governance-sdk 0.5.0

package/dist/plugins/genkit.d.ts

@@ -0,0 +1,35 @@
+/**
+ * governance-sdk Google Genkit Plugin
+ *
+ * Integrates governance enforcement into Genkit tool execution and flows.
+ * Wraps tools with before-action policy checks and audit logging.
+ *
+ * @example
+ * ```ts
+ * import { createGovernance, blockTools } from 'governance-sdk';
+ * import { governGenkitTools } from 'governance-sdk/plugins/genkit';
+ *
+ * const gov = createGovernance({
+ *   rules: [blockTools(['file_delete', 'send_email'])],
+ * });
+ *
+ * const { tools } = await governGenkitTools(gov, [searchTool, writeTool], {
+ *   agentName: 'genkit-agent',
+ *   owner: 'ai-team',
+ * });
+ *
+ * // Use governed tools in your Genkit flow
+ * ```
+ */
+import type { GovernanceInstance } from "../index";
+import type { EnforcementDecision } from "../policy";
+import type { GenkitTool, GenkitFlow, GovernGenkitConfig, GovernedGenkitToolsResult, GovernedGenkitFlowResult } from "./genkit-types.js";
+export type { GenkitTool, GenkitFlow, GenkitMiddleware, GovernGenkitConfig, GovernedGenkitToolsResult, GovernedGenkitFlowResult, } from "./genkit-types.js";
+export declare class GovernanceBlockedError extends Error {
+    readonly decision: EnforcementDecision;
+    readonly toolName: string;
+    constructor(decision: EnforcementDecision, toolName: string);
+}
+export declare function governGenkitTools(governance: GovernanceInstance, tools: GenkitTool[], config: GovernGenkitConfig): Promise<GovernedGenkitToolsResult>;
+export declare function governGenkitFlow(governance: GovernanceInstance, flow: GenkitFlow, config: GovernGenkitConfig): Promise<GovernedGenkitFlowResult>;
+//# sourceMappingURL=genkit.d.ts.map

package/dist/plugins/genkit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"genkit.d.ts","sourceRoot":"","sources":["../../src/plugins/genkit.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAc,MAAM,UAAU,CAAC;AAC/D,OAAO,KAAK,EAAE,mBAAmB,EAAgB,MAAM,WAAW,CAAC;AAEnE,OAAO,KAAK,EACV,UAAU,EAAE,UAAU,EACtB,kBAAkB,EAAE,yBAAyB,EAAE,wBAAwB,EACxE,MAAM,mBAAmB,CAAC;AAG3B,YAAY,EACV,UAAU,EAAE,UAAU,EAAE,gBAAgB,EACxC,kBAAkB,EAAE,yBAAyB,EAAE,wBAAwB,GACxE,MAAM,mBAAmB,CAAC;AAI3B,qBAAa,sBAAuB,SAAQ,KAAK;IAC/C,SAAgB,QAAQ,EAAE,mBAAmB,CAAC;IAC9C,SAAgB,QAAQ,EAAE,MAAM,CAAC;gBAErB,QAAQ,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM;CAM5D;AAsED,wBAAsB,iBAAiB,CACrC,UAAU,EAAE,kBAAkB,EAC9B,KAAK,EAAE,UAAU,EAAE,EACnB,MAAM,EAAE,kBAAkB,GACzB,OAAO,CAAC,yBAAyB,CAAC,CAiBpC;AAID,wBAAsB,gBAAgB,CACpC,UAAU,EAAE,kBAAkB,EAC9B,IAAI,EAAE,UAAU,EAChB,MAAM,EAAE,kBAAkB,GACzB,OAAO,CAAC,wBAAwB,CAAC,CAkCnC"}

