governance-sdk 0.5.0

package/dist/plugins/bedrock.js

@@ -0,0 +1,155 @@
+/**
+ * governance-sdk AWS Bedrock Agents Plugin
+ *
+ * Integrates governance enforcement into AWS Bedrock agent invocations.
+ * Wraps invokeAgent calls and action group execution with policy checks.
+ *
+ * @example
+ * ```ts
+ * import { createGovernance, blockTools } from 'governance-sdk';
+ * import { createGovernedBedrock } from 'governance-sdk/plugins/bedrock';
+ *
+ * const gov = createGovernance({
+ *   rules: [blockTools(['delete_records', 'send_email'])],
+ * });
+ *
+ * const { invokeAgent, guardActionGroup } = await createGovernedBedrock(
+ *   gov, originalInvokeAgent, {
+ *     agentName: 'bedrock-assistant',
+ *     owner: 'cloud-team',
+ *   },
+ * );
+ *
+ * // Use governed invokeAgent instead of direct SDK call
+ * const response = await invokeAgent({ agentId: '...', ... });
+ * ```
+ */
+// ─── Blocked Error ──────────────────────────────────────────
+export class GovernanceBlockedError extends Error {
+    decision;
+    toolName;
+    constructor(decision, toolName) {
+        super(`Governance blocked: ${decision.reason} (tool: ${toolName})`);
+        this.name = "GovernanceBlockedError";
+        this.decision = decision;
+        this.toolName = toolName;
+    }
+}
+// ─── Shared Helpers ─────────────────────────────────────────
+function buildRegistration(config) {
+    return {
+        name: config.agentName,
+        framework: config.framework ?? "bedrock",
+        owner: config.owner,
+        description: config.description,
+        version: config.version,
+        channels: config.channels,
+        tools: config.tools,
+        hasAuth: config.hasAuth ?? true, // Bedrock uses IAM auth by default
+        hasGuardrails: config.hasGuardrails,
+        hasObservability: config.hasObservability,
+        hasAuditLog: true,
+        permissions: config.permissions,
+        metadata: config.metadata,
+    };
+}
+function createEnforcer(governance, agentId, config) {
+    return async (toolName, input) => {
+        const action = config.actionMapper?.(toolName) ?? "tool_call";
+        const decision = await governance.enforce({
+            agentId, agentName: config.agentName, agentLevel: 0,
+            action, tool: toolName, input,
+            sessionTokensUsed: config.sessionTokenTracker?.(),
+        });
+        config.onDecision?.(decision, toolName);
+        if (decision.blocked)
+            config.onBlocked?.(decision, toolName);
+        return decision;
+    };
+}
+function createAuditor(governance, agentId) {
+    return (toolName, outcome, detail) => governance.audit.log({
+        agentId, eventType: "tool_call", outcome,
+        severity: outcome === "failure" ? "warning" : "info",
+        detail: { tool: toolName, ...detail },
+    });
+}
+// ─── Create Governed Bedrock ────────────────────────────────
+/**
+ * Create a governed AWS Bedrock agent wrapper.
+ *
+ * Wraps an existing invokeAgent handler with governance enforcement.
+ * Also provides a guardActionGroup method for action-level governance.
+ */
+export async function createGovernedBedrock(governance, invokeHandler, config) {
+    const reg = buildRegistration(config);
+    const result = await governance.register(reg);
+    const enforce = createEnforcer(governance, result.id, config);
+    const audit = createAuditor(governance, result.id);
+    async function invokeAgent(input) {
+        const toolName = `bedrock:${input.agentId}:${input.agentAliasId}`;
+        const decision = await enforce(toolName, {
+            agentId: input.agentId,
+            agentAliasId: input.agentAliasId,
+            sessionId: input.sessionId,
+            inputText: input.inputText,
+        });
+        if (decision.blocked) {
+            throw new GovernanceBlockedError(decision, toolName);
+        }
+        try {
+            const response = await invokeHandler(input);
+            await audit(toolName, "success", { sessionId: input.sessionId });
+            return response;
+        }
+        catch (error) {
+            await audit(toolName, "failure", {
+                sessionId: input.sessionId,
+                error: error instanceof Error ? error.message : String(error),
+            });
+            throw error;
+        }
+    }
+    async function guardActionGroup(invocation) {
+        const toolName = invocation.actionGroupName;
+        const input = {
+            apiPath: invocation.apiPath,
+            verb: invocation.verb,
+        };
+        if (invocation.parameters) {
+            input.parameters = invocation.parameters.map((p) => ({ name: p.name, value: p.value }));
+        }
+        const decision = await enforce(toolName, input);
+        if (decision.blocked) {
+            await audit(toolName, "failure", { reason: decision.reason, type: "action_group_blocked" });
+        }
+        else {
+            await audit(toolName, "success", { type: "action_group_allowed" });
+        }
+        return decision;
+    }
+    async function guardToolUse(block) {
+        const toolName = block.name;
+        const input = (block.input ?? {});
+        const decision = await enforce(toolName, { toolUseId: block.toolUseId, ...input });
+        if (decision.blocked) {
+            await audit(toolName, "failure", { reason: decision.reason, type: "tool_use_blocked", toolUseId: block.toolUseId });
+        }
+        else {
+            await audit(toolName, "success", { type: "tool_use_allowed", toolUseId: block.toolUseId });
+        }
+        return decision;
+    }
+    return {
+        invokeAgent,
+        guardActionGroup,
+        guardToolUse,
+        agentId: result.id,
+        score: result.score,
+        level: result.level,
+        governance,
+        enforce,
+        audit,
+    };
+}
+//# sourceMappingURL=bedrock.js.map

