comisai 1.0.19 → 1.0.22
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli-entry.js +0 -0
- package/node_modules/@comis/agent/dist/context-engine/context-engine.js +43 -2
- package/node_modules/@comis/agent/dist/context-engine/signature-replay-scrubber.d.ts +51 -0
- package/node_modules/@comis/agent/dist/context-engine/signature-replay-scrubber.js +110 -0
- package/node_modules/@comis/agent/dist/context-engine/signature-surrogate-guard.d.ts +54 -0
- package/node_modules/@comis/agent/dist/context-engine/signature-surrogate-guard.js +145 -0
- package/node_modules/@comis/agent/dist/context-engine/types-core.d.ts +17 -0
- package/node_modules/@comis/agent/dist/executor/error-classifier.d.ts +11 -1
- package/node_modules/@comis/agent/dist/executor/error-classifier.js +13 -0
- package/node_modules/@comis/agent/dist/executor/executor-context-engine-setup.d.ts +1 -0
- package/node_modules/@comis/agent/dist/executor/executor-context-engine-setup.js +55 -0
- package/node_modules/@comis/agent/dist/executor/executor-prompt-runner.js +106 -5
- package/node_modules/@comis/agent/dist/executor/executor-tool-assembly.js +1 -0
- package/node_modules/@comis/agent/dist/executor/pi-executor.d.ts +1 -4
- package/node_modules/@comis/agent/dist/executor/replay-drift-detector.d.ts +85 -0
- package/node_modules/@comis/agent/dist/executor/replay-drift-detector.js +92 -0
- package/node_modules/@comis/agent/dist/executor/signature-block-scrubber.d.ts +34 -0
- package/node_modules/@comis/agent/dist/executor/signature-block-scrubber.js +69 -0
- package/node_modules/@comis/agent/dist/executor/signed-replay-detector.d.ts +39 -0
- package/node_modules/@comis/agent/dist/executor/signed-replay-detector.js +72 -0
- package/node_modules/@comis/agent/package.json +1 -1
- package/node_modules/@comis/channels/package.json +1 -1
- package/node_modules/@comis/cli/dist/cli.js +0 -0
- package/node_modules/@comis/cli/package.json +1 -1
- package/node_modules/@comis/core/dist/config/git-manager.js +10 -4
- package/node_modules/@comis/core/dist/config/index.d.ts +1 -0
- package/node_modules/@comis/core/dist/config/index.js +2 -0
- package/node_modules/@comis/core/dist/config/managed-sections.d.ts +67 -0
- package/node_modules/@comis/core/dist/config/managed-sections.js +124 -0
- package/node_modules/@comis/core/dist/config/schema-agent.d.ts +28 -10
- package/node_modules/@comis/core/dist/config/schema-agent.js +6 -0
- package/node_modules/@comis/core/dist/config/schema-gateway.d.ts +2 -2
- package/node_modules/@comis/core/dist/config/schema.d.ts +65 -64
- package/node_modules/@comis/core/dist/event-bus/events-messaging.d.ts +16 -0
- package/node_modules/@comis/core/dist/exports/config.d.ts +1 -1
- package/node_modules/@comis/core/dist/exports/config.js +1 -1
- package/node_modules/@comis/core/package.json +1 -1
- package/node_modules/@comis/daemon/bundled-skills/skill-creator/scripts/init-skill.py +0 -0
- package/node_modules/@comis/daemon/bundled-skills/skill-creator/scripts/validate-skill.py +0 -0
- package/node_modules/@comis/daemon/dist/daemon.js +0 -0
- package/node_modules/@comis/daemon/dist/rpc/config-handlers.js +20 -7
- package/node_modules/@comis/daemon/dist/rpc/session-handlers.js +27 -1
- package/node_modules/@comis/daemon/package.json +1 -1
- package/node_modules/@comis/gateway/package.json +1 -1
- package/node_modules/@comis/infra/package.json +1 -1
- package/node_modules/@comis/memory/package.json +1 -1
- package/node_modules/@comis/scheduler/package.json +1 -1
- package/node_modules/@comis/shared/package.json +1 -1
- package/node_modules/@comis/skills/dist/bridge/tool-metadata-registry.js +23 -8
- package/node_modules/@comis/skills/dist/builtin/platform/gateway-tool.d.ts +1 -1
- package/node_modules/@comis/skills/dist/builtin/platform/gateway-tool.js +18 -14
- package/node_modules/@comis/skills/dist/builtin/platform/unified-session-tool.js +1 -1
- package/node_modules/@comis/skills/package.json +1 -1
- package/node_modules/@comis/web/package.json +1 -1
- package/package.json +24 -26
- package/node_modules/@comis/agent/dist/provider/response/strip-minimax-xml.d.ts +0 -9
- package/node_modules/@comis/agent/dist/provider/response/strip-minimax-xml.js +0 -17
- package/node_modules/@comis/agent/dist/provider/response/strip-model-tokens.d.ts +0 -13
- package/node_modules/@comis/agent/dist/provider/response/strip-model-tokens.js +0 -19
- package/node_modules/@comis/agent/dist/provider/response/strip-tool-text.d.ts +0 -11
- package/node_modules/@comis/agent/dist/provider/response/strip-tool-text.js +0 -32
- package/node_modules/@comis/agent/dist/safety/follow-through-detector.d.ts +0 -46
- package/node_modules/@comis/agent/dist/safety/follow-through-detector.js +0 -76
- package/node_modules/@comis/agent/dist/safety/post-compaction-safety.d.ts +0 -30
- package/node_modules/@comis/agent/dist/safety/post-compaction-safety.js +0 -51
- package/node_modules/@comis/agent/dist/safety/schema-normalizer.d.ts +0 -37
- package/node_modules/@comis/agent/dist/safety/schema-normalizer.js +0 -137
- package/node_modules/@comis/agent/dist/safety/schema-pruning.d.ts +0 -50
- package/node_modules/@comis/agent/dist/safety/schema-pruning.js +0 -112
- package/node_modules/@comis/agent/dist/safety/tool-image-sanitizer.d.ts +0 -43
- package/node_modules/@comis/agent/dist/safety/tool-image-sanitizer.js +0 -96
- package/node_modules/@comis/agent/dist/safety/tool-sanitizer.d.ts +0 -44
- package/node_modules/@comis/agent/dist/safety/tool-sanitizer.js +0 -94
- package/node_modules/@comis/channels/dist/shared/thinking-tag-filter.d.ts +0 -28
- package/node_modules/@comis/channels/dist/shared/thinking-tag-filter.js +0 -206
- package/node_modules/@comis/cli/dist/wizard/config-writer.d.ts +0 -25
