meshguard 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +293 -0
- package/dist/cjs/client.d.ts +92 -0
- package/dist/cjs/client.d.ts.map +1 -0
- package/dist/cjs/client.js +314 -0
- package/dist/cjs/client.js.map +1 -0
- package/dist/cjs/exceptions.d.ts +33 -0
- package/dist/cjs/exceptions.d.ts.map +1 -0
- package/dist/cjs/exceptions.js +60 -0
- package/dist/cjs/exceptions.js.map +1 -0
- package/dist/cjs/index.d.ts +23 -0
- package/dist/cjs/index.d.ts.map +1 -0
- package/dist/cjs/index.js +32 -0
- package/dist/cjs/index.js.map +1 -0
- package/dist/cjs/langchain.d.ts +106 -0
- package/dist/cjs/langchain.d.ts.map +1 -0
- package/dist/cjs/langchain.js +157 -0
- package/dist/cjs/langchain.js.map +1 -0
- package/dist/cjs/package.json +1 -0
- package/dist/cjs/types.d.ts +91 -0
- package/dist/cjs/types.d.ts.map +1 -0
- package/dist/cjs/types.js +6 -0
- package/dist/cjs/types.js.map +1 -0
- package/dist/esm/client.d.ts +92 -0
- package/dist/esm/client.d.ts.map +1 -0
- package/dist/esm/client.js +310 -0
- package/dist/esm/client.js.map +1 -0
- package/dist/esm/exceptions.d.ts +33 -0
- package/dist/esm/exceptions.d.ts.map +1 -0
- package/dist/esm/exceptions.js +53 -0
- package/dist/esm/exceptions.js.map +1 -0
- package/dist/esm/index.d.ts +23 -0
- package/dist/esm/index.d.ts.map +1 -0
- package/dist/esm/index.js +24 -0
- package/dist/esm/index.js.map +1 -0
- package/dist/esm/langchain.d.ts +106 -0
- package/dist/esm/langchain.d.ts.map +1 -0
- package/dist/esm/langchain.js +151 -0
- package/dist/esm/langchain.js.map +1 -0
- package/dist/esm/types.d.ts +91 -0
- package/dist/esm/types.d.ts.map +1 -0
- package/dist/esm/types.js +5 -0
- package/dist/esm/types.js.map +1 -0
- package/package.json +76 -0
|
@@ -0,0 +1,314 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* MeshGuard Client
|
|
4
|
+
*
|
|
5
|
+
* Core client for interacting with the MeshGuard gateway.
|
|
6
|
+
*/
|
|
7
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
8
|
+
exports.MeshGuardClient = void 0;
|
|
9
|
+
const exceptions_js_1 = require("./exceptions.js");
|
|
10
|
+
/**
|
|
11
|
+
* Client for the MeshGuard governance gateway.
|
|
12
|
+
*
|
|
13
|
+
* @example
|
|
14
|
+
* ```ts
|
|
15
|
+
* const client = new MeshGuardClient({
|
|
16
|
+
* gatewayUrl: "https://dashboard.meshguard.app",
|
|
17
|
+
* agentToken: "your-agent-token",
|
|
18
|
+
* });
|
|
19
|
+
*
|
|
20
|
+
* // Check if an action is allowed
|
|
21
|
+
* const decision = await client.check("read:contacts");
|
|
22
|
+
* if (decision.allowed) {
|
|
23
|
+
* // proceed
|
|
24
|
+
* }
|
|
25
|
+
*
|
|
26
|
+
* // Or enforce (throws on deny)
|
|
27
|
+
* await client.enforce("read:contacts");
|
|
28
|
+
*
|
|
29
|
+
* // Or govern a function
|
|
30
|
+
* const result = await client.govern("read:contacts", async () => {
|
|
31
|
+
* return fetchContacts();
|
|
32
|
+
* });
|
|
33
|
+
* ```
|
|
34
|
+
*/
|
|
35
|
+
class MeshGuardClient {
|
|
36
|
+
gatewayUrl;
|
|
37
|
+
agentToken;
|
|
38
|
+
adminToken;
|
|
39
|
+
timeout;
|
|
40
|
+
traceId;
|
|
41
|
+
constructor(options = {}) {
|
|
42
|
+
this.gatewayUrl = (options.gatewayUrl ??
|
|
43
|
+
process.env.MESHGUARD_GATEWAY_URL ??