package/dist/plugins/bedrock.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"bedrock.js","sourceRoot":"","sources":["../../src/plugins/bedrock.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAoBH,+DAA+D;AAE/D,MAAM,OAAO,sBAAuB,SAAQ,KAAK;IAC/B,QAAQ,CAAsB;IAC9B,QAAQ,CAAS;IAEjC,YAAY,QAA6B,EAAE,QAAgB;QACzD,KAAK,CAAC,uBAAuB,QAAQ,CAAC,MAAM,WAAW,QAAQ,GAAG,CAAC,CAAC;QACpE,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAC;QACrC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;CACF;AAED,+DAA+D;AAE/D,SAAS,iBAAiB,CAAC,MAA2B;IACpD,OAAO;QACL,IAAI,EAAE,MAAM,CAAC,SAAS;QACtB,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,SAAS;QACxC,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,IAAI,EAAE,mCAAmC;QACpE,aAAa,EAAE,MAAM,CAAC,aAAa;QACnC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;QACzC,WAAW,EAAE,IAAI;QACjB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,QAAQ,EAAE,MAAM,CAAC,QAAQ;KAC1B,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,UAA8B,EAAE,OAAe,EAAE,MAA2B;IAClG,OAAO,KAAK,EAAE,QAAgB,EAAE,KAA+B,EAAgC,EAAE;QAC/F,MAAM,MAAM,GAAG,MAAM,CAAC,YAAY,EAAE,CAAC,QAAQ,CAAC,IAAK,WAA4B,CAAC;QAChF,MAAM,QAAQ,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC;YACxC,OAAO,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,UAAU,EAAE,CAAC;YACnD,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK;YAC7B,iBAAiB,EAAE,MAAM,CAAC,mBAAmB,EAAE,EAAE;SAClD,CAAC,CAAC;QACH,MAAM,CAAC,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACxC,IAAI,QAAQ,CAAC,OAAO;YAAE,MAAM,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAC7D,OAAO,QAAQ,CAAC;IAClB,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,UAA8B,EAAE,OAAe;IACpE,OAAO,CAAC,QAAgB,EAAE,OAA8B,EAAE,MAAgC,EAAuB,EAAE,CACjH,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC;QACnB,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,OAAO;QACxC,QAAQ,EAAE,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM;QACpD,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,MAAM,EAAE;KACtC,CAAC,CAAC;AACP,CAAC;AAED,+DAA+D;AAE/D;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,UAA8B,EAC9B,aAAmC,EACnC,MAA2B;IAE3B,MAAM,GAAG,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAE9C,MAAM,OAAO,GAAG,cAAc,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IAC9D,MAAM,KAAK,GAAG,aAAa,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;IAEnD,KAAK,UAAU,WAAW,CAAC,KAA8B;QACvD,MAAM,QAAQ,GAAG,WAAW,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,YAAY,EAAE,CAAC;QAClE,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,QAAQ,EAAE;YACvC,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,YAAY,EAAE,KAAK,CAAC,YAAY;YAChC,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,SAAS,EAAE,KAAK,CAAC,SAAS;SAC3B,CAAC,CAAC;QAEH,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;YACrB,MAAM,IAAI,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACvD,CAAC;QAED,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;YAC5C,MAAM,KAAK,CAAC,QAAQ,EAAE,SAAS,EAAE,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;YACjE,OAAO,QAAQ,CAAC;QAClB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,KAAK,CAAC,QAAQ,EAAE,SAAS,EAAE;gBAC/B,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CAAC;YACH,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,UAAU,gBAAgB,CAAC,UAAwC;QACtE,MAAM,QAAQ,GAAG,UAAU,CAAC,eAAe,CAAC;QAC5C,MAAM,KAAK,GAA4B;YACrC,OAAO,EAAE,UAAU,CAAC,OAAO;YAC3B,IAAI,EAAE,UAAU,CAAC,IAAI;SACtB,CAAC;QAEF,IAAI,UAAU,CAAC,UAAU,EAAE,CAAC;YAC1B,KAAK,CAAC,UAAU,GAAG,UAAU,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QAC1F,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QAEhD,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;YACrB,MAAM,KAAK,CAAC,QAAQ,EAAE,SAAS,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,IAAI,EAAE,sBAAsB,EAAE,CAAC,CAAC;QAC9F,CAAC;aAAM,CAAC;YACN,MAAM,KAAK,CAAC,QAAQ,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,sBAAsB,EAAE,CAAC,CAAC;QACrE,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,KAAK,UAAU,YAAY,CAAC,KAA0B;QACpD,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC;QAC5B,MAAM,KAAK,GAAG,CAAC,KAAK,CAAC,KAAK,IAAI,EAAE,CAA4B,CAAC;QAC7D,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,GAAG,KAAK,EAAE,CAAC,CAAC;QAEnF,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;YACrB,MAAM,KAAK,CAAC,QAAQ,EAAE,SAAS,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,IAAI,EAAE,kBAAkB,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;QACtH,CAAC;aAAM,CAAC;YACN,MAAM,KAAK,CAAC,QAAQ,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;QAC7F,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,OAAO;QACL,WAAW;QACX,gBAAgB;QAChB,YAAY;QACZ,OAAO,EAAE,MAAM,CAAC,EAAE;QAClB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,UAAU;QACV,OAAO;QACP,KAAK;KACN,CAAC;AACJ,CAAC"}