- package/node_modules/@comis/cli/dist/wizard/config-writer.js +0 -144
- package/node_modules/@comis/cli/dist/wizard/flow-types.d.ts +0 -48
- package/node_modules/@comis/cli/dist/wizard/flow-types.js +0 -70
- package/node_modules/@comis/cli/dist/wizard/manual-flow.d.ts +0 -21
- package/node_modules/@comis/cli/dist/wizard/manual-flow.js +0 -345
- package/node_modules/@comis/cli/dist/wizard/quickstart-flow.d.ts +0 -21
- package/node_modules/@comis/cli/dist/wizard/quickstart-flow.js +0 -116
- package/node_modules/@comis/core/dist/config/schema-agent-model.d.ts +0 -135
- package/node_modules/@comis/core/dist/config/schema-agent-model.js +0 -114
- package/node_modules/@comis/core/dist/config/schema-agent-session.d.ts +0 -177
- package/node_modules/@comis/core/dist/config/schema-agent-session.js +0 -116
- package/node_modules/@comis/core/dist/config/schema-context-engine.d.ts +0 -92
- package/node_modules/@comis/core/dist/config/schema-context-engine.js +0 -92
- package/node_modules/@comis/core/dist/config/schema-context-guard.d.ts +0 -34
- package/node_modules/@comis/core/dist/config/schema-context-guard.js +0 -32
- package/node_modules/@comis/core/dist/config/schema-delivery-mirror.d.ts +0 -27
- package/node_modules/@comis/core/dist/config/schema-delivery-mirror.js +0 -26
- package/node_modules/@comis/core/dist/config/schema-delivery-queue.d.ts +0 -31
- package/node_modules/@comis/core/dist/config/schema-delivery-queue.js +0 -30
- package/node_modules/@comis/core/dist/config/schema-delivery-timing.d.ts +0 -41
- package/node_modules/@comis/core/dist/config/schema-delivery-timing.js +0 -31
- package/node_modules/@comis/core/dist/config/schema-monitoring.d.ts +0 -105
- package/node_modules/@comis/core/dist/config/schema-monitoring.js +0 -67
- package/node_modules/@comis/core/dist/ports/media-ports.d.ts +0 -278
- package/node_modules/@comis/core/dist/ports/media-ports.js +0 -1
- package/node_modules/@comis/core/dist/security/input-guard.d.ts +0 -46
- package/node_modules/@comis/core/dist/security/input-guard.js +0 -166
- package/node_modules/@comis/core/dist/security/scoped-secret-manager.d.ts +0 -38
- package/node_modules/@comis/core/dist/security/scoped-secret-manager.js +0 -94
- package/node_modules/@comis/daemon/dist/observability/delivery-context.d.ts +0 -37
- package/node_modules/@comis/daemon/dist/observability/delivery-context.js +0 -1
- package/node_modules/@comis/daemon/dist/observability/log-level-manager.d.ts +0 -23
- package/node_modules/@comis/daemon/dist/observability/log-level-manager.js +0 -34
- package/node_modules/@comis/daemon/dist/observability/log-transport.d.ts +0 -44
- package/node_modules/@comis/daemon/dist/observability/log-transport.js +0 -74
- package/node_modules/@comis/daemon/dist/observability/obs-write-buffer.d.ts +0 -53
- package/node_modules/@comis/daemon/dist/observability/obs-write-buffer.js +0 -68
- package/node_modules/@comis/daemon/dist/observability/types.d.ts +0 -6
- package/node_modules/@comis/daemon/dist/observability/types.js +0 -1
- package/node_modules/@comis/daemon/dist/wiring/seed-bundled-skills.d.ts +0 -41
- package/node_modules/@comis/daemon/dist/wiring/seed-bundled-skills.js +0 -84
- package/node_modules/@comis/daemon/dist/wiring/setup-delivery-mirror.d.ts +0 -24
- package/node_modules/@comis/daemon/dist/wiring/setup-delivery-mirror.js +0 -88
- package/node_modules/@comis/daemon/dist/wiring/setup-delivery-queue.d.ts +0 -31
- package/node_modules/@comis/daemon/dist/wiring/setup-delivery-queue.js +0 -132
- package/node_modules/@comis/daemon/dist/wiring/setup-monitoring.d.ts +0 -38
- package/node_modules/@comis/daemon/dist/wiring/setup-monitoring.js +0 -100
- package/node_modules/@comis/daemon/dist/wiring/setup-rpc-bridge.d.ts +0 -34
- package/node_modules/@comis/daemon/dist/wiring/setup-rpc-bridge.js +0 -52
- package/node_modules/@comis/daemon/dist/wiring/setup-task-extraction.d.ts +0 -41
- package/node_modules/@comis/daemon/dist/wiring/setup-task-extraction.js +0 -86
- package/node_modules/@comis/memory/dist/embedding-cache.d.ts +0 -36
- package/node_modules/@comis/memory/dist/embedding-cache.js +0 -94
- package/node_modules/@comis/skills/dist/bridge/tool-output-schemas.d.ts +0 -17
- package/node_modules/@comis/skills/dist/bridge/tool-output-schemas.js +0 -125
- package/node_modules/@comis/skills/dist/bridge/tool-parallelism-metadata.d.ts +0 -14
- package/node_modules/@comis/skills/dist/bridge/tool-parallelism-metadata.js +0 -92
- package/node_modules/@comis/skills/dist/bridge/tool-result-caps.d.ts +0 -14
- package/node_modules/@comis/skills/dist/bridge/tool-result-caps.js +0 -36
- package/node_modules/@comis/skills/dist/bridge/tool-search-hints.d.ts +0 -15
- package/node_modules/@comis/skills/dist/bridge/tool-search-hints.js +0 -68
- package/node_modules/@comis/skills/dist/bridge/tool-validators.d.ts +0 -11
- package/node_modules/@comis/skills/dist/bridge/tool-validators.js +0 -105
- package/node_modules/@comis/skills/dist/builtin/file/find-sort-wrapper.d.ts +0 -22
- package/node_modules/@comis/skills/dist/builtin/file/find-sort-wrapper.js +0 -95
- package/node_modules/@comis/skills/dist/builtin/file/grep-output-mode-wrapper.d.ts +0 -24
- package/node_modules/@comis/skills/dist/builtin/file/grep-output-mode-wrapper.js +0 -167
- package/node_modules/@comis/skills/dist/builtin/task-plan-tool.d.ts +0 -25
- package/node_modules/@comis/skills/dist/builtin/task-plan-tool.js +0 -67
- package/node_modules/@comis/skills/dist/integrations/mcp-tool-bridge.d.ts +0 -75
- package/node_modules/@comis/skills/dist/integrations/mcp-tool-bridge.js +0 -235
|
@@ -1,278 +0,0 @@
|
|
|
1
|
-
import type { Result } from "@comis/shared";
|
|
2
|
-
import type { Attachment } from "../domain/normalized-message.js";
|
|
3
|
-
/**
|
|
4
|
-
* Options for audio transcription.
