crewhaus 0.1.8 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +10 -3
- package/dist/advice-apply.d.ts +182 -0
- package/dist/advice-apply.js +286 -0
- package/dist/advise-rules.d.ts +348 -0
- package/dist/advise-rules.js +905 -0
- package/dist/alert-sink.d.ts +48 -0
- package/dist/alert-sink.js +86 -0
- package/dist/approval-gate.d.ts +127 -0
- package/dist/approval-gate.js +254 -0
- package/dist/audit-verify.d.ts +69 -0
- package/dist/audit-verify.js +97 -0
- package/dist/autodistill.d.ts +113 -0
- package/dist/autodistill.js +256 -0
- package/dist/channel-provision.d.ts +360 -0
- package/dist/channel-provision.js +881 -0
- package/dist/ci-scaffold.d.ts +31 -0
- package/dist/ci-scaffold.js +343 -0
- package/dist/compile-check.d.ts +90 -0
- package/dist/compile-check.js +285 -0
- package/dist/compliance-schedule.d.ts +35 -0
- package/dist/compliance-schedule.js +36 -0
- package/dist/context-pressure.d.ts +80 -0
- package/dist/context-pressure.js +166 -0
- package/dist/dataset-mine.d.ts +173 -0
- package/dist/dataset-mine.js +404 -0
- package/dist/datasets.d.ts +124 -0
- package/dist/datasets.js +260 -0
- package/dist/deploy-canary.d.ts +83 -0
- package/dist/deploy-canary.js +87 -0
- package/dist/doctor-checks.d.ts +33 -0
- package/dist/doctor-checks.js +92 -0
- package/dist/doctor-detect.d.ts +108 -0
- package/dist/doctor-detect.js +214 -0
- package/dist/doctor-fix.d.ts +81 -0
- package/dist/doctor-fix.js +164 -0
- package/dist/egress-triage.d.ts +121 -0
- package/dist/egress-triage.js +261 -0
- package/dist/eval-bridge.d.ts +114 -0
- package/dist/eval-bridge.js +158 -0
- package/dist/eval-coverage.d.ts +140 -0
- package/dist/eval-coverage.js +428 -0
- package/dist/eval-history.d.ts +48 -0
- package/dist/eval-history.js +157 -0
- package/dist/eval-matrix.d.ts +80 -0
- package/dist/eval-matrix.js +182 -0
- package/dist/eval-sentinel.d.ts +65 -0
- package/dist/eval-sentinel.js +132 -0
- package/dist/faq.d.ts +68 -0
- package/dist/faq.js +168 -0
- package/dist/feedback.d.ts +9 -2
- package/dist/feedback.js +17 -7
- package/dist/fewshot.d.ts +83 -0
- package/dist/fewshot.js +158 -0
- package/dist/fleet.d.ts +207 -0
- package/dist/fleet.js +488 -0
- package/dist/flywheel.d.ts +193 -0
- package/dist/flywheel.js +519 -0
- package/dist/graders-suggest.d.ts +186 -0
- package/dist/graders-suggest.js +658 -0
- package/dist/incident.d.ts +99 -0
- package/dist/incident.js +217 -0
- package/dist/index.d.ts +9 -1
- package/dist/index.js +11664 -963
- package/dist/init-interactive.d.ts +105 -0
- package/dist/init-interactive.js +208 -0
- package/dist/intents.d.ts +105 -0
- package/dist/intents.js +292 -0
- package/dist/judge-calibrate.d.ts +137 -0
- package/dist/judge-calibrate.js +247 -0
- package/dist/justification-calibrate.d.ts +150 -0
- package/dist/justification-calibrate.js +262 -0
- package/dist/justification-gate.d.ts +27 -6
- package/dist/justification-gate.js +30 -6
- package/dist/knowledge-sync.d.ts +179 -0
- package/dist/knowledge-sync.js +551 -0
- package/dist/lessons.d.ts +87 -0
- package/dist/lessons.js +207 -0
- package/dist/lint.d.ts +127 -0
