJ,CAAC;QAED,yBAAyB;QACzB,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAE/C,OAAO;YACL,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,gCAAgC,YAAa,CAAC,QAAQ,CAAC,QAAQ,mBAAmB;YAC3F,MAAM,EAAE,YAAY;SACrB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,EAAU;QACnB,IAAI,CAAC,EAAE,IAAI,OAAO,EAAE,KAAK,QAAQ,EAAE,CAAC;YAClC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;QACzC,OAAO,MAAM,EAAE,MAAM,KAAK,UAAU,CAAC;IACvC,CAAC;IAED;;OAEG;IACH,mBAAmB;QACjB,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;IACjC,CAAC;IAED;;OAEG;IACK,qBAAqB,CAAC,MAA6B;QACzD,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAEhE,OAAO,mCAAmC,QAAQ,CAAC,WAAW,EAAE,uBAAuB,QAAQ,GAAG,CAAC;IACrG,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,QAAgB;QACrC,MAAM,aAAa,GAA2B;YAC5C,QAAQ,EAAE,kBAAkB;YAC5B,OAAO,EAAE,gBAAgB;YACzB,WAAW,EAAE,qBAAqB;YAClC,OAAO,EAAE,aAAa;YACtB,YAAY,EAAE,eAAe;SAC9B,CAAC;QACF,OAAO,aAAa,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC;IAC7C,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,2BAA2B,CACzC,MAAoC;IAEpC,OAAO,IAAI,4BAA4B,CAAC,MAAM,CAAC,CAAC;AAClD,CAAC;AAED;;GAEG;AACH,IAAI,cAAc,GAAwC,IAAI,CAAC;AAE/D;;GAEG;AACH,MAAM,UAAU,+BAA+B;IAC7C,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,cAAc,GAAG,2BAA2B,EAAE,CAAC;IACjD,CAAC;IACD,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iCAAiC;IAC/C,cAAc,GAAG,IAAI,CAAC;AACxB,CAAC"}

package/dist/src/approval/store.d.ts ADDED Viewed

@@ -0,0 +1,88 @@
+/**
+ * In-Memory Approval Store
+ * Stores and manages pending approval records with TTL and auto-cleanup
+ */
+import type { ApprovalStore, PendingApprovalRecord, PendingApprovalInput } from './types.js';
+/**
+ * Configuration options for the approval store
+ */
+export interface ApprovalStoreConfig {
+    /** Interval in milliseconds for automatic cleanup (0 to disable) */
+    cleanupIntervalMs?: number;
+    /** Whether to remove expired entries on cleanup (vs just marking them expired) */
+    removeOnExpiry?: boolean;
+}
+/**
+ * In-memory implementation of the approval store
+ */
+export declare class InMemoryApprovalStore implements ApprovalStore {
+    private records;
+    private cleanupTimer;
+    private removeOnExpiry;
+    constructor(config?: ApprovalStoreConfig);
+    /**
+     * Start the periodic cleanup timer
+     */
+    private startCleanupTimer;
+    /**
+     * Stop the cleanup timer (useful for testing)
+     */
+    stopCleanupTimer(): void;
+    /**
+     * Add a new pending approval record
+     */
+    add(record: PendingApprovalInput): void;
+    /**
+     * Get an approval record by ID
+     * Also checks and updates expiration status
+     */
+    get(id: string): PendingApprovalRecord | undefined;
+    /**
+     * Mark an approval as approved
+     * Only works if the approval is still pending and not expired
+     */
+    approve(id: string, approvedBy?: string): boolean;
+    /**
+     * Mark an approval as denied
+     * Only works if the approval is still pending and not expired
+     */
+    deny(id: string): boolean;
+    /**
+     * Remove an approval record
+     */
+    remove(id: string): void;
+    /**
+     * Clean up expired entries
+     * Updates status of expired entries and optionally removes them
+     */
+    cleanup(): void;
+    /**
+     * Get all pending approval records
+     * Checks expiration before returning
+     */
+    getPending(): PendingApprovalRecord[];
+    /**
+     * Get the total number of records in the store
+     * Useful for testing
+     */
+    size(): number;
+    /**
+     * Clear all records from the store
+     * Useful for testing
+     */
+    clear(): void;
+}
+/**
+ * Create an in-memory approval store with the given configuration
+ */
+export declare function createApprovalStore(config?: ApprovalStoreConfig): InMemoryApprovalStore;
+/**
+ * Get the default approval store singleton
+ * Creates it on first call
+ */
+export declare function getDefaultApprovalStore(): InMemoryApprovalStore;
+/**
+ * Reset the default store (mainly for testing)
+ */
+export declare function resetDefaultApprovalStore(): void;
+//# sourceMappingURL=store.d.ts.map

