create-vellaveto 4.0.2 → 4.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/generators/helm.js +14 -5
  2. package/dist/generators/toml.js +45 -26
  3. package/package.json +1 -1
package/dist/generators/helm.js CHANGED
@@ -47,12 +47,12 @@ function generateValues(state) {
47
47
  yaml += " strictMode: true\n\n";
48
48
  yaml += " injection:\n";
49
49
  yaml += ` enabled: ${state.injectionEnabled}\n`;
50
- yaml += ` blocking: ${state.injectionBlocking}\n\n`;
50
+ yaml += ` blockOnInjection: ${state.injectionBlocking}\n\n`;
51
51
  yaml += " dlp:\n";
52
52
  yaml += ` enabled: ${state.dlpEnabled}\n`;
53
- yaml += ` blocking: ${state.dlpBlocking}\n\n`;
53
+ yaml += ` blockOnFinding: ${state.dlpBlocking}\n\n`;
54
54
  yaml += " audit:\n";
55
- yaml += ` redactionLevel: "${capitalize(state.redactionLevel)}"\n\n`;
55
+ yaml += ` redactionLevel: "${mapRedactionLevel(state.redactionLevel)}"\n\n`;
56
56
  yaml += " # API key should be provided via Kubernetes Secret:\n";
57
57
  yaml += " # kubectl create secret generic vellaveto-api-key --from-literal=api-key=<YOUR_KEY>\n";
58
58
  yaml += " extraEnv:\n";
@@ -95,6 +95,15 @@ function generateConfigMap(state) {
95
95
  yaml += "\n";
96
96
  return yaml;
97
97
  }
98
- function capitalize(s) {
99
- return s.charAt(0).toUpperCase() + s.slice(1);
98
+ function mapRedactionLevel(level) {
99
+ switch (level) {
100
+ case "off":
101
+ return "Off";
102
+ case "low":
103
+ return "KeysOnly";
104
+ case "high":
105
+ return "KeysAndPatterns";
106
+ default:
107
+ return level;
108
+ }
100
109
  }
package/dist/generators/toml.js CHANGED
@@ -6,6 +6,19 @@
6
6
  * this CLI wizard.
7
7
  */
8
8
  import { escapeTomlString } from "../utils.js";
9
+ /** Map wizard redaction level names to server-accepted values. */
10
+ function mapRedactionLevel(level) {
11
+ switch (level) {
12
+ case "off":
13
+ return "Off";
14
+ case "low":
15
+ return "KeysOnly";
16
+ case "high":
17
+ return "KeysAndPatterns";
18
+ default:
19
+ return level;
20
+ }
21
+ }
9
22
  export function generateToml(state) {
10
23
  let toml = "";
11
24
  // Header
@@ -36,13 +49,13 @@ export function generateToml(state) {
36
49
  toml += "[injection]\n";
37
50
  toml += `enabled = ${state.injectionEnabled}\n`;
38
51
  if (state.injectionEnabled) {
39
- toml += `blocking = ${state.injectionBlocking}\n`;
52
+ toml += `block_on_injection = ${state.injectionBlocking}\n`;
40
53
  }
41
54
  toml += "\n";
42
55
  toml += "[dlp]\n";
43
56
  toml += `enabled = ${state.dlpEnabled}\n`;
44
57
  if (state.dlpEnabled) {
45
- toml += `blocking = ${state.dlpBlocking}\n`;
58
+ toml += `block_on_finding = ${state.dlpBlocking}\n`;
46
59
  }
47
60
  toml += "\n";
48
61
  if (state.behavioralEnabled) {
@@ -52,17 +65,23 @@ export function generateToml(state) {
52
65
  // Audit
53
66
  toml += "# ─── Audit ──────────────────────────────────────────────────\n\n";
54
67
  toml += "[audit]\n";
55
- toml += `redaction_level = "${escapeTomlString(state.redactionLevel)}"\n`;
68
+ toml += `redaction_level = "${escapeTomlString(mapRedactionLevel(state.redactionLevel))}"\n`;
56
69
  toml += "\n";
57
70
  if (state.checkpointInterval > 0) {
