palaryn 0.1.0 → 0.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +243 -588
- package/dist/sdk/typescript/src/client.js +2 -2
- package/dist/sdk/typescript/src/client.js.map +1 -1
- package/dist/src/anomaly/detector.d.ts +7 -4
- package/dist/src/anomaly/detector.d.ts.map +1 -1
- package/dist/src/anomaly/detector.js +22 -12
- package/dist/src/anomaly/detector.js.map +1 -1
- package/dist/src/audit/logger.d.ts +10 -0
- package/dist/src/audit/logger.d.ts.map +1 -1
- package/dist/src/audit/logger.js +52 -38
- package/dist/src/audit/logger.js.map +1 -1
- package/dist/src/auth/routes.d.ts.map +1 -1
- package/dist/src/auth/routes.js +35 -0
- package/dist/src/auth/routes.js.map +1 -1
- package/dist/src/budget/manager.d.ts +5 -0
- package/dist/src/budget/manager.d.ts.map +1 -1
- package/dist/src/budget/manager.js +32 -0
- package/dist/src/budget/manager.js.map +1 -1
- package/dist/src/budget/model-pricing.d.ts +20 -0
- package/dist/src/budget/model-pricing.d.ts.map +1 -0
- package/dist/src/budget/model-pricing.js +107 -0
- package/dist/src/budget/model-pricing.js.map +1 -0
- package/dist/src/budget/usage-extractor.d.ts +3 -1
- package/dist/src/budget/usage-extractor.d.ts.map +1 -1
- package/dist/src/budget/usage-extractor.js +47 -3
- package/dist/src/budget/usage-extractor.js.map +1 -1
- package/dist/src/config/defaults.d.ts.map +1 -1
- package/dist/src/config/defaults.js +65 -13
- package/dist/src/config/defaults.js.map +1 -1
- package/dist/src/dlp/tool-patterns.d.ts +7 -0
- package/dist/src/dlp/tool-patterns.d.ts.map +1 -0
- package/dist/src/dlp/tool-patterns.js +34 -0
- package/dist/src/dlp/tool-patterns.js.map +1 -0
- package/dist/src/executor/filesystem-executor.d.ts +28 -0
- package/dist/src/executor/filesystem-executor.d.ts.map +1 -0
- package/dist/src/executor/filesystem-executor.js +192 -0
- package/dist/src/executor/filesystem-executor.js.map +1 -0
- package/dist/src/executor/http-executor.d.ts.map +1 -1
- package/dist/src/executor/http-executor.js +22 -2
- package/dist/src/executor/http-executor.js.map +1 -1
- package/dist/src/executor/index.d.ts +4 -0
- package/dist/src/executor/index.d.ts.map +1 -1
- package/dist/src/executor/index.js +9 -1
- package/dist/src/executor/index.js.map +1 -1
- package/dist/src/executor/shell-executor.d.ts +22 -0
- package/dist/src/executor/shell-executor.d.ts.map +1 -0
- package/dist/src/executor/shell-executor.js +119 -0
- package/dist/src/executor/shell-executor.js.map +1 -0
- package/dist/src/executor/sql-executor.d.ts +29 -0
- package/dist/src/executor/sql-executor.d.ts.map +1 -0
- package/dist/src/executor/sql-executor.js +114 -0
- package/dist/src/executor/sql-executor.js.map +1 -0
- package/dist/src/executor/websocket-executor.d.ts +26 -0
- package/dist/src/executor/websocket-executor.d.ts.map +1 -0
- package/dist/src/executor/websocket-executor.js +205 -0
- package/dist/src/executor/websocket-executor.js.map +1 -0
- package/dist/src/interceptor/index.d.ts +2 -0
- package/dist/src/interceptor/index.d.ts.map +1 -0
- package/dist/src/interceptor/index.js +6 -0
- package/dist/src/interceptor/index.js.map +1 -0
- package/dist/src/interceptor/provider-interceptor.d.ts +36 -0
- package/dist/src/interceptor/provider-interceptor.d.ts.map +1 -0
- package/dist/src/interceptor/provider-interceptor.js +302 -0
- package/dist/src/interceptor/provider-interceptor.js.map +1 -0
- package/dist/src/mcp/auth-verifier.d.ts.map +1 -1
- package/dist/src/mcp/auth-verifier.js +3 -2
- package/dist/src/mcp/auth-verifier.js.map +1 -1
- package/dist/src/mcp/bridge.d.ts +14 -10
- package/dist/src/mcp/bridge.d.ts.map +1 -1
- package/dist/src/mcp/bridge.js +51 -227
- package/dist/src/mcp/bridge.js.map +1 -1
- package/dist/src/mcp/http-transport.d.ts +2 -0
- package/dist/src/mcp/http-transport.d.ts.map +1 -1
- package/dist/src/mcp/http-transport.js +117 -66
- package/dist/src/mcp/http-transport.js.map +1 -1
- package/dist/src/mcp/internal-auth.d.ts +13 -0
- package/dist/src/mcp/internal-auth.d.ts.map +1 -0
- package/dist/src/mcp/internal-auth.js +12 -0
