governance-sdk 0.5.0

package/dist/plugins/deno.js

@@ -0,0 +1,129 @@
+/**
+ * governance-sdk Deno AI Plugin
+ *
+ * Integrates governance enforcement into Deno-native AI agent patterns.
+ * Wraps tools with policy checks and integrates with Deno's permission model.
+ *
+ * @example
+ * ```ts
+ * import { createGovernance, blockTools } from 'governance-sdk';
+ * import { governDenoAgent } from 'governance-sdk/plugins/deno';
+ *
+ * const gov = createGovernance({
+ *   rules: [blockTools(['file_delete', 'shell_exec'])],
+ * });
+ *
+ * const { agent } = await governDenoAgent(gov, {
+ *   name: 'deno-agent',
+ *   tools: [readFileTool, writeFileTool],
+ *   permissions: [{ name: 'read', path: '/data' }],
+ * }, {
+ *   agentName: 'deno-agent',
+ *   owner: 'platform-team',
+ * });
+ * ```
+ */
+// ─── Blocked Error ──────────────────────────────────────────
+export class GovernanceBlockedError extends Error {
+    decision;
+    toolName;
+    constructor(decision, toolName) {
+        super(`Governance blocked: ${decision.reason} (tool: ${toolName})`);
+        this.name = "GovernanceBlockedError";
+        this.decision = decision;
+        this.toolName = toolName;
+    }
+}
+// ─── Shared Helpers ─────────────────────────────────────────
+function buildRegistration(config, toolNames, permissions) {
+    return {
+        name: config.agentName,
+        framework: config.framework ?? "custom",
+        owner: config.owner,
+        description: config.description,
+        version: config.version,
+        channels: config.channels,
+        tools: toolNames,
+        hasAuth: config.hasAuth,
+        hasGuardrails: config.hasGuardrails,
+        hasObservability: config.hasObservability,
+        hasAuditLog: true,
+        permissions: {
+            ...config.permissions,
+            denoPermissions: permissions?.map((p) => p.name),
+        },
+        metadata: { ...config.metadata, runtime: "deno" },
+    };
+}
+function createEnforcer(governance, agentId, config) {
+    return async (toolName, input) => {
+        const action = config.actionMapper?.(toolName) ?? "tool_call";
+        const decision = await governance.enforce({
+            agentId, agentName: config.agentName, agentLevel: 0,
+            action, tool: toolName, input,
+            sessionTokensUsed: config.sessionTokenTracker?.(),
+        });
+        config.onDecision?.(decision, toolName);
+        if (decision.blocked)
+            config.onBlocked?.(decision, toolName);
+        return decision;
+    };
+}
+function createAuditor(governance, agentId) {
+    return (toolName, outcome, detail) => governance.audit.log({
+        agentId, eventType: "tool_call", outcome,
+        severity: outcome === "failure" ? "warning" : "info",
+        detail: { tool: toolName, ...detail },
+    });
+}
+function wrapTool(tool, enforce, audit) {
+    return {
+        ...tool,
+        execute: async (args) => {
+            const decision = await enforce(tool.name, args);
+            if (decision.blocked)
+                throw new GovernanceBlockedError(decision, tool.name);
+            try {
+                const output = await tool.execute(args);
+                await audit(tool.name, "success");
+                return output;
+            }
+            catch (error) {
+                await audit(tool.name, "failure", { error: error instanceof Error ? error.message : String(error) });
+                throw error;
+            }
+        },
+    };
+}
+// ─── Govern Deno Agent ──────────────────────────────────────
+export async function governDenoAgent(governance, agent, config) {
+    const toolNames = agent.tools.map((t) => t.name);
+    const reg = buildRegistration(config, toolNames, agent.permissions);
+    const result = await governance.register(reg);
+    const enforce = createEnforcer(governance, result.id, config);
+    const audit = createAuditor(governance, result.id);
+    return {
+        agent: { ...agent, tools: agent.tools.map((tool) => wrapTool(tool, enforce, audit)) },
+        agentId: result.id,
+        score: result.score,
+        level: result.level,
+        governance,
+        enforce,
+        audit,
+    };
+}
+// ─── Govern Deno Tools ──────────────────────────────────────
+export async function governDenoTools(governance, tools, config) {
+    const toolNames = tools.map((t) => t.name);
+    const reg = buildRegistration(config, toolNames);
+    const result = await governance.register(reg);
+    const enforce = createEnforcer(governance, result.id, config);
+    const audit = createAuditor(governance, result.id);
+    return {
+        tools: tools.map((tool) => wrapTool(tool, enforce, audit)),
+        agentId: result.id,
+        score: result.score,
+        level: result.level,
+    };
+}
+//# sourceMappingURL=deno.js.map