|
|
44
|
+
"http://localhost:3100").replace(/\/+$/, "");
|
|
45
|
+
this.agentToken =
|
|
46
|
+
options.agentToken ?? process.env.MESHGUARD_AGENT_TOKEN;
|
|
47
|
+
this.adminToken =
|
|
48
|
+
options.adminToken ?? process.env.MESHGUARD_ADMIN_TOKEN;
|
|
49
|
+
this.timeout = options.timeout ?? 30_000;
|
|
50
|
+
this.traceId = options.traceId ?? crypto.randomUUID();
|
|
51
|
+
}
|
|
52
|
+
// ---------------------------------------------------------------------------
|
|
53
|
+
// Internal helpers
|
|
54
|
+
// ---------------------------------------------------------------------------
|
|
55
|
+
headers(includeAuth = true) {
|
|
56
|
+
const h = {
|
|
57
|
+
"X-MeshGuard-Trace-ID": this.traceId,
|
|
58
|
+
};
|
|
59
|
+
if (includeAuth && this.agentToken) {
|
|
60
|
+
h["Authorization"] = `Bearer ${this.agentToken}`;
|
|
61
|
+
}
|
|
62
|
+
return h;
|
|
63
|
+
}
|
|
64
|
+
adminHeaders() {
|
|
65
|
+
if (!this.adminToken) {
|
|
66
|
+
throw new exceptions_js_1.AuthenticationError("Admin token required for this operation");
|
|
67
|
+
}
|
|
68
|
+
return {
|
|
69
|
+
"X-Admin-Token": this.adminToken,
|
|
70
|
+
"X-MeshGuard-Trace-ID": this.traceId,
|
|
71
|
+
};
|
|
72
|
+
}
|
|
73
|
+
async handleResponse(response) {
|
|
74
|
+
if (response.status === 401) {
|
|
75
|
+
throw new exceptions_js_1.AuthenticationError("Invalid or expired token");
|
|
76
|
+
}
|
|
77
|
+
if (response.status === 403) {
|
|
78
|
+
const data = await this.safeJson(response);
|
|
79
|
+
throw new exceptions_js_1.PolicyDeniedError({
|
|
80
|
+
action: data.action ?? "unknown",
|
|
81
|
+
policy: data.policy,
|
|
82
|
+
rule: data.rule,
|
|
83
|
+
reason: data.message ?? "Access denied by policy",
|
|
84
|
+
});
|
|
85
|
+
}
|
|
86
|
+
if (response.status === 429) {
|
|
87
|
+
throw new exceptions_js_1.RateLimitError("Rate limit exceeded");
|
|
88
|
+
}
|
|
89
|
+
if (response.status >= 400) {
|
|
90
|
+
const text = await response.text();
|
|
91
|
+
throw new exceptions_js_1.MeshGuardError(`Request failed: ${response.status} ${text}`);
|
|
92
|
+
}
|
|
93
|
+
return this.safeJson(response);
|
|
94
|
+
}
|
|
95
|
+
async safeJson(response) {
|
|
96
|
+
const text = await response.text();
|
|
97
|
+
if (!text)
|
|
98
|
+
return {};
|
|
99
|
+
try {
|
|
100
|
+
return JSON.parse(text);
|
|
101
|
+
}
|
|
102
|
+
catch {
|
|
103
|
+
return {};
|
|
104
|
+
}
|
|
105
|
+
}
|
|
106
|
+
async fetch(url, init = {}) {
|
|
107
|
+
const controller = new AbortController();
|
|
108
|
+
const timer = setTimeout(() => controller.abort(), this.timeout);
|
|
109
|
+
try {
|
|
110
|
+
return await fetch(url, { ...init, signal: controller.signal });
|
|
111
|
+
}
|
|
112
|
+
finally {
|
|
113
|
+
clearTimeout(timer);
|
|
114
|
+
}
|
|
115
|
+
}
|
|
116
|
+
// ---------------------------------------------------------------------------
|
|
117
|
+
// Core Governance
|
|
118
|
+
// ---------------------------------------------------------------------------
|
|
119
|
+
/**
|
|
120
|
+
* Check if an action is allowed by policy.
|
|
121
|
+
*
|
|
122
|
+
* Returns a {@link PolicyDecision} — never throws on deny.
|
|
123
|
+
*/
|
|
124
|
+
async check(action, resource) {
|
|
125
|
+
const h = this.headers();
|
|
126
|
+
h["X-MeshGuard-Action"] = action;
|
|
127
|
+
if (resource)
|
|
128
|
+
h["X-MeshGuard-Resource"] = resource;
|
|
129
|
+
try {
|
|
130
|
+
const response = await this.fetch(`${this.gatewayUrl}/proxy/check`, {
|
|
131
|
+
method: "GET",
|
|
132
|
+
headers: h,
|
|
133
|
+
});
|
|
134
|
+
if (response.status === 403) {
|
|
135
|
+
const data = await this.safeJson(response);
|
|
136
|
+
return {
|
|
137
|
+
allowed: false,
|
|
138
|
+
action,
|
|
139
|
+
decision: "deny",
|
|
140
|
+
policy: data.policy,
|
|
141
|
+
rule: data.rule,
|
|
142
|
+
reason: data.message,
|
|
143
|
+
traceId: this.traceId,
|
|
144
|
+
};
|
|
145
|
+
}
|
|
146
|
+
const data = await this.handleResponse(response);
|
|
147
|
+
return {
|
|
148
|
+
allowed: true,
|
|
149
|
+
action,
|
|
150
|
+
decision: "allow",
|
|
151
|
+
policy: data.policy,
|
|
152
|
+
traceId: this.traceId,
|
|
153
|
+
};
|
|
154
|
+
}
|
|
155
|
+
catch (err) {
|
|
156
|
+
if (err instanceof exceptions_js_1.PolicyDeniedError) {
|
|
157
|
+
return {
|
|
158
|
+
allowed: false,
|
|
159
|
+
action,
|
|
160
|
+
decision: "deny",
|
|
161
|
+
policy: err.policy,
|
|
162
|
+
rule: err.rule,
|
|
163
|
+
reason: err.reason,
|
|
164
|
+
traceId: this.traceId,
|
|
165
|
+
};
|
|
166
|
+
}
|
|
167
|
+
throw err;
|
|
168
|
+
}
|
|
169
|
+
}
|
|
170
|
+
/**
|
|
171
|
+
* Enforce policy — throws {@link PolicyDeniedError} if the action is denied.
|
|
172
|
+
*/
|
|
173
|
+
async enforce(action, resource) {
|
|
174
|
+
const decision = await this.check(action, resource);
|
|
175
|
+
if (!decision.allowed) {
|
|
176
|
+
throw new exceptions_js_1.PolicyDeniedError({
|
|
177
|
+
action,
|
|
178
|
+
policy: decision.policy,
|
|
179
|
+
rule: decision.rule,
|
|
180
|
+
reason: decision.reason,
|
|
181
|
+
});
|
|
182
|
+
}
|
|
183
|
+
return decision;
|
|
184
|
+
}
|
|
185
|
+
/**
|
|
186
|
+
* Execute a function only if the action is allowed by policy.
|
|
187
|
+
*
|
|
188
|
+
* @example
|
|
189
|
+
* ```ts
|
|
190
|
+
* const contacts = await client.govern("read:contacts", async () => {
|
|
191
|
+
* return db.contacts.findAll();
|
|
192
|
+
* });
|
|
193
|
+
* ```
|
|
194
|
+
*/
|
|
195
|
+
async govern(action, fn, resource) {
|
|
196
|
+
await this.enforce(action, resource);
|
|
197
|
+
return fn();
|
|
198
|
+
}
|
|
199
|
+
// ---------------------------------------------------------------------------
|
|
200
|
+
// Proxy Requests
|
|
201
|
+
// ---------------------------------------------------------------------------
|
|
202
|
+
/**
|
|
203
|
+
* Make a governed request through the MeshGuard proxy.