package/dist/plugins/cloudflare-ai-types.d.ts

@@ -0,0 +1,85 @@
+/**
+ * Types for the Cloudflare Workers AI governance integration.
+ *
+ * Mirrors Cloudflare AI Gateway and Workers AI shapes targeting the
+ * OpenAI-compatible endpoint (/v1/chat/completions). The native
+ * AI.run() API uses a flatter format — these types target the
+ * OpenAI-compat interface which is more widely adopted.
+ */
+import type { GovernanceInstance, AuditEvent } from "../index";
+import type { EnforcementDecision, PolicyAction } from "../policy";
+import type { AgentFramework } from "../types";
+/** Cloudflare AI tool call shape */
+export interface CloudflareToolCall {
+    name: string;
+    arguments: Record<string, unknown>;
+}
+/** Cloudflare AI tool definition */
+export interface CloudflareToolDefinition {
+    type: "function";
+    function: {
+        name: string;
+        description: string;
+        parameters?: Record<string, unknown>;
+    };
+}
+/** Cloudflare AI message */
+export interface CloudflareMessage {
+    role: "system" | "user" | "assistant" | "tool";
+    content: string | null;
+    name?: string;
+    tool_calls?: CloudflareToolCallMessage[];
+    tool_call_id?: string;
+}
+/** Cloudflare tool call in assistant message */
+export interface CloudflareToolCallMessage {
+    id: string;
+    type: "function";
+    function: {
+        name: string;
+        arguments: string;
+    };
+}
+/** Cloudflare AI Gateway request */
+export interface CloudflareAIGatewayRequest {
+    model: string;
+    messages: CloudflareMessage[];
+    tools?: CloudflareToolDefinition[];
+    /** Controls tool invocation: "auto" (default), "required" (force tool use), "none" (disable) */
+    tool_choice?: "auto" | "required" | "none";
+    stream?: boolean;
+}
+/** Cloudflare AI tool executor */
+export interface CloudflareToolExecutor {
+    name: string;
+    description: string;
+    parameters?: Record<string, unknown>;
+    execute: (args: Record<string, unknown>) => Promise<unknown>;
+}
+export interface GovernCloudflareAIConfig {
+    agentName: string;
+    owner: string;
+    framework?: AgentFramework;
+    description?: string;
+    version?: string;
+    channels?: string[];
+    hasAuth?: boolean;
+    hasGuardrails?: boolean;
+    hasObservability?: boolean;
+    permissions?: Record<string, unknown>;
+    metadata?: Record<string, unknown>;
+    onBlocked?: (decision: EnforcementDecision, toolName: string) => void;
+    onDecision?: (decision: EnforcementDecision, toolName: string) => void;
+    actionMapper?: (toolName: string) => PolicyAction;
+    sessionTokenTracker?: () => number;
+}
+export interface GovernedCloudflareAIResult {
+    tools: CloudflareToolExecutor[];
+    agentId: string;
+    score: number;
+    level: number;
+    governance: GovernanceInstance;
+    enforce: (toolName: string, input?: Record<string, unknown>) => Promise<EnforcementDecision>;
+    audit: (toolName: string, outcome: "success" | "failure", detail?: Record<string, unknown>) => Promise<AuditEvent>;
+}
+//# sourceMappingURL=cloudflare-ai-types.d.ts.map