|
|
5
|
-
*/
|
|
6
|
-
export interface TranscriptionOptions {
|
|
7
|
-
/** MIME type of the audio buffer (e.g. "audio/ogg", "audio/mp3") */
|
|
8
|
-
readonly mimeType: string;
|
|
9
|
-
/** BCP-47 language hint (e.g. "en", "es"). Provider may auto-detect if omitted. */
|
|
10
|
-
readonly language?: string;
|
|
11
|
-
/** Optional prompt/context to guide transcription accuracy. */
|
|
12
|
-
readonly prompt?: string;
|
|
13
|
-
}
|
|
14
|
-
/**
|
|
15
|
-
* Result of a successful transcription.
|
|
16
|
-
*/
|
|
17
|
-
export interface TranscriptionResult {
|
|
18
|
-
/** Transcribed text. */
|
|
19
|
-
readonly text: string;
|
|
20
|
-
/** Detected or confirmed language (BCP-47). */
|
|
21
|
-
readonly language?: string;
|
|
22
|
-
/** Duration of the audio in milliseconds. */
|
|
23
|
-
readonly durationMs?: number;
|
|
24
|
-
}
|
|
25
|
-
/**
|
|
26
|
-
* TranscriptionPort: Hexagonal boundary for speech-to-text services.
|
|
27
|
-
*
|
|
28
|
-
* Adapters (OpenAI Whisper, local whisper.cpp, etc.) implement this
|
|
29
|
-
* interface to convert audio buffers into text.
|
|
30
|
-
*/
|
|
31
|
-
export interface TranscriptionPort {
|
|
32
|
-
/**
|
|
33
|
-
* Transcribe an audio buffer to text.
|
|
34
|
-
*
|
|
35
|
-
* @param audio - Raw audio data
|
|
36
|
-
* @param options - MIME type, language hint, optional prompt
|
|
37
|
-
* @returns Transcription result or an error (e.g. file too large, API failure)
|
|
38
|
-
*/
|
|
39
|
-
transcribe(audio: Buffer, options: TranscriptionOptions): Promise<Result<TranscriptionResult, Error>>;
|
|
40
|
-
}
|
|
41
|
-
/**
|
|
42
|
-
* Options for text-to-speech synthesis.
|
|
43
|
-
*/
|
|
44
|
-
export interface TTSOptions {
|
|
45
|
-
/** Voice identifier (provider-specific, e.g. "alloy", "nova"). */
|
|
46
|
-
readonly voice?: string;
|
|
47
|
-
/** Output audio format (e.g. "mp3", "opus", "aac", "flac"). */
|
|
48
|
-
readonly format?: string;
|
|
49
|
-
/** Playback speed multiplier (0.25 to 4.0). */
|
|
50
|
-
readonly speed?: number;
|
|
51
|
-
}
|
|
52
|
-
/**
|
|
53
|
-
* Result of a successful TTS synthesis.
|
|
54
|
-
*/
|
|
55
|
-
export interface TTSResult {
|
|
56
|
-
/** Raw audio data. */
|
|
57
|
-
readonly audio: Buffer;
|
|
58
|
-
/** MIME type of the audio (e.g. "audio/mpeg", "audio/opus"). */
|
|
59
|
-
readonly mimeType: string;
|
|
60
|
-
}
|
|
61
|
-
/**
|
|
62
|
-
* TTSPort: Hexagonal boundary for text-to-speech services.
|
|
63
|
-
*
|
|
64
|
-
* Adapters (OpenAI TTS, ElevenLabs, local Piper, etc.) implement this
|
|
65
|
-
* interface to synthesize audio from text.
|
|
66
|
-
*/
|
|
67
|
-
export interface TTSPort {
|
|
68
|
-
/**
|
|
69
|
-
* Synthesize text into audio.
|
|
70
|
-
*
|
|
71
|
-
* @param text - Text content to convert to speech
|
|
72
|
-
* @param options - Voice, format, and speed configuration
|
|
73
|
-
* @returns Audio buffer with MIME type, or an error
|
|
74
|
-
*/
|
|
75
|
-
synthesize(text: string, options?: TTSOptions): Promise<Result<TTSResult, Error>>;
|
|
76
|
-
}
|
|
77
|
-
/**
|
|
78
|
-
* Options for image analysis.
|
|
79
|
-
*/
|
|
80
|
-
export interface ImageAnalysisOptions {
|
|
81
|
-
/** MIME type of the image buffer (e.g. "image/png", "image/jpeg"). */
|
|
82
|
-
readonly mimeType: string;
|
|
83
|
-
/** Maximum tokens in the analysis response. */
|
|
84
|
-
readonly maxTokens?: number;
|
|
85
|
-
}
|
|
86
|
-
/**
|
|
87
|
-
* ImageAnalysisPort: Hexagonal boundary for multimodal image analysis.
|
|
88
|
-
*
|
|
89
|
-
* Adapters (Anthropic Claude, OpenAI GPT-4o, etc.) implement this
|
|
90
|
-
* interface to analyze images using vision-capable LLMs.
|
|
91
|
-
*/
|
|
92
|
-
export interface ImageAnalysisPort {
|
|
93
|
-
/**
|
|
94
|
-
* Analyze an image given a prompt.
|
|
95
|
-
*
|
|
96
|
-
* @param image - Raw image data
|
|
97
|
-
* @param prompt - Question or instruction about the image
|
|
98
|
-
* @param options - MIME type and response length configuration
|
|
99
|
-
* @returns Analysis text or an error (e.g. file too large, unsupported format)
|
|
100
|
-
*/
|
|
101
|
-
analyze(image: Buffer, prompt: string, options: ImageAnalysisOptions): Promise<Result<string, Error>>;
|
|
102
|
-
}
|
|
103
|
-
/**
|
|
104
|
-
* Request payload for image vision analysis.
|
|
105
|
-
*/
|
|
106
|
-
export interface VisionRequest {
|
|
107
|
-
/** Raw image data. */
|
|
108
|
-
readonly image: Buffer;
|
|
109
|
-
/** Question or instruction about the image. */
|
|
110
|
-
readonly prompt: string;
|
|
111
|
-
/** MIME type of the image (e.g. "image/png", "image/jpeg"). */
|
|
112
|
-
readonly mimeType: string;
|
|
113
|
-
/** Maximum tokens in the response. */
|
|
114
|
-
readonly maxTokens?: number;
|
|
115
|
-
}
|
|
116
|
-
/**
|
|
117
|
-
* Request payload for video vision analysis.
|
|
118
|
-
*/
|
|
119
|
-
export interface VideoRequest {
|
|
120
|
-
/** Raw video data. */
|
|
121
|
-
readonly video: Buffer;
|
|
122
|
-
/** Question or instruction about the video. */
|
|
123
|
-
readonly prompt: string;
|
|
124
|
-
/** MIME type of the video (e.g. "video/mp4", "video/webm"). */
|
|
125
|
-
readonly mimeType: string;
|
|
126
|
-
/** Maximum tokens in the response. */
|
|
127
|
-
readonly maxTokens?: number;
|
|
128
|
-
}
|
|
129
|
-
/**
|
|
130
|
-
* Result of a vision analysis (image or video).