|
|
204
|
+
*/
|
|
205
|
+
async request(method, path, action, init = {}) {
|
|
206
|
+
const h = {
|
|
207
|
+
...this.headers(),
|
|
208
|
+
"X-MeshGuard-Action": action,
|
|
209
|
+
};
|
|
210
|
+
// Merge any caller-provided headers
|
|
211
|
+
if (init.headers) {
|
|
212
|
+
const extra = init.headers instanceof Headers
|
|
213
|
+
? Object.fromEntries(init.headers.entries())
|
|
214
|
+
: init.headers;
|
|
215
|
+
Object.assign(h, extra);
|
|
216
|
+
}
|
|
217
|
+
const response = await this.fetch(`${this.gatewayUrl}/proxy/${path.replace(/^\/+/, "")}`, { ...init, method, headers: h });
|
|
218
|
+
await this.handleResponse(response);
|
|
219
|
+
return response;
|
|
220
|
+
}
|
|
221
|
+
/** GET through the governance proxy. */
|
|
222
|
+
async get(path, action, init) {
|
|
223
|
+
return this.request("GET", path, action, init);
|
|
224
|
+
}
|
|
225
|
+
/** POST through the governance proxy. */
|
|
226
|
+
async post(path, action, init) {
|
|
227
|
+
return this.request("POST", path, action, init);
|
|
228
|
+
}
|
|
229
|
+
/** PUT through the governance proxy. */
|
|
230
|
+
async put(path, action, init) {
|
|
231
|
+
return this.request("PUT", path, action, init);
|
|
232
|
+
}
|
|
233
|
+
/** DELETE through the governance proxy. */
|
|
234
|
+
async delete(path, action, init) {
|
|
235
|
+
return this.request("DELETE", path, action, init);
|
|
236
|
+
}
|
|
237
|
+
// ---------------------------------------------------------------------------
|
|
238
|
+
// Health & Info
|
|
239
|
+
// ---------------------------------------------------------------------------
|
|
240
|
+
/** Check gateway health. */
|
|
241
|
+
async health() {
|
|
242
|
+
const response = await this.fetch(`${this.gatewayUrl}/health`);
|
|
243
|
+
return (await response.json());
|
|
244
|
+
}
|
|
245
|
+
/** Quick boolean health check. */
|
|
246
|
+
async isHealthy() {
|
|
247
|
+
try {
|
|
248
|
+
const h = await this.health();
|
|
249
|
+
return h.status === "healthy";
|
|
250
|
+
}
|
|
251
|
+
catch {
|
|
252
|
+
return false;
|
|
253
|
+
}
|
|
254
|
+
}
|
|
255
|
+
// ---------------------------------------------------------------------------
|
|
256
|
+
// Admin Operations
|
|
257
|
+
// ---------------------------------------------------------------------------
|
|
258
|
+
/** List all agents (requires admin token). */
|
|
259
|
+
async listAgents() {
|
|
260
|
+
const response = await this.fetch(`${this.gatewayUrl}/admin/agents`, {
|
|
261
|
+
headers: this.adminHeaders(),
|
|
262
|
+
});
|
|
263
|
+
const data = await this.handleResponse(response);
|
|
264
|
+
const agents = data.agents ?? [];
|
|
265
|
+
return agents.map((a) => ({
|
|
266
|
+
id: a.id,
|
|
267
|
+
name: a.name,
|
|
268
|
+
trustTier: a.trustTier,
|
|
269
|
+
tags: a.tags ?? [],
|
|
270
|
+
orgId: a.orgId,
|
|
271
|
+
}));
|
|
272
|
+
}
|
|
273
|
+
/** Create a new agent (requires admin token). */
|
|
274
|
+
async createAgent(options) {
|
|
275
|
+
const response = await this.fetch(`${this.gatewayUrl}/admin/agents`, {
|
|
276
|
+
method: "POST",
|
|
277
|
+
headers: {
|
|
278
|
+
...this.adminHeaders(),
|
|
279
|
+
"Content-Type": "application/json",
|
|
280
|
+
},
|
|
281
|
+
body: JSON.stringify({
|
|
282
|
+
name: options.name,
|
|
283
|
+
trustTier: options.trustTier ?? "verified",
|
|
284
|
+
tags: options.tags ?? [],
|
|
285
|
+
}),
|
|
286
|
+
});
|
|
287
|
+
return this.handleResponse(response);
|
|
288
|
+
}
|
|
289
|
+
/** Revoke an agent (requires admin token). */
|
|
290
|
+
async revokeAgent(agentId) {
|
|
291
|
+
const response = await this.fetch(`${this.gatewayUrl}/admin/agents/${agentId}`, { method: "DELETE", headers: this.adminHeaders() });
|
|
292
|
+
await this.handleResponse(response);
|
|
293
|
+
}
|
|
294
|
+
/** List all policies (requires admin token). */
|
|
295
|
+
async listPolicies() {
|
|
296
|
+
const response = await this.fetch(`${this.gatewayUrl}/admin/policies`, {
|
|
297
|
+
headers: this.adminHeaders(),
|
|
298
|
+
});
|
|
299
|
+
const data = await this.handleResponse(response);
|
|
300
|
+
return data.policies ?? [];
|
|
301
|
+
}
|
|
302
|
+
/** Get audit log entries (requires admin token). */
|
|
303
|
+
async getAuditLog(options = {}) {
|
|
304
|
+
const params = new URLSearchParams();
|
|
305
|
+
params.set("limit", String(options.limit ?? 50));
|
|
306
|
+
if (options.decision)
|
|
307
|
+
params.set("decision", options.decision);
|
|
308
|
+
const response = await this.fetch(`${this.gatewayUrl}/admin/audit?${params}`, { headers: this.adminHeaders() });
|
|
309
|
+
const data = await this.handleResponse(response);
|
|
310
|
+
return data.entries ?? [];
|
|
311
|
+
}
|
|
312
|
+
}
|
|
313
|
+
exports.MeshGuardClient = MeshGuardClient;
|
|
314
|
+