- package/dist/lint.js +226 -0
- package/dist/loadtest.d.ts +114 -0
- package/dist/loadtest.js +196 -0
- package/dist/marketplace-cli.d.ts +110 -0
- package/dist/marketplace-cli.js +250 -0
- package/dist/mcp-doctor.d.ts +121 -0
- package/dist/mcp-doctor.js +249 -0
- package/dist/model-scan.d.ts +116 -0
- package/dist/model-scan.js +226 -0
- package/dist/onchain-tune.d.ts +164 -0
- package/dist/onchain-tune.js +346 -0
- package/dist/permissions-suggest.d.ts +126 -0
- package/dist/permissions-suggest.js +333 -0
- package/dist/pii-tune.d.ts +107 -0
- package/dist/pii-tune.js +122 -0
- package/dist/propose.d.ts +117 -0
- package/dist/propose.js +184 -0
- package/dist/refresh-goldens.d.ts +82 -0
- package/dist/refresh-goldens.js +221 -0
- package/dist/regression-pin.d.ts +160 -0
- package/dist/regression-pin.js +281 -0
- package/dist/retention.d.ts +193 -0
- package/dist/retention.js +607 -0
- package/dist/retire.d.ts +118 -0
- package/dist/retire.js +291 -0
- package/dist/right-size.d.ts +100 -0
- package/dist/right-size.js +123 -0
- package/dist/route.d.ts +19 -0
- package/dist/route.js +90 -0
- package/dist/scaffold-evals.d.ts +138 -0
- package/dist/scaffold-evals.js +410 -0
- package/dist/scope-audit-drift.d.ts +139 -0
- package/dist/scope-audit-drift.js +260 -0
- package/dist/security-corpus.d.ts +237 -0
- package/dist/security-corpus.js +516 -0
- package/dist/security-digest.d.ts +174 -0
- package/dist/security-digest.js +656 -0
- package/dist/sessions-index.d.ts +27 -0
- package/dist/sessions-index.js +51 -0
- package/dist/slo-doctor.d.ts +67 -0
- package/dist/slo-doctor.js +119 -0
- package/dist/slo-sink.d.ts +96 -0
- package/dist/slo-sink.js +107 -0
- package/dist/spec-changelog.d.ts +102 -0
- package/dist/spec-changelog.js +237 -0
- package/dist/state-backup.d.ts +223 -0
- package/dist/state-backup.js +648 -0
- package/dist/tools-cli.d.ts +170 -0
- package/dist/tools-cli.js +300 -0
- package/dist/triage.d.ts +202 -0
- package/dist/triage.js +403 -0
- package/dist/upgrade.d.ts +57 -0
- package/dist/upgrade.js +113 -0
- package/dist/version.d.ts +6 -0
- package/dist/version.js +27 -0
- package/dist/voice-eval.d.ts +138 -0
- package/dist/voice-eval.js +309 -0
- package/dist/watch.d.ts +58 -0
- package/dist/watch.js +97 -0
- package/package.json +90 -65
|
@@ -0,0 +1,174 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Every kind declared by `@crewhaus/audit-log`. Kept as a local literal list
|
|
3
|
+
* (rather than importing a value — the package only exports the TYPE) so the
|
|
4
|
+
* digest can report declared kinds that produced zero records in the window.
|
|
5
|
+
*
|
|
6
|
+
* `satisfies ReadonlyArray<AuditKind>` only checks that every entry HERE is a
|
|
7
|
+
* valid `AuditKind` — it is a subset check, not an exhaustiveness check. It
|
|
8
|
+
* does NOT catch a NEW kind added to the `AuditKind` union that this list
|
|
9
|
+
* forgets to list (F7: `alert_raised`, added by the item-31 alert watchdog,
|
|
10
|
+
* compiled cleanly for a while despite being absent here). Keep this list in
|
|
11
|
+
* sync BY HAND whenever `AuditKind` gains a member.
