opalserve 0.1.0

package/src/governance/policy.ts

@@ -0,0 +1,187 @@
+import type { GovernancePolicy, PolicyRule, AuditEvent } from './types.js';
+
+export class PolicyEngine {
+  private policies: Map<string, GovernancePolicy> = new Map();
+  private auditCallback?: (event: Omit<AuditEvent, 'id' | 'timestamp'>) => void;
+
+  setAuditCallback(callback: (event: Omit<AuditEvent, 'id' | 'timestamp'>) => void): void {
+    this.auditCallback = callback;
+  }
+
+  registerPolicy(policy: GovernancePolicy): void {
+    policy.rules.sort((a, b) => b.priority - a.priority);
+    this.policies.set(policy.id, policy);
+  }
+
+  getPolicy(id: string): GovernancePolicy | undefined {
+    return this.policies.get(id);
+  }
+
+  getAllPolicies(): GovernancePolicy[] {
+    return Array.from(this.policies.values());
+  }
+
+  deletePolicy(id: string): boolean {
+    return this.policies.delete(id);
+  }
+
+  evaluate(context: Record<string, unknown>): {
+    allowed: boolean;
+    matchedRules: PolicyRule[];
+    auditEvents: Omit<AuditEvent, 'id' | 'timestamp'>[];
+  } {
+    const auditEvents: Omit<AuditEvent, 'id' | 'timestamp'>[] = [];
+    const matchedRules: PolicyRule[] = [];
+
+    for (const policy of this.policies.values()) {
+      if (!policy.enabled) continue;
+
+      for (const rule of policy.rules) {
+        if (!rule.enabled) continue;
+
+        const matches = this.evaluateConditions(rule.conditions, context);
+
+        if (matches) {
+          matchedRules.push(rule);
+
+          if (policy.auditEnabled && this.auditCallback) {
+            auditEvents.push({
+              type: 'admin.action',
+              requestId: context.requestId as string || `policy-${Date.now()}`,
+              agentId: context.agentId as string,
+              agentName: context.agentName as string,
+              action: `policy:${policy.name}:${rule.name}`,
+              result: rule.effect === 'allow' ? 'success' : rule.effect === 'deny' ? 'denied' : 'success',
+              metadata: { policyId: policy.id, ruleId: rule.id },
+              context: {},
+            });
+          }
+
+          if (rule.effect === 'deny') {
+            return { allowed: false, matchedRules, auditEvents };
+          }
+
+          if (rule.effect === 'allow') {
+            return { allowed: true, matchedRules, auditEvents };
+          }
+        }
+      }
+
+      if (matchedRules.length === 0) {
+        return {
+          allowed: policy.defaultEffect === 'allow',
+          matchedRules: [],
+          auditEvents,
+        };
+      }
+    }
+
+    return { allowed: true, matchedRules, auditEvents };
+  }
+
+  private evaluateConditions(conditions: PolicyRule['conditions'], context: Record<string, unknown>): boolean {
+    if (conditions.length === 0) return true;
+
+    return conditions.every(condition => {
+      const value = this.getNestedValue(context, condition.field);
+      return this.evaluateOperator(condition.operator, value, condition.value);
+    });
+  }
+
+  private getNestedValue(obj: Record<string, unknown>, path: string): unknown {
+    const keys = path.split('.');
+    let current: unknown = obj;
+
+    for (const key of keys) {
+      if (current === null || current === undefined) return undefined;
+      current = (current as Record<string, unknown>)[key];
+    }
+
+    return current;
+  }
+
+  private evaluateOperator(operator: PolicyRule['conditions'][0]['operator'], actual: unknown, expected: unknown): boolean {
+    switch (operator) {
+      case 'equals':
+        return actual === expected;
+      case 'not_equals':
+        return actual !== expected;
+      case 'contains':
+        return typeof actual === 'string' && typeof expected === 'string' && actual.includes(expected);
+      case 'not_contains':
+        return typeof actual === 'string' && typeof expected === 'string' && !actual.includes(expected);
+      case 'in':
+        return Array.isArray(expected) && expected.includes(actual);
+      case 'not_in':
+        return Array.isArray(expected) && !expected.includes(actual);
+      case 'greater_than':
+        return typeof actual === 'number' && typeof expected === 'number' && actual > expected;
+      case 'less_than':
+        return typeof actual === 'number' && typeof expected === 'number' && actual < expected;
+      default:
+        return false;
+    }
+  }
+
+  createDefaultPolicies(): void {
+    const highValueToolsPolicy: GovernancePolicy = {
+      id: 'high-value-tools',
+      name: 'High-Value Tool Protection',
+      description: 'Protect sensitive tools requiring additional verification',
+      version: '1.0.0',
+      enabled: true,
+      rules: [
+        {
+          id: 'deny-database-write',
+          name: 'Deny Database Writes',
+          description: 'Block write operations to production databases',
+          enabled: true,
+          priority: 100,
+          conditions: [
+            { field: 'tool.capabilities', operator: 'contains', value: 'write' },
+            { field: 'tool.serverName', operator: 'contains', value: 'postgres' },
+          ],
+          effect: 'deny',
+          actions: ['notify-admin'],
+          metadata: {},
+        },
+      ],
+      defaultEffect: 'allow',
+      auditEnabled: true,
+      complianceFrameworks: ['SOC2', 'GDPR'],
+      createdAt: new Date().toISOString(),
+      updatedAt: new Date().toISOString(),
+    };
+
+    const trustLevelPolicy: GovernancePolicy = {
+      id: 'trust-level-access',
+      name: 'Trust Level Access Control',
+      description: 'Restrict access based on identity trust level',
+      version: '1.0.0',
+      enabled: true,
+      rules: [
+        {
+          id: 'low-trust-limited-tools',
+          name: 'Low Trust Limited Access',
+          description: 'Limit tools for low-trust identities',
+          enabled: true,
+          priority: 50,
+          conditions: [
+            { field: 'identity.trustLevel', operator: 'in', value: ['untrusted', 'low'] },
+          ],
+          effect: 'deny',
+          actions: ['require-reapproval'],
+          metadata: {},
+        },
+      ],
+      defaultEffect: 'allow',
+      auditEnabled: true,
+      complianceFrameworks: ['ISO27001'],
+      createdAt: new Date().toISOString(),
+      updatedAt: new Date().toISOString(),
+    };
+
+    this.registerPolicy(highValueToolsPolicy);
+    this.registerPolicy(trustLevelPolicy);
+  }
+}