|
|
131
|
-
*/
|
|
132
|
-
export interface VisionResult {
|
|
133
|
-
/** Analysis text. */
|
|
134
|
-
readonly text: string;
|
|
135
|
-
/** Provider that produced the result (e.g. "openai", "anthropic", "google"). */
|
|
136
|
-
readonly provider: string;
|
|
137
|
-
/** Model used for analysis. */
|
|
138
|
-
readonly model: string;
|
|
139
|
-
/** Tokens used (if available from the provider). */
|
|
140
|
-
readonly tokensUsed?: number;
|
|
141
|
-
}
|
|
142
|
-
/**
|
|
143
|
-
* VisionProvider: Multi-capability vision analysis provider.
|
|
144
|
-
*
|
|
145
|
-
* Each provider declares which media types it supports (image, video, or both).
|
|
146
|
-
* The registry uses capabilities to route requests to the right provider.
|
|
147
|
-
*/
|
|
148
|
-
export interface VisionProvider {
|
|
149
|
-
/** Unique provider identifier (e.g. "openai", "anthropic", "google"). */
|
|
150
|
-
readonly id: string;
|
|
151
|
-
/** Media types this provider can analyze. */
|
|
152
|
-
readonly capabilities: ReadonlyArray<"image" | "video">;
|
|
153
|
-
/** Analyze an image. */
|
|
154
|
-
describeImage(req: VisionRequest): Promise<Result<VisionResult, Error>>;
|
|
155
|
-
/** Analyze a video (optional — only providers with "video" capability). */
|
|
156
|
-
describeVideo?(req: VideoRequest): Promise<Result<VisionResult, Error>>;
|
|
157
|
-
}
|
|
158
|
-
/**
|
|
159
|
-
* Result of resolving a media attachment to a buffer.
|
|
160
|
-
*/
|
|
161
|
-
export interface ResolvedMedia {
|
|
162
|
-
/** Downloaded file content. */
|
|
163
|
-
readonly buffer: Buffer;
|
|
164
|
-
/** Verified MIME type (sniffed, not declared). */
|
|
165
|
-
readonly mimeType: string;
|
|
166
|
-
/** File size in bytes. */
|
|
167
|
-
readonly sizeBytes: number;
|
|
168
|
-
}
|
|
169
|
-
/**
|
|
170
|
-
* MediaResolverPort: Hexagonal boundary for media resolution.
|
|
171
|
-
*
|
|
172
|
-
* Per-platform adapters implement this interface to download attachments
|
|
173
|
-
* from platform-specific URLs (e.g., tg-file:// for Telegram, https://
|
|
174
|
-
* for public URLs). The resolver registry routes to the correct adapter
|
|
175
|
-
* based on the URI scheme.
|
|
176
|
-
*/
|
|
177
|
-
export interface MediaResolverPort {
|
|
178
|
-
/** URI schemes this resolver handles (e.g., ["tg-file", "https"]). */
|
|
179
|
-
readonly schemes: ReadonlyArray<string>;
|
|
180
|
-
/**
|
|
181
|
-
* Resolve an attachment URL to a downloaded buffer.
|
|
182
|
-
*
|
|
183
|
-
* Implementations MUST validate URLs through validateUrl() from
|
|
184
|
-
* @comis/core/security before any HTTP request to prevent SSRF.
|
|
185
|
-
* Private, loopback, link-local, and cloud-metadata IPs are blocked.
|
|
186
|
-
* DNS rebinding protection is mandatory: resolve hostname to IP,
|
|
187
|
-
* check blocklist, then connect using pinned IP.
|
|
188
|
-
*
|
|
189
|
-
* Implementations MUST check Content-Length against the configured
|
|
190
|
-
* maxRemoteFetchBytes limit and abort before streaming the body
|
|
191
|
-
* if exceeded.
|
|
192
|
-
*
|
|
193
|
-
* @param attachment - The attachment to resolve
|
|
194
|
-
* @returns Resolved media buffer with MIME type and size, or an error
|
|
195
|
-
*/
|
|
196
|
-
resolve(attachment: Attachment): Promise<Result<ResolvedMedia, Error>>;
|
|
197
|
-
}
|
|
198
|
-
/**
|
|
199
|
-
* Classification of a file based on its MIME type.
|
|
200
|
-
*
|
|
201
|
-
* - `"document"`: Extractable text content in the MIME whitelist (PDF, plain text, CSV, etc.)
|
|
202
|
-
* - `"binary"`: Known binary format (images, audio, video, archives) — not text-extractable
|
|
203
|
-
* - `"unknown"`: Unrecognized MIME type — classification cannot be determined
|
|
204
|
-
*/
|
|
205
|
-
export type FileClassification = "document" | "binary" | "unknown";
|
|
206
|
-
/**
|
|
207
|
-
* Error categories for file extraction failures.
|
|
208
|
-
*/
|
|
209
|
-
export type FileExtractionErrorKind = "timeout" | "encrypted" | "size_exceeded" | "unsupported_mime" | "encoding_error" | "corrupt" | "download_failed" | "internal";
|
|
210
|
-
/**
|
|
211
|
-
* Structured error returned by FileExtractionPort on failure.
|
|
212
|
-
*/
|
|
213
|
-
export interface FileExtractionError {
|
|
214
|
-
readonly kind: FileExtractionErrorKind;
|
|
215
|
-
readonly message: string;
|
|
216
|
-
readonly mimeType?: string;
|
|
217
|
-
readonly fileName?: string;
|
|
218
|
-
}
|
|
219
|
-
/**
|
|
220
|
-
* Input for file extraction. Discriminated union on the `source` field.
|
|
221
|
-
*
|
|
222
|
-
* - `"buffer"`: Extract from an in-memory buffer (mimeType required).
|
|
223
|
-
* - `"url"`: Extract from a remote URL (mimeType optional, may need detection).
|
|
224
|
-
*/
|
|
225
|
-
export type FileExtractionInput = {
|
|
226
|
-
readonly source: "buffer";
|
|
227
|
-
readonly buffer: Buffer;
|
|
228
|
-
readonly mimeType: string;
|
|
229
|
-
readonly fileName?: string;
|
|
230
|
-
readonly sizeBytes?: number;
|
|
231
|
-
} | {
|
|
232
|
-
readonly source: "url";
|
|
233
|
-
readonly url: string;
|
|
234
|
-
readonly mimeType?: string;
|
|
235
|
-
readonly fileName?: string;
|
|
236
|
-
readonly sizeBytes?: number;
|
|
237
|
-
};
|
|
238
|
-
/**
|
|
239
|
-
* Result of a successful file extraction.