package/dist/plugins/genkit.js

@@ -0,0 +1,143 @@
+/**
+ * governance-sdk Google Genkit Plugin
+ *
+ * Integrates governance enforcement into Genkit tool execution and flows.
+ * Wraps tools with before-action policy checks and audit logging.
+ *
+ * @example
+ * ```ts
+ * import { createGovernance, blockTools } from 'governance-sdk';
+ * import { governGenkitTools } from 'governance-sdk/plugins/genkit';
+ *
+ * const gov = createGovernance({
+ *   rules: [blockTools(['file_delete', 'send_email'])],
+ * });
+ *
+ * const { tools } = await governGenkitTools(gov, [searchTool, writeTool], {
+ *   agentName: 'genkit-agent',
+ *   owner: 'ai-team',
+ * });
+ *
+ * // Use governed tools in your Genkit flow
+ * ```
+ */
+// ─── Blocked Error ──────────────────────────────────────────
+export class GovernanceBlockedError extends Error {
+    decision;
+    toolName;
+    constructor(decision, toolName) {
+        super(`Governance blocked: ${decision.reason} (tool: ${toolName})`);
+        this.name = "GovernanceBlockedError";
+        this.decision = decision;
+        this.toolName = toolName;
+    }
+}
+// ─── Shared Helpers ─────────────────────────────────────────
+function buildRegistration(config, toolNames) {
+    return {
+        name: config.agentName,
+        framework: config.framework ?? "genkit",
+        owner: config.owner,
+        description: config.description,
+        version: config.version,
+        channels: config.channels,
+        tools: toolNames,
+        hasAuth: config.hasAuth,
+        hasGuardrails: config.hasGuardrails,
+        hasObservability: config.hasObservability,
+        hasAuditLog: true,
+        permissions: config.permissions,
+        metadata: config.metadata,
+    };
+}
+function createEnforcer(governance, agentId, config) {
+    return async (toolName, input) => {
+        const action = config.actionMapper?.(toolName) ?? "tool_call";
+        const decision = await governance.enforce({
+            agentId, agentName: config.agentName, agentLevel: 0,
+            action, tool: toolName, input,
+            sessionTokensUsed: config.sessionTokenTracker?.(),
+        });
+        config.onDecision?.(decision, toolName);
+        if (decision.blocked)
+            config.onBlocked?.(decision, toolName);
+        return decision;
+    };
+}
+function createAuditor(governance, agentId) {
+    return (toolName, outcome, detail) => governance.audit.log({
+        agentId, eventType: "tool_call", outcome,
+        severity: outcome === "failure" ? "warning" : "info",
+        detail: { tool: toolName, ...detail },
+    });
+}
+function wrapTool(tool, enforce, audit) {
+    return {
+        ...tool,
+        call: async (input, options) => {
+            const inputRecord = typeof input === "object" && input !== null ? input : { input };
+            const decision = await enforce(tool.name, inputRecord);
+            if (decision.blocked)
+                throw new GovernanceBlockedError(decision, tool.name);
+            try {
+                const output = await tool.call(input, options);
+                await audit(tool.name, "success");
+                return output;
+            }
+            catch (error) {
+                await audit(tool.name, "failure", { error: error instanceof Error ? error.message : String(error) });
+                throw error;
+            }
+        },
+    };
+}
+// ─── Govern Genkit Tools ────────────────────────────────────
+export async function governGenkitTools(governance, tools, config) {
+    const toolNames = tools.map((t) => t.name);
+    const reg = buildRegistration(config, toolNames);
+    const result = await governance.register(reg);
+    const enforce = createEnforcer(governance, result.id, config);
+    const audit = createAuditor(governance, result.id);
+    return {
+        tools: tools.map((tool) => wrapTool(tool, enforce, audit)),
+        agentId: result.id,
+        score: result.score,
+        level: result.level,
+        governance,
+        enforce,
+        audit,
+    };
+}
+// ─── Govern Genkit Flow ─────────────────────────────────────
+export async function governGenkitFlow(governance, flow, config) {
+    const reg = buildRegistration(config, [flow.name]);
+    const result = await governance.register(reg);
+    const enforce = createEnforcer(governance, result.id, config);
+    const audit = createAuditor(governance, result.id);
+    const governedFlow = {
+        ...flow,
+        call: async (input) => {
+            const inputRecord = typeof input === "object" && input !== null ? input : { input };
+            const decision = await enforce(flow.name, inputRecord);
+            if (decision.blocked) {
+                throw new GovernanceBlockedError(decision, flow.name);
+            }
+            try {
+                const output = await flow.call(input);
+                await audit(flow.name, "success");
+                return output;
+            }
+            catch (error) {
+                await audit(flow.name, "failure", { error: error instanceof Error ? error.message : String(error) });
+                throw error;
+            }
+        },
+    };
+    return {
+        flow: governedFlow,
+        agentId: result.id,
+        score: result.score,
+        level: result.level,
+    };
+}
+//# sourceMappingURL=genkit.js.map