package/dist/plugins/deno.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"deno.js","sourceRoot":"","sources":["../../src/plugins/deno.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAgBH,+DAA+D;AAE/D,MAAM,OAAO,sBAAuB,SAAQ,KAAK;IAC/B,QAAQ,CAAsB;IAC9B,QAAQ,CAAS;IAEjC,YAAY,QAA6B,EAAE,QAAgB;QACzD,KAAK,CAAC,uBAAuB,QAAQ,CAAC,MAAM,WAAW,QAAQ,GAAG,CAAC,CAAC;QACpE,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAC;QACrC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;CACF;AAED,+DAA+D;AAE/D,SAAS,iBAAiB,CAAC,MAAwB,EAAE,SAAmB,EAAE,WAAwC;IAChH,OAAO;QACL,IAAI,EAAE,MAAM,CAAC,SAAS;QACtB,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,QAAQ;QACvC,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,KAAK,EAAE,SAAS;QAChB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,aAAa,EAAE,MAAM,CAAC,aAAa;QACnC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;QACzC,WAAW,EAAE,IAAI;QACjB,WAAW,EAAE;YACX,GAAG,MAAM,CAAC,WAAW;YACrB,eAAe,EAAE,WAAW,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;SACjD;QACD,QAAQ,EAAE,EAAE,GAAG,MAAM,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE;KAClD,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,UAA8B,EAAE,OAAe,EAAE,MAAwB;IAC/F,OAAO,KAAK,EAAE,QAAgB,EAAE,KAA+B,EAAgC,EAAE;QAC/F,MAAM,MAAM,GAAG,MAAM,CAAC,YAAY,EAAE,CAAC,QAAQ,CAAC,IAAK,WAA4B,CAAC;QAChF,MAAM,QAAQ,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC;YACxC,OAAO,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,UAAU,EAAE,CAAC;YACnD,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK;YAC7B,iBAAiB,EAAE,MAAM,CAAC,mBAAmB,EAAE,EAAE;SAClD,CAAC,CAAC;QACH,MAAM,CAAC,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACxC,IAAI,QAAQ,CAAC,OAAO;YAAE,MAAM,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAC7D,OAAO,QAAQ,CAAC;IAClB,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,UAA8B,EAAE,OAAe;IACpE,OAAO,CAAC,QAAgB,EAAE,OAA8B,EAAE,MAAgC,EAAuB,EAAE,CACjH,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC;QACnB,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,OAAO;QACxC,QAAQ,EAAE,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM;QACpD,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,MAAM,EAAE;KACtC,CAAC,CAAC;AACP,CAAC;AAED,SAAS,QAAQ,CACf,IAAc,EACd,OAA0C,EAC1C,KAAuC;IAEvC,OAAO;QACL,GAAG,IAAI;QACP,OAAO,EAAE,KAAK,EAAE,IAA6B,EAAoB,EAAE;YACjE,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YAChD,IAAI,QAAQ,CAAC,OAAO;gBAAE,MAAM,IAAI,sBAAsB,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YAC5E,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;gBACxC,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;gBAClC,OAAO,MAAM,CAAC;YAChB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,EAAE,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;gBACrG,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC;AAED,+DAA+D;AAE/D,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,UAA8B,EAC9B,KAAgB,EAChB,MAAwB;IAExB,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACjD,MAAM,GAAG,GAAG,iBAAiB,CAAC,MAAM,EAAE,SAAS,EAAE,KAAK,CAAC,WAAW,CAAC,CAAC;IACpE,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAE9C,MAAM,OAAO,GAAG,cAAc,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IAC9D,MAAM,KAAK,GAAG,aAAa,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;IAEnD,OAAO;QACL,KAAK,EAAE,EAAE,GAAG,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,EAAE;QACrF,OAAO,EAAE,MAAM,CAAC,EAAE;QAClB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,UAAU;QACV,OAAO;QACP,KAAK;KACN,CAAC;AACJ,CAAC;AAED,+DAA+D;AAE/D,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,UAA8B,EAC9B,KAAiB,EACjB,MAAwB;IAExB,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,iBAAiB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAE9C,MAAM,OAAO,GAAG,cAAc,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IAC9D,MAAM,KAAK,GAAG,aAAa,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;IAEnD,OAAO;QACL,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QAC1D,OAAO,EAAE,MAAM,CAAC,EAAE;QAClB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,KAAK,EAAE,MAAM,CAAC,KAAK;KACpB,CAAC;AACJ,CAAC"}