|
|
240
|
-
*/
|
|
241
|
-
export interface FileExtractionResult {
|
|
242
|
-
/** Extracted text content. */
|
|
243
|
-
readonly text: string;
|
|
244
|
-
/** File name (original or detected). */
|
|
245
|
-
readonly fileName: string;
|
|
246
|
-
/** MIME type of the source file. */
|
|
247
|
-
readonly mimeType: string;
|
|
248
|
-
/** Number of characters in the extracted text. */
|
|
249
|
-
readonly extractedChars: number;
|
|
250
|
-
/** Whether the text was truncated to fit maxChars. */
|
|
251
|
-
readonly truncated: boolean;
|
|
252
|
-
/** Time taken for extraction in milliseconds. */
|
|
253
|
-
readonly durationMs: number;
|
|
254
|
-
/** Original file buffer for downstream re-use. */
|
|
255
|
-
readonly buffer: Buffer;
|
|
256
|
-
/** Number of pages extracted (for paginated formats like PDF). */
|
|
257
|
-
readonly pageCount?: number;
|
|
258
|
-
/** Total pages in the document (may differ from pageCount if maxPages limit applied). */
|
|
259
|
-
readonly totalPages?: number;
|
|
260
|
-
}
|
|
261
|
-
/**
|
|
262
|
-
* FileExtractionPort: Hexagonal boundary for document text extraction services.
|
|
263
|
-
*
|
|
264
|
-
* Adapters implement this interface to extract text content from document files
|
|
265
|
-
* (PDF, plain text, CSV, etc.). The port accepts both in-memory buffers and
|
|
266
|
-
* remote URLs as input sources.
|
|
267
|
-
*/
|
|
268
|
-
export interface FileExtractionPort {
|
|
269
|
-
/**
|
|
270
|
-
* Extract text content from a document file.
|
|
271
|
-
*
|
|
272
|
-
* @param input - File source (buffer or URL) with metadata
|
|
273
|
-
* @returns Extraction result with text and metrics, or a structured error
|
|
274
|
-
*/
|
|
275
|
-
extract(input: FileExtractionInput): Promise<Result<FileExtractionResult, FileExtractionError>>;
|
|
276
|
-
/** MIME types this adapter can extract text from. */
|
|
277
|
-
readonly supportedMimes: ReadonlyArray<string>;
|
|
278
|
-
}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
export {};
|
|
@@ -1,46 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* InputGuard — Semantic jailbreak detection with weighted 0.0-1.0 threat scoring.
|
|
3
|
-
*
|
|
4
|
-
* Factory function that creates a guard object with a `scan()` method. Detects
|
|
5
|
-
* jailbreak attempts using weighted compound phrase patterns imported from
|
|
6
|
-
* `injection-patterns.ts`, typoglycemia detection for 8 key terms, and code
|
|
7
|
-
* block exclusion to minimize false positives on technical content.
|
|
8
|
-
*
|
|
9
|
-
* Returns scored results that PiExecutor uses for policy decisions:
|
|
10
|
-
* - low risk (< mediumThreshold) -> action "pass"
|
|
11
|
-
* - medium risk (>= mediumThreshold, < highThreshold) -> action "reinforce"
|
|
12
|
-
* - high risk (>= highThreshold) -> action "warn" (default) or "block" (config)
|
|
13
|
-
*
|
|
14
|
-
* @module input-guard
|
|
15
|
-
* @since Phase 283 (INPUT-03 through INPUT-06)
|
|
16
|
-
*/
|
|
17
|
-
export interface InputGuardConfig {
|
|
18
|
-
/** Threat score threshold for "medium" risk (triggers reinforcement). Default: 0.4. */
|
|
19
|
-
readonly mediumThreshold: number;
|
|
20
|
-
/** Threat score threshold for "high" risk (triggers warn/block). Default: 0.7. */
|
|
21
|
-
readonly highThreshold: number;
|
|
22
|
-
/** Action for high-risk detections. Default: "warn". "block" requires explicit config. */
|
|
23
|
-
readonly action: "warn" | "block";
|
|
24
|
-
}
|
|
25
|
-
export interface InputGuardResult {
|
|
26
|
-
/** Threat score clamped to 0.0-1.0. */
|
|
27
|
-
readonly score: number;
|
|
28
|
-
/** Risk level derived from score vs thresholds. */
|
|
29
|
-
readonly riskLevel: "low" | "medium" | "high";
|
|
30
|
-
/** Matched pattern category names. */
|
|
31
|
-
readonly patterns: string[];
|
|
32
|
-
/** Recommended policy action. */
|
|
33
|
-
readonly action: "pass" | "warn" | "reinforce" | "block";
|
|
34
|
-
}
|
|
35
|
-
export interface InputGuard {
|
|
36
|
-
scan(text: string): InputGuardResult;
|
|
37
|
-
}
|
|
38
|
-
/**
|
|
39
|
-
* Create an InputGuard that scores user input text for jailbreak risk.
|
|
40
|
-
*
|
|
41
|
-
* Configuration is optional; all fields have sensible defaults:
|
|
42
|
-
* - mediumThreshold: 0.4
|
|
43
|
-
* - highThreshold: 0.7
|
|
44
|
-
* - action: "warn" (operator must explicitly set "block" to enable blocking)
|
|
45
|
-
*/
|
|
46
|
-
export declare function createInputGuard(config?: Partial<InputGuardConfig>): InputGuard;
|
|
@@ -1,166 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* InputGuard — Semantic jailbreak detection with weighted 0.0-1.0 threat scoring.
|
|
3
|
-
*
|
|
4
|
-
* Factory function that creates a guard object with a `scan()` method. Detects
|
|
5
|
-
* jailbreak attempts using weighted compound phrase patterns imported from
|
|
6
|
-
* `injection-patterns.ts`, typoglycemia detection for 8 key terms, and code
|
|
7
|
-
* block exclusion to minimize false positives on technical content.