|
|
12
|
+
*/
|
|
13
|
+
export declare const DECLARED_AUDIT_KINDS: readonly ["policy_decision", "model_call", "tool_classification", "gateway_request", "session_fork", "tenancy_context", "secrets_rotation", "secrets_access", "deployment_action", "egress_decision", "permission_justification_evaluated", "retention_enforcement", "governance_approval", "governance_proposal", "alert_raised", "slo_mitigation"];
|
|
14
|
+
/** Thrown by `parseSinceFlag` on an unparseable `--since`. The CLI entry
|
|
15
|
+
* file catches it and routes the message through `die()`; tests assert on
|
|
16
|
+
* `.message` without the process exiting. */
|
|
17
|
+
export declare class InvalidSinceFlagError extends Error {
|
|
18
|
+
readonly value: string;
|
|
19
|
+
readonly name = "InvalidSinceFlagError";
|
|
20
|
+
constructor(value: string);
|
|
21
|
+
}
|
|
22
|
+
export type SinceWindow = {
|
|
23
|
+
/** Inclusive epoch-ms lower bound on record timestamps. */
|
|
24
|
+
readonly sinceMs: number;
|
|
25
|
+
/** Human label for the report header: "7d", "30d", or the ISO value. */
|
|
26
|
+
readonly label: string;
|
|
27
|
+
};
|
|
28
|
+
/**
|
|
29
|
+
* Parse the `--since` flag: `<N>d` (a trailing day window, default `7d`) or
|
|
30
|
+
* an ISO date/datetime (bare dates are UTC midnight per `Date.parse`).
|
|
31
|
+
*/
|
|
32
|
+
export declare function parseSinceFlag(value: string | undefined, now?: () => number): SinceWindow;
|
|
33
|
+
export type DeniedToolEntry = {
|
|
34
|
+
readonly toolName: string;
|
|
35
|
+
readonly denials: number;
|
|
36
|
+
/** Distinct judge identities that produced the denials. */
|
|
37
|
+
readonly judges: ReadonlyArray<string>;
|
|
38
|
+
/** Mean judge confidence over denials that carried one; null when none did. */
|
|
39
|
+
readonly meanConfidence: number | null;
|
|
40
|
+
/** The most recent denial reason, for triage at a glance. */
|
|
41
|
+
readonly lastReason?: string;
|
|
42
|
+
};
|
|
43
|
+
export type JudgeEntry = {
|
|
44
|
+
readonly judgeModel: string;
|
|
45
|
+
readonly evaluated: number;
|
|
46
|
+
readonly denied: number;
|
|
47
|
+
};
|
|
48
|
+
export type EgressSinkEntry = {
|
|
49
|
+
readonly sinkId: string;
|
|
50
|
+
readonly warned: number;
|
|
51
|
+
readonly blocked: number;
|
|
52
|
+
/** Distinct trust origins found in this sink's non-pass payloads. */
|
|
53
|
+
readonly origins: ReadonlyArray<string>;
|
|
54
|
+
};
|
|
55
|
+
export type CountEntry = {
|
|
56
|
+
readonly name: string;
|
|
57
|
+
readonly count: number;
|
|
58
|
+
};
|
|
59
|
+
export type SecurityDigest = {
|
|
60
|
+
readonly version: 1;
|
|
61
|
+
readonly generatedAt: string;
|
|
62
|
+
/** ISO instant of the window's inclusive lower bound. */
|
|
63
|
+
readonly since: string;
|
|
64
|
+
readonly windowLabel: string;
|
|
65
|
+
readonly rootDir: string;
|
|
66
|
+
readonly audit: {
|
|
67
|
+
readonly dir: string;
|
|
68
|
+
/** Records parsed from day files that could overlap the window. */
|
|
69
|
+
readonly recordsScanned: number;
|
|
70
|
+
/** Records whose ts landed inside the window (the rollup input). */
|
|
71
|
+
readonly recordsInWindow: number;
|
|
72
|
+
/** Unparseable JSONL lines — reported, never fatal (triage tool). */
|
|
73
|
+