package/dist/plugins/e2b-types.d.ts

@@ -0,0 +1,140 @@
+/**
+ * Types for the E2B sandbox governance integration.
+ *
+ * Mirrors e2b v1.x / @e2b/code-interpreter v1.5+ shapes without
+ * requiring the SDK as a dependency. Structurally compatible at runtime.
+ */
+import type { GovernanceInstance, AuditEvent } from "../index";
+import type { EnforcementDecision, PolicyAction } from "../policy";
+import type { AgentFramework } from "../types";
+/** E2B OutputMessage from code interpreter kernel */
+export interface E2BOutputMessage {
+    line: string;
+    timestamp: number;
+    error: boolean;
+}
+/** E2B code execution request (matches @e2b/code-interpreter RunCodeOpts) */
+export interface E2BCodeExecution {
+    code: string;
+    /** Language for the code interpreter kernel (defaults to "python") */
+    language?: string;
+    /** Code execution timeout in milliseconds (default: 60,000) */
+    timeoutMs?: number;
+    /** API request timeout in milliseconds (default: 30,000) */
+    requestTimeoutMs?: number;
+    envs?: Record<string, string>;
+    /** Callback for stdout output */
+    onStdout?: (output: E2BOutputMessage) => void | Promise<void>;
+    /** Callback for stderr output */
+    onStderr?: (output: E2BOutputMessage) => void | Promise<void>;
+    /** Callback for execution result data */
+    onResult?: (data: E2BResult) => void | Promise<void>;
+    /** Callback for execution error */
+    onError?: (error: E2BError) => void | Promise<void>;
+}
+/** E2B execution result (mirrors SDK Execution class) */
+export interface E2BExecutionResult {
+    text?: string;
+    results: E2BResult[];
+    error?: E2BError;
+    logs: {
+        stdout: string[];
+        stderr: string[];
+    };
+    /** Execution count from the kernel */
+    executionCount?: number;
+}
+/** E2B individual result (mirrors SDK Result class) */
+export interface E2BResult {
+    text?: string;
+    html?: string;
+    markdown?: string;
+    svg?: string;
+    png?: string;
+    jpeg?: string;
+    pdf?: string;
+    latex?: string;
+    json?: string;
+    javascript?: string;
+    data?: Record<string, unknown>;
+    chart?: Record<string, unknown>;
+    extra?: Record<string, unknown>;
+    raw: Record<string, unknown>;
+    isMainResult: boolean;
+}
+/** E2B error */
+export interface E2BError {
+    name: string;
+    value: string;
+    traceback: string;
+}
+/** E2B filesystem operation (matches Sandbox.files methods) */
+export interface E2BFilesystemOp {
+    operation: "read" | "write" | "list" | "remove" | "exists" | "makeDir" | "rename" | "watchDir" | "getInfo";
+    path: string;
+    content?: string | ArrayBuffer | Blob | ReadableStream;
+    /** Destination path for rename operations */
+    destPath?: string;
+    /** Read format */
+    format?: "text" | "bytes" | "blob" | "stream";
+    /** Request timeout in milliseconds (default: 30,000) */
+    requestTimeoutMs?: number;
+}
+/** E2B command execution (matches Sandbox.commands.run / commands.start) */
+export interface E2BCommandExecution {
+    command: string;
+    cwd?: string;
+    envs?: Record<string, string>;
+    /** Command timeout in milliseconds (default: 60,000) */
+    timeoutMs?: number;
+    /** API request timeout in milliseconds (default: 30,000) */
+    requestTimeoutMs?: number;
+    /** Run command in background */
+    background?: boolean;
+    /** User to run as (default: "user") */
+    user?: string;
+    /** Callback for stdout */
+    onStdout?: (data: string) => void | Promise<void>;
+    /** Callback for stderr */
+    onStderr?: (data: string) => void | Promise<void>;
+}
+export interface GovernE2BConfig {
+    agentName: string;
+    owner: string;
+    framework?: AgentFramework;
+    description?: string;
+    version?: string;
+    channels?: string[];
+    hasAuth?: boolean;
+    hasGuardrails?: boolean;
+    hasObservability?: boolean;
+    permissions?: Record<string, unknown>;
+    metadata?: Record<string, unknown>;
+    onBlocked?: (decision: EnforcementDecision, context: string) => void;
+    onDecision?: (decision: EnforcementDecision, context: string) => void;
+    actionMapper?: (context: string) => PolicyAction;
+    sessionTokenTracker?: () => number;
+    /** Blocked code patterns (regex strings) */
+    blockedPatterns?: string[];
+}
+export interface GovernedE2BResult {
+    /** Governed code execution */
+    executeCode: (execution: E2BCodeExecution) => Promise<E2BExecutionResult>;
+    /** Governed filesystem access */
+    filesystem: (op: E2BFilesystemOp) => Promise<unknown>;
+    /** Governed command execution */
+    spawn: (cmd: E2BCommandExecution) => Promise<unknown>;
+    agentId: string;
+    score: number;
+    level: number;
+    governance: GovernanceInstance;
+    enforce: (context: string, input?: Record<string, unknown>) => Promise<EnforcementDecision>;
+    audit: (context: string, outcome: "success" | "failure", detail?: Record<string, unknown>) => Promise<AuditEvent>;
+}
+/** Handler for E2B code execution */
+export type E2BCodeHandler = (execution: E2BCodeExecution) => Promise<E2BExecutionResult>;
+/** Handler for E2B filesystem ops */
+export type E2BFilesystemHandler = (op: E2BFilesystemOp) => Promise<unknown>;
+/** Handler for E2B command execution */
+export type E2BCommandHandler = (cmd: E2BCommandExecution) => Promise<unknown>;
+//# sourceMappingURL=e2b-types.d.ts.map