|
|
8
|
-
*
|
|
9
|
-
* Returns scored results that PiExecutor uses for policy decisions:
|
|
10
|
-
* - low risk (< mediumThreshold) -> action "pass"
|
|
11
|
-
* - medium risk (>= mediumThreshold, < highThreshold) -> action "reinforce"
|
|
12
|
-
* - high risk (>= highThreshold) -> action "warn" (default) or "block" (config)
|
|
13
|
-
*
|
|
14
|
-
* @module input-guard
|
|
15
|
-
* @since Phase 283 (INPUT-03 through INPUT-06)
|
|
16
|
-
*/
|
|
17
|
-
import { IGNORE_PREV_INSTRUCTIONS, IGNORE_INSTRUCTIONS_BROAD, DISREGARD_PREVIOUS, DISREGARD_INSTRUCTIONS, FORGET_EVERYTHING, FORGET_INSTRUCTIONS_BROAD, YOU_ARE_NOW, YOU_ARE_NOW_ARTICLE, NEW_INSTRUCTIONS, NEW_INSTRUCTIONS_COLON, IMPORTANT_OVERRIDE, OVERRIDE_SAFETY, ACT_AS_ROLE, CONTEXT_RESET, RULE_REPLACEMENT, SYSTEM_TAG, SYSTEM_BRACKET, SYSTEM_COMMAND, SPECIAL_TOKEN_DELIMITERS, ROLE_BOUNDARY, ASSISTANT_ROLE_MARKER, } from "./injection-patterns.js";
|
|
18
|
-
// ---------------------------------------------------------------------------
|
|
19
|
-
// Weighted pattern categories (Pattern 6 from research)
|
|
20
|
-
// ---------------------------------------------------------------------------
|
|
21
|
-
/**
|
|
22
|
-
* Each category groups related regex patterns with a single weight.
|
|
23
|
-
* If ANY pattern in a category matches, the weight is added once (boolean per category).
|
|
24
|
-
* Multiple matches within the same category do NOT multiply the weight.
|
|
25
|
-
*/
|
|
26
|
-
const PATTERN_WEIGHTS = [
|
|
27
|
-
{ patterns: [IGNORE_PREV_INSTRUCTIONS, IGNORE_INSTRUCTIONS_BROAD], weight: 0.6, name: "ignore_instructions" },
|
|
28
|
-
{ patterns: [DISREGARD_PREVIOUS, DISREGARD_INSTRUCTIONS], weight: 0.5, name: "disregard_previous" },
|
|
29
|
-
{ patterns: [FORGET_EVERYTHING, FORGET_INSTRUCTIONS_BROAD], weight: 0.5, name: "forget_instructions" },
|
|
30
|
-
{ patterns: [YOU_ARE_NOW, YOU_ARE_NOW_ARTICLE], weight: 0.4, name: "role_assumption" },
|
|
31
|
-
{ patterns: [NEW_INSTRUCTIONS, NEW_INSTRUCTIONS_COLON], weight: 0.5, name: "new_instructions" },
|
|
32
|
-
{ patterns: [IMPORTANT_OVERRIDE], weight: 0.5, name: "important_override" },
|
|
33
|
-
{ patterns: [OVERRIDE_SAFETY], weight: 0.6, name: "override_safety" },
|
|
34
|
-
{ patterns: [ACT_AS_ROLE], weight: 0.4, name: "act_as_role" },
|
|
35
|
-
{ patterns: [CONTEXT_RESET], weight: 0.4, name: "context_reset" },
|
|
36
|
-
{ patterns: [RULE_REPLACEMENT], weight: 0.4, name: "rule_replacement" },
|
|
37
|
-
{ patterns: [SYSTEM_TAG, SYSTEM_BRACKET, SYSTEM_COMMAND], weight: 0.3, name: "system_markers" },
|
|
38
|
-
{ patterns: [SPECIAL_TOKEN_DELIMITERS], weight: 0.3, name: "special_tokens" },
|
|
39
|
-
{ patterns: [ROLE_BOUNDARY, ASSISTANT_ROLE_MARKER], weight: 0.2, name: "role_markers" },
|
|
40
|
-
];
|
|
41
|
-
// ---------------------------------------------------------------------------
|
|
42
|
-
// Code block exclusion (INPUT-06)
|
|
43
|
-
// ---------------------------------------------------------------------------
|
|
44
|
-
/**
|
|
45
|
-
* Regex to match fenced code blocks (triple backtick) and inline code (single backtick).
|
|
46
|
-
* ReDoS-safe: [\s\S]*? is non-greedy character class without alternation.
|
|
47
|
-
*/
|
|
48
|
-
const CODE_BLOCK_REGEX = /```[\s\S]*?```|`[^`\n]+`/g;
|
|
49
|
-
function stripCodeBlocks(text) {
|
|
50
|
-
CODE_BLOCK_REGEX.lastIndex = 0;
|
|
51
|
-
return text.replace(CODE_BLOCK_REGEX, " ");
|
|
52
|
-
}
|
|
53
|
-
// ---------------------------------------------------------------------------
|
|
54
|
-
// Typoglycemia detection (INPUT-05)
|
|
55
|
-
// ---------------------------------------------------------------------------
|
|
56
|
-
/**
|
|
57
|
-
* The 8 key jailbreak terms to check for scrambled-middle variants.
|
|
58
|
-
* All are 5+ characters long, ensuring sufficient middle-letter entropy
|
|
59
|
-
* to avoid false positives on short words.
|
|
60
|
-
*/
|
|
61
|
-
const TYPOGLYCEMIA_TERMS = [
|
|
62
|
-
"ignore",
|
|
63
|
-
"previous",
|
|
64
|
-
"instructions",
|
|
65
|
-
"system",
|
|
66
|
-
"bypass",
|
|
67
|
-
"override",
|
|
68
|
-
"forget",
|
|
69
|
-
"delete",
|
|
70
|
-
];
|
|
71
|
-
/**
|
|
72
|
-
* Check whether a word is a typoglycemia variant of a target term.
|
|
73
|
-
*
|
|
74
|
-
* A word is a variant if:
|
|
75
|
-
* 1. Same length as target
|
|
76
|
-
* 2. Same first character (case-insensitive)
|
|
77
|
-
* 3. Same last character (case-insensitive)
|
|
78
|
-
* 4. NOT an exact match (exact matches are handled by regex patterns)
|
|
79
|
-
* 5. Same sorted middle characters
|
|
80
|
-
*
|
|
81
|
-
* This implements the "Cambridge University effect" where human readers
|
|
82
|
-
* can understand words with scrambled middle letters.
|
|
83
|
-
*/
|
|
84
|
-
function isTypoglycemiaVariant(word, target) {
|
|
85
|
-
if (word.length !== target.length)
|
|
86
|
-
return false;
|
|
87
|
-
const w = word.toLowerCase();
|
|
88
|
-
const t = target.toLowerCase();
|
|
89
|
-
if (w[0] !== t[0] || w[w.length - 1] !== t[t.length - 1])
|
|
90
|
-
return false;
|
|
91
|
-
if (w === t)
|
|
92
|
-
return false; // Exact match is NOT a variant
|
|
93
|
-
const wMiddle = [...w.slice(1, -1)].sort().join("");
|
|
94
|
-
const tMiddle = [...t.slice(1, -1)].sort().join("");
|
|
95
|
-
return wMiddle === tMiddle;
|
|
96
|
-
}
|
|
97
|
-
// ---------------------------------------------------------------------------
|
|
98
|
-
// Factory function
|
|
99
|
-
// ---------------------------------------------------------------------------
|
|
100
|
-
/**
|
|
101
|
-
* Create an InputGuard that scores user input text for jailbreak risk.