package/dist/plugins/cloudflare-ai-types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cloudflare-ai-types.d.ts","sourceRoot":"","sources":["../../src/plugins/cloudflare-ai-types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAC/D,OAAO,KAAK,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACnE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAI/C,oCAAoC;AACpC,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,oCAAoC;AACpC,MAAM,WAAW,wBAAwB;IACvC,IAAI,EAAE,UAAU,CAAC;IACjB,QAAQ,EAAE;QACR,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,EAAE,MAAM,CAAC;QACpB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACtC,CAAC;CACH;AAED,4BAA4B;AAC5B,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,QAAQ,GAAG,MAAM,GAAG,WAAW,GAAG,MAAM,CAAC;IAC/C,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,yBAAyB,EAAE,CAAC;IACzC,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,gDAAgD;AAChD,MAAM,WAAW,yBAAyB;IACxC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,UAAU,CAAC;IACjB,QAAQ,EAAE;QACR,IAAI,EAAE,MAAM,CAAC;QACb,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;CACH;AAED,oCAAoC;AACpC,MAAM,WAAW,0BAA0B;IACzC,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,iBAAiB,EAAE,CAAC;IAC9B,KAAK,CAAC,EAAE,wBAAwB,EAAE,CAAC;IACnC,gGAAgG;IAChG,WAAW,CAAC,EAAE,MAAM,GAAG,UAAU,GAAG,MAAM,CAAC;IAC3C,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,kCAAkC;AAClC,MAAM,WAAW,sBAAsB;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,OAAO,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;CAC9D;AAID,MAAM,WAAW,wBAAwB;IACvC,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,cAAc,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACtC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,SAAS,CAAC,EAAE,CAAC,QAAQ,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC;IACtE,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC;IACvE,YAAY,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,YAAY,CAAC;IAClD,mBAAmB,CAAC,EAAE,MAAM,MAAM,CAAC;CACpC;AAID,MAAM,WAAW,0BAA0B;IACzC,KAAK,EAAE,sBAAsB,EAAE,CAAC;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,kBAAkB,CAAC;IAC/B,OAAO,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAC7F,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,GAAG,SAAS,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,UAAU,CAAC,CAAC;CACpH"}

package/dist/plugins/cloudflare-ai-types.js

@@ -0,0 +1,10 @@
+/**
+ * Types for the Cloudflare Workers AI governance integration.
+ *
+ * Mirrors Cloudflare AI Gateway and Workers AI shapes targeting the
+ * OpenAI-compatible endpoint (/v1/chat/completions). The native
+ * AI.run() API uses a flatter format — these types target the
+ * OpenAI-compat interface which is more widely adopted.
+ */
+export {};
+//# sourceMappingURL=cloudflare-ai-types.js.map

package/dist/plugins/cloudflare-ai-types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cloudflare-ai-types.js","sourceRoot":"","sources":["../../src/plugins/cloudflare-ai-types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG"}

package/dist/plugins/cloudflare-ai.d.ts

@@ -0,0 +1,32 @@
+/**
+ * governance-sdk Cloudflare Workers AI Plugin
+ *
+ * Integrates governance enforcement into Cloudflare Workers AI tool execution.
+ * Wraps tool executors with before-action policy checks and audit logging.
+ *
+ * @example
+ * ```ts
+ * import { createGovernance, blockTools } from 'governance-sdk';
+ * import { governCloudflareTools } from 'governance-sdk/plugins/cloudflare-ai';
+ *
+ * const gov = createGovernance({
+ *   rules: [blockTools(['shell_exec', 'file_delete'])],
+ * });
+ *
+ * const { tools } = await governCloudflareTools(gov, myToolExecutors, {
+ *   agentName: 'edge-agent',
+ *   owner: 'platform-team',
+ * });
+ * ```
+ */
+import type { GovernanceInstance } from "../index";
+import type { EnforcementDecision } from "../policy";
+import type { CloudflareToolExecutor, GovernCloudflareAIConfig, GovernedCloudflareAIResult } from "./cloudflare-ai-types.js";
+export type { CloudflareToolCall, CloudflareToolDefinition, CloudflareMessage, CloudflareToolCallMessage, CloudflareAIGatewayRequest, CloudflareToolExecutor, GovernCloudflareAIConfig, GovernedCloudflareAIResult, } from "./cloudflare-ai-types.js";
+export declare class GovernanceBlockedError extends Error {
+    readonly decision: EnforcementDecision;
+    readonly toolName: string;
+    constructor(decision: EnforcementDecision, toolName: string);
+}
+export declare function governCloudflareTools(governance: GovernanceInstance, tools: CloudflareToolExecutor[], config: GovernCloudflareAIConfig): Promise<GovernedCloudflareAIResult>;
+//# sourceMappingURL=cloudflare-ai.d.ts.map