package/src/governance/rate-limiter.ts

@@ -0,0 +1,95 @@
+import type { RateLimitState } from './types.js';
+
+export interface RateLimitConfig {
+  windowMs: number;
+  maxRequests: number;
+  blockDurationMs: number;
+}
+
+export class RateLimiter {
+  private states: Map<string, RateLimitState> = new Map();
+  private configs: Map<string, RateLimitConfig> = new Map();
+
+  configure(identityId: string, config: RateLimitConfig): void {
+    this.configs.set(identityId, config);
+  }
+
+  check(identityId: string): { allowed: boolean; remaining: number; resetAt: number } {
+    const config = this.configs.get(identityId);
+    if (!config) {
+      return { allowed: true, remaining: -1, resetAt: 0 };
+    }
+
+    const now = Date.now();
+    let state = this.states.get(identityId);
+
+    if (!state || now - state.windowStart >= config.windowMs) {
+      state = {
+        identityId,
+        windowStart: now,
+        count: 0,
+        blocked: false,
+        blockedUntil: null,
+      };
+      this.states.set(identityId, state);
+    }
+
+    if (state.blocked && state.blockedUntil && now < state.blockedUntil) {
+      return {
+        allowed: false,
+        remaining: 0,
+        resetAt: state.blockedUntil,
+      };
+    }
+
+    if (state.blocked && state.blockedUntil && now >= state.blockedUntil) {
+      state.blocked = false;
+      state.blockedUntil = null;
+      state.windowStart = now;
+      state.count = 0;
+    }
+
+    state.count++;
+    this.states.set(identityId, state);
+
+    if (state.count > config.maxRequests) {
+      state.blocked = true;
+      state.blockedUntil = now + config.blockDurationMs;
+      this.states.set(identityId, state);
+
+      return {
+        allowed: false,
+        remaining: 0,
+        resetAt: state.blockedUntil,
+      };
+    }
+
+    return {
+      allowed: true,
+      remaining: config.maxRequests - state.count,
+      resetAt: state.windowStart + config.windowMs,
+    };
+  }
+
+  reset(identityId: string): void {
+    this.states.delete(identityId);
+  }
+
+  getState(identityId: string): RateLimitState | undefined {
+    return this.states.get(identityId);
+  }
+
+  cleanup(maxAgeMs: number): number {
+    const now = Date.now();
+    let cleaned = 0;
+
+    for (const [identityId, state] of this.states.entries()) {
+      if (now - state.windowStart > maxAgeMs && !state.blocked) {
+        this.states.delete(identityId);
+        cleaned++;
+      }
+    }
+
+    return cleaned;
+  }
+}