- package/dist/src/mcp/internal-auth.js.map +1 -0
- package/dist/src/mcp/tool-definitions.d.ts +41 -0
- package/dist/src/mcp/tool-definitions.d.ts.map +1 -0
- package/dist/src/mcp/tool-definitions.js +491 -0
- package/dist/src/mcp/tool-definitions.js.map +1 -0
- package/dist/src/middleware/auth.js.map +1 -1
- package/dist/src/middleware/session.js.map +1 -1
- package/dist/src/middleware/validate.d.ts +8 -0
- package/dist/src/middleware/validate.d.ts.map +1 -1
- package/dist/src/middleware/validate.js +45 -0
- package/dist/src/middleware/validate.js.map +1 -1
- package/dist/src/policy/engine.d.ts +4 -0
- package/dist/src/policy/engine.d.ts.map +1 -1
- package/dist/src/policy/engine.js +117 -0
- package/dist/src/policy/engine.js.map +1 -1
- package/dist/src/saas/routes.d.ts.map +1 -1
- package/dist/src/saas/routes.js +355 -22
- package/dist/src/saas/routes.js.map +1 -1
- package/dist/src/server/app.d.ts.map +1 -1
- package/dist/src/server/app.js +24 -3
- package/dist/src/server/app.js.map +1 -1
- package/dist/src/server/gateway.d.ts.map +1 -1
- package/dist/src/server/gateway.js +17 -0
- package/dist/src/server/gateway.js.map +1 -1
- package/dist/src/server/index.d.ts.map +1 -1
- package/dist/src/server/index.js +18 -0
- package/dist/src/server/index.js.map +1 -1
- package/dist/src/storage/interfaces.d.ts +14 -3
- package/dist/src/storage/interfaces.d.ts.map +1 -1
- package/dist/src/storage/memory.d.ts +2 -0
- package/dist/src/storage/memory.d.ts.map +1 -1
- package/dist/src/storage/memory.js +6 -0
- package/dist/src/storage/memory.js.map +1 -1
- package/dist/src/storage/postgres.d.ts +5 -0
- package/dist/src/storage/postgres.d.ts.map +1 -1
- package/dist/src/storage/postgres.js +16 -0
- package/dist/src/storage/postgres.js.map +1 -1
- package/dist/src/storage/redis.d.ts +10 -0
- package/dist/src/storage/redis.d.ts.map +1 -1
- package/dist/src/storage/redis.js +65 -0
- package/dist/src/storage/redis.js.map +1 -1
- package/dist/src/types/budget.d.ts +4 -0
- package/dist/src/types/budget.d.ts.map +1 -1
- package/dist/src/types/config.d.ts +58 -0
- package/dist/src/types/config.d.ts.map +1 -1
- package/dist/src/types/events.d.ts +1 -0
- package/dist/src/types/events.d.ts.map +1 -1
- package/dist/src/types/policy.d.ts +11 -1
- package/dist/src/types/policy.d.ts.map +1 -1
- package/dist/src/types/tool-result.d.ts +11 -0
- package/dist/src/types/tool-result.d.ts.map +1 -1
- package/dist/tests/unit/app-routes.test.d.ts +2 -0
- package/dist/tests/unit/app-routes.test.d.ts.map +1 -0
- package/dist/tests/unit/app-routes.test.js +715 -0
- package/dist/tests/unit/app-routes.test.js.map +1 -0
- package/dist/tests/unit/audit-logger.test.js +105 -0
- package/dist/tests/unit/audit-logger.test.js.map +1 -1
- package/dist/tests/unit/auth-providers.test.d.ts +2 -0
- package/dist/tests/unit/auth-providers.test.d.ts.map +1 -0
- package/dist/tests/unit/auth-providers.test.js +279 -0
- package/dist/tests/unit/auth-providers.test.js.map +1 -0
- package/dist/tests/unit/auth-routes-extended.test.d.ts +2 -0
- package/dist/tests/unit/auth-routes-extended.test.d.ts.map +1 -0
- package/dist/tests/unit/auth-routes-extended.test.js +993 -0
- package/dist/tests/unit/auth-routes-extended.test.js.map +1 -0
- package/dist/tests/unit/auth-verifier.test.d.ts +2 -0
- package/dist/tests/unit/auth-verifier.test.d.ts.map +1 -0
- package/dist/tests/unit/auth-verifier.test.js +505 -0
- package/dist/tests/unit/auth-verifier.test.js.map +1 -0
- package/dist/tests/unit/billing-routes.test.d.ts +2 -0
- package/dist/tests/unit/billing-routes.test.d.ts.map +1 -0
- package/dist/tests/unit/billing-routes.test.js +432 -0
- package/dist/tests/unit/billing-routes.test.js.map +1 -0
- package/dist/tests/unit/config-defaults.test.d.ts +2 -0
- package/dist/tests/unit/config-defaults.test.d.ts.map +1 -0
- package/dist/tests/unit/config-defaults.test.js +119 -0
- package/dist/tests/unit/config-defaults.test.js.map +1 -0
- package/dist/tests/unit/defaults.test.js +0 -10
- package/dist/tests/unit/defaults.test.js.map +1 -1