package/dist/src/approval/store.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"store.d.ts","sourceRoot":"","sources":["../../../src/approval/store.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EACV,aAAa,EACb,qBAAqB,EACrB,oBAAoB,EACrB,MAAM,YAAY,CAAC;AAEpB;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,oEAAoE;IACpE,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,kFAAkF;IAClF,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAKD;;GAEG;AACH,qBAAa,qBAAsB,YAAW,aAAa;IACzD,OAAO,CAAC,OAAO,CAAiD;IAChE,OAAO,CAAC,YAAY,CAA+C;IACnE,OAAO,CAAC,cAAc,CAAU;gBAEpB,MAAM,GAAE,mBAAwB;IAS5C;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAWzB;;OAEG;IACI,gBAAgB,IAAI,IAAI;IAO/B;;OAEG;IACH,GAAG,CAAC,MAAM,EAAE,oBAAoB,GAAG,IAAI;IAQvC;;;OAGG;IACH,GAAG,CAAC,EAAE,EAAE,MAAM,GAAG,qBAAqB,GAAG,SAAS;IAclD;;;OAGG;IACH,OAAO,CAAC,EAAE,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO;IAiBjD;;;OAGG;IACH,IAAI,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO;IAezB;;OAEG;IACH,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI;IAIxB;;;OAGG;IACH,OAAO,IAAI,IAAI;IAqBf;;;OAGG;IACH,UAAU,IAAI,qBAAqB,EAAE;IAkBrC;;;OAGG;IACH,IAAI,IAAI,MAAM;IAId;;;OAGG;IACH,KAAK,IAAI,IAAI;CAGd;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,CAAC,EAAE,mBAAmB,GAAG,qBAAqB,CAEvF;AAQD;;;GAGG;AACH,wBAAgB,uBAAuB,IAAI,qBAAqB,CAK/D;AAED;;GAEG;AACH,wBAAgB,yBAAyB,IAAI,IAAI,CAMhD"}