readonly malformedLines: number;
|
|
74
|
+
readonly countsByKind: Readonly<Record<string, number>>;
|
|
75
|
+
/** Kinds @crewhaus/audit-log declares that produced 0 window records —
|
|
76
|
+
* always includes the still-writerless kinds, plus any writerful kind
|
|
77
|
+
* (e.g. egress_decision) that simply had no records in the window. */
|
|
78
|
+
readonly absentDeclaredKinds: ReadonlyArray<string>;
|
|
79
|
+
};
|
|
80
|
+
/** Pillar 3 intent gate — from `permission_justification_evaluated`. */
|
|
81
|
+
readonly justification: {
|
|
82
|
+
readonly evaluated: number;
|
|
83
|
+
readonly allowed: number;
|
|
84
|
+
readonly denied: number;
|
|
85
|
+
/** denied / evaluated; null when nothing was evaluated in the window. */
|
|
86
|
+
readonly denyRate: number | null;
|
|
87
|
+
readonly topDeniedTools: ReadonlyArray<DeniedToolEntry>;
|
|
88
|
+
readonly byJudge: ReadonlyArray<JudgeEntry>;
|
|
89
|
+
};
|
|
90
|
+
/** Pillar 3 sink-side — from `egress_decision` records (NO writer today;
|
|
91
|
+
* see the module header — populated the day one lands). */
|
|
92
|
+
readonly egress: {
|
|
93
|
+
readonly decisions: number;
|
|
94
|
+
readonly passed: number;
|
|
95
|
+
readonly warned: number;
|
|
96
|
+
readonly blocked: number;
|
|
97
|
+
readonly topSinks: ReadonlyArray<EgressSinkEntry>;
|
|
98
|
+
readonly topOrigins: ReadonlyArray<CountEntry>;
|
|
99
|
+
};
|
|
100
|
+
/** From `policy_decision` (policy-engine writes deny/audit-and-allow). */
|
|
101
|
+
readonly policy: {
|
|
102
|
+
readonly decisions: number;
|
|
103
|
+
readonly denied: number;
|
|
104
|
+
readonly auditAndAllow: number;
|
|
105
|
+
readonly topDeniedTools: ReadonlyArray<CountEntry>;
|
|
106
|
+
};
|
|
107
|
+
/** Durable block-tier residue scanned out of session event logs. HEURISTIC
|
|
108
|
+
* (best-effort) by construction: the markers live in `tool_result`
|
|
109
|
+
* content, which any malicious tool output can forge — these counters can
|
|
110
|
+
* be inflated (never the audit-derived ones above). Strings in here are
|
|
111
|
+
* sanitized at parse time; see the module header's trust-boundary note. */
|
|
112
|
+
readonly sessions: {
|
|
113
|
+
readonly scanned: number;
|
|
114
|
+
readonly justificationDenials: number;
|
|
115
|
+
readonly egressBlocks: number;
|
|
116
|
+
readonly hookBlocks: number;
|
|
117
|
+
readonly injectionRedactions: number;
|
|
118
|
+
/** Rule-id hit counts parsed from redaction notices, ranked. */
|
|
119
|
+
readonly injectionRuleHits: ReadonlyArray<CountEntry>;
|
|
120
|
+
};
|
|
121
|
+
};
|
|
122
|
+
/**
|
|
123
|
+
* Neutralize a string parsed out of stored session/audit content before it
|
|
124
|
+
* enters the digest (adversarial-review F1). Session `tool_result` content
|
|
125
|
+
* is attacker-reachable — a malicious tool output can embed ANSI escape
|
|
126
|
+
* sequences (rewrite the operator's terminal, forge "ALL CLEAR" lines) or
|
|
127
|
+
* newlines (inject whole fake report lines) into anything the text renderer
|
|
128
|
+
* prints raw. Applied at PARSE time so text, JSON, HTML and the --notify
|
|
129
|
+
* payload all carry only sanitized values: strips C0/C1 control characters
|
|
130
|
+
* (including ESC and line breaks) and clamps the length.