package/dist/plugins/genkit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"genkit.js","sourceRoot":"","sources":["../../src/plugins/genkit.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAgBH,+DAA+D;AAE/D,MAAM,OAAO,sBAAuB,SAAQ,KAAK;IAC/B,QAAQ,CAAsB;IAC9B,QAAQ,CAAS;IAEjC,YAAY,QAA6B,EAAE,QAAgB;QACzD,KAAK,CAAC,uBAAuB,QAAQ,CAAC,MAAM,WAAW,QAAQ,GAAG,CAAC,CAAC;QACpE,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAC;QACrC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;CACF;AAED,+DAA+D;AAE/D,SAAS,iBAAiB,CAAC,MAA0B,EAAE,SAAmB;IACxE,OAAO;QACL,IAAI,EAAE,MAAM,CAAC,SAAS;QACtB,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,QAAQ;QACvC,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,KAAK,EAAE,SAAS;QAChB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,aAAa,EAAE,MAAM,CAAC,aAAa;QACnC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;QACzC,WAAW,EAAE,IAAI;QACjB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,QAAQ,EAAE,MAAM,CAAC,QAAQ;KAC1B,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,UAA8B,EAAE,OAAe,EAAE,MAA0B;IACjG,OAAO,KAAK,EAAE,QAAgB,EAAE,KAA+B,EAAgC,EAAE;QAC/F,MAAM,MAAM,GAAG,MAAM,CAAC,YAAY,EAAE,CAAC,QAAQ,CAAC,IAAK,WAA4B,CAAC;QAChF,MAAM,QAAQ,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC;YACxC,OAAO,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,UAAU,EAAE,CAAC;YACnD,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK;YAC7B,iBAAiB,EAAE,MAAM,CAAC,mBAAmB,EAAE,EAAE;SAClD,CAAC,CAAC;QACH,MAAM,CAAC,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACxC,IAAI,QAAQ,CAAC,OAAO;YAAE,MAAM,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAC7D,OAAO,QAAQ,CAAC;IAClB,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,UAA8B,EAAE,OAAe;IACpE,OAAO,CAAC,QAAgB,EAAE,OAA8B,EAAE,MAAgC,EAAuB,EAAE,CACjH,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC;QACnB,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,OAAO;QACxC,QAAQ,EAAE,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM;QACpD,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,MAAM,EAAE;KACtC,CAAC,CAAC;AACP,CAAC;AAED,SAAS,QAAQ,CACf,IAAgB,EAChB,OAA0C,EAC1C,KAAuC;IAEvC,OAAO;QACL,GAAG,IAAI;QACP,IAAI,EAAE,KAAK,EAAE,KAAc,EAAE,OAAiC,EAAoB,EAAE;YAClF,MAAM,WAAW,GAAG,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,KAAgC,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC;YAC/G,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;YACvD,IAAI,QAAQ,CAAC,OAAO;gBAAE,MAAM,IAAI,sBAAsB,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YAC5E,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;gBAC/C,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;gBAClC,OAAO,MAAM,CAAC;YAChB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,EAAE,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;gBACrG,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC;AAED,+DAA+D;AAE/D,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,UAA8B,EAC9B,KAAmB,EACnB,MAA0B;IAE1B,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,iBAAiB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAE9C,MAAM,OAAO,GAAG,cAAc,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IAC9D,MAAM,KAAK,GAAG,aAAa,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;IAEnD,OAAO;QACL,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QAC1D,OAAO,EAAE,MAAM,CAAC,EAAE;QAClB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,UAAU;QACV,OAAO;QACP,KAAK;KACN,CAAC;AACJ,CAAC;AAED,+DAA+D;AAE/D,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,UAA8B,EAC9B,IAAgB,EAChB,MAA0B;IAE1B,MAAM,GAAG,GAAG,iBAAiB,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IACnD,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAE9C,MAAM,OAAO,GAAG,cAAc,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IAC9D,MAAM,KAAK,GAAG,aAAa,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;IAEnD,MAAM,YAAY,GAAe;QAC/B,GAAG,IAAI;QACP,IAAI,EAAE,KAAK,EAAE,KAAc,EAAoB,EAAE;YAC/C,MAAM,WAAW,GAAG,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,KAAgC,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC;YAC/G,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;YAEvD,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;gBACrB,MAAM,IAAI,sBAAsB,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YACxD,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBACtC,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;gBAClC,OAAO,MAAM,CAAC;YAChB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,EAAE,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;gBACrG,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;KACF,CAAC;IAEF,OAAO;QACL,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,MAAM,CAAC,EAAE;QAClB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,KAAK,EAAE,MAAM,CAAC,KAAK;KACpB,CAAC;AACJ,CAAC"}

package/dist/plugins/langchain.d.ts

@@ -0,0 +1,130 @@
+/**
+ * governance-sdk LangChain Plugin
+ *
+ * Integrates governance enforcement into LangChain/LangGraph tool execution.
+ * Wraps tools with before-action policy checks and audit logging.
+ *
+ * @example
+ * ```ts
+ * import { createGovernance, blockTools } from 'governance-sdk';
+ * import { governTool, governTools } from 'governance-sdk/plugins/langchain';
+ * import { DynamicStructuredTool } from 'langchain/tools';
+ *
+ * const gov = createGovernance({
+ *   rules: [blockTools(['shell_exec', 'database_drop'])],
+ * });
+ *
+ * const searchTool = new DynamicStructuredTool({
+ *   name: 'web_search',
+ *   description: 'Search the web',
+ *   schema: z.object({ query: z.string() }),
+ *   func: async ({ query }) => '...',
+ * });
+ *
+ * // Wrap a single tool
+ * const governed = await governTool(gov, searchTool, {
+ *   agentName: 'research-agent',
+ *   owner: 'research-team',
+ * });
+ *
+ * // Or wrap all tools at once
+ * const governedTools = await governTools(gov, [searchTool, crmTool], {
+ *   agentName: 'research-agent',
+ *   owner: 'research-team',
+ * });
+ * ```
+ */
+import type { GovernanceInstance } from "../index";
+import type { EnforcementDecision, PolicyAction } from "../policy";
+import type { AgentFramework } from "../types";
+/** LangChain runnable config (RunnableConfig / ToolRunnableConfig) */
+export interface LangChainRunnableConfig {
+    tags?: string[];
+    metadata?: Record<string, unknown>;
+    callbacks?: unknown[];
+    /** Configurable fields for the runnable */
+    configurable?: Record<string, unknown>;
+    /** Custom run name for tracing */
+    runName?: string;
+    /** Run ID for tracing */
+    runId?: string;
+    /** Max concurrent calls */
+    maxConcurrency?: number;
+    /** Recursion limit (default 25 in SDK) */
+    recursionLimit?: number;
+    /** Abort signal */
+    signal?: AbortSignal;
+    /** Timeout in milliseconds */
+    timeout?: number;
+    /** Tool call context (ToolRunnableConfig extension) */
+    toolCall?: Record<string, unknown>;
+    /** Tool runtime context (ToolRunnableConfig extension) */
+    context?: unknown;
+    [key: string]: unknown;
+}
+/** Generic LangChain tool shape (no direct dependency) */
+export interface LangChainTool {
+    name: string;
+    description: string;
+    /** Input schema (Zod or JSON Schema) */
+    schema?: unknown;
+    /** Whether to return result directly to user */
+    returnDirect?: boolean;
+    /** Response format — SDK accepts arbitrary strings beyond the two known values */
+    responseFormat?: "content" | "content_and_artifact" | string;
+    /** Whether to show verbose parsing errors */
+    verboseParsingErrors?: boolean;
+    /** Default runnable config for this tool */
+    defaultConfig?: LangChainRunnableConfig;
+    /** Extra tool metadata */
+    extras?: Record<string, unknown>;
+    /** Tool metadata */
+    metadata?: Record<string, unknown>;
+    invoke: (input: unknown, config?: LangChainRunnableConfig) => Promise<unknown>;
+}
+export interface GovernToolConfig {
+    agentName: string;
+    owner: string;
+    framework?: AgentFramework;
+    description?: string;
+    version?: string;
+    channels?: string[];
+    hasAuth?: boolean;
+    hasGuardrails?: boolean;
+    hasObservability?: boolean;
+    permissions?: Record<string, unknown>;
+    metadata?: Record<string, unknown>;
+    onBlocked?: (decision: EnforcementDecision, toolName: string) => void;
+    onDecision?: (decision: EnforcementDecision, toolName: string) => void;
+    actionMapper?: (toolName: string) => PolicyAction;
+    sessionTokenTracker?: () => number;
+}
+export interface GovernedResult {
+    agentId: string;
+    score: number;
+    level: number;
+    governance: GovernanceInstance;
+}
+export declare class GovernanceBlockedError extends Error {
+    readonly decision: EnforcementDecision;
+    readonly toolName: string;
+    constructor(decision: EnforcementDecision, toolName: string);
+}
+/**
+ * Wrap a single LangChain tool with governance enforcement.
+ *
+ * Returns a new tool-like object with the same interface but governed invoke.
+ */
+export declare function governTool<T extends LangChainTool>(governance: GovernanceInstance, tool: T, config: GovernToolConfig): Promise<T & GovernedResult>;
+/**
+ * Wrap multiple LangChain tools with governance enforcement.
+ *
+ * Registers a single agent with all tool names, then wraps each tool's invoke.
+ */
+export declare function governTools<T extends LangChainTool>(governance: GovernanceInstance, tools: T[], config: GovernToolConfig): Promise<{
+    tools: T[];
+    agentId: string;
+    score: number;
+    level: number;
+}>;
+//# sourceMappingURL=langchain.d.ts.map