package/dist/src/approval/store.js ADDED Viewed

@@ -0,0 +1,192 @@
+/**
+ * In-Memory Approval Store
+ * Stores and manages pending approval records with TTL and auto-cleanup
+ */
+/** Default cleanup interval: 60 seconds */
+const DEFAULT_CLEANUP_INTERVAL_MS = 60_000;
+/**
+ * In-memory implementation of the approval store
+ */
+export class InMemoryApprovalStore {
+    records = new Map();
+    cleanupTimer = null;
+    removeOnExpiry;
+    constructor(config = {}) {
+        this.removeOnExpiry = config.removeOnExpiry ?? false;
+        const cleanupInterval = config.cleanupIntervalMs ?? DEFAULT_CLEANUP_INTERVAL_MS;
+        if (cleanupInterval > 0) {
+            this.startCleanupTimer(cleanupInterval);
+        }
+    }
+    /**
+     * Start the periodic cleanup timer
+     */
+    startCleanupTimer(intervalMs) {
+        this.cleanupTimer = setInterval(() => {
+            this.cleanup();
+        }, intervalMs);
+        // Unref the timer so it doesn't keep the process alive
+        if (this.cleanupTimer.unref) {
+            this.cleanupTimer.unref();
+        }
+    }
+    /**
+     * Stop the cleanup timer (useful for testing)
+     */
+    stopCleanupTimer() {
+        if (this.cleanupTimer) {
+            clearInterval(this.cleanupTimer);
+            this.cleanupTimer = null;
+        }
+    }
+    /**
+     * Add a new pending approval record
+     */
+    add(record) {
+        const fullRecord = {
+            ...record,
+            status: 'pending',
+        };
+        this.records.set(record.id, fullRecord);
+    }
+    /**
+     * Get an approval record by ID
+     * Also checks and updates expiration status
+     */
+    get(id) {
+        const record = this.records.get(id);
+        if (!record) {
+            return undefined;
+        }
+        // Check if expired and update status
+        if (record.status === 'pending' && Date.now() > record.expiresAt) {
+            record.status = 'expired';
+        }
+        return record;
+    }
+    /**
+     * Mark an approval as approved
+     * Only works if the approval is still pending and not expired
+     */
+    approve(id, approvedBy) {
+        const record = this.get(id);
+        if (!record) {
+            return false;
+        }
+        // Can only approve pending records
+        if (record.status !== 'pending') {
+            return false;
+        }
+        record.status = 'approved';
+        record.approvedBy = approvedBy;
+        record.approvedAt = Date.now();
+        return true;
+    }
+    /**
+     * Mark an approval as denied
+     * Only works if the approval is still pending and not expired
+     */
+    deny(id) {
+        const record = this.get(id);
+        if (!record) {
+            return false;
+        }
+        // Can only deny pending records
+        if (record.status !== 'pending') {
+            return false;
+        }
+        record.status = 'denied';
+        return true;
+    }
+    /**
+     * Remove an approval record
+     */
+    remove(id) {
+        this.records.delete(id);
+    }
+    /**
+     * Clean up expired entries
+     * Updates status of expired entries and optionally removes them
+     */
+    cleanup() {
+        const now = Date.now();
+        const toRemove = [];
+        for (const [id, record] of this.records) {
+            // Mark expired pending records
+            if (record.status === 'pending' && now > record.expiresAt) {
+                record.status = 'expired';
+            }
+            // Optionally remove expired/processed records
+            if (this.removeOnExpiry && record.status !== 'pending') {
+                toRemove.push(id);
+            }
+        }
+        for (const id of toRemove) {
+            this.records.delete(id);
+        }
+    }
+    /**
+     * Get all pending approval records
+     * Checks expiration before returning
+     */
+    getPending() {
+        const now = Date.now();
+        const pending = [];
+        for (const record of this.records.values()) {
+            // Update expired status first
+            if (record.status === 'pending' && now > record.expiresAt) {
+                record.status = 'expired';
+            }
+            if (record.status === 'pending') {
+                pending.push(record);
+            }
+        }
+        return pending;
+    }
+    /**
+     * Get the total number of records in the store
+     * Useful for testing
+     */
+    size() {
+        return this.records.size;
+    }
+    /**
+     * Clear all records from the store
+     * Useful for testing
+     */
+    clear() {
+        this.records.clear();
+    }
+}
+/**
+ * Create an in-memory approval store with the given configuration
+ */
+export function createApprovalStore(config) {
+    return new InMemoryApprovalStore(config);
+}
+/**
+ * Default singleton store instance
+ * Use this for the main application flow
+ */
+let defaultStore = null;
+/**
+ * Get the default approval store singleton
+ * Creates it on first call
+ */
+export function getDefaultApprovalStore() {
+    if (!defaultStore) {
+        defaultStore = createApprovalStore();
+    }
+    return defaultStore;
+}
+/**
+ * Reset the default store (mainly for testing)
+ */
+export function resetDefaultApprovalStore() {
+    if (defaultStore) {
+        defaultStore.stopCleanupTimer();
+        defaultStore.clear();
+        defaultStore = null;
+    }
+}
+//# sourceMappingURL=store.js.map