|
|
131
|
+
*/
|
|
132
|
+
export declare function sanitizeContentString(value: string, maxLength?: number): string;
|
|
133
|
+
/**
|
|
134
|
+
* Walk `<rootDir>/.crewhaus/audit` + `<rootDir>/.crewhaus/sessions` and
|
|
135
|
+
* build the windowed rollup. Missing stores yield an empty (but complete)
|
|
136
|
+
* digest — the command is a report, not a gate, so it never throws on an
|
|
137
|
+
* absent or partially-corrupt store; malformed lines are counted instead.
|
|
138
|
+
*/
|
|
139
|
+
export declare function buildSecurityDigest(opts: {
|
|
140
|
+
readonly rootDir: string;
|
|
141
|
+
readonly window: SinceWindow;
|
|
142
|
+
readonly now?: () => number;
|
|
143
|
+
}): SecurityDigest;
|
|
144
|
+
/** Prefixes the runtime writes into `tool_result` event contents on the
|
|
145
|
+
* block tier — the durable residue the session scan keys on. Kept in one
|
|
146
|
+
* place so the digest and its tests cite the same literals as
|
|
147
|
+
* `@crewhaus/runtime-core`'s denial messages. */
|
|
148
|
+
export declare const SESSION_DENIAL_MARKERS: {
|
|
149
|
+
readonly justification: "[justification denied]";
|
|
150
|
+
readonly egress: "[egress denied]";
|
|
151
|
+
readonly hook: "[blocked by hook]";
|
|
152
|
+
};
|
|
153
|
+
/** Render the digest as the CLI's indented text summary lines. */
|
|
154
|
+
export declare function renderSecurityDigestText(d: SecurityDigest): ReadonlyArray<string>;
|
|
155
|
+
/** Render the digest as a self-contained HTML page (no external assets). */
|
|
156
|
+
export declare function renderSecurityDigestHtml(d: SecurityDigest): string;
|
|
157
|
+
/** Thrown by `notifySecurityDigest` on a malformed URL or non-2xx response.
|
|
158
|
+
* The CLI routes it through `die()` — a scheduled digest whose notification
|
|
159
|
+
* silently failed would fabricate assurance, so it exits 1 loudly
|
|
160
|
+
* (mirroring audit-verify's requested-but-unconsulted-anchor stance). */
|
|
161
|
+
export declare class NotifyError extends Error {
|
|
162
|
+
readonly name = "NotifyError";
|
|
163
|
+
}
|
|
164
|
+
/**
|
|
165
|
+
* POST the JSON digest to a webhook. Plain `fetch`, no channel-adapter
|
|
166
|
+
* dependency (see module header); Slack users wrap the payload — incoming
|
|
167
|
+
* webhooks accept `{ text }`, not arbitrary JSON.
|
|
168
|
+
*
|
|
169
|
+
* A plain-http URL is allowed (local tunnels/dev receivers) but warned about
|
|
170
|
+
* on stderr (adversarial-review F3): the digest is security telemetry —
|
|
171
|
+
* denial counts, tool names, judge reasons — and posting it cleartext leaks
|
|
172
|
+
* it to every on-path observer. `warn` is injectable for tests.
|
|
173
|
+
*/
|
|
174
|
+
export declare function notifySecurityDigest(url: string, digest: SecurityDigest, fetchImpl?: typeof fetch, warn?: (line: string) => void): Promise<void>;
|