package/dist/plugins/cloudflare-ai.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cloudflare-ai.d.ts","sourceRoot":"","sources":["../../src/plugins/cloudflare-ai.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAc,MAAM,UAAU,CAAC;AAC/D,OAAO,KAAK,EAAE,mBAAmB,EAAgB,MAAM,WAAW,CAAC;AAEnE,OAAO,KAAK,EACV,sBAAsB,EACtB,wBAAwB,EAAE,0BAA0B,EACrD,MAAM,0BAA0B,CAAC;AAGlC,YAAY,EACV,kBAAkB,EAAE,wBAAwB,EAAE,iBAAiB,EAC/D,yBAAyB,EAAE,0BAA0B,EAAE,sBAAsB,EAC7E,wBAAwB,EAAE,0BAA0B,GACrD,MAAM,0BAA0B,CAAC;AAIlC,qBAAa,sBAAuB,SAAQ,KAAK;IAC/C,SAAgB,QAAQ,EAAE,mBAAmB,CAAC;IAC9C,SAAgB,QAAQ,EAAE,MAAM,CAAC;gBAErB,QAAQ,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM;CAM5D;AAqED,wBAAsB,qBAAqB,CACzC,UAAU,EAAE,kBAAkB,EAC9B,KAAK,EAAE,sBAAsB,EAAE,EAC/B,MAAM,EAAE,wBAAwB,GAC/B,OAAO,CAAC,0BAA0B,CAAC,CAiBrC"}

package/dist/plugins/cloudflare-ai.js

@@ -0,0 +1,108 @@
+/**
+ * governance-sdk Cloudflare Workers AI Plugin
+ *
+ * Integrates governance enforcement into Cloudflare Workers AI tool execution.
+ * Wraps tool executors with before-action policy checks and audit logging.
+ *
+ * @example
+ * ```ts
+ * import { createGovernance, blockTools } from 'governance-sdk';
+ * import { governCloudflareTools } from 'governance-sdk/plugins/cloudflare-ai';
+ *
+ * const gov = createGovernance({
+ *   rules: [blockTools(['shell_exec', 'file_delete'])],
+ * });
+ *
+ * const { tools } = await governCloudflareTools(gov, myToolExecutors, {
+ *   agentName: 'edge-agent',
+ *   owner: 'platform-team',
+ * });
+ * ```
+ */
+// ─── Blocked Error ──────────────────────────────────────────
+export class GovernanceBlockedError extends Error {
+    decision;
+    toolName;
+    constructor(decision, toolName) {
+        super(`Governance blocked: ${decision.reason} (tool: ${toolName})`);
+        this.name = "GovernanceBlockedError";
+        this.decision = decision;
+        this.toolName = toolName;
+    }
+}
+// ─── Shared Helpers ─────────────────────────────────────────
+function buildRegistration(config, toolNames) {
+    return {
+        name: config.agentName,
+        framework: config.framework ?? "custom",
+        owner: config.owner,
+        description: config.description,
+        version: config.version,
+        channels: config.channels,
+        tools: toolNames,
+        hasAuth: config.hasAuth,
+        hasGuardrails: config.hasGuardrails,
+        hasObservability: config.hasObservability,
+        hasAuditLog: true,
+        permissions: config.permissions,
+        metadata: { ...config.metadata, runtime: "cloudflare-workers" },
+    };
+}
+function createEnforcer(governance, agentId, config) {
+    return async (toolName, input) => {
+        const action = config.actionMapper?.(toolName) ?? "tool_call";
+        const decision = await governance.enforce({
+            agentId, agentName: config.agentName, agentLevel: 0,
+            action, tool: toolName, input,
+            sessionTokensUsed: config.sessionTokenTracker?.(),
+        });
+        config.onDecision?.(decision, toolName);
+        if (decision.blocked)
+            config.onBlocked?.(decision, toolName);
+        return decision;
+    };
+}
+function createAuditor(governance, agentId) {
+    return (toolName, outcome, detail) => governance.audit.log({
+        agentId, eventType: "tool_call", outcome,
+        severity: outcome === "failure" ? "warning" : "info",
+        detail: { tool: toolName, ...detail },
+    });
+}
+function wrapTool(tool, enforce, audit) {
+    return {
+        ...tool,
+        execute: async (args) => {
+            const decision = await enforce(tool.name, args);
+            if (decision.blocked)
+                throw new GovernanceBlockedError(decision, tool.name);
+            try {
+                const output = await tool.execute(args);
+                await audit(tool.name, "success");
+                return output;
+            }
+            catch (error) {
+                await audit(tool.name, "failure", { error: error instanceof Error ? error.message : String(error) });
+                throw error;
+            }
+        },
+    };
+}
+// ─── Govern Cloudflare Tools ────────────────────────────────
+export async function governCloudflareTools(governance, tools, config) {
+    const toolNames = tools.map((t) => t.name);
+    const reg = buildRegistration(config, toolNames);
+    const result = await governance.register(reg);
+    const enforce = createEnforcer(governance, result.id, config);
+    const audit = createAuditor(governance, result.id);
+    return {
+        tools: tools.map((tool) => wrapTool(tool, enforce, audit)),
+        agentId: result.id,
+        score: result.score,
+        level: result.level,
+        governance,
+        enforce,
+        audit,
+    };
+}
+//# sourceMappingURL=cloudflare-ai.js.map