package/dist/plugins/langchain.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"langchain.d.ts","sourceRoot":"","sources":["../../src/plugins/langchain.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AAEH,OAAO,KAAK,EACV,kBAAkB,EAEnB,MAAM,UAAU,CAAC;AAClB,OAAO,KAAK,EACV,mBAAmB,EACnB,YAAY,EACb,MAAM,WAAW,CAAC;AACnB,OAAO,KAAK,EAAqB,cAAc,EAAE,MAAM,UAAU,CAAC;AAIlE,sEAAsE;AACtE,MAAM,WAAW,uBAAuB;IACtC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,SAAS,CAAC,EAAE,OAAO,EAAE,CAAC;IACtB,2CAA2C;IAC3C,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,kCAAkC;IAClC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,yBAAyB;IACzB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,2BAA2B;IAC3B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,0CAA0C;IAC1C,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,mBAAmB;IACnB,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,8BAA8B;IAC9B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,uDAAuD;IACvD,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,0DAA0D;IAC1D,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,0DAA0D;AAC1D,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,wCAAwC;IACxC,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,gDAAgD;IAChD,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,kFAAkF;IAClF,cAAc,CAAC,EAAE,SAAS,GAAG,sBAAsB,GAAG,MAAM,CAAC;IAC7D,6CAA6C;IAC7C,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,4CAA4C;IAC5C,aAAa,CAAC,EAAE,uBAAuB,CAAC;IACxC,0BAA0B;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,oBAAoB;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,MAAM,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,MAAM,CAAC,EAAE,uBAAuB,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;CAChF;AAED,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,cAAc,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACtC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,SAAS,CAAC,EAAE,CAAC,QAAQ,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC;IACtE,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC;IACvE,YAAY,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,YAAY,CAAC;IAClD,mBAAmB,CAAC,EAAE,MAAM,MAAM,CAAC;CACpC;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,kBAAkB,CAAC;CAChC;AAID,qBAAa,sBAAuB,SAAQ,KAAK;IAC/C,SAAgB,QAAQ,EAAE,mBAAmB,CAAC;IAC9C,SAAgB,QAAQ,EAAE,MAAM,CAAC;gBAErB,QAAQ,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM;CAM5D;AAyED;;;;GAIG;AACH,wBAAsB,UAAU,CAAC,CAAC,SAAS,aAAa,EACtD,UAAU,EAAE,kBAAkB,EAC9B,IAAI,EAAE,CAAC,EACP,MAAM,EAAE,gBAAgB,GACvB,OAAO,CAAC,CAAC,GAAG,cAAc,CAAC,CAgC7B;AAID;;;;GAIG;AACH,wBAAsB,WAAW,CAAC,CAAC,SAAS,aAAa,EACvD,UAAU,EAAE,kBAAkB,EAC9B,KAAK,EAAE,CAAC,EAAE,EACV,MAAM,EAAE,gBAAgB,GACvB,OAAO,CAAC;IAAE,KAAK,EAAE,CAAC,EAAE,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC,CAkCxE"}