package/dist/plugins/e2b-types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"e2b-types.d.ts","sourceRoot":"","sources":["../../src/plugins/e2b-types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAC/D,OAAO,KAAK,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACnE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAI/C,qDAAqD;AACrD,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,OAAO,CAAC;CAChB;AAED,6EAA6E;AAC7E,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,sEAAsE;IACtE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,+DAA+D;IAC/D,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,4DAA4D;IAC5D,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC9B,iCAAiC;IACjC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,gBAAgB,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9D,iCAAiC;IACjC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,gBAAgB,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9D,yCAAyC;IACzC,QAAQ,CAAC,EAAE,CAAC,IAAI,EAAE,SAAS,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACrD,mCAAmC;IACnC,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,QAAQ,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACrD;AAED,yDAAyD;AACzD,MAAM,WAAW,kBAAkB;IACjC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,SAAS,EAAE,CAAC;IACrB,KAAK,CAAC,EAAE,QAAQ,CAAC;IACjB,IAAI,EAAE;QAAE,MAAM,EAAE,MAAM,EAAE,CAAC;QAAC,MAAM,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IAC7C,sCAAsC;IACtC,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,uDAAuD;AACvD,MAAM,WAAW,SAAS;IACxB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/B,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC7B,YAAY,EAAE,OAAO,CAAC;CACvB;AAED,gBAAgB;AAChB,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,+DAA+D;AAC/D,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,GAAG,OAAO,GAAG,MAAM,GAAG,QAAQ,GAAG,QAAQ,GAAG,SAAS,GAAG,QAAQ,GAAG,UAAU,GAAG,SAAS,CAAC;IAC3G,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI,GAAG,cAAc,CAAC;IACvD,6CAA6C;IAC7C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kBAAkB;IAClB,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,MAAM,GAAG,QAAQ,CAAC;IAC9C,wDAAwD;IACxD,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,4EAA4E;AAC5E,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC9B,wDAAwD;IACxD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,4DAA4D;IAC5D,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,gCAAgC;IAChC,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,uCAAuC;IACvC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,0BAA0B;IAC1B,QAAQ,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClD,0BAA0B;IAC1B,QAAQ,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACnD;AAID,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,cAAc,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACtC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,SAAS,CAAC,EAAE,CAAC,QAAQ,EAAE,mBAAmB,EAAE,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IACrE,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE,mBAAmB,EAAE,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IACtE,YAAY,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,YAAY,CAAC;IACjD,mBAAmB,CAAC,EAAE,MAAM,MAAM,CAAC;IACnC,4CAA4C;IAC5C,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC5B;AAID,MAAM,WAAW,iBAAiB;IAChC,8BAA8B;IAC9B,WAAW,EAAE,CAAC,SAAS,EAAE,gBAAgB,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAC1E,iCAAiC;IACjC,UAAU,EAAE,CAAC,EAAE,EAAE,eAAe,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IACtD,iCAAiC;IACjC,KAAK,EAAE,CAAC,GAAG,EAAE,mBAAmB,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IACtD,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,kBAAkB,CAAC;IAC/B,OAAO,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAC5F,KAAK,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,GAAG,SAAS,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,UAAU,CAAC,CAAC;CACnH;AAED,qCAAqC;AACrC,MAAM,MAAM,cAAc,GAAG,CAAC,SAAS,EAAE,gBAAgB,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;AAE1F,qCAAqC;AACrC,MAAM,MAAM,oBAAoB,GAAG,CAAC,EAAE,EAAE,eAAe,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;AAE7E,wCAAwC;AACxC,MAAM,MAAM,iBAAiB,GAAG,CAAC,GAAG,EAAE,mBAAmB,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC"}

package/dist/plugins/e2b-types.js

@@ -0,0 +1,8 @@
+/**
+ * Types for the E2B sandbox governance integration.
+ *
+ * Mirrors e2b v1.x / @e2b/code-interpreter v1.5+ shapes without
+ * requiring the SDK as a dependency. Structurally compatible at runtime.
+ */
+export {};
+//# sourceMappingURL=e2b-types.js.map

package/dist/plugins/e2b-types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"e2b-types.js","sourceRoot":"","sources":["../../src/plugins/e2b-types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG"}

package/dist/plugins/e2b.d.ts

@@ -0,0 +1,43 @@
+/**
+ * governance-sdk E2B Sandbox Plugin
+ *
+ * Integrates governance enforcement into E2B sandbox operations.
+ * Wraps code execution, filesystem ops, and process spawning with
+ * before-action policy checks and audit logging.
+ *
+ * @example
+ * ```ts
+ * import { createGovernance } from 'governance-sdk';
+ * import { governE2BSandbox } from 'governance-sdk/plugins/e2b';
+ *
+ * const gov = createGovernance();
+ *
+ * const { executeCode, filesystem, spawn } = await governE2BSandbox(gov, {
+ *   codeHandler: (exec) => sandbox.runCode(exec.code, { language: exec.language }),
+ *   filesystemHandler: (op) => sandbox.filesystem[op.operation](op.path, op.content),
+ *   processHandler: (proc) => sandbox.process.start(proc.command, proc.args),
+ * }, {
+ *   agentName: 'sandbox-runner',
+ *   owner: 'dev-team',
+ * });
+ * ```
+ */
+import type { GovernanceInstance } from "../index";
+import type { EnforcementDecision } from "../policy";
+import type { E2BCodeHandler, E2BFilesystemHandler, E2BCommandHandler, GovernE2BConfig, GovernedE2BResult } from "./e2b-types.js";
+export type { E2BCodeExecution, E2BExecutionResult, E2BResult, E2BError, E2BOutputMessage, E2BFilesystemOp, E2BCommandExecution, E2BCodeHandler, E2BFilesystemHandler, E2BCommandHandler, GovernE2BConfig, GovernedE2BResult, } from "./e2b-types.js";
+export declare class GovernanceBlockedError extends Error {
+    readonly decision: EnforcementDecision;
+    readonly context: string;
+    constructor(decision: EnforcementDecision, context: string);
+}
+export interface E2BHandlers {
+    codeHandler: E2BCodeHandler;
+    filesystemHandler?: E2BFilesystemHandler;
+    /** Command handler (formerly processHandler) */
+    commandHandler?: E2BCommandHandler;
+    /** @deprecated Use commandHandler instead */
+    processHandler?: E2BCommandHandler;
+}
+export declare function governE2BSandbox(governance: GovernanceInstance, handlers: E2BHandlers, config: GovernE2BConfig): Promise<GovernedE2BResult>;
+//# sourceMappingURL=e2b.d.ts.map