|
|
102
|
-
*
|
|
103
|
-
* Configuration is optional; all fields have sensible defaults:
|
|
104
|
-
* - mediumThreshold: 0.4
|
|
105
|
-
* - highThreshold: 0.7
|
|
106
|
-
* - action: "warn" (operator must explicitly set "block" to enable blocking)
|
|
107
|
-
*/
|
|
108
|
-
export function createInputGuard(config) {
|
|
109
|
-
const mediumThreshold = config?.mediumThreshold ?? 0.4;
|
|
110
|
-
const highThreshold = config?.highThreshold ?? 0.7;
|
|
111
|
-
const action = config?.action ?? "warn";
|
|
112
|
-
return {
|
|
113
|
-
scan(text) {
|
|
114
|
-
const stripped = stripCodeBlocks(text);
|
|
115
|
-
const matched = [];
|
|
116
|
-
let score = 0;
|
|
117
|
-
// 1. Weighted pattern category matching
|
|
118
|
-
for (const category of PATTERN_WEIGHTS) {
|
|
119
|
-
let categoryMatched = false;
|
|
120
|
-
for (const pattern of category.patterns) {
|
|
121
|
-
// Reset lastIndex before each test() call (patterns have /g or /gi flags)
|
|
122
|
-
pattern.lastIndex = 0;
|
|
123
|
-
if (pattern.test(stripped)) {
|
|
124
|
-
categoryMatched = true;
|
|
125
|
-
break; // Category is boolean -- one match suffices
|
|
126
|
-
}
|
|
127
|
-
}
|
|
128
|
-
if (categoryMatched) {
|
|
129
|
-
score += category.weight;
|
|
130
|
-
matched.push(category.name);
|
|
131
|
-
}
|
|
132
|
-
}
|
|
133
|
-
// 2. Typoglycemia detection
|
|
134
|
-
const words = stripped.split(/\s+/);
|
|
135
|
-
for (const word of words) {
|
|
136
|
-
if (word.length === 0)
|
|
137
|
-
continue;
|
|
138
|
-
for (const term of TYPOGLYCEMIA_TERMS) {
|
|
139
|
-
if (isTypoglycemiaVariant(word, term)) {
|
|
140
|
-
matched.push(`typoglycemia:${term}`);
|
|
141
|
-
score += 0.3;
|
|
142
|
-
break; // One word matches at most one term
|
|
143
|
-
}
|
|
144
|
-
}
|
|
145
|
-
}
|
|
146
|
-
// 3. Clamp score to [0.0, 1.0]
|
|
147
|
-
score = Math.min(score, 1.0);
|
|
148
|
-
// 4. Determine risk level
|
|
149
|
-
const riskLevel = score >= highThreshold ? "high"
|
|
150
|
-
: score >= mediumThreshold ? "medium"
|
|
151
|
-
: "low";
|
|
152
|
-
// 5. Determine action
|
|
153
|
-
let resultAction;
|
|
154
|
-
if (riskLevel === "high") {
|
|
155
|
-
resultAction = action === "block" ? "block" : "warn";
|
|
156
|
-
}
|
|
157
|
-
else if (riskLevel === "medium") {
|
|
158
|
-
resultAction = "reinforce";
|
|
159
|
-
}
|
|
160
|
-
else {
|
|
161
|
-
resultAction = "pass";
|
|
162
|
-
}
|
|
163
|
-
return { score, riskLevel, patterns: matched, action: resultAction };
|
|
164
|
-
},
|
|
165
|
-
};
|
|
166
|
-
}
|
|
@@ -1,38 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* ScopedSecretManager — per-agent SecretManager decorator with glob filtering.
|
|
3
|
-
*
|
|
4
|
-
* Wraps a base SecretManager and restricts access to secrets matching
|
|
5
|
-
* the agent's allow patterns. Every access attempt (get, has, require)
|
|
6
|
-
* emits a `secret:accessed` audit event through the optional TypedEventBus.
|
|
7
|
-
*
|
|
8
|
-
* Design decisions:
|
|
9
|
-
* - Decorator pattern: callers cannot distinguish from a plain SecretManager
|
|
10
|
-
* - Empty allowPatterns = unrestricted access (backward compat for existing agents)
|
|
11
|
-
* - eventBus is optional: if omitted, no audit events are emitted (unit-test friendly)
|
|
12
|
-
* - keys() filters but does not emit (listing operation, not access)
|
|
13
|
-
*/
|
|
14
|
-
import type { SecretManager } from "./secret-manager.js";
|
|
15
|
-
import type { TypedEventBus } from "../event-bus/index.js";
|
|
16
|
-
/**
|
|
17
|
-
* Options for creating a scoped (per-agent) SecretManager.
|
|
18
|
-
*/
|
|
19
|
-
export interface ScopedSecretManagerOptions {
|
|
20
|
-
/** The agent this scoped manager belongs to. Included in all audit events. */
|
|
21
|
-
agentId: string;
|
|
22
|
-
/** Glob patterns that grant access. Empty array = unrestricted (backward compat). */
|
|
23
|
-
allowPatterns: string[];
|
|
24
|
-
/** Optional event bus for audit event emission. No-op if omitted. */
|
|
25
|
-
eventBus?: TypedEventBus;
|
|
26
|
-
}
|
|
27
|
-
/**
|
|
28
|
-
* Create a SecretManager that filters access by glob patterns and emits audit events.
|
|
29
|
-
*
|
|
30
|
-
* The returned object implements the SecretManager interface exactly — same 4 methods
|
|
31
|
-
* (get, has, require, keys), same return types. This is the decorator pattern:
|
|
32
|
-
* callers cannot distinguish a ScopedSecretManager from a plain SecretManager.
|
|
33
|
-
*
|
|
34
|
-
* @param base - The underlying SecretManager to delegate allowed accesses to
|
|
35
|
-
* @param options - Agent ID, allow patterns, and optional event bus
|
|
36
|
-
* @returns A SecretManager that enforces per-agent access control
|
|
37
|
-
*/
|
|
38
|
-
export declare function createScopedSecretManager(base: SecretManager, options: ScopedSecretManagerOptions): SecretManager;
|
|
@@ -1,94 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* ScopedSecretManager — per-agent SecretManager decorator with glob filtering.
|
|
3
|
-
*
|
|
4
|
-
* Wraps a base SecretManager and restricts access to secrets matching
|
|
5
|
-
* the agent's allow patterns. Every access attempt (get, has, require)
|
|
6
|
-
* emits a `secret:accessed` audit event through the optional TypedEventBus.