package/dist/plugins/langchain.js

@@ -0,0 +1,172 @@
+/**
+ * governance-sdk LangChain Plugin
+ *
+ * Integrates governance enforcement into LangChain/LangGraph tool execution.
+ * Wraps tools with before-action policy checks and audit logging.
+ *
+ * @example
+ * ```ts
+ * import { createGovernance, blockTools } from 'governance-sdk';
+ * import { governTool, governTools } from 'governance-sdk/plugins/langchain';
+ * import { DynamicStructuredTool } from 'langchain/tools';
+ *
+ * const gov = createGovernance({
+ *   rules: [blockTools(['shell_exec', 'database_drop'])],
+ * });
+ *
+ * const searchTool = new DynamicStructuredTool({
+ *   name: 'web_search',
+ *   description: 'Search the web',
+ *   schema: z.object({ query: z.string() }),
+ *   func: async ({ query }) => '...',
+ * });
+ *
+ * // Wrap a single tool
+ * const governed = await governTool(gov, searchTool, {
+ *   agentName: 'research-agent',
+ *   owner: 'research-team',
+ * });
+ *
+ * // Or wrap all tools at once
+ * const governedTools = await governTools(gov, [searchTool, crmTool], {
+ *   agentName: 'research-agent',
+ *   owner: 'research-team',
+ * });
+ * ```
+ */
+// ─── Blocked Error ──────────────────────────────────────────────
+export class GovernanceBlockedError extends Error {
+    decision;
+    toolName;
+    constructor(decision, toolName) {
+        super(`Governance blocked: ${decision.reason} (tool: ${toolName})`);
+        this.name = "GovernanceBlockedError";
+        this.decision = decision;
+        this.toolName = toolName;
+    }
+}
+// ─── Helper ─────────────────────────────────────────────────────
+async function registerAgent(governance, config, toolNames) {
+    const registration = {
+        name: config.agentName,
+        framework: config.framework ?? "langchain",
+        owner: config.owner,
+        description: config.description,
+        version: config.version,
+        channels: config.channels,
+        tools: toolNames,
+        hasAuth: config.hasAuth,
+        hasGuardrails: config.hasGuardrails,
+        hasObservability: config.hasObservability,
+        hasAuditLog: true,
+        permissions: config.permissions,
+        metadata: config.metadata,
+    };
+    return governance.register(registration);
+}
+function createEnforcer(governance, agentId, agentLevel, config) {
+    return async (toolName, input) => {
+        const action = config.actionMapper?.(toolName) ?? "tool_call";
+        const decision = await governance.enforce({
+            agentId,
+            agentName: config.agentName,
+            agentLevel,
+            action,
+            tool: toolName,
+            input: typeof input === "object" && input !== null
+                ? input
+                : undefined,
+            sessionTokensUsed: config.sessionTokenTracker?.(),
+        });
+        config.onDecision?.(decision, toolName);
+        if (decision.blocked)
+            config.onBlocked?.(decision, toolName);
+        return decision;
+    };
+}
+function createAuditor(governance, agentId) {
+    return async (toolName, outcome, detail) => {
+        return governance.audit.log({
+            agentId,
+            eventType: "tool_call",
+            outcome,
+            severity: outcome === "failure" ? "warning" : "info",
+            detail: { tool: toolName, ...detail },
+        });
+    };
+}
+// ─── Govern a Single Tool ───────────────────────────────────────
+/**
+ * Wrap a single LangChain tool with governance enforcement.
+ *
+ * Returns a new tool-like object with the same interface but governed invoke.
+ */
+export async function governTool(governance, tool, config) {
+    const result = await registerAgent(governance, config, [tool.name]);
+    const enforce = createEnforcer(governance, result.id, result.level, config);
+    const audit = createAuditor(governance, result.id);
+    const governed = {
+        ...tool,
+        agentId: result.id,
+        score: result.score,
+        level: result.level,
+        governance,
+        invoke: async (input, config) => {
+            const decision = await enforce(tool.name, input);
+            if (decision.blocked) {
+                throw new GovernanceBlockedError(decision, tool.name);
+            }
+            try {
+                const output = await tool.invoke(input, config);
+                await audit(tool.name, "success");
+                return output;
+            }
+            catch (error) {
+                await audit(tool.name, "failure", {
+                    error: error instanceof Error ? error.message : String(error),
+                });
+                throw error;
+            }
+        },
+    };
+    return governed;
+}
+// ─── Govern Multiple Tools ──────────────────────────────────────
+/**
+ * Wrap multiple LangChain tools with governance enforcement.
+ *
+ * Registers a single agent with all tool names, then wraps each tool's invoke.
+ */
+export async function governTools(governance, tools, config) {
+    const toolNames = tools.map((t) => t.name);
+    const result = await registerAgent(governance, config, toolNames);
+    const enforce = createEnforcer(governance, result.id, result.level, config);
+    const audit = createAuditor(governance, result.id);
+    const governed = tools.map((tool) => ({
+        ...tool,
+        invoke: async (input, config) => {
+            const decision = await enforce(tool.name, input);
+            if (decision.blocked) {
+                throw new GovernanceBlockedError(decision, tool.name);
+            }
+            try {
+                const output = await tool.invoke(input, config);
+                await audit(tool.name, "success");
+                return output;
+            }
+            catch (error) {
+                await audit(tool.name, "failure", {
+                    error: error instanceof Error ? error.message : String(error),
+                });
+                throw error;
+            }
+        },
+    }));
+    return {
+        tools: governed,
+        agentId: result.id,
+        score: result.score,
+        level: result.level,
+    };
+}
+//# sourceMappingURL=langchain.js.map