//# sourceMappingURL=client.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/client.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAaH,mDAKyB;AAEzB;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAa,eAAe;IACjB,UAAU,CAAS;IACnB,UAAU,CAAU;IACpB,UAAU,CAAU;IACpB,OAAO,CAAS;IAChB,OAAO,CAAS;IAEzB,YAAY,UAA4B,EAAE;QACxC,IAAI,CAAC,UAAU,GAAG,CAChB,OAAO,CAAC,UAAU;YAClB,OAAO,CAAC,GAAG,CAAC,qBAAqB;YACjC,uBAAuB,CACxB,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAEtB,IAAI,CAAC,UAAU;YACb,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;QAC1D,IAAI,CAAC,UAAU;YACb,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;QAC1D,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,MAAM,CAAC;QACzC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;IACxD,CAAC;IAED,8EAA8E;IAC9E,mBAAmB;IACnB,8EAA8E;IAEtE,OAAO,CAAC,WAAW,GAAG,IAAI;QAChC,MAAM,CAAC,GAA2B;YAChC,sBAAsB,EAAE,IAAI,CAAC,OAAO;SACrC,CAAC;QACF,IAAI,WAAW,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACnC,CAAC,CAAC,eAAe,CAAC,GAAG,UAAU,IAAI,CAAC,UAAU,EAAE,CAAC;QACnD,CAAC;QACD,OAAO,CAAC,CAAC;IACX,CAAC;IAEO,YAAY;QAClB,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,MAAM,IAAI,mCAAmB,CAAC,yCAAyC,CAAC,CAAC;QAC3E,CAAC;QACD,OAAO;YACL,eAAe,EAAE,IAAI,CAAC,UAAU;YAChC,sBAAsB,EAAE,IAAI,CAAC,OAAO;SACrC,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,cAAc,CAAC,QAAkB;QAC7C,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,MAAM,IAAI,mCAAmB,CAAC,0BAA0B,CAAC,CAAC;QAC5D,CAAC;QACD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAC3C,MAAM,IAAI,iCAAiB,CAAC;gBAC1B,MAAM,EAAG,IAAI,CAAC,MAAiB,IAAI,SAAS;gBAC5C,MAAM,EAAE,IAAI,CAAC,MAA4B;gBACzC,IAAI,EAAE,IAAI,CAAC,IAA0B;gBACrC,MAAM,EAAG,IAAI,CAAC,OAAkB,IAAI,yBAAyB;aAC9D,CAAC,CAAC;QACL,CAAC;QACD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,MAAM,IAAI,8BAAc,CAAC,qBAAqB,CAAC,CAAC;QAClD,CAAC;QACD,IAAI,QAAQ,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;YAC3B,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,IAAI,8BAAc,CAAC,mBAAmB,QAAQ,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC;QACzE,CAAC;QACD,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACjC,CAAC;IAEO,KAAK,CAAC,QAAQ,CAAC,QAAkB;QACvC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,IAAI,CAAC,IAAI;YAAE,OAAO,EAAE,CAAC;QACrB,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAA4B,CAAC;QACrD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,KAAK,CACjB,GAAW,EACX,OAAoB,EAAE;QAEtB,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QACjE,IAAI,CAAC;YACH,OAAO,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;QAClE,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IAED,8EAA8E;IAC9E,kBAAkB;IAClB,8EAA8E;IAE9E;;;;OAIG;IACH,KAAK,CAAC,KAAK,CAAC,MAAc,EAAE,QAAiB;QAC3C,MAAM,CAAC,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;QACzB,CAAC,CAAC,oBAAoB,CAAC,GAAG,MAAM,CAAC;QACjC,IAAI,QAAQ;YAAE,CAAC,CAAC,sBAAsB,CAAC,GAAG,QAAQ,CAAC;QAEnD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,UAAU,cAAc,EAAE;gBAClE,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE,CAAC;aACX,CAAC,CAAC;YAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBAC3C,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM;oBACN,QAAQ,EAAE,MAAM;oBAChB,MAAM,EAAE,IAAI,CAAC,MAA4B;oBACzC,IAAI,EAAE,IAAI,CAAC,IAA0B;oBACrC,MAAM,EAAE,IAAI,CAAC,OAA6B;oBAC1C,OAAO,EAAE,IAAI,CAAC,OAAO;iBACtB,CAAC;YACJ,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;YACjD,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,MAAM;gBACN,QAAQ,EAAE,OAAO;gBACjB,MAAM,EAAE,IAAI,CAAC,MAA4B;gBACzC,OAAO,EAAE,IAAI,CAAC,OAAO;aACtB,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,iCAAiB,EAAE,CAAC;gBACrC,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM;oBACN,QAAQ,EAAE,MAAM;oBAChB,MAAM,EAAE,GAAG,CAAC,MAAM;oBAClB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,MAAM,EAAE,GAAG,CAAC,MAAM;oBAClB,OAAO,EAAE,IAAI,CAAC,OAAO;iBACtB,CAAC;YACJ,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CAAC,MAAc,EAAE,QAAiB;QAC7C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACpD,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;YACtB,MAAM,IAAI,iCAAiB,CAAC;gBAC1B,MAAM;gBACN,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,IAAI,EAAE,QAAQ,CAAC,IAAI;gBACnB,MAAM,EAAE,QAAQ,CAAC,MAAM;aACxB,CAAC,CAAC;QACL,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,MAAM,CACV,MAAc,EACd,EAAwB,EACxB,QAAiB;QAEjB,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACrC,OAAO,EAAE,EAAE,CAAC;IACd,CAAC;IAED,8EAA8E;IAC9E,iBAAiB;IACjB,8EAA8E;IAE9E;;OAEG;IACH,KAAK,CAAC,OAAO,CACX,MAAc,EACd,IAAY,EACZ,MAAc,EACd,OAAoB,EAAE;QAEtB,MAAM,CAAC,GAA2B;YAChC,GAAG,IAAI,CAAC,OAAO,EAAE;YACjB,oBAAoB,EAAE,MAAM;SAC7B,CAAC;QAEF,oCAAoC;QACpC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,MAAM,KAAK,GACT,IAAI,CAAC,OAAO,YAAY,OAAO;gBAC7B,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