58
71
  toml += `# Checkpoint interval: set VELLAVETO_CHECKPOINT_INTERVAL=${state.checkpointInterval} env var\n\n`;
59
72
  }
60
73
  // Audit export
61
74
  if (state.auditExportFormat !== "none") {
75
+ // Map "webhook" format to "jsonl" (webhook is delivery, not format)
76
+ const exportFormat = state.auditExportFormat === "webhook" ? "jsonl" : state.auditExportFormat;
62
77
  toml += "[audit_export]\n";
63
- toml += `format = "${escapeTomlString(state.auditExportFormat)}"\n`;
64
- if (state.auditExportTarget) {
65
- toml += `target = "${escapeTomlString(state.auditExportTarget)}"\n`;
78
+ toml += `format = "${escapeTomlString(exportFormat)}"\n`;
79
+ // webhook_url is only valid for webhook delivery (must be https://)
80
+ if (state.auditExportFormat === "webhook" && state.auditExportTarget) {
81
+ toml += `webhook_url = "${escapeTomlString(state.auditExportTarget)}"\n`;
82
+ }
83
+ else if (state.auditExportTarget && state.auditExportFormat !== "webhook") {
84
+ toml += `# Export file: ${escapeTomlString(state.auditExportTarget)}\n`;
66
85
  }
67
86
  toml += "\n";
68
87
  }
@@ -117,16 +136,16 @@ function generateStrictPreset() {
117
136
  toml += 'name = "Default deny all"\n';
118
137
  toml += 'policy_type = "Deny"\n';
119
138
  toml += "priority = 0\n";
120
- toml += 'tool = "*"\n';
121
- toml += 'function = "*"\n\n';
139
+ toml += 'tool_pattern = "*"\n';
140
+ toml += 'function_pattern = "*"\n\n';
122
141
  // Block credentials
123
142
  toml += "[[policies]]\n";
124
143
  toml += 'id = "block-credentials"\n';
125
144
  toml += 'name = "Block credential access"\n';
126
145
  toml += 'policy_type = "Deny"\n';
127
146
  toml += "priority = 100\n";
128
- toml += 'tool = "*"\n';
129
- toml += 'function = "*"\n\n';
147
+ toml += 'tool_pattern = "*"\n';
148
+ toml += 'function_pattern = "*"\n\n';
130
149
  toml += "[policies.path_rules]\n";
131
150
  toml +=
132
151
  'blocked_patterns = ["**/.env", "**/*.key", "**/*.pem", "**/credentials*", "**/.ssh/**", "**/.aws/**"]\n\n';
@@ -136,8 +155,8 @@ function generateStrictPreset() {
136
155
  toml += 'name = "Block data exfiltration"\n';
137
156
  toml += 'policy_type = "Deny"\n';
138
157
  toml += "priority = 100\n";
139
- toml += 'tool = "*"\n';
140
- toml += 'function = "*"\n\n';
158
+ toml += 'tool_pattern = "*"\n';
159
+ toml += 'function_pattern = "*"\n\n';
141
160
  toml += "[policies.network_rules]\n";
142
161
  toml +=
143
162
  'blocked_domains = ["*.pastebin.com", "*.transfer.sh", "*.ngrok.io"]\n\n';
@@ -147,8 +166,8 @@ function generateStrictPreset() {
147
166
  toml += 'name = "Require approval for destructive operations"\n';
148
167
  toml += 'policy_type = "RequireApproval"\n';
149
168
  toml += "priority = 50\n";
150
- toml += 'tool = "*"\n';
151
- toml += 'function = "*"\n\n';
169
+ toml += 'tool_pattern = "*"\n';
170
+ toml += 'function_pattern = "*"\n\n';
152
171
  toml += "[policies.path_rules]\n";
153
172
  toml += 'write_patterns = ["**/*"]\n\n';
154
173
  return toml;
@@ -163,16 +182,16 @@ function generateBalancedPreset() {
163
182
  toml += 'name = "Default deny all"\n';
164
183
  toml += 'policy_type = "Deny"\n';