package/dist/plugins/langchain.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"langchain.js","sourceRoot":"","sources":["../../src/plugins/langchain.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AAsFH,mEAAmE;AAEnE,MAAM,OAAO,sBAAuB,SAAQ,KAAK;IAC/B,QAAQ,CAAsB;IAC9B,QAAQ,CAAS;IAEjC,YAAY,QAA6B,EAAE,QAAgB;QACzD,KAAK,CAAC,uBAAuB,QAAQ,CAAC,MAAM,WAAW,QAAQ,GAAG,CAAC,CAAC;QACpE,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAC;QACrC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;CACF;AAED,mEAAmE;AAEnE,KAAK,UAAU,aAAa,CAC1B,UAA8B,EAC9B,MAAwB,EACxB,SAAmB;IAEnB,MAAM,YAAY,GAAsB;QACtC,IAAI,EAAE,MAAM,CAAC,SAAS;QACtB,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,WAAW;QAC1C,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,KAAK,EAAE,SAAS;QAChB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,aAAa,EAAE,MAAM,CAAC,aAAa;QACnC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;QACzC,WAAW,EAAE,IAAI;QACjB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,QAAQ,EAAE,MAAM,CAAC,QAAQ;KAC1B,CAAC;IACF,OAAO,UAAU,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,cAAc,CACrB,UAA8B,EAC9B,OAAe,EACf,UAAkB,EAClB,MAAwB;IAExB,OAAO,KAAK,EAAE,QAAgB,EAAE,KAAe,EAAgC,EAAE;QAC/E,MAAM,MAAM,GAAG,MAAM,CAAC,YAAY,EAAE,CAAC,QAAQ,CAAC,IAAK,WAA4B,CAAC;QAEhF,MAAM,QAAQ,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC;YACxC,OAAO;YACP,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,UAAU;YACV,MAAM;YACN,IAAI,EAAE,QAAQ;YACd,KAAK,EAAE,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI;gBAChD,CAAC,CAAC,KAAgC;gBAClC,CAAC,CAAC,SAAS;YACb,iBAAiB,EAAE,MAAM,CAAC,mBAAmB,EAAE,EAAE;SAClD,CAAC,CAAC;QAEH,MAAM,CAAC,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACxC,IAAI,QAAQ,CAAC,OAAO;YAAE,MAAM,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAE7D,OAAO,QAAQ,CAAC;IAClB,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,UAA8B,EAAE,OAAe;IACpE,OAAO,KAAK,EACV,QAAgB,EAChB,OAA8B,EAC9B,MAAgC,EACX,EAAE;QACvB,OAAO,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC;YAC1B,OAAO;YACP,SAAS,EAAE,WAAW;YACtB,OAAO;YACP,QAAQ,EAAE,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM;YACpD,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,MAAM,EAAE;SACtC,CAAC,CAAC;IACL,CAAC,CAAC;AACJ,CAAC;AAED,mEAAmE;AAEnE;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,UAA8B,EAC9B,IAAO,EACP,MAAwB;IAExB,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,UAAU,EAAE,MAAM,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IACpE,MAAM,OAAO,GAAG,cAAc,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAC5E,MAAM,KAAK,GAAG,aAAa,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;IAEnD,MAAM,QAAQ,GAAG;QACf,GAAG,IAAI;QACP,OAAO,EAAE,MAAM,CAAC,EAAE;QAClB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,UAAU;QACV,MAAM,EAAE,KAAK,EAAE,KAAc,EAAE,MAAgC,EAAoB,EAAE;YACnF,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YAEjD,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;gBACrB,MAAM,IAAI,sBAAsB,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YACxD,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;gBAChD,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;gBAClC,OAAO,MAAM,CAAC;YAChB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE;oBAChC,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;iBAC9D,CAAC,CAAC;gBACH,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;KACF,CAAC;IAEF,OAAO,QAA8B,CAAC;AACxC,CAAC;AAED,mEAAmE;AAEnE;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,UAA8B,EAC9B,KAAU,EACV,MAAwB;IAExB,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAC3C,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,UAAU,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;IAClE,MAAM,OAAO,GAAG,cAAc,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAC5E,MAAM,KAAK,GAAG,aAAa,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;IAEnD,MAAM,QAAQ,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACpC,GAAG,IAAI;QACP,MAAM,EAAE,KAAK,EAAE,KAAc,EAAE,MAAgC,EAAoB,EAAE;YACnF,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YAEjD,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;gBACrB,MAAM,IAAI,sBAAsB,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YACxD,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;gBAChD,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;gBAClC,OAAO,MAAM,CAAC;YAChB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE;oBAChC,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;iBAC9D,CAAC,CAAC;gBACH,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;KACF,CAAC,CAAC,CAAC;IAEJ,OAAO;QACL,KAAK,EAAE,QAAe;QACtB,OAAO,EAAE,MAAM,CAAC,EAAE;QAClB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,KAAK,EAAE,MAAM,CAAC,KAAK;KACpB,CAAC;AACJ,CAAC"}