package/dist/plugins/e2b.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"e2b.d.ts","sourceRoot":"","sources":["../../src/plugins/e2b.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAc,MAAM,UAAU,CAAC;AAC/D,OAAO,KAAK,EAAE,mBAAmB,EAAgB,MAAM,WAAW,CAAC;AAEnE,OAAO,KAAK,EAGV,cAAc,EAAE,oBAAoB,EAAE,iBAAiB,EACvD,eAAe,EAAE,iBAAiB,EACnC,MAAM,gBAAgB,CAAC;AAGxB,YAAY,EACV,gBAAgB,EAAE,kBAAkB,EAAE,SAAS,EAAE,QAAQ,EAAE,gBAAgB,EAC3E,eAAe,EAAE,mBAAmB,EACpC,cAAc,EAAE,oBAAoB,EAAE,iBAAiB,EACvD,eAAe,EAAE,iBAAiB,GACnC,MAAM,gBAAgB,CAAC;AAIxB,qBAAa,sBAAuB,SAAQ,KAAK;IAC/C,SAAgB,QAAQ,EAAE,mBAAmB,CAAC;IAC9C,SAAgB,OAAO,EAAE,MAAM,CAAC;gBAEpB,QAAQ,EAAE,mBAAmB,EAAE,OAAO,EAAE,MAAM;CAM3D;AAsDD,MAAM,WAAW,WAAW;IAC1B,WAAW,EAAE,cAAc,CAAC;IAC5B,iBAAiB,CAAC,EAAE,oBAAoB,CAAC;IACzC,gDAAgD;IAChD,cAAc,CAAC,EAAE,iBAAiB,CAAC;IACnC,6CAA6C;IAC7C,cAAc,CAAC,EAAE,iBAAiB,CAAC;CACpC;AAID,wBAAsB,gBAAgB,CACpC,UAAU,EAAE,kBAAkB,EAC9B,QAAQ,EAAE,WAAW,EACrB,MAAM,EAAE,eAAe,GACtB,OAAO,CAAC,iBAAiB,CAAC,CA+E5B"}