- package/dist/tests/unit/filesystem-executor.test.d.ts +2 -0
- package/dist/tests/unit/filesystem-executor.test.d.ts.map +1 -0
- package/dist/tests/unit/filesystem-executor.test.js +280 -0
- package/dist/tests/unit/filesystem-executor.test.js.map +1 -0
- package/dist/tests/unit/gateway-branches.test.d.ts +2 -0
- package/dist/tests/unit/gateway-branches.test.d.ts.map +1 -0
- package/dist/tests/unit/gateway-branches.test.js +1039 -0
- package/dist/tests/unit/gateway-branches.test.js.map +1 -0
- package/dist/tests/unit/http-executor-branches.test.d.ts +2 -0
- package/dist/tests/unit/http-executor-branches.test.d.ts.map +1 -0
- package/dist/tests/unit/http-executor-branches.test.js +495 -0
- package/dist/tests/unit/http-executor-branches.test.js.map +1 -0
- package/dist/tests/unit/logger.test.d.ts +2 -0
- package/dist/tests/unit/logger.test.d.ts.map +1 -0
- package/dist/tests/unit/logger.test.js +97 -0
- package/dist/tests/unit/logger.test.js.map +1 -0
- package/dist/tests/unit/mcp-internal-auth.test.d.ts +2 -0
- package/dist/tests/unit/mcp-internal-auth.test.d.ts.map +1 -0
- package/dist/tests/unit/mcp-internal-auth.test.js +445 -0
- package/dist/tests/unit/mcp-internal-auth.test.js.map +1 -0
- package/dist/tests/unit/metrics.test.js +102 -0
- package/dist/tests/unit/metrics.test.js.map +1 -1
- package/dist/tests/unit/model-pricing.test.d.ts +2 -0
- package/dist/tests/unit/model-pricing.test.d.ts.map +1 -0
- package/dist/tests/unit/model-pricing.test.js +87 -0
- package/dist/tests/unit/model-pricing.test.js.map +1 -0
- package/dist/tests/unit/oauth-stores.test.d.ts +2 -0
- package/dist/tests/unit/oauth-stores.test.d.ts.map +1 -0
- package/dist/tests/unit/oauth-stores.test.js +260 -0
- package/dist/tests/unit/oauth-stores.test.js.map +1 -0
- package/dist/tests/unit/policy-engine.test.js +466 -0
- package/dist/tests/unit/policy-engine.test.js.map +1 -1
- package/dist/tests/unit/provider-interceptor.test.d.ts +2 -0
- package/dist/tests/unit/provider-interceptor.test.d.ts.map +1 -0
- package/dist/tests/unit/provider-interceptor.test.js +472 -0
- package/dist/tests/unit/provider-interceptor.test.js.map +1 -0
- package/dist/tests/unit/saas-routes-branches.test.d.ts +2 -0
- package/dist/tests/unit/saas-routes-branches.test.d.ts.map +1 -0
- package/dist/tests/unit/saas-routes-branches.test.js +2165 -0
- package/dist/tests/unit/saas-routes-branches.test.js.map +1 -0
- package/dist/tests/unit/saas-routes-crud.test.d.ts +2 -0
- package/dist/tests/unit/saas-routes-crud.test.d.ts.map +1 -0
- package/dist/tests/unit/saas-routes-crud.test.js +332 -0
- package/dist/tests/unit/saas-routes-crud.test.js.map +1 -0
- package/dist/tests/unit/saas-routes-data.test.d.ts +2 -0
- package/dist/tests/unit/saas-routes-data.test.d.ts.map +1 -0
- package/dist/tests/unit/saas-routes-data.test.js +405 -0
- package/dist/tests/unit/saas-routes-data.test.js.map +1 -0
- package/dist/tests/unit/saas-routes.test.js +3 -3
- package/dist/tests/unit/saas-routes.test.js.map +1 -1
- package/dist/tests/unit/shell-executor.test.d.ts +2 -0
- package/dist/tests/unit/shell-executor.test.d.ts.map +1 -0
- package/dist/tests/unit/shell-executor.test.js +145 -0
- package/dist/tests/unit/shell-executor.test.js.map +1 -0
- package/dist/tests/unit/sql-executor.test.d.ts +2 -0
- package/dist/tests/unit/sql-executor.test.d.ts.map +1 -0
- package/dist/tests/unit/sql-executor.test.js +177 -0
- package/dist/tests/unit/sql-executor.test.js.map +1 -0
- package/dist/tests/unit/stream-proxy.test.d.ts +2 -0
- package/dist/tests/unit/stream-proxy.test.d.ts.map +1 -0
- package/dist/tests/unit/stream-proxy.test.js +147 -0
- package/dist/tests/unit/stream-proxy.test.js.map +1 -0
- package/dist/tests/unit/tool-definitions.test.d.ts +2 -0
- package/dist/tests/unit/tool-definitions.test.d.ts.map +1 -0
- package/dist/tests/unit/tool-definitions.test.js +184 -0
- package/dist/tests/unit/tool-definitions.test.js.map +1 -0
- package/dist/tests/unit/usage-extractor.test.js +140 -0
- package/dist/tests/unit/usage-extractor.test.js.map +1 -1
- package/dist/tests/unit/webhook-handler.test.d.ts +2 -0