package/dist/plugins/llamaindex-types.d.ts

@@ -0,0 +1,86 @@
+/**
+ * Types for the LlamaIndex governance integration.
+ *
+ * Mirrors LlamaIndex TypeScript SDK (llamaindex npm) shapes without
+ * requiring the SDK as a dependency. Structurally compatible at runtime.
+ *
+ * Updated March 2026: call() returns ToolOutput per SDK (tool, input,
+ * output, isError), call is optional on BaseTool (BaseToolWithCall has it).
+ */
+import type { GovernanceInstance, AuditEvent } from "../index";
+import type { EnforcementDecision, PolicyAction } from "../policy";
+import type { AgentFramework } from "../types";
+/** JSON-compatible value (mirrors LlamaIndex JSONValue — SDK excludes null) */
+export type LlamaIndexJSONValue = string | number | boolean | LlamaIndexJSONValue[] | {
+    [key: string]: LlamaIndexJSONValue;
+};
+/** LlamaIndex tool shape (mirrors BaseTool / BaseToolWithCall) */
+export interface LlamaIndexTool {
+    metadata: LlamaIndexToolMetadata;
+    /** Call the tool — returns JSONValue per SDK (ToolOutput is created externally by callTool) */
+    call?: (input: Record<string, unknown>) => LlamaIndexJSONValue | Promise<LlamaIndexJSONValue>;
+}
+/** LlamaIndex tool metadata */
+export interface LlamaIndexToolMetadata {
+    name: string;
+    description: string;
+    parameters?: Record<string, unknown>;
+}
+/** LlamaIndex tool output (mirrors SDK ToolOutput class — created by callTool, not by tools) */
+export interface LlamaIndexToolOutput {
+    /** The tool that produced this output (required key, may be undefined) */
+    tool: LlamaIndexTool | undefined;
+    /** The input that was passed to the tool */
+    input: Record<string, unknown>;
+    /** Tool output — can be any JSON value */
+    output: LlamaIndexJSONValue;
+    /** Whether the tool execution resulted in an error */
+    isError: boolean;
+}
+/** LlamaIndex query engine tool shape */
+export interface LlamaIndexQueryEngineTool {
+    metadata: LlamaIndexToolMetadata;
+    call?: (input: Record<string, unknown>) => LlamaIndexJSONValue | Promise<LlamaIndexJSONValue>;
+    queryEngine?: unknown;
+}
+/** LlamaIndex agent shape */
+export interface LlamaIndexAgent {
+    tools: LlamaIndexTool[];
+    chat?: (message: string) => Promise<unknown>;
+}
+export interface GovernLlamaIndexConfig {
+    agentName: string;
+    owner: string;
+    framework?: AgentFramework;
+    description?: string;
+    version?: string;
+    channels?: string[];
+    hasAuth?: boolean;
+    hasGuardrails?: boolean;
+    hasObservability?: boolean;
+    permissions?: Record<string, unknown>;
+    metadata?: Record<string, unknown>;
+    onBlocked?: (decision: EnforcementDecision, toolName: string) => void;
+    onDecision?: (decision: EnforcementDecision, toolName: string) => void;
+    actionMapper?: (toolName: string) => PolicyAction;
+    sessionTokenTracker?: () => number;
+}
+export interface GovernedLlamaIndexToolsResult {
+    tools: LlamaIndexTool[];
+    agentId: string;
+    score: number;
+    level: number;
+    governance: GovernanceInstance;
+    enforce: (toolName: string, input?: Record<string, unknown>) => Promise<EnforcementDecision>;
+    audit: (toolName: string, outcome: "success" | "failure", detail?: Record<string, unknown>) => Promise<AuditEvent>;
+}
+export interface GovernedLlamaIndexAgentResult {
+    agent: LlamaIndexAgent;
+    agentId: string;
+    score: number;
+    level: number;
+    governance: GovernanceInstance;
+    enforce: (toolName: string, input?: Record<string, unknown>) => Promise<EnforcementDecision>;
+    audit: (toolName: string, outcome: "success" | "failure", detail?: Record<string, unknown>) => Promise<AuditEvent>;
+}
+//# sourceMappingURL=llamaindex-types.d.ts.map

package/dist/plugins/llamaindex-types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"llamaindex-types.d.ts","sourceRoot":"","sources":["../../src/plugins/llamaindex-types.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAC/D,OAAO,KAAK,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACnE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAI/C,+EAA+E;AAC/E,MAAM,MAAM,mBAAmB,GAC3B,MAAM,GACN,MAAM,GACN,OAAO,GACP,mBAAmB,EAAE,GACrB;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,mBAAmB,CAAA;CAAE,CAAC;AAE3C,kEAAkE;AAClE,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,sBAAsB,CAAC;IACjC,+FAA+F;IAC/F,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,mBAAmB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAAC;CAC/F;AAED,+BAA+B;AAC/B,MAAM,WAAW,sBAAsB;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACtC;AAED,gGAAgG;AAChG,MAAM,WAAW,oBAAoB;IACnC,0EAA0E;IAC1E,IAAI,EAAE,cAAc,GAAG,SAAS,CAAC;IACjC,4CAA4C;IAC5C,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/B,0CAA0C;IAC1C,MAAM,EAAE,mBAAmB,CAAC;IAC5B,sDAAsD;IACtD,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,yCAAyC;AACzC,MAAM,WAAW,yBAAyB;IACxC,QAAQ,EAAE,sBAAsB,CAAC;IACjC,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,mBAAmB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAC9F,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED,6BAA6B;AAC7B,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,cAAc,EAAE,CAAC;IACxB,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;CAC9C;AAID,MAAM,WAAW,sBAAsB;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,cAAc,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACtC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,SAAS,CAAC,EAAE,CAAC,QAAQ,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC;IACtE,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC;IACvE,YAAY,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,YAAY,CAAC;IAClD,mBAAmB,CAAC,EAAE,MAAM,MAAM,CAAC;CACpC;AAID,MAAM,WAAW,6BAA6B;IAC5C,KAAK,EAAE,cAAc,EAAE,CAAC;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,kBAAkB,CAAC;IAC/B,OAAO,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAC7F,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,GAAG,SAAS,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,UAAU,CAAC,CAAC;CACpH;AAED,MAAM,WAAW,6BAA6B;IAC5C,KAAK,EAAE,eAAe,CAAC;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,kBAAkB,CAAC;IAC/B,OAAO,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAC7F,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,GAAG,SAAS,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,UAAU,CAAC,CAAC;CACpH"}