package/src/governance/types.ts

@@ -0,0 +1,100 @@
+import { z } from 'zod';
+
+export const AuditEventTypeSchema = z.enum([
+  'identity.created',
+  'identity.updated',
+  'identity.deleted',
+  'identity.authenticated',
+  'identity.auth_failed',
+  'tool.accessed',
+  'tool.executed',
+  'tool.denied',
+  'tool.error',
+  'server.registered',
+  'server.deregistered',
+  'server.health_check',
+  'workflow.created',
+  'workflow.executed',
+  'workflow.failed',
+  'workflow.completed',
+  'permission.checked',
+  'permission.denied',
+  'rate_limit.exceeded',
+  'token.issued',
+  'token.revoked',
+  'admin.action',
+]);
+
+export const AuditEventSchema = z.object({
+  id: z.string(),
+  type: AuditEventTypeSchema,
+  timestamp: z.string(),
+  agentId: z.string().optional(),
+  agentName: z.string().optional(),
+  sessionId: z.string().optional(),
+  requestId: z.string(),
+  ipAddress: z.string().optional(),
+  userAgent: z.string().optional(),
+  resourceType: z.string().optional(),
+  resourceId: z.string().optional(),
+  action: z.string(),
+  result: z.enum(['success', 'denied', 'error']),
+  reason: z.string().optional(),
+  metadata: z.record(z.any()).default({}),
+  context: z.record(z.any()).default({}),
+});
+
+export const PolicyRuleSchema = z.object({
+  id: z.string(),
+  name: z.string(),
+  description: z.string().optional(),
+  enabled: z.boolean().default(true),
+  priority: z.number().default(0),
+  conditions: z.array(z.object({
+    field: z.string(),
+    operator: z.enum(['equals', 'not_equals', 'contains', 'not_contains', 'in', 'not_in', 'greater_than', 'less_than']),
+    value: z.unknown(),
+  })).default([]),
+  effect: z.enum(['allow', 'deny', 'audit', 'rate_limit']),
+  actions: z.array(z.string()).default([]),
+  metadata: z.record(z.any()).default({}),
+});
+
+export const GovernancePolicySchema = z.object({
+  id: z.string(),
+  name: z.string(),
+  description: z.string(),
+  version: z.string().default('1.0.0'),
+  enabled: z.boolean().default(true),
+  rules: z.array(PolicyRuleSchema).default([]),
+  defaultEffect: z.enum(['allow', 'deny']).default('allow'),
+  auditEnabled: z.boolean().default(true),
+  complianceFrameworks: z.array(z.string()).default([]),
+  createdAt: z.string(),
+  updatedAt: z.string(),
+});
+
+export type AuditEventType = z.infer<typeof AuditEventTypeSchema>;
+export type AuditEvent = z.infer<typeof AuditEventSchema>;
+export type PolicyRule = z.infer<typeof PolicyRuleSchema>;
+export type GovernancePolicy = z.infer<typeof GovernancePolicySchema>;
+
+export interface RateLimitState {
+  identityId: string;
+  windowStart: number;
+  count: number;
+  blocked: boolean;
+  blockedUntil: number | null;
+}
+
+export interface ComplianceReport {
+  generatedAt: string;
+  period: { start: string; end: string };
+  totalEvents: number;
+  byType: Record<string, number>;
+  byAgent: Record<string, number>;
+  deniedAccess: number;
+  rateLimitExceeded: number;
+  policyViolations: number;
+  recommendations: string[];
+}