- package/dist/tests/unit/webhook-handler.test.d.ts.map +1 -0
- package/dist/tests/unit/webhook-handler.test.js +453 -0
- package/dist/tests/unit/webhook-handler.test.js.map +1 -0
- package/dist/tests/unit/webhook-routes.test.d.ts +2 -0
- package/dist/tests/unit/webhook-routes.test.d.ts.map +1 -0
- package/dist/tests/unit/webhook-routes.test.js +69 -0
- package/dist/tests/unit/webhook-routes.test.js.map +1 -0
- package/dist/tests/unit/websocket-executor.test.d.ts +2 -0
- package/dist/tests/unit/websocket-executor.test.d.ts.map +1 -0
- package/dist/tests/unit/websocket-executor.test.js +121 -0
- package/dist/tests/unit/websocket-executor.test.js.map +1 -0
- package/package.json +8 -2
- package/policy-packs/demo_fail.yaml +41 -0
- package/policy-packs/full_tools.yaml +136 -0
- package/src/admin/index.ts +1 -0
- package/src/admin/routes.ts +509 -0
- package/src/admin/templates.ts +572 -0
- package/src/anomaly/detector.ts +730 -0
- package/src/anomaly/index.ts +1 -0
- package/src/approval/manager.ts +569 -0
- package/src/approval/webhook.ts +133 -0
- package/src/audit/logger.ts +490 -0
- package/src/auth/index.ts +5 -0
- package/src/auth/password.ts +21 -0
- package/src/auth/pkce.ts +22 -0
- package/src/auth/providers.ts +208 -0
- package/src/auth/routes.ts +561 -0
- package/src/auth/session.ts +84 -0
- package/src/billing/index.ts +6 -0
- package/src/billing/plan-enforcer.ts +135 -0
- package/src/billing/routes.ts +229 -0
- package/src/billing/stripe-client.ts +58 -0
- package/src/billing/webhook-handler.ts +182 -0
- package/src/billing/webhook-routes.ts +28 -0
- package/src/budget/manager.ts +679 -0
- package/src/budget/model-pricing.ts +119 -0
- package/src/budget/usage-extractor.ts +214 -0
- package/src/cli.ts +91 -0
- package/src/config/defaults.ts +261 -0
- package/src/config/validate.ts +88 -0
- package/src/dlp/composite-scanner.ts +213 -0
- package/src/dlp/index.ts +9 -0
- package/src/dlp/interfaces.ts +34 -0
- package/src/dlp/patterns.ts +30 -0
- package/src/dlp/prompt-injection-backend.ts +181 -0
- package/src/dlp/prompt-injection-patterns.ts +302 -0
- package/src/dlp/regex-backend.ts +181 -0
- package/src/dlp/scanner.ts +502 -0
- package/src/dlp/text-normalizer.ts +225 -0
- package/src/dlp/tool-patterns.ts +35 -0
- package/src/dlp/trufflehog-backend.ts +190 -0
- package/src/executor/filesystem-executor.ts +196 -0
- package/src/executor/http-executor.ts +349 -0
- package/src/executor/index.ts +9 -0
- package/src/executor/interfaces.ts +11 -0
- package/src/executor/noop-executor.ts +23 -0
- package/src/executor/registry.ts +64 -0
- package/src/executor/shell-executor.ts +148 -0
- package/src/executor/slack-executor.ts +176 -0
- package/src/executor/sql-executor.ts +146 -0
- package/src/executor/websocket-executor.ts +211 -0
- package/src/index.ts +24 -0
- package/src/interceptor/index.ts +1 -0
- package/src/interceptor/provider-interceptor.ts +315 -0
- package/src/mcp/auth-verifier.ts +152 -0
- package/src/mcp/bridge.ts +703 -0
- package/src/mcp/http-transport.ts +698 -0
- package/src/mcp/index.ts +9 -0
- package/src/mcp/internal-auth.ts +14 -0
- package/src/mcp/oauth-pages.ts +139 -0
- package/src/mcp/oauth-postgres-stores.ts +278 -0
- package/src/mcp/oauth-provider.ts +536 -0
- package/src/mcp/oauth-stores.ts +202 -0
- package/src/mcp/server.ts +55 -0
- package/src/mcp/tool-definitions.ts +562 -0
- package/src/metrics/collector.ts +357 -0
- package/src/metrics/index.ts +1 -0
- package/src/middleware/auth.ts +814 -0
- package/src/middleware/session.ts +85 -0
- package/src/middleware/validate.ts +130 -0
- package/src/policy/engine.ts +815 -0
- package/src/policy/index.ts +2 -0
- package/src/policy/opa-engine.ts +829 -0
- package/src/proxy/forward-proxy.ts +649 -0
- package/src/proxy/index.ts +1 -0
- package/src/ratelimit/limiter.ts +196 -0
- package/src/replay/engine.ts +142 -0
- package/src/replay/index.ts +1 -0
- package/src/saas/index.ts +1 -0
- package/src/saas/routes.ts +2178 -0
- package/src/server/app.ts +985 -0
- package/src/server/errors.ts +49 -0