package/dist/plugins/e2b.js

@@ -0,0 +1,157 @@
+/**
+ * governance-sdk E2B Sandbox Plugin
+ *
+ * Integrates governance enforcement into E2B sandbox operations.
+ * Wraps code execution, filesystem ops, and process spawning with
+ * before-action policy checks and audit logging.
+ *
+ * @example
+ * ```ts
+ * import { createGovernance } from 'governance-sdk';
+ * import { governE2BSandbox } from 'governance-sdk/plugins/e2b';
+ *
+ * const gov = createGovernance();
+ *
+ * const { executeCode, filesystem, spawn } = await governE2BSandbox(gov, {
+ *   codeHandler: (exec) => sandbox.runCode(exec.code, { language: exec.language }),
+ *   filesystemHandler: (op) => sandbox.filesystem[op.operation](op.path, op.content),
+ *   processHandler: (proc) => sandbox.process.start(proc.command, proc.args),
+ * }, {
+ *   agentName: 'sandbox-runner',
+ *   owner: 'dev-team',
+ * });
+ * ```
+ */
+// ─── Blocked Error ──────────────────────────────────────────
+export class GovernanceBlockedError extends Error {
+    decision;
+    context;
+    constructor(decision, context) {
+        super(`Governance blocked: ${decision.reason} (context: ${context})`);
+        this.name = "GovernanceBlockedError";
+        this.decision = decision;
+        this.context = context;
+    }
+}
+// ─── Shared Helpers ─────────────────────────────────────────
+function buildRegistration(config) {
+    return {
+        name: config.agentName,
+        framework: config.framework ?? "e2b",
+        owner: config.owner,
+        description: config.description,
+        version: config.version,
+        channels: config.channels,
+        tools: ["code_execution", "filesystem", "process_spawn"],
+        hasAuth: config.hasAuth,
+        hasGuardrails: config.hasGuardrails,
+        hasObservability: config.hasObservability,
+        hasAuditLog: true,
+        permissions: config.permissions,
+        metadata: config.metadata,
+    };
+}
+function createEnforcer(governance, agentId, config) {
+    return async (context, input) => {
+        const action = config.actionMapper?.(context) ?? "tool_call";
+        const decision = await governance.enforce({
+            agentId, agentName: config.agentName, agentLevel: 0,
+            action, tool: context, input,
+            sessionTokensUsed: config.sessionTokenTracker?.(),
+        });
+        config.onDecision?.(decision, context);
+        if (decision.blocked)
+            config.onBlocked?.(decision, context);
+        return decision;
+    };
+}
+function createAuditor(governance, agentId) {
+    return (context, outcome, detail) => governance.audit.log({
+        agentId, eventType: "tool_call", outcome,
+        severity: outcome === "failure" ? "warning" : "info",
+        detail: { tool: context, ...detail },
+    });
+}
+function matchesBlockedPattern(code, patterns) {
+    for (const pattern of patterns) {
+        if (new RegExp(pattern).test(code))
+            return pattern;
+    }
+    return undefined;
+}
+// ─── Main Export ────────────────────────────────────────────
+export async function governE2BSandbox(governance, handlers, config) {
+    const reg = buildRegistration(config);
+    const result = await governance.register(reg);
+    const enforce = createEnforcer(governance, result.id, config);
+    const audit = createAuditor(governance, result.id);
+    async function executeCode(execution) {
+        // Check blocked patterns first
+        if (config.blockedPatterns) {
+            const matched = matchesBlockedPattern(execution.code, config.blockedPatterns);
+            if (matched) {
+                await audit("code_execution", "failure", { reason: `Blocked pattern: ${matched}` });
+                throw new GovernanceBlockedError({ blocked: true, reason: `Code matches blocked pattern: ${matched}`, ruleId: "blocked_pattern", outcome: "block", evaluatedAt: new Date().toISOString(), rulesEvaluated: 1 }, "code_execution");
+            }
+        }
+        const decision = await enforce("code_execution", {
+            code: execution.code, language: execution.language,
+        });
+        if (decision.blocked)
+            throw new GovernanceBlockedError(decision, "code_execution");
+        try {
+            const output = await handlers.codeHandler(execution);
+            await audit("code_execution", "success", { language: execution.language });
+            return output;
+        }
+        catch (error) {
+            await audit("code_execution", "failure", { error: error instanceof Error ? error.message : String(error) });
+            throw error;
+        }
+    }
+    async function filesystem(op) {
+        if (!handlers.filesystemHandler)
+            throw new Error("No filesystem handler configured");
+        const decision = await enforce("filesystem", { operation: op.operation, path: op.path });
+        if (decision.blocked)
+            throw new GovernanceBlockedError(decision, "filesystem");
+        try {
+            const output = await handlers.filesystemHandler(op);
+            await audit("filesystem", "success", { operation: op.operation, path: op.path });
+            return output;
+        }
+        catch (error) {
+            await audit("filesystem", "failure", { error: error instanceof Error ? error.message : String(error) });
+            throw error;
+        }
+    }
+    async function spawn(cmd) {
+        const handler = handlers.commandHandler ?? handlers.processHandler;
+        if (!handler)
+            throw new Error("No command handler configured");
+        const decision = await enforce("command_execution", { command: cmd.command });
+        if (decision.blocked)
+            throw new GovernanceBlockedError(decision, "command_execution");
+        try {
+            const output = await handler(cmd);
+            await audit("command_execution", "success", { command: cmd.command });
+            return output;
+        }
+        catch (error) {
+            await audit("command_execution", "failure", { error: error instanceof Error ? error.message : String(error) });
+            throw error;
+        }
+    }
+    return {
+        executeCode,
+        filesystem,
+        spawn,
+        agentId: result.id,
+        score: result.score,
+        level: result.level,
+        governance,
+        enforce,
+        audit,
+    };
+}
+//# sourceMappingURL=e2b.js.map