;gBAC5C,CAAC,CAAE,IAAI,CAAC,OAAkC,CAAC;YAC/C,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QAC1B,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAC/B,GAAG,IAAI,CAAC,UAAU,UAAU,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,EAAE,EACtD,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,EAAE,CAChC,CAAC;QAEF,MAAM,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QACpC,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,wCAAwC;IACxC,KAAK,CAAC,GAAG,CAAC,IAAY,EAAE,MAAc,EAAE,IAAkB;QACxD,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;IACjD,CAAC;IAED,yCAAyC;IACzC,KAAK,CAAC,IAAI,CAAC,IAAY,EAAE,MAAc,EAAE,IAAkB;QACzD,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;IAClD,CAAC;IAED,wCAAwC;IACxC,KAAK,CAAC,GAAG,CAAC,IAAY,EAAE,MAAc,EAAE,IAAkB;QACxD,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;IACjD,CAAC;IAED,2CAA2C;IAC3C,KAAK,CAAC,MAAM,CAAC,IAAY,EAAE,MAAc,EAAE,IAAkB;QAC3D,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;IACpD,CAAC;IAED,8EAA8E;IAC9E,gBAAgB;IAChB,8EAA8E;IAE9E,4BAA4B;IAC5B,KAAK,CAAC,MAAM;QACV,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,UAAU,SAAS,CAAC,CAAC;QAC/D,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAiB,CAAC;IACjD,CAAC;IAED,kCAAkC;IAClC,KAAK,CAAC,SAAS;QACb,IAAI,CAAC;YACH,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC;YAC9B,OAAO,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC;QAChC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,8EAA8E;IAC9E,mBAAmB;IACnB,8EAA8E;IAE9E,8CAA8C;IAC9C,KAAK,CAAC,UAAU;QACd,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,UAAU,eAAe,EAAE;YACnE,OAAO,EAAE,IAAI,CAAC,YAAY,EAAE;SAC7B,CAAC,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QACjD,MAAM,MAAM,GAAI,IAAI,CAAC,MAAyC,IAAI,EAAE,CAAC;QACrE,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACxB,EAAE,EAAE,CAAC,CAAC,EAAY;YAClB,IAAI,EAAE,CAAC,CAAC,IAAc;YACtB,SAAS,EAAE,CAAC,CAAC,SAAmB;YAChC,IAAI,EAAG,CAAC,CAAC,IAAiB,IAAI,EAAE;YAChC,KAAK,EAAE,CAAC,CAAC,KAA2B;SACrC,CAAC,CAAC,CAAC;IACN,CAAC;IAED,iDAAiD;IACjD,KAAK,CAAC,WAAW,CAAC,OAA2B;QAC3C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,UAAU,eAAe,EAAE;YACnE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,GAAG,IAAI,CAAC,YAAY,EAAE;gBACtB,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,UAAU;gBAC1C,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,EAAE;aACzB,CAAC;SACH,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IACvC,CAAC;IAED,8CAA8C;IAC9C,KAAK,CAAC,WAAW,CAAC,OAAe;QAC/B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAC/B,GAAG,IAAI,CAAC,UAAU,iBAAiB,OAAO,EAAE,EAC5C,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC,YAAY,EAAE,EAAE,CACnD,CAAC;QACF,MAAM,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IACtC,CAAC;IAED,gDAAgD;IAChD,KAAK,CAAC,YAAY;QAChB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,UAAU,iBAAiB,EAAE;YACrE,OAAO,EAAE,IAAI,CAAC,YAAY,EAAE;SAC7B,CAAC,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QACjD,OAAQ,IAAI,CAAC,QAAqB,IAAI,EAAE,CAAC;IAC3C,CAAC;IAED,oDAAoD;IACpD,KAAK,CAAC,WAAW,CAAC,UAA2B,EAAE;QAC7C,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;QACrC,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC;QACjD,IAAI,OAAO,CAAC,QAAQ;YAAE,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QAE/D,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAC/B,GAAG,IAAI,CAAC,UAAU,gBAAgB,MAAM,EAAE,EAC1C,EAAE,OAAO,EAAE,IAAI,CAAC,YAAY,EAAE,EAAE,CACjC,CAAC;QACF,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QACjD,OAAQ,IAAI,CAAC,OAAwB,IAAI,EAAE,CAAC;IAC9C,CAAC;CACF;AAxUD,0CAwUC"}
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* MeshGuard Exceptions
|
|
3
|
+
*/
|
|
4
|
+
/** Base error for all MeshGuard errors. */
|
|
5
|
+
export declare class MeshGuardError extends Error {
|
|
6
|
+
constructor(message: string);
|
|
7
|
+
}
|
|
8
|
+
/** Raised when authentication fails (401). */
|
|
9
|
+
export declare class AuthenticationError extends MeshGuardError {
|
|
10
|
+
constructor(message?: string);
|
|
11
|
+
}
|
|
12
|
+
/** Raised when an action is denied by policy (403). */
|
|
13
|
+
export declare class PolicyDeniedError extends MeshGuardError {
|
|
14
|
+
/** The action that was denied. */
|
|
15
|
+
readonly action: string;
|
|
16
|
+
/** The policy that denied the action. */
|
|
17
|
+
readonly policy?: string;
|
|
18
|
+
/** The specific rule that matched. */
|
|
19
|
+
readonly rule?: string;
|
|
20
|
+
/** Human-readable reason for denial. */
|
|
21
|
+
readonly reason: string;
|
|
22
|
+
constructor(options: {
|
|
23
|
+
action: string;
|
|
24
|
+
policy?: string;
|
|
25
|
+
rule?: string;
|
|
26
|
+
reason?: string;
|
|
27
|
+
});
|
|
28
|
+
}
|
|
29
|
+
/** Raised when rate limit is exceeded (429). */
|
|
30
|
+
export declare class RateLimitError extends MeshGuardError {