165
184
  toml += "priority = 0\n";
166
- toml += 'tool = "*"\n';
167
- toml += 'function = "*"\n\n';
185
+ toml += 'tool_pattern = "*"\n';
186
+ toml += 'function_pattern = "*"\n\n';
168
187
  // Block credentials
169
188
  toml += "[[policies]]\n";
170
189
  toml += 'id = "block-credentials"\n';
171
190
  toml += 'name = "Block credential access"\n';
172
191
  toml += 'policy_type = "Deny"\n';
173
192
  toml += "priority = 100\n";
174
- toml += 'tool = "*"\n';
175
- toml += 'function = "*"\n\n';
193
+ toml += 'tool_pattern = "*"\n';
194
+ toml += 'function_pattern = "*"\n\n';
176
195
  toml += "[policies.path_rules]\n";
177
196
  toml +=
178
197
  'blocked_patterns = ["**/.env", "**/*.key", "**/*.pem", "**/credentials*", "**/.ssh/**", "**/.aws/**"]\n\n';
@@ -183,7 +202,7 @@ function generateBalancedPreset() {
183
202
  toml += 'policy_type = "Allow"\n';
184
203
  toml += "priority = 50\n";
185
204
  toml += 'tool = "*"\n';
186
- toml += 'function = "read*"\n\n';
205
+ toml += 'function_pattern = "read*"\n\n';
187
206
  // Require approval for writes
188
207
  toml += "[[policies]]\n";
189
208
  toml += 'id = "approve-writes"\n';
@@ -191,7 +210,7 @@ function generateBalancedPreset() {
191
210
  toml += 'policy_type = "RequireApproval"\n';
192
211
  toml += "priority = 50\n";
193
212
  toml += 'tool = "*"\n';
194
- toml += 'function = "write*"\n\n';
213
+ toml += 'function_pattern = "write*"\n\n';
195
214
  return toml;
196
215
  }
197
216
  function generatePermissivePreset() {
@@ -204,16 +223,16 @@ function generatePermissivePreset() {
204
223
  toml += 'name = "Default allow all"\n';
205
224
  toml += 'policy_type = "Allow"\n';
206
225
  toml += "priority = 0\n";
207
- toml += 'tool = "*"\n';
208
- toml += 'function = "*"\n\n';
226
+ toml += 'tool_pattern = "*"\n';
227
+ toml += 'function_pattern = "*"\n\n';
209
228
  // Block credentials
210
229
  toml += "[[policies]]\n";
211
230
  toml += 'id = "block-credentials"\n';
212
231
  toml += 'name = "Block credential access"\n';
213
232
  toml += 'policy_type = "Deny"\n';
214
233
  toml += "priority = 100\n";
215
- toml += 'tool = "*"\n';
216
- toml += 'function = "*"\n\n';
234
+ toml += 'tool_pattern = "*"\n';
235
+ toml += 'function_pattern = "*"\n\n';
217
236
  toml += "[policies.path_rules]\n";
218
237
  toml +=
219
238
  'blocked_patterns = ["**/.env", "**/*.key", "**/*.pem", "**/credentials*", "**/.ssh/**", "**/.aws/**"]\n\n';
@@ -223,8 +242,8 @@ function generatePermissivePreset() {
223
242
  toml += 'name = "Block data exfiltration"\n';
224
243
  toml += 'policy_type = "Deny"\n';
225
244
  toml += "priority = 100\n";
226
- toml += 'tool = "*"\n';
227
- toml += 'function = "*"\n\n';
245
+ toml += 'tool_pattern = "*"\n';
246
+ toml += 'function_pattern = "*"\n\n';
228
247
  toml += "[policies.network_rules]\n";
229
248
  toml +=
230
249
  'blocked_domains = ["*.pastebin.com", "*.transfer.sh", "*.ngrok.io"]\n\n';
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "create-vellaveto",
3
- "version": "4.0.2",
3
+ "version": "4.0.4",
4
4
  "description": "Setup wizard for Vellaveto — MCP Tool Firewall",
5
5
  "type": "module",
6
6
  "bin": {