package/dist/plugins/cloudflare-ai.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cloudflare-ai.js","sourceRoot":"","sources":["../../src/plugins/cloudflare-ai.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAiBH,+DAA+D;AAE/D,MAAM,OAAO,sBAAuB,SAAQ,KAAK;IAC/B,QAAQ,CAAsB;IAC9B,QAAQ,CAAS;IAEjC,YAAY,QAA6B,EAAE,QAAgB;QACzD,KAAK,CAAC,uBAAuB,QAAQ,CAAC,MAAM,WAAW,QAAQ,GAAG,CAAC,CAAC;QACpE,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAC;QACrC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;CACF;AAED,+DAA+D;AAE/D,SAAS,iBAAiB,CAAC,MAAgC,EAAE,SAAmB;IAC9E,OAAO;QACL,IAAI,EAAE,MAAM,CAAC,SAAS;QACtB,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,QAAQ;QACvC,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,KAAK,EAAE,SAAS;QAChB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,aAAa,EAAE,MAAM,CAAC,aAAa;QACnC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;QACzC,WAAW,EAAE,IAAI;QACjB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,QAAQ,EAAE,EAAE,GAAG,MAAM,CAAC,QAAQ,EAAE,OAAO,EAAE,oBAAoB,EAAE;KAChE,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,UAA8B,EAAE,OAAe,EAAE,MAAgC;IACvG,OAAO,KAAK,EAAE,QAAgB,EAAE,KAA+B,EAAgC,EAAE;QAC/F,MAAM,MAAM,GAAG,MAAM,CAAC,YAAY,EAAE,CAAC,QAAQ,CAAC,IAAK,WAA4B,CAAC;QAChF,MAAM,QAAQ,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC;YACxC,OAAO,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,UAAU,EAAE,CAAC;YACnD,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK;YAC7B,iBAAiB,EAAE,MAAM,CAAC,mBAAmB,EAAE,EAAE;SAClD,CAAC,CAAC;QACH,MAAM,CAAC,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACxC,IAAI,QAAQ,CAAC,OAAO;YAAE,MAAM,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAC7D,OAAO,QAAQ,CAAC;IAClB,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,UAA8B,EAAE,OAAe;IACpE,OAAO,CAAC,QAAgB,EAAE,OAA8B,EAAE,MAAgC,EAAuB,EAAE,CACjH,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC;QACnB,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,OAAO;QACxC,QAAQ,EAAE,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM;QACpD,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,MAAM,EAAE;KACtC,CAAC,CAAC;AACP,CAAC;AAED,SAAS,QAAQ,CACf,IAA4B,EAC5B,OAA0C,EAC1C,KAAuC;IAEvC,OAAO;QACL,GAAG,IAAI;QACP,OAAO,EAAE,KAAK,EAAE,IAA6B,EAAoB,EAAE;YACjE,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YAChD,IAAI,QAAQ,CAAC,OAAO;gBAAE,MAAM,IAAI,sBAAsB,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YAC5E,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;gBACxC,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;gBAClC,OAAO,MAAM,CAAC;YAChB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,EAAE,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;gBACrG,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC;AAED,+DAA+D;AAE/D,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,UAA8B,EAC9B,KAA+B,EAC/B,MAAgC;IAEhC,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,iBAAiB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAE9C,MAAM,OAAO,GAAG,cAAc,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IAC9D,MAAM,KAAK,GAAG,aAAa,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;IAEnD,OAAO;QACL,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QAC1D,OAAO,EAAE,MAAM,CAAC,EAAE;QAClB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,UAAU;QACV,OAAO;QACP,KAAK;KACN,CAAC;AACJ,CAAC"}