|
|
31
|
+
constructor(message?: string);
|
|
32
|
+
}
|
|
33
|
+
//# sourceMappingURL=exceptions.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"exceptions.d.ts","sourceRoot":"","sources":["../../src/exceptions.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,2CAA2C;AAC3C,qBAAa,cAAe,SAAQ,KAAK;gBAC3B,OAAO,EAAE,MAAM;CAM5B;AAED,8CAA8C;AAC9C,qBAAa,mBAAoB,SAAQ,cAAc;gBACzC,OAAO,GAAE,MAAmC;CAIzD;AAED,uDAAuD;AACvD,qBAAa,iBAAkB,SAAQ,cAAc;IACnD,kCAAkC;IAClC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,yCAAyC;IACzC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,sCAAsC;IACtC,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,wCAAwC;IACxC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;gBAEZ,OAAO,EAAE;QACnB,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB;CAeF;AAED,gDAAgD;AAChD,qBAAa,cAAe,SAAQ,cAAc;gBACpC,OAAO,GAAE,MAA8B;CAIpD"}
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* MeshGuard Exceptions
|
|
4
|
+
*/
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.RateLimitError = exports.PolicyDeniedError = exports.AuthenticationError = exports.MeshGuardError = void 0;
|
|
7
|
+
/** Base error for all MeshGuard errors. */
|
|
8
|
+
class MeshGuardError extends Error {
|
|
9
|
+
constructor(message) {
|
|
10
|
+
super(message);
|
|
11
|
+
this.name = "MeshGuardError";
|
|
12
|
+
// Fix prototype chain for instanceof checks
|
|
13
|
+
Object.setPrototypeOf(this, new.target.prototype);
|
|
14
|
+
}
|
|
15
|
+
}
|
|
16
|
+
exports.MeshGuardError = MeshGuardError;
|
|
17
|
+
/** Raised when authentication fails (401). */
|
|
18
|
+
class AuthenticationError extends MeshGuardError {
|
|
19
|
+
constructor(message = "Invalid or expired token") {
|
|
20
|
+
super(message);
|
|
21
|
+
this.name = "AuthenticationError";
|
|
22
|
+
}
|
|
23
|
+
}
|
|
24
|
+
exports.AuthenticationError = AuthenticationError;
|
|
25
|
+
/** Raised when an action is denied by policy (403). */
|
|
26
|
+
class PolicyDeniedError extends MeshGuardError {
|
|
27
|
+
/** The action that was denied. */
|
|
28
|
+
action;
|
|
29
|
+
/** The policy that denied the action. */
|
|
30
|
+
policy;
|
|
31
|
+
/** The specific rule that matched. */
|
|
32
|
+
rule;
|
|
33
|
+
/** Human-readable reason for denial. */
|
|
34
|
+
reason;
|
|
35
|
+
constructor(options) {
|
|
36
|
+
const { action, policy, rule, reason = "Access denied by policy" } = options;
|
|
37
|
+
let message = `Action '${action}' denied`;
|
|
38
|
+
if (policy)
|
|
39
|
+
message += ` by policy '${policy}'`;
|
|
40
|
+
if (rule)
|
|
41
|
+
message += ` (rule: ${rule})`;
|
|
42
|
+
message += `: ${reason}`;
|
|
43
|
+
super(message);
|
|
44
|
+
this.name = "PolicyDeniedError";
|
|
45
|
+
this.action = action;
|
|
46
|
+
this.policy = policy;
|
|
47
|
+
this.rule = rule;
|
|
48
|
+
this.reason = reason;
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
exports.PolicyDeniedError = PolicyDeniedError;
|
|
52
|
+
/** Raised when rate limit is exceeded (429). */
|
|
53
|
+
class RateLimitError extends MeshGuardError {
|
|
54
|
+
constructor(message = "Rate limit exceeded") {
|
|
55
|
+
super(message);
|
|
56
|
+
this.name = "RateLimitError";
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
exports.RateLimitError = RateLimitError;
|
|
60
|
+
//# sourceMappingURL=exceptions.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"exceptions.js","sourceRoot":"","sources":["../../src/exceptions.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAEH,2CAA2C;AAC3C,MAAa,cAAe,SAAQ,KAAK;IACvC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,gBAAgB,CAAC;QAC7B,4CAA4C;QAC5C,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;CACF;AAPD,wCAOC;AAED,8CAA8C;AAC9C,MAAa,mBAAoB,SAAQ,cAAc;IACrD,YAAY,UAAkB,0BAA0B;QACtD,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;IACpC,CAAC;CACF;AALD,kDAKC;AAED,uDAAuD;AACvD,MAAa,iBAAkB,SAAQ,cAAc;IACnD,kCAAkC;IACzB,MAAM,CAAS;IACxB,yCAAyC;IAChC,MAAM,CAAU;IACzB,sCAAsC;IAC7B,IAAI,CAAU;IACvB,wCAAwC;IAC/B,MAAM,CAAS;IAExB,YAAY,OAKX;QACC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,yBAAyB,EAAE,GAAG,OAAO,CAAC;QAE7E,IAAI,OAAO,GAAG,WAAW,MAAM,UAAU,CAAC;QAC1C,IAAI,MAAM;YAAE,OAAO,IAAI,eAAe,MAAM,GAAG,CAAC;QAChD,IAAI,IAAI;YAAE,OAAO,IAAI,WAAW,IAAI,GAAG,CAAC;QACxC,OAAO,IAAI,KAAK,MAAM,EAAE,CAAC;QAEzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;QAChC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;CACF;AA9BD,8CA8BC;AAED,gDAAgD;AAChD,MAAa,cAAe,SAAQ,cAAc;IAChD,YAAY,UAAkB,qBAAqB;QACjD,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,gBAAgB,CAAC;IAC/B,CAAC;CACF;AALD,wCAKC"}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* MeshGuard SDK for TypeScript / JavaScript
|
|
3
|
+
*
|
|
4
|
+
* AI agent governance — policy enforcement, audit logging, and trust management.