package/dist/plugins/e2b.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"e2b.js","sourceRoot":"","sources":["../../src/plugins/e2b.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAoBH,+DAA+D;AAE/D,MAAM,OAAO,sBAAuB,SAAQ,KAAK;IAC/B,QAAQ,CAAsB;IAC9B,OAAO,CAAS;IAEhC,YAAY,QAA6B,EAAE,OAAe;QACxD,KAAK,CAAC,uBAAuB,QAAQ,CAAC,MAAM,cAAc,OAAO,GAAG,CAAC,CAAC;QACtE,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAC;QACrC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;CACF;AAED,+DAA+D;AAE/D,SAAS,iBAAiB,CAAC,MAAuB;IAChD,OAAO;QACL,IAAI,EAAE,MAAM,CAAC,SAAS;QACtB,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,KAAK;QACpC,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,KAAK,EAAE,CAAC,gBAAgB,EAAE,YAAY,EAAE,eAAe,CAAC;QACxD,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,aAAa,EAAE,MAAM,CAAC,aAAa;QACnC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;QACzC,WAAW,EAAE,IAAI;QACjB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,QAAQ,EAAE,MAAM,CAAC,QAAQ;KAC1B,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,UAA8B,EAAE,OAAe,EAAE,MAAuB;IAC9F,OAAO,KAAK,EAAE,OAAe,EAAE,KAA+B,EAAgC,EAAE;QAC9F,MAAM,MAAM,GAAG,MAAM,CAAC,YAAY,EAAE,CAAC,OAAO,CAAC,IAAK,WAA4B,CAAC;QAC/E,MAAM,QAAQ,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC;YACxC,OAAO,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,UAAU,EAAE,CAAC;YACnD,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK;YAC5B,iBAAiB,EAAE,MAAM,CAAC,mBAAmB,EAAE,EAAE;SAClD,CAAC,CAAC;QACH,MAAM,CAAC,UAAU,EAAE,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACvC,IAAI,QAAQ,CAAC,OAAO;YAAE,MAAM,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC5D,OAAO,QAAQ,CAAC;IAClB,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,UAA8B,EAAE,OAAe;IACpE,OAAO,CAAC,OAAe,EAAE,OAA8B,EAAE,MAAgC,EAAuB,EAAE,CAChH,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC;QACnB,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,OAAO;QACxC,QAAQ,EAAE,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM;QACpD,MAAM,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,MAAM,EAAE;KACrC,CAAC,CAAC;AACP,CAAC;AAED,SAAS,qBAAqB,CAAC,IAAY,EAAE,QAAkB;IAC7D,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,IAAI,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,OAAO,OAAO,CAAC;IACrD,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAaD,+DAA+D;AAE/D,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,UAA8B,EAC9B,QAAqB,EACrB,MAAuB;IAEvB,MAAM,GAAG,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAE9C,MAAM,OAAO,GAAG,cAAc,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IAC9D,MAAM,KAAK,GAAG,aAAa,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;IAEnD,KAAK,UAAU,WAAW,CAAC,SAA2B;QACpD,+BAA+B;QAC/B,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;YAC3B,MAAM,OAAO,GAAG,qBAAqB,CAAC,SAAS,CAAC,IAAI,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC;YAC9E,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,KAAK,CAAC,gBAAgB,EAAE,SAAS,EAAE,EAAE,MAAM,EAAE,oBAAoB,OAAO,EAAE,EAAE,CAAC,CAAC;gBACpF,MAAM,IAAI,sBAAsB,CAC9B,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,iCAAiC,OAAO,EAAE,EAAE,MAAM,EAAE,iBAAiB,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,cAAc,EAAE,CAAC,EAAE,EAC5K,gBAAgB,CACjB,CAAC;YACJ,CAAC;QACH,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,gBAAgB,EAAE;YAC/C,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,CAAC,QAAQ;SACnD,CAAC,CAAC;QACH,IAAI,QAAQ,CAAC,OAAO;YAAE,MAAM,IAAI,sBAAsB,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;QAEnF,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;YACrD,MAAM,KAAK,CAAC,gBAAgB,EAAE,SAAS,EAAE,EAAE,QAAQ,EAAE,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC3E,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,KAAK,CAAC,gBAAgB,EAAE,SAAS,EAAE,EAAE,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAC5G,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,UAAU,UAAU,CAAC,EAAmB;QAC3C,IAAI,CAAC,QAAQ,CAAC,iBAAiB;YAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QAErF,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,YAAY,EAAE,EAAE,SAAS,EAAE,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;QACzF,IAAI,QAAQ,CAAC,OAAO;YAAE,MAAM,IAAI,sBAAsB,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QAE/E,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;YACpD,MAAM,KAAK,CAAC,YAAY,EAAE,SAAS,EAAE,EAAE,SAAS,EAAE,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;YACjF,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,KAAK,CAAC,YAAY,EAAE,SAAS,EAAE,EAAE,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YACxG,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,UAAU,KAAK,CAAC,GAAwB;QAC3C,MAAM,OAAO,GAAG,QAAQ,CAAC,cAAc,IAAI,QAAQ,CAAC,cAAc,CAAC;QACnE,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;QAE/D,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,mBAAmB,EAAE,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QAC9E,IAAI,QAAQ,CAAC,OAAO;YAAE,MAAM,IAAI,sBAAsB,CAAC,QAAQ,EAAE,mBAAmB,CAAC,CAAC;QAEtF,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC;YAClC,MAAM,KAAK,CAAC,mBAAmB,EAAE,SAAS,EAAE,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YACtE,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,KAAK,CAAC,mBAAmB,EAAE,SAAS,EAAE,EAAE,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAC/G,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO;QACL,WAAW;QACX,UAAU;QACV,KAAK;QACL,OAAO,EAAE,MAAM,CAAC,EAAE;QAClB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,UAAU;QACV,OAAO;QACP,KAAK;KACN,CAAC;AACJ,CAAC"}