package/dist/plugins/composio-types.d.ts

@@ -0,0 +1,96 @@
+/**
+ * Types for the Composio governance integration.
+ *
+ * Mirrors @composio/core v0.6+ shapes without requiring the SDK
+ * as a dependency. Structurally compatible at runtime.
+ *
+ * NOTE: Composio SDK migrated from composio-core to @composio/core.
+ * "Actions" are now "Tools", "Apps" are now "Toolkits",
+ * "Integrations" are now "Auth Configs", "Connections" are now
+ * "Connected Accounts", "Entity ID" is now "User ID".
+ */
+import type { GovernanceInstance, AuditEvent } from "../index";
+import type { EnforcementDecision, PolicyAction } from "../policy";
+import type { AgentFramework } from "../types";
+/** Composio tool (formerly "action") — v3 uses session-based execution */
+export interface ComposioTool {
+    /** Tool slug identifier (e.g. "GITHUB_CREATE_ISSUE") */
+    name: string;
+    description?: string;
+    /** Toolkit slug (formerly "appName") */
+    toolkitSlug?: string;
+    parameters?: Record<string, unknown>;
+    /** Tool version — e.g. "20250909_00" or "latest". SDK field name is `version`, not `toolkitVersion`. */
+    version?: string;
+    /**
+     * v3 tools are executed via session.tools() + execute pattern,
+     * not via composio.tools.execute() (deprecated). This field supports wrapper patterns.
+     */
+    execute?: (params: Record<string, unknown>) => Promise<ComposioToolResult>;
+}
+/** Composio tool execution result */
+export interface ComposioToolResult {
+    successful: boolean;
+    data?: unknown;
+    error?: string | null;
+}
+/** Composio connected account (formerly "connection") */
+export interface ComposioConnectedAccount {
+    /** User ID (formerly "entityId") */
+    userId: string;
+    /** Toolkit slug (formerly "appName") */
+    toolkitSlug: string;
+    connectedAccountId: string;
+    status: "active" | "inactive" | "expired" | "initiated";
+}
+/** Composio trigger */
+export interface ComposioTrigger {
+    name: string;
+    toolkitSlug: string;
+    description?: string;
+    config?: Record<string, unknown>;
+}
+/** @deprecated Use ComposioTool instead */
+export type ComposioAction = ComposioTool;
+/** @deprecated Use ComposioToolResult instead */
+export type ComposioActionResult = ComposioToolResult;
+/** @deprecated Use ComposioConnectedAccount instead */
+export type ComposioConnection = ComposioConnectedAccount;
+export interface GovernComposioConfig {
+    agentName: string;
+    owner: string;
+    /** User ID for Composio session (formerly "entityId") */
+    userId?: string;
+    /** Session ID for correlating meta tool calls */
+    sessionId?: string;
+    framework?: AgentFramework;
+    description?: string;
+    version?: string;
+    channels?: string[];
+    hasAuth?: boolean;
+    hasGuardrails?: boolean;
+    hasObservability?: boolean;
+    permissions?: Record<string, unknown>;
+    metadata?: Record<string, unknown>;
+    onBlocked?: (decision: EnforcementDecision, toolName: string) => void;
+    onDecision?: (decision: EnforcementDecision, toolName: string) => void;
+    actionMapper?: (toolName: string) => PolicyAction;
+    sessionTokenTracker?: () => number;
+    /** Map toolkit slugs to policy actions */
+    toolkitActionMapper?: (toolkitSlug: string) => PolicyAction;
+    /** @deprecated Use toolkitActionMapper instead */
+    appActionMapper?: (appName: string) => PolicyAction;
+}
+export interface GovernedComposioResult {
+    /** Governed tools (formerly "actions") */
+    tools: ComposioTool[];
+    /** @deprecated Use tools instead */
+    actions: ComposioTool[];
+    agentId: string;
+    score: number;
+    level: number;
+    governance: GovernanceInstance;
+    enforce: (toolName: string, input?: Record<string, unknown>) => Promise<EnforcementDecision>;
+    audit: (toolName: string, outcome: "success" | "failure", detail?: Record<string, unknown>) => Promise<AuditEvent>;
+}
+//# sourceMappingURL=composio-types.d.ts.map

package/dist/plugins/composio-types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"composio-types.d.ts","sourceRoot":"","sources":["../../src/plugins/composio-types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAC/D,OAAO,KAAK,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACnE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAI/C,0EAA0E;AAC1E,MAAM,WAAW,YAAY;IAC3B,wDAAwD;IACxD,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,wCAAwC;IACxC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,wGAAwG;IACxG,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;OAGG;IACH,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;CAC5E;AAED,qCAAqC;AACrC,MAAM,WAAW,kBAAkB;IACjC,UAAU,EAAE,OAAO,CAAC;IACpB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACvB;AAED,yDAAyD;AACzD,MAAM,WAAW,wBAAwB;IACvC,oCAAoC;IACpC,MAAM,EAAE,MAAM,CAAC;IACf,wCAAwC;IACxC,WAAW,EAAE,MAAM,CAAC;IACpB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,MAAM,EAAE,QAAQ,GAAG,UAAU,GAAG,SAAS,GAAG,WAAW,CAAC;CACzD;AAED,uBAAuB;AACvB,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAID,2CAA2C;AAC3C,MAAM,MAAM,cAAc,GAAG,YAAY,CAAC;AAE1C,iDAAiD;AACjD,MAAM,MAAM,oBAAoB,GAAG,kBAAkB,CAAC;AAEtD,uDAAuD;AACvD,MAAM,MAAM,kBAAkB,GAAG,wBAAwB,CAAC;AAI1D,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,yDAAyD;IACzD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,iDAAiD;IACjD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,cAAc,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACtC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,SAAS,CAAC,EAAE,CAAC,QAAQ,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC;IACtE,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC;IACvE,YAAY,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,YAAY,CAAC;IAClD,mBAAmB,CAAC,EAAE,MAAM,MAAM,CAAC;IACnC,0CAA0C;IAC1C,mBAAmB,CAAC,EAAE,CAAC,WAAW,EAAE,MAAM,KAAK,YAAY,CAAC;IAC5D,kDAAkD;IAClD,eAAe,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,YAAY,CAAC;CACrD;AAID,MAAM,WAAW,sBAAsB;IACrC,0CAA0C;IAC1C,KAAK,EAAE,YAAY,EAAE,CAAC;IACtB,oCAAoC;IACpC,OAAO,EAAE,YAAY,EAAE,CAAC;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,kBAAkB,CAAC;IAC/B,OAAO,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAC7F,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,GAAG,SAAS,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,UAAU,CAAC,CAAC;CACpH"}

