create-guardio 0.0.9 → 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.mjs +78 -11
- package/package.json +1 -1
package/index.mjs
CHANGED
|
@@ -73,8 +73,20 @@ async function setupDashboardFromTarball(guardioPath) {
|
|
|
73
73
|
"Dashboard tarball missing packages/dashboard. Wrong repo or branch?",
|
|
74
74
|
);
|
|
75
75
|
}
|
|
76
|
+
// Copy only the dashboard package contents into guardioPath/dashboard (never the whole repo)
|
|
76
77
|
await mkdir(dashboardPath, { recursive: true });
|
|
77
|
-
|
|
78
|
+
const dashboardEntries = readdirSync(srcDashboard, { withFileTypes: true });
|
|
79
|
+
for (const e of dashboardEntries) {
|
|
80
|
+
cpSync(join(srcDashboard, e.name), join(dashboardPath, e.name), {
|
|
81
|
+
recursive: true,
|
|
82
|
+
});
|
|
83
|
+
}
|
|
84
|
+
const dashboardPkgJson = join(dashboardPath, "package.json");
|
|
85
|
+
if (!existsSync(dashboardPkgJson)) {
|
|
86
|
+
throw new Error(
|
|
87
|
+
"Dashboard package missing package.json after copy. Wrong repo layout?",
|
|
88
|
+
);
|
|
89
|
+
}
|
|
78
90
|
console.log("Installing dashboard dependencies...");
|
|
79
91
|
const installResult = spawnSync(
|
|
80
92
|
"pnpm",
|
|
@@ -172,7 +184,7 @@ async function main() {
|
|
|
172
184
|
guardio:
|
|
173
185
|
"node --import tsx ./node_modules/@guardiojs/guardio/dist/cli.js --config guardio.config.ts",
|
|
174
186
|
},
|
|
175
|
-
dependencies: { "@guardiojs/guardio": "*" },
|
|
187
|
+
dependencies: { "@guardiojs/guardio": "*", zod: "^3.23.0" },
|
|
176
188
|
devDependencies: {
|
|
177
189
|
typescript: "^5.6.0",
|
|
178
190
|
"@types/node": "^22.0.0",
|
|
@@ -226,27 +238,59 @@ export default config;
|
|
|
226
238
|
|
|
227
239
|
if (addExamplePlugin) {
|
|
228
240
|
await mkdir(resolve(guardioPath, "plugins", "example"), { recursive: true });
|
|
229
|
-
const examplePluginContent = `import
|
|
241
|
+
const examplePluginContent = `import { z } from "zod";
|
|
242
|
+
import type {
|
|
243
|
+
PolicyPluginDefinition,
|
|
230
244
|
PolicyPluginInterface,
|
|
231
245
|
PolicyRequestContext,
|
|
232
246
|
PolicyResult,
|
|
247
|
+
PolicyPluginContext,
|
|
233
248
|
} from "@guardiojs/guardio";
|
|
234
249
|
|
|
250
|
+
// Config schema for dashboard validation (optional)
|
|
251
|
+
const configSchema = z.object({
|
|
252
|
+
allowAll: z.boolean().default(true).describe("Allow all tool calls"),
|
|
253
|
+
});
|
|
254
|
+
|
|
255
|
+
type Config = z.infer<typeof configSchema>;
|
|
256
|
+
|
|
235
257
|
/**
|
|
236
258
|
* Example policy plugin: implements PolicyPluginInterface.
|
|
237
259
|
* Reference in guardio.config.ts with: { type: "policy", name: "example", path: "./plugins/example" }
|
|
238
|
-
* Default export must be the plugin instance.
|
|
239
260
|
*/
|
|
240
261
|
class ExamplePolicyPlugin implements PolicyPluginInterface {
|
|
241
262
|
readonly name = "example";
|
|
242
263
|
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
264
|
+
constructor(
|
|
265
|
+
private config: Config,
|
|
266
|
+
private context?: PolicyPluginContext,
|
|
267
|
+
) {}
|
|
268
|
+
|
|
269
|
+
async evaluate(ctx: PolicyRequestContext): Promise<PolicyResult> {
|
|
270
|
+
// Access config: this.config.allowAll
|
|
271
|
+
// Access plugin storage: this.context?.pluginRepository
|
|
272
|
+
if (this.config.allowAll) {
|
|
273
|
+
return { verdict: "allow" };
|
|
274
|
+
}
|
|
275
|
+
return {
|
|
276
|
+
verdict: "block",
|
|
277
|
+
code: "EXAMPLE_BLOCKED",
|
|
278
|
+
reason: "Blocked by example policy",
|
|
279
|
+
};
|
|
246
280
|
}
|
|
247
281
|
}
|
|
248
282
|
|
|
249
|
-
|
|
283
|
+
// Export a PolicyPluginDefinition (factory-based)
|
|
284
|
+
const definition: PolicyPluginDefinition = {
|
|
285
|
+
name: "example",
|
|
286
|
+
factory: (config, context) => new ExamplePolicyPlugin(config as Config, context),
|
|
287
|
+
configSchema,
|
|
288
|
+
uiSchema: {
|
|
289
|
+
allowAll: { "ui:widget": "checkbox" },
|
|
290
|
+
},
|
|
291
|
+
};
|
|
292
|
+
|
|
293
|
+
export default definition;
|
|
250
294
|
`;
|
|
251
295
|
await writeFile(
|
|
252
296
|
resolve(guardioPath, "plugins", "example", "index.ts"),
|
|
@@ -260,10 +304,33 @@ export default new ExamplePolicyPlugin();
|
|
|
260
304
|
|
|
261
305
|
Add a plugin by setting \`path\` in \`guardio.config.ts\` to a directory that contains \`index.js\` or \`index.mjs\` (compile from \`index.ts\` with \`npm run build\`).
|
|
262
306
|
|
|
263
|
-
|
|
264
|
-
|
|
307
|
+
## Policy plugins
|
|
308
|
+
|
|
309
|
+
Export a \`PolicyPluginDefinition\` with a factory function:
|
|
310
|
+
|
|
311
|
+
\`\`\`ts
|
|
312
|
+
import { z } from "zod";
|
|
313
|
+
import type { PolicyPluginDefinition } from "@guardiojs/guardio";
|
|
314
|
+
|
|
315
|
+
const configSchema = z.object({ ... });
|
|
316
|
+
|
|
317
|
+
const definition: PolicyPluginDefinition = {
|
|
318
|
+
name: "my-policy",
|
|
319
|
+
factory: (config, context) => new MyPolicyPlugin(config, context),
|
|
320
|
+
configSchema, // optional: enables dashboard validation
|
|
321
|
+
uiSchema: {}, // optional: custom form widgets
|
|
322
|
+
};
|
|
323
|
+
|
|
324
|
+
export default definition;
|
|
325
|
+
\`\`\`
|
|
326
|
+
|
|
327
|
+
Config: \`{ "type": "policy", "name": "my-policy", "path": "./plugins/my-policy" }\`
|
|
265
328
|
|
|
266
|
-
|
|
329
|
+
Custom plugins work exactly like built-in plugins:
|
|
330
|
+
- Create multiple instances with different configs via the dashboard
|
|
331
|
+
- Configs are stored in the database and validated against your schema
|
|
332
|
+
- Plugins receive a \`PolicyPluginContext\` with a scoped \`PluginRepository\` for persisting state
|
|
333
|
+
${addExamplePlugin ? "\nSee example/ for a complete policy plugin." : ""}
|
|
267
334
|
`;
|
|
268
335
|
await writeFile(
|
|
269
336
|
resolve(guardioPath, "plugins", "README.md"),
|