|
|
5
|
+
*
|
|
6
|
+
* @example
|
|
7
|
+
* ```ts
|
|
8
|
+
* import { MeshGuardClient } from "meshguard";
|
|
9
|
+
*
|
|
10
|
+
* const client = new MeshGuardClient({ agentToken: "tok_..." });
|
|
11
|
+
*
|
|
12
|
+
* const decision = await client.check("read:contacts");
|
|
13
|
+
* if (decision.allowed) {
|
|
14
|
+
* // proceed
|
|
15
|
+
* }
|
|
16
|
+
* ```
|
|
17
|
+
*
|
|
18
|
+
* @packageDocumentation
|
|
19
|
+
*/
|
|
20
|
+
export { MeshGuardClient } from "./client.js";
|
|
21
|
+
export type { MeshGuardOptions, PolicyDecision, Agent, CreateAgentOptions, AuditEntry, AuditLogOptions, HealthStatus, Policy, } from "./types.js";
|
|
22
|
+
export { MeshGuardError, AuthenticationError, PolicyDeniedError, RateLimitError, } from "./exceptions.js";
|
|
23
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAG9C,YAAY,EACV,gBAAgB,EAChB,cAAc,EACd,KAAK,EACL,kBAAkB,EAClB,UAAU,EACV,eAAe,EACf,YAAY,EACZ,MAAM,GACP,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,cAAc,EACd,mBAAmB,EACnB,iBAAiB,EACjB,cAAc,GACf,MAAM,iBAAiB,CAAC"}
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* MeshGuard SDK for TypeScript / JavaScript
|
|
4
|
+
*
|
|
5
|
+
* AI agent governance — policy enforcement, audit logging, and trust management.
|
|
6
|
+
*
|
|
7
|
+
* @example
|
|
8
|
+
* ```ts
|
|
9
|
+
* import { MeshGuardClient } from "meshguard";
|
|
10
|
+
*
|
|
11
|
+
* const client = new MeshGuardClient({ agentToken: "tok_..." });
|
|
12
|
+
*
|
|
13
|
+
* const decision = await client.check("read:contacts");
|
|
14
|
+
* if (decision.allowed) {
|
|
15
|
+
* // proceed
|
|
16
|
+
* }
|
|
17
|
+
* ```
|
|
18
|
+
*
|
|
19
|
+
* @packageDocumentation
|
|
20
|
+
*/
|
|
21
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
22
|
+
exports.RateLimitError = exports.PolicyDeniedError = exports.AuthenticationError = exports.MeshGuardError = exports.MeshGuardClient = void 0;
|
|
23
|
+
// Core client
|
|
24
|
+
var client_js_1 = require("./client.js");
|
|
25
|
+
Object.defineProperty(exports, "MeshGuardClient", { enumerable: true, get: function () { return client_js_1.MeshGuardClient; } });
|
|
26
|
+
// Exceptions
|
|
27
|
+
var exceptions_js_1 = require("./exceptions.js");
|
|
28
|
+
Object.defineProperty(exports, "MeshGuardError", { enumerable: true, get: function () { return exceptions_js_1.MeshGuardError; } });
|
|
29
|
+
Object.defineProperty(exports, "AuthenticationError", { enumerable: true, get: function () { return exceptions_js_1.AuthenticationError; } });
|
|
30
|
+
Object.defineProperty(exports, "PolicyDeniedError", { enumerable: true, get: function () { return exceptions_js_1.PolicyDeniedError; } });
|
|
31
|
+
Object.defineProperty(exports, "RateLimitError", { enumerable: true, get: function () { return exceptions_js_1.RateLimitError; } });
|
|
32
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;GAkBG;;;AAEH,cAAc;AACd,yCAA8C;AAArC,4GAAA,eAAe,OAAA;AAcxB,aAAa;AACb,iDAKyB;AAJvB,+GAAA,cAAc,OAAA;AACd,oHAAA,mBAAmB,OAAA;AACnB,kHAAA,iBAAiB,OAAA;AACjB,+GAAA,cAAc,OAAA"}
|
|
@@ -0,0 +1,106 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* MeshGuard LangChain.js Integration
|
|
3
|
+
*
|
|
4
|
+
* Provides wrappers for governing LangChain tools with MeshGuard policy.
|
|
5
|
+
*
|
|
6
|
+
* @example
|
|
7
|
+
* ```ts
|
|
8
|
+
* import { MeshGuardClient } from "meshguard";
|
|
9
|
+
* import { GovernedTool, GovernedToolkit } from "meshguard/langchain";
|
|
10
|
+
* ```
|
|
11
|
+
*/
|
|
12
|
+
import { MeshGuardClient } from "./client.js";
|
|
13
|
+
import { PolicyDeniedError } from "./exceptions.js";
|
|
14
|
+
/** Minimal interface matching LangChain `StructuredTool` / `Tool`. */
|
|
15
|
+
export interface LangChainTool {
|
|
16
|
+
name: string;
|
|
17
|
+
description: string;
|
|
18
|
+
invoke(input: unknown, config?: unknown): Promise<unknown>;
|
|
19
|
+
call?(input: unknown, config?: unknown): Promise<unknown>;
|
|
20
|
+
}
|
|
21
|
+
type DenyHandler = (error: PolicyDeniedError, ...args: unknown[]) => unknown;
|
|
22
|
+
/**
|
|
23
|
+
* Wrap a LangChain tool so every invocation is governed by MeshGuard policy.