package/dist/src/approval/store.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"store.js","sourceRoot":"","sources":["../../../src/approval/store.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAkBH,2CAA2C;AAC3C,MAAM,2BAA2B,GAAG,MAAM,CAAC;AAE3C;;GAEG;AACH,MAAM,OAAO,qBAAqB;IACxB,OAAO,GAAuC,IAAI,GAAG,EAAE,CAAC;IACxD,YAAY,GAA0C,IAAI,CAAC;IAC3D,cAAc,CAAU;IAEhC,YAAY,SAA8B,EAAE;QAC1C,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,cAAc,IAAI,KAAK,CAAC;QAErD,MAAM,eAAe,GAAG,MAAM,CAAC,iBAAiB,IAAI,2BAA2B,CAAC;QAChF,IAAI,eAAe,GAAG,CAAC,EAAE,CAAC;YACxB,IAAI,CAAC,iBAAiB,CAAC,eAAe,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED;;OAEG;IACK,iBAAiB,CAAC,UAAkB;QAC1C,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC,GAAG,EAAE;YACnC,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,CAAC,EAAE,UAAU,CAAC,CAAC;QAEf,uDAAuD;QACvD,IAAI,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;YAC5B,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;QAC5B,CAAC;IACH,CAAC;IAED;;OAEG;IACI,gBAAgB;QACrB,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,aAAa,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACjC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;QAC3B,CAAC;IACH,CAAC;IAED;;OAEG;IACH,GAAG,CAAC,MAA4B;QAC9B,MAAM,UAAU,GAA0B;YACxC,GAAG,MAAM;YACT,MAAM,EAAE,SAAS;SAClB,CAAC;QACF,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,UAAU,CAAC,CAAC;IAC1C,CAAC;IAED;;;OAGG;IACH,GAAG,CAAC,EAAU;QACZ,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACpC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,qCAAqC;QACrC,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;YACjE,MAAM,CAAC,MAAM,GAAG,SAAS,CAAC;QAC5B,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;OAGG;IACH,OAAO,CAAC,EAAU,EAAE,UAAmB;QACrC,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC5B,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,KAAK,CAAC;QACf,CAAC;QAED,mCAAmC;QACnC,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAChC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,CAAC,MAAM,GAAG,UAAU,CAAC;QAC3B,MAAM,CAAC,UAAU,GAAG,UAAU,CAAC;QAC/B,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;OAGG;IACH,IAAI,CAAC,EAAU;QACb,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC5B,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,KAAK,CAAC;QACf,CAAC;QAED,gCAAgC;QAChC,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAChC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,CAAC,MAAM,GAAG,QAAQ,CAAC;QACzB,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,EAAU;QACf,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAC1B,CAAC;IAED;;;OAGG;IACH,OAAO;QACL,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,QAAQ,GAAa,EAAE,CAAC;QAE9B,KAAK,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACxC,+BAA+B;YAC/B,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,IAAI,GAAG,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;gBAC1D,MAAM,CAAC,MAAM,GAAG,SAAS,CAAC;YAC5B,CAAC;YAED,8CAA8C;YAC9C,IAAI,IAAI,CAAC,cAAc,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;gBACvD,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACpB,CAAC;QACH,CAAC;QAED,KAAK,MAAM,EAAE,IAAI,QAAQ,EAAE,CAAC;YAC1B,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,UAAU;QACR,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,OAAO,GAA4B,EAAE,CAAC;QAE5C,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;YAC3C,8BAA8B;YAC9B,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,IAAI,GAAG,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;gBAC1D,MAAM,CAAC,MAAM,GAAG,SAAS,CAAC;YAC5B,CAAC;YAED,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;gBAChC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;OAGG;IACH,IAAI;QACF,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;IAC3B,CAAC;IAED;;;OAGG;IACH,KAAK;QACH,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,MAA4B;IAC9D,OAAO,IAAI,qBAAqB,CAAC,MAAM,CAAC,CAAC;AAC3C,CAAC;AAED;;;GAGG;AACH,IAAI,YAAY,GAAiC,IAAI,CAAC;AAEtD;;;GAGG;AACH,MAAM,UAAU,uBAAuB;IACrC,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,YAAY,GAAG,mBAAmB,EAAE,CAAC;IACvC,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB;IACvC,IAAI,YAAY,EAAE,CAAC;QACjB,YAAY,CAAC,gBAAgB,EAAE,CAAC;QAChC,YAAY,CAAC,KAAK,EAAE,CAAC;QACrB,YAAY,GAAG,IAAI,CAAC;IACtB,CAAC;AACH,CAAC"}