- package/src/server/gateway.ts +1130 -0
- package/src/server/index.ts +307 -0
- package/src/server/logger.ts +255 -0
- package/src/server/stream-proxy.ts +202 -0
- package/src/storage/file-persistence.ts +315 -0
- package/src/storage/index.ts +4 -0
- package/src/storage/interfaces.ts +287 -0
- package/src/storage/memory.ts +686 -0
- package/src/storage/postgres.ts +1831 -0
- package/src/storage/redis.ts +835 -0
- package/src/tracing/index.ts +1 -0
- package/src/tracing/provider.ts +100 -0
- package/src/trust/calculator.ts +141 -0
- package/src/trust/index.ts +7 -0
- package/src/types/budget.ts +36 -0
- package/src/types/config.ts +278 -0
- package/src/types/events.ts +41 -0
- package/src/types/express.d.ts +14 -0
- package/src/types/index.ts +7 -0
- package/src/types/policy.ts +83 -0
- package/src/types/stripe-config.ts +11 -0
- package/src/types/subscription.ts +59 -0
- package/src/types/tool-call.ts +47 -0
- package/src/types/tool-result.ts +82 -0
- package/src/types/user.ts +125 -0
- package/tsconfig.json +24 -0
|
@@ -0,0 +1,119 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.ShellExecutor = void 0;
|
|
4
|
+
const child_process_1 = require("child_process");
|
|
5
|
+
/**
|
|
6
|
+
* Shell executor for sandboxed command execution.
|
|
7
|
+
* Handles tool calls with tool name `shell.*` (e.g., shell.exec).
|
|
8
|
+
* Uses execFile (not exec) to prevent shell injection.
|
|
9
|
+
* Empty allowlist by default - nothing runs until configured.
|
|
10
|
+
*/
|
|
11
|
+
class ShellExecutor {
|
|
12
|
+
constructor(config) {
|
|
13
|
+
this.config = config;
|
|
14
|
+
}
|
|
15
|
+
async execute(toolCall) {
|
|
16
|
+
const action = this.resolveAction(toolCall);
|
|
17
|
+
switch (action) {
|
|
18
|
+
case 'exec':
|
|
19
|
+
return this.exec(toolCall);
|
|
20
|
+
default:
|
|
21
|
+
throw new Error(`Unsupported shell action: ${action}`);
|
|
22
|
+
}
|
|
23
|
+
}
|
|
24
|
+
resolveAction(toolCall) {
|
|
25
|
+
if (toolCall.args.action && typeof toolCall.args.action === 'string') {
|
|
26
|
+
return toolCall.args.action;
|
|
27
|
+
}
|
|
28
|
+
const toolName = toolCall.tool.name;
|
|
29
|
+
const dotIndex = toolName.indexOf('.');
|
|
30
|
+
if (dotIndex !== -1) {
|
|
31
|
+
return toolName.substring(dotIndex + 1);
|
|
32
|
+
}
|
|
33
|
+
throw new Error(`Unsupported shell action: ${toolName}`);
|
|
34
|
+
}
|
|
35
|
+
isCommandAllowed(command) {
|
|
36
|
+
return this.config.allowed_commands.includes(command);
|
|
37
|
+
}
|
|
38
|
+
isCommandBlocked(command, args) {
|
|
39
|
+
const fullCommand = [command, ...args].join(' ');
|
|
40
|
+
// Check config blocked_commands
|
|
41
|
+
if (this.config.blocked_commands) {
|
|
42
|
+
for (const blocked of this.config.blocked_commands) {
|
|
43
|
+
if (command === blocked || fullCommand.includes(blocked)) {
|
|
44
|
+
return true;
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
// Check default blocklist
|
|
49
|
+
for (const blocked of ShellExecutor.DEFAULT_BLOCKED) {
|
|
50
|
+
if (fullCommand.includes(blocked)) {
|
|
51
|
+
return true;
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
return false;
|
|
55
|
+
}
|
|
56
|
+
async exec(toolCall) {
|
|
57
|
+
const { command, args: cmdArgs, cwd, env, timeout_ms } = toolCall.args;
|
|
58
|
+
if (!command || typeof command !== 'string') {
|
|
59
|
+
throw new Error('Missing or invalid "command" argument for shell.exec');
|
|
60
|
+
}
|
|
61
|
+
if (!this.isCommandAllowed(command)) {
|
|
62
|
+
throw new Error(`Command "${command}" is not in the allowed commands list`);
|
|
63
|
+
}
|
|
64
|
+
const argsList = Array.isArray(cmdArgs) ? cmdArgs.map(String) : [];
|
|
65
|
+
if (this.isCommandBlocked(command, argsList)) {
|
|
66
|
+
throw new Error(`Command "${command}" with the given arguments is blocked`);
|
|
67
|
+
}
|
|
68
|
+
const timeoutMs = (typeof timeout_ms === 'number' ? timeout_ms : null) || this.config.timeout_ms;
|
|
69
|
+
const workingDir = (typeof cwd === 'string' ? cwd : null) || this.config.cwd;
|
|
70
|
+
return new Promise((resolve, reject) => {
|
|
71