package/dist/plugins/composio-types.js

@@ -0,0 +1,13 @@
+/**
+ * Types for the Composio governance integration.
+ *
+ * Mirrors @composio/core v0.6+ shapes without requiring the SDK
+ * as a dependency. Structurally compatible at runtime.
+ *
+ * NOTE: Composio SDK migrated from composio-core to @composio/core.
+ * "Actions" are now "Tools", "Apps" are now "Toolkits",
+ * "Integrations" are now "Auth Configs", "Connections" are now
+ * "Connected Accounts", "Entity ID" is now "User ID".
+ */
+export {};
+//# sourceMappingURL=composio-types.js.map

package/dist/plugins/composio-types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"composio-types.js","sourceRoot":"","sources":["../../src/plugins/composio-types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG"}

package/dist/plugins/composio.d.ts

@@ -0,0 +1,37 @@
+/**
+ * governance-sdk Composio Plugin
+ *
+ * Integrates governance enforcement into Composio tool execution.
+ * Wraps tools with before-action policy checks and audit logging.
+ *
+ * Updated for @composio/core v0.6+ (Actions→Tools, Apps→Toolkits).
+ *
+ * @example
+ * ```ts
+ * import { createGovernance, blockTools } from 'governance-sdk';
+ * import { governComposioTools } from 'governance-sdk/plugins/composio';
+ *
+ * const gov = createGovernance({
+ *   rules: [blockTools(['GMAIL_SEND_EMAIL'])],
+ * });
+ *
+ * const { tools } = await governComposioTools(gov, myTools, {
+ *   agentName: 'composio-agent',
+ *   owner: 'integration-team',
+ * });
+ * ```
+ */
+import type { GovernanceInstance } from "../index";
+import type { EnforcementDecision } from "../policy";
+import type { ComposioTool, GovernComposioConfig, GovernedComposioResult } from "./composio-types.js";
+export type { ComposioTool, ComposioToolResult, ComposioConnectedAccount, ComposioTrigger, ComposioAction, ComposioActionResult, ComposioConnection, GovernComposioConfig, GovernedComposioResult, } from "./composio-types.js";
+export declare class GovernanceBlockedError extends Error {
+    readonly decision: EnforcementDecision;
+    readonly toolName: string;
+    constructor(decision: EnforcementDecision, toolName: string);
+}
+/** Govern Composio tools (v0.6+ API) */
+export declare function governComposioTools(governance: GovernanceInstance, tools: ComposioTool[], config: GovernComposioConfig): Promise<GovernedComposioResult>;
+/** @deprecated Use governComposioTools instead */
+export declare const governComposioActions: typeof governComposioTools;
+//# sourceMappingURL=composio.d.ts.map

package/dist/plugins/composio.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"composio.d.ts","sourceRoot":"","sources":["../../src/plugins/composio.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAc,MAAM,UAAU,CAAC;AAC/D,OAAO,KAAK,EAAE,mBAAmB,EAAgB,MAAM,WAAW,CAAC;AAEnE,OAAO,KAAK,EACV,YAAY,EACZ,oBAAoB,EAAE,sBAAsB,EAC7C,MAAM,qBAAqB,CAAC;AAG7B,YAAY,EACV,YAAY,EAAE,kBAAkB,EAAE,wBAAwB,EAAE,eAAe,EAC3E,cAAc,EAAE,oBAAoB,EAAE,kBAAkB,EACxD,oBAAoB,EAAE,sBAAsB,GAC7C,MAAM,qBAAqB,CAAC;AAI7B,qBAAa,sBAAuB,SAAQ,KAAK;IAC/C,SAAgB,QAAQ,EAAE,mBAAmB,CAAC;IAC9C,SAAgB,QAAQ,EAAE,MAAM,CAAC;gBAErB,QAAQ,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM;CAM5D;AAkDD,wCAAwC;AACxC,wBAAsB,mBAAmB,CACvC,UAAU,EAAE,kBAAkB,EAC9B,KAAK,EAAE,YAAY,EAAE,EACrB,MAAM,EAAE,oBAAoB,GAC3B,OAAO,CAAC,sBAAsB,CAAC,CAqCjC;AAED,kDAAkD;AAClD,eAAO,MAAM,qBAAqB,4BAAsB,CAAC"}