package/src/identity/access-control.ts

@@ -0,0 +1,119 @@
+import type { IdentityContext, Permission } from './types.js';
+import type { Tool, Server } from '../types/index.js';
+
+export interface AccessDecision {
+  allowed: boolean;
+  reason: string;
+  constraints?: Record<string, unknown>;
+}
+
+export class AccessControl {
+  checkToolAccess(context: IdentityContext, tool: Tool): AccessDecision {
+    if (context.permissions.includes('admin')) {
+      return { allowed: true, reason: 'Admin has full access' };
+    }
+
+    const toolId = tool.id;
+
+    if (context.constraints.deniedTools?.some((pattern: unknown) => 
+      toolId === pattern || (typeof pattern === 'string' && toolId.includes(pattern.replace('*', '')))
+    )) {
+      return { allowed: false, reason: 'Tool is explicitly denied' };
+    }
+
+    if (context.constraints.allowedTools?.length && 
+        !context.constraints.allowedTools.some((pattern: unknown) => 
+          toolId === pattern || (typeof pattern === 'string' && toolId.includes(pattern.replace('*', '')))
+        )) {
+      return { allowed: false, reason: 'Tool not in allowed list' };
+    }
+
+    const serverAccess = this.checkServerAccess(context, { id: tool.serverId } as Server);
+    if (!serverAccess.allowed) {
+      return { allowed: false, reason: `Server access denied: ${serverAccess.reason}` };
+    }
+
+    const hasCapability = tool.capabilities.some(cap => 
+      context.permissions.includes(`tools:${cap}` as Permission) || 
+      context.permissions.includes('tools:execute')
+    );
+
+    if (!hasCapability) {
+      return { allowed: false, reason: 'Missing required capability' };
+    }
+
+    return {
+      allowed: true,
+      reason: 'Access granted',
+      constraints: {
+        maxTools: context.constraints.maxToolsPerRequest,
+        timeout: tool.contextRequirements?.maxTokens ? tool.contextRequirements.maxTokens * 10 : 60000,
+      },
+    };
+  }
+
+  checkServerAccess(context: IdentityContext, server: Server): AccessDecision {
+    if (context.permissions.includes('admin')) {
+      return { allowed: true, reason: 'Admin has full access' };
+    }
+
+    const serverId = server.id;
+
+    if (context.constraints.deniedServers?.includes(serverId)) {
+      return { allowed: false, reason: 'Server is explicitly denied' };
+    }
+
+    if (context.constraints.allowedServers?.length && 
+        !context.constraints.allowedServers.includes(serverId)) {
+      return { allowed: false, reason: 'Server not in allowed list' };
+    }
+
+    return { allowed: true, reason: 'Server access granted' };
+  }
+
+  checkPermission(context: IdentityContext, permission: Permission): AccessDecision {
+    if (context.permissions.includes('admin') || context.permissions.includes(permission)) {
+      return { allowed: true, reason: 'Permission granted' };
+    }
+    return { allowed: false, reason: `Missing permission: ${permission}` };
+  }
+
+  checkRateLimit(context: IdentityContext, currentCount: number, window: 'minute' | 'hour'): AccessDecision {
+    const limit = window === 'minute' 
+      ? context.constraints.rateLimitPerMinute
+      : context.constraints.rateLimitPerHour;
+
+    if (!limit) {
+      return { allowed: true, reason: 'No rate limit configured' };
+    }
+
+    if (currentCount >= limit) {
+      return {
+        allowed: false,
+        reason: `Rate limit exceeded: ${currentCount}/${limit} per ${window}`,
+      };
+    }
+
+    return { allowed: true, reason: 'Within rate limit' };
+  }
+
+  sanitizeContext(context: IdentityContext, tool: Tool): Record<string, unknown> {
+    const sanitized: Record<string, unknown> = {
+      agentId: context.agentId,
+      agentName: context.agentName,
+      agentType: context.agentType,
+      permissions: context.permissions.filter((p: Permission) => 
+        tool.capabilities.some(c => p.includes(c) || p === 'admin' || p === 'tools:execute')
+      ),
+      constraints: {
+        maxToolsPerRequest: Math.min(
+          context.constraints.maxToolsPerRequest as number || 10,
+          tool.contextRequirements?.maxTokens ? 5 : 10
+        ),
+      },
+      metadata: {},
+    };
+
+    return sanitized;
+  }
+}

package/src/identity/index.ts

@@ -0,0 +1,3 @@
+export { IdentityManager } from './manager.js';
+export { AccessControl, type AccessDecision } from './access-control.js';
+export * from './types.js';