|
+
const child = (0, child_process_1.execFile)(command, argsList, {
|
|
72
|
+
timeout: timeoutMs,
|
|
73
|
+
maxBuffer: this.config.max_output_bytes,
|
|
74
|
+
cwd: workingDir || undefined,
|
|
75
|
+
env: env && typeof env === 'object' ? { ...process.env, ...env } : undefined,
|
|
76
|
+
}, (error, stdout, stderr) => {
|
|
77
|
+
if (error && !('code' in error)) {
|
|
78
|
+
reject(error);
|
|
79
|
+
return;
|
|
80
|
+
}
|
|
81
|
+
const exitCode = error && 'code' in error ? error.code : 0;
|
|
82
|
+
const stdoutStr = typeof stdout === 'string' ? stdout : '';
|
|
83
|
+
const stderrStr = typeof stderr === 'string' ? stderr : '';
|
|
84
|
+
// Enforce max_output_bytes on combined output
|
|
85
|
+
const totalBytes = Buffer.byteLength(stdoutStr) + Buffer.byteLength(stderrStr);
|
|
86
|
+
if (totalBytes > this.config.max_output_bytes) {
|
|
87
|
+
resolve({
|
|
88
|
+
body: stdoutStr.substring(0, this.config.max_output_bytes),
|
|
89
|
+
exit_code: exitCode,
|
|
90
|
+
stderr: stderrStr.substring(0, 1024),
|
|
91
|
+
metadata: { truncated: true, total_bytes: totalBytes },
|
|
92
|
+
});
|
|
93
|
+
return;
|
|
94
|
+
}
|
|
95
|
+
resolve({
|
|
96
|
+
body: stdoutStr,
|
|
97
|
+
exit_code: exitCode,
|
|
98
|
+
stderr: stderrStr || undefined,
|
|
99
|
+
});
|
|
100
|
+
});
|
|
101
|
+
// Safety: ensure child process is cleaned up
|
|
102
|
+
child.on('error', reject);
|
|
103
|
+
});
|
|
104
|
+
}
|
|
105
|
+
}
|
|
106
|
+
exports.ShellExecutor = ShellExecutor;
|
|
107
|
+
/** Default blocklist of dangerous commands/patterns */
|
|
108
|
+
ShellExecutor.DEFAULT_BLOCKED = [
|
|
109
|
+
'rm -rf /',
|
|
110
|
+
'rm -rf /*',
|
|
111
|
+
'dd',
|
|
112
|
+
'mkfs',
|
|
113
|
+
'fdisk',
|
|
114
|
+
'format',
|
|
115
|
+
':(){:|:&};:',
|
|
116
|
+
'chmod -R 777 /',
|
|
117
|
+
'chown -R',
|
|
118
|
+
];
|
|
119
|
+
//# sourceMappingURL=shell-executor.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"shell-executor.js","sourceRoot":"","sources":["../../../src/executor/shell-executor.ts"],"names":[],"mappings":";;;AAAA,iDAAyC;AAMzC;;;;;GAKG;AACH,MAAa,aAAa;IAgBxB,YAAY,MAA2B;QACrC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,QAAkB;QAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QAE5C,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,MAAM;gBACT,OAAO,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC7B;gBACE,MAAM,IAAI,KAAK,CAAC,6BAA6B,MAAM,EAAE,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IAEO,aAAa,CAAC,QAAkB;QACtC,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,IAAI,OAAO,QAAQ,CAAC,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YACrE,OAAO,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC;QAC9B,CAAC;QAED,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;QACpC,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE,CAAC;YACpB,OAAO,QAAQ,CAAC,SAAS,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;QAC1C,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,6BAA6B,QAAQ,EAAE,CAAC,CAAC;IAC3D,CAAC;IAEO,gBAAgB,CAAC,OAAe;QACtC,OAAO,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IACxD,CAAC;IAEO,gBAAgB,CAAC,OAAe,EAAE,IAAc;QACtD,MAAM,WAAW,GAAG,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEjD,gCAAgC;QAChC,IAAI,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;YACjC,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;gBACnD,IAAI,OAAO,KAAK,OAAO,IAAI,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;oBACzD,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;QACH,CAAC;QAED,0BAA0B;QAC1B,KAAK,MAAM,OAAO,IAAI,aAAa,CAAC,eAAe,EAAE,CAAC;YACpD,IAAI,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAClC,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,KAAK,CAAC,IAAI,CAAC,QAAkB;QACnC,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,QAAQ,CAAC,IAAI,CAAC;QAEvE,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;QAC1E,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,YAAY,OAAO,uCAAuC,CAAC,CAAC;QAC9E,CAAC;QAED,MAAM,QAAQ,GAAa,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAE7E,IAAI,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC;YAC7C,MAAM,IAAI,KAAK,CAAC,YAAY,OAAO,uCAAuC,CAAC,CAAC;QAC9E,CAAC;QAED,MAAM,SAAS,GAAG,CAAC,OAAO,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC;QACjG,MAAM,UAAU,GAAG,CAAC,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC;QAE7E,OAAO,IAAI,OAAO,CAAa,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACjD,MAAM,KAAK,GAAG,IAAA,wBAAQ,EACpB,OAAO,EACP,QAAQ,EACR;gBACE,OAAO,EAAE,SAAS;gBAClB,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,gBAAgB;gBACvC,GAAG,EAAE,UAAU,IAAI,SAAS;gBAC5B,GAAG,EAAE,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,GAAI,GAA8B,EAAE,CAAC,CAAC,CAAC,SAAS;aACzG,EACD,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;gBACxB,IAAI,KAAK,IAAI,CAAC,CAAC,MAAM,IAAI,KAAK,CAAC,EAAE,CAAC;oBAChC,MAAM,CAAC,KAAK,CAAC,CAAC;oBACd,OAAO;gBACT,CAAC;gBAED,MAAM,QAAQ,GAAG,KAAK,IAAI,MAAM,IAAI,KAAK,CAAC,CAAC,CAAE,KAA0B,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;gBACjF,MAAM,SAAS,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC3D,MAAM,SAAS,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;gBAE3D,8CAA8C;gBAC9C,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;gBAC/E,IAAI,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;oBAC9C,OAAO,CAAC;wBACN,IAAI,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC;wBAC1D,SAAS,EAAE,QAAQ;wBACnB,MAAM,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,IAAI,CAAC;wBACpC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,UAAU,EAAE;qBACvD,CAAC,CAAC;oBACH,OAAO;gBACT,CAAC;gBAED,OAAO,CAAC;oBACN,IAAI,EAAE,SAAS;oBACf,SAAS,EAAE,QAAQ;oBACnB,MAAM,EAAE,SAAS,IAAI,SAAS;iBAC/B,CAAC,CAAC;YACL,CAAC,CACF,CAAC;YAEF,6CAA6C;YAC7C,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;IACL,CAAC;;AAtIH,sCAuIC;AApIC,uDAAuD;AAC/B,6BAAe,GAAG;IACxC,UAAU;IACV,WAAW;IACX,IAAI;IACJ,MAAM;IACN,OAAO;IACP,QAAQ;IACR,aAAa;IACb,gBAAgB;IAChB,UAAU;CACX,CAAC"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
import { ToolCall } from '../types/tool-call';
|
|
2
|
+
import { ToolOutput } from '../types/tool-result';
|
|
3
|
+
import { ToolExecutor } from './interfaces';
|
|
4
|
+
import { SQLExecutorConfig } from '../types/config';
|
|
5
|
+
/**
|
|
6
|
+
* SQL executor for parameterized database queries.
|
|
7
|
+
* Handles tool calls with tool name `sql.*` (e.g., sql.query, sql.execute).
|
|
8
|
+
* Enforces read_only mode, table blocklists, and query timeouts.
|
|
9
|
+
*/
|
|
10
|
+
export declare class SQLExecutor implements ToolExecutor {
|
|
11
|
+
private pool;
|
|
12
|
+
private config;
|
|
13
|
+
constructor(config: SQLExecutorConfig);
|
|
14
|
+
execute(toolCall: ToolCall): Promise<ToolOutput>;
|
|
15
|
+
private resolveAction;
|
|
16
|
+
/**
|
|
17
|
+
* Check if the query references any blocked tables.
|
|
18
|
+
*/
|
|
19
|
+
private checkBlockedTables;
|
|
20
|
+
/**
|
|
21
|
+
* Check if a query is a read-only SELECT statement.
|
|
22
|
+
*/
|
|
23
|
+
private isReadOnly;
|
|
24
|
+
private query;
|
|
25
|
+
private sqlExecute;
|
|
26
|
+
/** Close the connection pool. */
|
|
27
|
+
close(): Promise<void>;
|
|
28
|
+
}
|
|
29
|
+
//# sourceMappingURL=sql-executor.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sql-executor.d.ts","sourceRoot":"","sources":["../../../src/executor/sql-executor.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAEpD;;;;GAIG;AACH,qBAAa,WAAY,YAAW,YAAY;IAC9C,OAAO,CAAC,IAAI,CAAO;IACnB,OAAO,CAAC,MAAM,CAAoB;gBAEtB,MAAM,EAAE,iBAAiB;IAQ/B,OAAO,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,UAAU,CAAC;IAatD,OAAO,CAAC,aAAa;IAcrB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA4B1B;;OAEG;IACH,OAAO,CAAC,UAAU;YAOJ,KAAK;YA0BL,UAAU;IAwBxB,iCAAiC;IAC3B,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;CAG7B"}
|
|
@@ -0,0 +1,114 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.SQLExecutor = void 0;
|
|
4
|
+
const pg_1 = require("pg");
|
|
5
|
+
/**
|
|
6
|
+
* SQL executor for parameterized database queries.
|
|
7
|
+
* Handles tool calls with tool name `sql.*` (e.g., sql.query, sql.execute).
|
|
8
|
+
* Enforces read_only mode, table blocklists, and query timeouts.