package/dist/plugins/genkit-types.d.ts

@@ -0,0 +1,88 @@
+/**
+ * Types for the Google Genkit governance integration.
+ *
+ * NOTE: Genkit tools are callable functions with attached metadata
+ * (an intersection type), not plain objects with an execute() method.
+ * This adapter wraps them as objects for governance enforcement.
+ *
+ * Mirrors genkit v1.29+ shapes without requiring genkit as a dependency.
+ */
+import type { GovernanceInstance, AuditEvent } from "../index";
+import type { EnforcementDecision, PolicyAction } from "../policy";
+import type { AgentFramework } from "../types";
+/**
+ * Genkit tool wrapper for governance.
+ *
+ * In the actual SDK, ToolAction is a callable function with __action
+ * metadata. We model it as an object with explicit call/run methods
+ * for governance wrapping purposes.
+ */
+export interface GenkitTool {
+    name: string;
+    description: string;
+    /** Input schema — Zod schema in real SDK (JSON Schema representation here) */
+    inputSchema?: Record<string, unknown>;
+    /** Output schema — Zod schema in real SDK (JSON Schema representation here) */
+    outputSchema?: Record<string, unknown>;
+    metadata?: Record<string, unknown>;
+    /**
+     * Invoke the tool — maps to calling the ToolAction directly.
+     * In the real SDK: `tool(input)` (tools are callable functions).
+     */
+    call: (input: unknown, options?: Record<string, unknown>) => Promise<unknown>;
+    /** @deprecated Use call — tools in Genkit do not have execute() */
+    execute?: (input: Record<string, unknown>) => Promise<unknown>;
+}
+/** Genkit flow shape (flows ARE Actions — callable functions) */
+export interface GenkitFlow {
+    name: string;
+    inputSchema?: Record<string, unknown>;
+    outputSchema?: Record<string, unknown>;
+    /** Call the flow — maps to `flow(input)` */
+    call: (input: unknown) => Promise<unknown>;
+    /** Run with ActionResult — maps to `flow.run(input)` */
+    run?: (input: unknown) => Promise<{
+        result: unknown;
+    }>;
+    /** @deprecated Use call */
+    execute?: (input: unknown) => Promise<unknown>;
+}
+/**
+ * Genkit model middleware (ModelMiddleware).
+ * Operates on GenerateRequest, not raw input.
+ * Applied via `use` array in `ai.generate()`.
+ */
+export type GenkitMiddleware = (req: Record<string, unknown>, next: (req: Record<string, unknown>) => Promise<Record<string, unknown>>) => Promise<Record<string, unknown>>;
+export interface GovernGenkitConfig {
+    agentName: string;
+    owner: string;
+    framework?: AgentFramework;
+    description?: string;
+    version?: string;
+    channels?: string[];
+    hasAuth?: boolean;
+    hasGuardrails?: boolean;
+    hasObservability?: boolean;
+    permissions?: Record<string, unknown>;
+    metadata?: Record<string, unknown>;
+    onBlocked?: (decision: EnforcementDecision, toolName: string) => void;
+    onDecision?: (decision: EnforcementDecision, toolName: string) => void;
+    actionMapper?: (toolName: string) => PolicyAction;
+    sessionTokenTracker?: () => number;
+}
+export interface GovernedGenkitToolsResult {
+    tools: GenkitTool[];
+    agentId: string;
+    score: number;
+    level: number;
+    governance: GovernanceInstance;
+    enforce: (toolName: string, input?: Record<string, unknown>) => Promise<EnforcementDecision>;
+    audit: (toolName: string, outcome: "success" | "failure", detail?: Record<string, unknown>) => Promise<AuditEvent>;
+}
+export interface GovernedGenkitFlowResult {
+    flow: GenkitFlow;
+    agentId: string;
+    score: number;
+    level: number;
+}
+//# sourceMappingURL=genkit-types.d.ts.map

package/dist/plugins/genkit-types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"genkit-types.d.ts","sourceRoot":"","sources":["../../src/plugins/genkit-types.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAC/D,OAAO,KAAK,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACnE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAI/C;;;;;;GAMG;AACH,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,8EAA8E;IAC9E,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACtC,+EAA+E;IAC/E,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC;;;OAGG;IACH,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IAC9E,mEAAmE;IACnE,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;CAChE;AAED,iEAAiE;AACjE,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACtC,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,4CAA4C;IAC5C,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IAC3C,wDAAwD;IACxD,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,OAAO,CAAC;QAAE,MAAM,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;IACvD,2BAA2B;IAC3B,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;CAChD;AAED;;;;GAIG;AACH,MAAM,MAAM,gBAAgB,GAAG,CAC7B,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC5B,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,KACrE,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;AAItC,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,cAAc,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACtC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,SAAS,CAAC,EAAE,CAAC,QAAQ,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC;IACtE,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC;IACvE,YAAY,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,YAAY,CAAC;IAClD,mBAAmB,CAAC,EAAE,MAAM,MAAM,CAAC;CACpC;AAID,MAAM,WAAW,yBAAyB;IACxC,KAAK,EAAE,UAAU,EAAE,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,kBAAkB,CAAC;IAC/B,OAAO,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAC7F,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,GAAG,SAAS,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,UAAU,CAAC,CAAC;CACpH;AAED,MAAM,WAAW,wBAAwB;IACvC,IAAI,EAAE,UAAU,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf"}

package/dist/plugins/genkit-types.js

@@ -0,0 +1,11 @@
+/**
+ * Types for the Google Genkit governance integration.
+ *
+ * NOTE: Genkit tools are callable functions with attached metadata
+ * (an intersection type), not plain objects with an execute() method.
+ * This adapter wraps them as objects for governance enforcement.
+ *
+ * Mirrors genkit v1.29+ shapes without requiring genkit as a dependency.
+ */
+export {};
+//# sourceMappingURL=genkit-types.js.map

package/dist/plugins/genkit-types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"genkit-types.js","sourceRoot":"","sources":["../../src/plugins/genkit-types.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG"}