package/dist/src/approval/types.d.ts ADDED Viewed

@@ -0,0 +1,119 @@
+/**
+ * Type Definitions for Approval System
+ * Handles pending approval records and approval operations
+ */
+import type { Detection, ToolCallContext } from '../engine/types.js';
+/**
+ * Status of a pending approval record
+ */
+export type ApprovalStatus = 'pending' | 'approved' | 'denied' | 'expired';
+/**
+ * A pending approval record storing all context needed for approval
+ */
+export interface PendingApprovalRecord {
+    /** Unique identifier for this approval */
+    id: string;
+    /** Timestamp when the approval was created (ms since epoch) */
+    createdAt: number;
+    /** Timestamp when the approval expires (ms since epoch) */
+    expiresAt: number;
+    /** The detection that triggered this approval request */
+    detection: Detection;
+    /** The tool call context that requires approval */
+    toolCall: ToolCallContext;
+    /** Current status of the approval */
+    status: ApprovalStatus;
+    /** Who approved the action (if approved) */
+    approvedBy?: string;
+    /** Timestamp when the approval was granted (ms since epoch) */
+    approvedAt?: number;
+}
+/**
+ * Input for creating a new approval record (status is set automatically)
+ */
+export type PendingApprovalInput = Omit<PendingApprovalRecord, 'status'>;
+/**
+ * Interface for the approval store
+ */
+export interface ApprovalStore {
+    /**
+     * Add a new pending approval record
+     * @param record - The approval record (without status, which defaults to 'pending')
+     */
+    add(record: PendingApprovalInput): void;
+    /**
+     * Get an approval record by ID
+     * @param id - The approval ID
+     * @returns The approval record or undefined if not found
+     */
+    get(id: string): PendingApprovalRecord | undefined;
+    /**
+     * Mark an approval as approved
+     * @param id - The approval ID
+     * @param approvedBy - Optional identifier for who approved
+     * @returns true if successful, false if not found or already processed
+     */
+    approve(id: string, approvedBy?: string): boolean;
+    /**
+     * Mark an approval as denied
+     * @param id - The approval ID
+     * @returns true if successful, false if not found or already processed
+     */
+    deny(id: string): boolean;
+    /**
+     * Remove an approval record
+     * @param id - The approval ID
+     */
+    remove(id: string): void;
+    /**
+     * Clean up expired entries
+     * Updates status of expired entries and optionally removes them
+     */
+    cleanup(): void;
+    /**
+     * Get all pending approval records
+     * @returns Array of pending approval records
+     */
+    getPending(): PendingApprovalRecord[];
+}
+/**
+ * Result of an approval operation
+ */
+export interface ApprovalResult {
+    /** Whether the operation succeeded */
+    success: boolean;
+    /** Human-readable message about the operation */
+    message: string;
+    /** The approval record (if found) */
+    record?: PendingApprovalRecord;
+}
+/**
+ * Interface for the native approval handler
+ */
+export interface NativeApprovalHandler {
+    /**
+     * Handle an /approve command
+     * @param id - The approval ID
+     * @param userId - Optional identifier for who is approving
+     * @returns Result of the approval operation
+     */
+    handleApprove(id: string, userId?: string): ApprovalResult;
+    /**
+     * Handle a deny/reject command
+     * @param id - The approval ID
+     * @returns Result of the deny operation
+     */
+    handleDeny(id: string): ApprovalResult;
+    /**
+     * Check if a specific approval has been granted
+     * @param id - The approval ID
+     * @returns true if the approval exists and is approved
+     */
+    isApproved(id: string): boolean;
+    /**
+     * Get all pending approval records
+     * @returns Array of pending approval records
+     */
+    getPendingApprovals(): PendingApprovalRecord[];
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/src/approval/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/approval/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAErE;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG,SAAS,GAAG,UAAU,GAAG,QAAQ,GAAG,SAAS,CAAC;AAE3E;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,0CAA0C;IAC1C,EAAE,EAAE,MAAM,CAAC;IACX,+DAA+D;IAC/D,SAAS,EAAE,MAAM,CAAC;IAClB,2DAA2D;IAC3D,SAAS,EAAE,MAAM,CAAC;IAClB,yDAAyD;IACzD,SAAS,EAAE,SAAS,CAAC;IACrB,mDAAmD;IACnD,QAAQ,EAAE,eAAe,CAAC;IAC1B,qCAAqC;IACrC,MAAM,EAAE,cAAc,CAAC;IACvB,4CAA4C;IAC5C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,+DAA+D;IAC/D,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG,IAAI,CAAC,qBAAqB,EAAE,QAAQ,CAAC,CAAC;AAEzE;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B;;;OAGG;IACH,GAAG,CAAC,MAAM,EAAE,oBAAoB,GAAG,IAAI,CAAC;IAExC;;;;OAIG;IACH,GAAG,CAAC,EAAE,EAAE,MAAM,GAAG,qBAAqB,GAAG,SAAS,CAAC;IAEnD;;;;;OAKG;IACH,OAAO,CAAC,EAAE,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;IAElD;;;;OAIG;IACH,IAAI,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC;IAE1B;;;OAGG;IACH,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI,CAAC;IAEzB;;;OAGG;IACH,OAAO,IAAI,IAAI,CAAC;IAEhB;;;OAGG;IACH,UAAU,IAAI,qBAAqB,EAAE,CAAC;CACvC;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,sCAAsC;IACtC,OAAO,EAAE,OAAO,CAAC;IACjB,iDAAiD;IACjD,OAAO,EAAE,MAAM,CAAC;IAChB,qCAAqC;IACrC,MAAM,CAAC,EAAE,qBAAqB,CAAC;CAChC;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC;;;;;OAKG;IACH,aAAa,CAAC,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,cAAc,CAAC;IAE3D;;;;OAIG;IACH,UAAU,CAAC,EAAE,EAAE,MAAM,GAAG,cAAc,CAAC;IAEvC;;;;OAIG;IACH,UAAU,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC;IAEhC;;;OAGG;IACH,mBAAmB,IAAI,qBAAqB,EAAE,CAAC;CAChD"}

package/dist/src/approval/types.js ADDED Viewed

@@ -0,0 +1,6 @@
+/**
+ * Type Definitions for Approval System
+ * Handles pending approval records and approval operations
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/src/approval/types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/approval/types.ts"],"names":[],"mappings":"AAAA;;;GAGG"}