|
|
7
|
-
*
|
|
8
|
-
* Design decisions:
|
|
9
|
-
* - Decorator pattern: callers cannot distinguish from a plain SecretManager
|
|
10
|
-
* - Empty allowPatterns = unrestricted access (backward compat for existing agents)
|
|
11
|
-
* - eventBus is optional: if omitted, no audit events are emitted (unit-test friendly)
|
|
12
|
-
* - keys() filters but does not emit (listing operation, not access)
|
|
13
|
-
*/
|
|
14
|
-
import { isSecretAccessible } from "./secret-access.js";
|
|
15
|
-
/**
|
|
16
|
-
* Create a SecretManager that filters access by glob patterns and emits audit events.
|
|
17
|
-
*
|
|
18
|
-
* The returned object implements the SecretManager interface exactly — same 4 methods
|
|
19
|
-
* (get, has, require, keys), same return types. This is the decorator pattern:
|
|
20
|
-
* callers cannot distinguish a ScopedSecretManager from a plain SecretManager.
|
|
21
|
-
*
|
|
22
|
-
* @param base - The underlying SecretManager to delegate allowed accesses to
|
|
23
|
-
* @param options - Agent ID, allow patterns, and optional event bus
|
|
24
|
-
* @returns A SecretManager that enforces per-agent access control
|
|
25
|
-
*/
|
|
26
|
-
export function createScopedSecretManager(base, options) {
|
|
27
|
-
const { agentId, allowPatterns, eventBus } = options;
|
|
28
|
-
let warnedNoAllow = false;
|
|
29
|
-
/**
|
|
30
|
-
* Emit a one-time security:warn event when an agent accesses secrets
|
|
31
|
-
* without explicit secrets.allow configuration (CORE-02).
|
|
32
|
-
*/
|
|
33
|
-
function warnUnrestrictedAccess(secretName) {
|
|
34
|
-
if (warnedNoAllow || allowPatterns.length > 0 || !eventBus)
|
|
35
|
-
return;
|
|
36
|
-
warnedNoAllow = true;
|
|
37
|
-
eventBus.emit("security:warn", {
|
|
38
|
-
category: "secret_access",
|
|
39
|
-
agentId,
|
|
40
|
-
message: `Agent "${agentId}" accessed secret "${secretName}" without explicit secrets.allow configuration. ` +
|
|
41
|
-
`Configure secrets.allow patterns to restrict access.`,
|
|
42
|
-
timestamp: Date.now(),
|
|
43
|
-
});
|
|
44
|
-
}
|
|
45
|
-
function emitAccess(secretName, outcome) {
|
|
46
|
-
eventBus?.emit("secret:accessed", {
|
|
47
|
-
secretName,
|
|
48
|
-
agentId,
|
|
49
|
-
outcome,
|
|
50
|
-
timestamp: Date.now(),
|
|
51
|
-
});
|
|
52
|
-
}
|
|
53
|
-
return {
|
|
54
|
-
get(key) {
|
|
55
|
-
warnUnrestrictedAccess(key);
|
|
56
|
-
if (!isSecretAccessible(key, allowPatterns)) {
|
|
57
|
-
emitAccess(key, "denied");
|
|
58
|
-
return undefined;
|
|
59
|
-
}
|
|
60
|
-
const value = base.get(key);
|
|
61
|
-
emitAccess(key, value !== undefined ? "success" : "not_found");
|
|
62
|
-
return value;
|
|
63
|
-
},
|
|
64
|
-
has(key) {
|
|
65
|
-
warnUnrestrictedAccess(key);
|
|
66
|
-
if (!isSecretAccessible(key, allowPatterns)) {
|
|
67
|
-
emitAccess(key, "denied");
|
|
68
|
-
return false;
|
|
69
|
-
}
|
|
70
|
-
const exists = base.has(key);
|
|
71
|
-
emitAccess(key, exists ? "success" : "not_found");
|
|
72
|
-
return exists;
|
|
73
|
-
},
|
|
74
|
-
require(key) {
|
|
75
|
-
warnUnrestrictedAccess(key);
|
|
76
|
-
if (!isSecretAccessible(key, allowPatterns)) {
|
|
77
|
-
emitAccess(key, "denied");
|
|
78
|
-
throw new Error(`Agent "${agentId}" is not allowed to access secret "${key}". ` +
|
|
79
|
-
`Check the agent's secrets.allow configuration.`);
|
|
80
|
-
}
|
|
81
|
-
const value = base.get(key);
|
|
82
|
-
if (value === undefined) {
|
|
83
|
-
emitAccess(key, "not_found");
|
|
84
|
-
throw new Error(`Required secret "${key}" is not set. ` +
|
|
85
|
-
`Check that this key is defined in your .env file or encrypted store.`);
|
|
86
|
-
}
|
|
87
|
-
emitAccess(key, "success");
|
|
88
|
-
return value;
|
|
89
|
-
},
|
|
90
|
-
keys() {
|
|
91
|
-
return base.keys().filter((k) => isSecretAccessible(k, allowPatterns));
|
|
92
|
-
},
|
|
93
|
-
};
|
|
94
|
-
}
|
|
@@ -1,37 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* DeliveryContext: metadata captured per message delivery for tracing (OBS-04).
|
|
3
|
-
*
|
|
4
|
-
* Records source/target channel identifiers, delivery timing, success status,
|
|
5
|
-
* and optional attribution (agent, session). Downstream consumers use this
|
|
6
|
-
* for delivery tracing dashboards and latency analysis.
|
|
7
|
-
*/
|
|
8
|
-
export interface DeliveryContext {
|
|
9
|
-
/** Source channel that originated the message */
|
|
10
|
-
sourceChannelId: string;
|
|
11
|
-
sourceChannelType: string;
|
|
12
|
-
/** Delivery target */
|
|
13
|
-
targetChannelId: string;
|
|
14
|
-
targetChannelType: string;
|
|
15
|
-
/** Timestamp when delivery was initiated */
|
|
16
|
-
deliveredAt: number;
|
|
17
|
-
/** Time from message receipt to delivery completion in ms */
|
|
18
|
-
latencyMs: number;
|
|
19
|
-
/** Whether delivery succeeded */
|
|
20
|
-
success: boolean;
|
|
21
|
-
/** Error message if delivery failed */
|
|
22
|
-
error?: string;
|
|
23
|
-
/** Agent that processed the message */
|
|
24
|
-
agentId?: string;
|
|
25
|
-
/** Session key string */
|
|
26
|
-
sessionKey?: string;
|
|
27
|
-
/** Execution timeline steps synthesized from timing data */
|
|
28
|
-
steps?: Array<{
|
|
29
|
-
name: string;
|
|
30
|
-
timestamp: number;
|
|
31
|
-
durationMs: number;
|
|
32
|
-
status: "ok" | "error";
|
|
33
|
-
error?: string;
|
|
34
|
-
}>;
|
|
35
|
-
/** Additional metadata (retry count, parse mode fallback, etc.) */
|
|
36
|
-
metadata?: Record<string, unknown>;
|
|
37
|
-
}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
export {};
|