package/dist/plugins/llamaindex-types.js

@@ -0,0 +1,11 @@
+/**
+ * Types for the LlamaIndex governance integration.
+ *
+ * Mirrors LlamaIndex TypeScript SDK (llamaindex npm) shapes without
+ * requiring the SDK as a dependency. Structurally compatible at runtime.
+ *
+ * Updated March 2026: call() returns ToolOutput per SDK (tool, input,
+ * output, isError), call is optional on BaseTool (BaseToolWithCall has it).
+ */
+export {};
+//# sourceMappingURL=llamaindex-types.js.map

package/dist/plugins/llamaindex-types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"llamaindex-types.js","sourceRoot":"","sources":["../../src/plugins/llamaindex-types.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG"}

package/dist/plugins/llamaindex.d.ts

@@ -0,0 +1,36 @@
+/**
+ * governance-sdk LlamaIndex Plugin
+ *
+ * Integrates governance enforcement into LlamaIndex tool execution.
+ * Wraps tools with before-action policy checks and audit logging.
+ *
+ * @example
+ * ```ts
+ * import { createGovernance, blockTools } from 'governance-sdk';
+ * import { governLlamaIndexTools } from 'governance-sdk/plugins/llamaindex';
+ *
+ * const gov = createGovernance({
+ *   rules: [blockTools(['file_delete', 'shell_exec'])],
+ * });
+ *
+ * const { tools } = await governLlamaIndexTools(gov, [searchTool, writeTool], {
+ *   agentName: 'llamaindex-agent',
+ *   owner: 'ai-team',
+ * });
+ *
+ * // Use governed tools in your LlamaIndex agent
+ * const agent = new OpenAIAgent({ tools });
+ * ```
+ */
+import type { GovernanceInstance } from "../index";
+import type { EnforcementDecision } from "../policy";
+import type { LlamaIndexTool, LlamaIndexAgent, GovernLlamaIndexConfig, GovernedLlamaIndexToolsResult, GovernedLlamaIndexAgentResult } from "./llamaindex-types.js";
+export type { LlamaIndexTool, LlamaIndexToolMetadata, LlamaIndexToolOutput, LlamaIndexJSONValue, LlamaIndexQueryEngineTool, LlamaIndexAgent, GovernLlamaIndexConfig, GovernedLlamaIndexToolsResult, GovernedLlamaIndexAgentResult, } from "./llamaindex-types.js";
+export declare class GovernanceBlockedError extends Error {
+    readonly decision: EnforcementDecision;
+    readonly toolName: string;
+    constructor(decision: EnforcementDecision, toolName: string);
+}
+export declare function governLlamaIndexTools(governance: GovernanceInstance, tools: LlamaIndexTool[], config: GovernLlamaIndexConfig): Promise<GovernedLlamaIndexToolsResult>;
+export declare function governLlamaIndexAgent(governance: GovernanceInstance, agent: LlamaIndexAgent, config: GovernLlamaIndexConfig): Promise<GovernedLlamaIndexAgentResult>;
+//# sourceMappingURL=llamaindex.d.ts.map

package/dist/plugins/llamaindex.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"llamaindex.d.ts","sourceRoot":"","sources":["../../src/plugins/llamaindex.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAc,MAAM,UAAU,CAAC;AAC/D,OAAO,KAAK,EAAE,mBAAmB,EAAgB,MAAM,WAAW,CAAC;AAEnE,OAAO,KAAK,EACV,cAAc,EAAE,eAAe,EAC/B,sBAAsB,EAAE,6BAA6B,EAAE,6BAA6B,EACrF,MAAM,uBAAuB,CAAC;AAG/B,YAAY,EACV,cAAc,EAAE,sBAAsB,EAAE,oBAAoB,EAAE,mBAAmB,EACjF,yBAAyB,EAAE,eAAe,EAC1C,sBAAsB,EAAE,6BAA6B,EAAE,6BAA6B,GACrF,MAAM,uBAAuB,CAAC;AAI/B,qBAAa,sBAAuB,SAAQ,KAAK;IAC/C,SAAgB,QAAQ,EAAE,mBAAmB,CAAC;IAC9C,SAAgB,QAAQ,EAAE,MAAM,CAAC;gBAErB,QAAQ,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM;CAM5D;AAuED,wBAAsB,qBAAqB,CACzC,UAAU,EAAE,kBAAkB,EAC9B,KAAK,EAAE,cAAc,EAAE,EACvB,MAAM,EAAE,sBAAsB,GAC7B,OAAO,CAAC,6BAA6B,CAAC,CAiBxC;AAID,wBAAsB,qBAAqB,CACzC,UAAU,EAAE,kBAAkB,EAC9B,KAAK,EAAE,eAAe,EACtB,MAAM,EAAE,sBAAsB,GAC7B,OAAO,CAAC,6BAA6B,CAAC,CAiBxC"}