|
|
24
|
+
*
|
|
25
|
+
* @example
|
|
26
|
+
* ```ts
|
|
27
|
+
* import { DuckDuckGoSearch } from "@langchain/community/tools/duckduckgo";
|
|
28
|
+
* import { MeshGuardClient } from "meshguard";
|
|
29
|
+
* import { governedTool } from "meshguard/langchain";
|
|
30
|
+
*
|
|
31
|
+
* const client = new MeshGuardClient();
|
|
32
|
+
* const search = governedTool("read:web_search", client, new DuckDuckGoSearch());
|
|
33
|
+
*
|
|
34
|
+
* const result = await search.invoke("TypeScript SDK patterns");
|
|
35
|
+
* ```
|
|
36
|
+
*/
|
|
37
|
+
export declare function governedTool<T extends LangChainTool>(action: string, client: MeshGuardClient, tool: T, onDeny?: DenyHandler): T;
|
|
38
|
+
/**
|
|
39
|
+
* Wraps an existing LangChain tool with MeshGuard governance.
|
|
40
|
+
*
|
|
41
|
+
* @example
|
|
42
|
+
* ```ts
|
|
43
|
+
* const governed = new GovernedTool({
|
|
44
|
+
* tool: myTool,
|
|
45
|
+
* action: "read:web_search",
|
|
46
|
+
* client,
|
|
47
|
+
* });
|
|
48
|
+
* const result = await governed.invoke("query");
|
|
49
|
+
* ```
|
|
50
|
+
*/
|
|
51
|
+
export declare class GovernedTool implements LangChainTool {
|
|
52
|
+
readonly name: string;
|
|
53
|
+
readonly description: string;
|
|
54
|
+
readonly action: string;
|
|
55
|
+
private readonly tool;
|
|
56
|
+
private readonly client;
|
|
57
|
+
private readonly onDeny?;
|
|
58
|
+
constructor(options: {
|
|
59
|
+
tool: LangChainTool;
|
|
60
|
+
action: string;
|
|
61
|
+
client: MeshGuardClient;
|
|
62
|
+
onDeny?: DenyHandler;
|
|
63
|
+
});
|
|
64
|
+
/** Invoke the tool with governance. */
|
|
65
|
+
invoke(input: unknown, config?: unknown): Promise<unknown>;
|
|
66
|
+
/** Legacy call method. */
|
|
67
|
+
call(input: unknown, config?: unknown): Promise<unknown>;
|
|
68
|
+
}
|
|
69
|
+
/**
|
|
70
|
+
* Govern a collection of LangChain tools with MeshGuard policies.
|
|
71
|
+
*
|
|
72
|
+
* @example
|
|
73
|
+
* ```ts
|
|
74
|
+
* const toolkit = new GovernedToolkit({
|
|
75
|
+
* tools: [searchTool, calcTool],
|
|
76
|
+
* client,
|
|
77
|
+
* actionMap: {
|
|
78
|
+
* "search": "read:web_search",
|
|
79
|
+
* "calculator": "execute:math",
|
|
80
|
+
* },
|
|
81
|
+
* defaultAction: "execute:tool",
|
|
82
|
+
* });
|
|
83
|
+
*
|
|
84
|
+
* const governedTools = toolkit.getTools();
|
|
85
|
+
* ```
|
|
86
|
+
*/
|
|
87
|
+
export declare class GovernedToolkit {
|
|
88
|
+
private readonly tools;
|
|
89
|
+
private readonly client;
|
|
90
|
+
private readonly actionMap;
|
|
91
|
+
private readonly defaultAction;
|
|
92
|
+
private readonly onDeny?;
|
|
93
|
+
constructor(options: {
|
|
94
|
+
tools: LangChainTool[];
|
|
95
|
+
client: MeshGuardClient;
|
|
96
|
+
actionMap?: Record<string, string>;
|
|
97
|
+
defaultAction?: string;
|
|
98
|
+
onDeny?: DenyHandler;
|
|
99
|
+
});
|
|
100
|
+
/** Get the MeshGuard action for a tool. */
|
|
101
|
+
getAction(tool: LangChainTool): string;
|
|
102
|
+
/** Return governed versions of all tools. */
|
|
103
|
+
getTools(): GovernedTool[];
|
|
104
|
+
}
|
|
105
|
+
export {};
|
|
106
|
+
//# sourceMappingURL=langchain.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"langchain.d.ts","sourceRoot":"","sources":["../../src/langchain.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAMpD,sEAAsE;AACtE,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAE3D,IAAI,CAAC,CAAC,KAAK,EAAE,OAAO,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CAC3D;AAED,KAAK,WAAW,GAAG,CACjB,KAAK,EAAE,iBAAiB,EACxB,GAAG,IAAI,EAAE,OAAO,EAAE,KACf,OAAO,CAAC;AAMb;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,YAAY,CAAC,CAAC,SAAS,aAAa,EAClD,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,eAAe,EACvB,IAAI,EAAE,CAAC,EACP,MAAM,CAAC,EAAE,WAAW,GACnB,CAAC,CAuBH;AAMD;;;;;;;;;;;;GAYG;AACH,qBAAa,YAAa,YAAW,aAAa;IAChD,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IAExB,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAgB;IACrC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAkB;IACzC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAc;gBAE1B,OAAO,EAAE;QACnB,IAAI,EAAE,aAAa,CAAC;QACpB,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,EAAE,eAAe,CAAC;QACxB,MAAM,CAAC,EAAE,WAAW,CAAC;KACtB;IAUD,uCAAuC;IACjC,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IAYhE,0BAA0B;IACpB,IAAI,CAAC,KAAK,EAAE,OAAO,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;CAG/D;AAMD;;;;;;;;;;;;;;;;;GAiBG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAkB;IACxC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAkB;IACzC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAyB;IACnD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;IACvC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAc;gBAE1B,OAAO,EAAE;QACnB,KAAK,EAAE,aAAa,EAAE,CAAC;QACvB,MAAM,EAAE,eAAe,CAAC;QACxB,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACnC,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,MAAM,CAAC,EAAE,WAAW,CAAC;KACtB;IAQD,2CAA2C;IAC3C,SAAS,CAAC,IAAI,EAAE,aAAa,GAAG,MAAM;IAItC,6CAA6C;IAC7C,QAAQ,IAAI,YAAY,EAAE;CAW3B"}
|