|
|
9
|
+
*/
|
|
10
|
+
class SQLExecutor {
|
|
11
|
+
constructor(config) {
|
|
12
|
+
this.config = config;
|
|
13
|
+
this.pool = new pg_1.Pool({
|
|
14
|
+
connectionString: config.connection_string,
|
|
15
|
+
statement_timeout: config.timeout_ms,
|
|
16
|
+
});
|
|
17
|
+
}
|
|
18
|
+
async execute(toolCall) {
|
|
19
|
+
const action = this.resolveAction(toolCall);
|
|
20
|
+
switch (action) {
|
|
21
|
+
case 'query':
|
|
22
|
+
return this.query(toolCall);
|
|
23
|
+
case 'execute':
|
|
24
|
+
return this.sqlExecute(toolCall);
|
|
25
|
+
default:
|
|
26
|
+
throw new Error(`Unsupported SQL action: ${action}`);
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
resolveAction(toolCall) {
|
|
30
|
+
if (toolCall.args.action && typeof toolCall.args.action === 'string') {
|
|
31
|
+
return toolCall.args.action;
|
|
32
|
+
}
|
|
33
|
+
const toolName = toolCall.tool.name;
|
|
34
|
+
const dotIndex = toolName.indexOf('.');
|
|
35
|
+
if (dotIndex !== -1) {
|
|
36
|
+
return toolName.substring(dotIndex + 1);
|
|
37
|
+
}
|
|
38
|
+
throw new Error(`Unsupported SQL action: ${toolName}`);
|
|
39
|
+
}
|
|
40
|
+
/**
|
|
41
|
+
* Check if the query references any blocked tables.
|
|
42
|
+
*/
|
|
43
|
+
checkBlockedTables(query) {
|
|
44
|
+
const blocked = this.config.blocked_tables;
|
|
45
|
+
if (!blocked || blocked.length === 0)
|
|
46
|
+
return;
|
|
47
|
+
// Extract table names from common SQL patterns
|
|
48
|
+
const tablePatterns = [
|
|
49
|
+
/\bFROM\s+([a-zA-Z_][\w.]*)/gi,
|
|
50
|
+
/\bJOIN\s+([a-zA-Z_][\w.]*)/gi,
|
|
51
|
+
/\bINTO\s+([a-zA-Z_][\w.]*)/gi,
|
|
52
|
+
/\bUPDATE\s+([a-zA-Z_][\w.]*)/gi,
|
|
53
|
+
/\bTABLE\s+([a-zA-Z_][\w.]*)/gi,
|
|
54
|
+
];
|
|
55
|
+
const referencedTables = new Set();
|
|
56
|
+
for (const pattern of tablePatterns) {
|
|
57
|
+
let match;
|
|
58
|
+
while ((match = pattern.exec(query)) !== null) {
|
|
59
|
+
referencedTables.add(match[1].toLowerCase());
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
for (const table of referencedTables) {
|
|
63
|
+
if (blocked.some(b => table === b.toLowerCase())) {
|
|
64
|
+
throw new Error(`Access to table "${table}" is blocked`);
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
/**
|
|
69
|
+
* Check if a query is a read-only SELECT statement.
|
|
70
|
+
*/
|
|
71
|
+
isReadOnly(query) {
|
|
72
|
+
const trimmed = query.trim().toUpperCase();
|
|
73
|
+
// Allow SELECT, WITH ... SELECT, EXPLAIN
|
|
74
|
+
return /^(SELECT|WITH\s|EXPLAIN\s)/i.test(trimmed) &&
|
|
75
|
+
!/\b(INSERT|UPDATE|DELETE|DROP|ALTER|CREATE|TRUNCATE|GRANT|REVOKE)\b/i.test(trimmed);
|
|
76
|
+
}
|
|
77
|
+
async query(toolCall) {
|
|
78
|
+
const { query, params } = toolCall.args;
|
|
79
|
+
if (!query || typeof query !== 'string') {
|
|
80
|
+
throw new Error('Missing or invalid "query" argument for sql.query');
|
|
81
|
+
}
|
|
82
|
+
if (!this.isReadOnly(query)) {
|
|
83
|
+
throw new Error('sql.query only allows read-only (SELECT) statements');
|
|
84
|
+
}
|
|
85
|
+
this.checkBlockedTables(query);
|
|
86
|
+
const result = await this.pool.query(query, Array.isArray(params) ? params : undefined);
|
|
87
|
+
const rows = result.rows.slice(0, this.config.max_rows);
|
|
88
|
+
return {
|
|
89
|
+
body: rows,
|
|
90
|
+
rows_affected: result.rowCount ?? 0,
|
|
91
|
+
};
|
|
92
|
+
}
|
|
93
|
+
async sqlExecute(toolCall) {
|
|
94
|
+
const { query, params } = toolCall.args;
|
|
95
|
+
if (!query || typeof query !== 'string') {
|
|
96
|
+
throw new Error('Missing or invalid "query" argument for sql.execute');
|
|
97
|
+
}
|
|
98
|
+
if (this.config.read_only) {
|
|
99
|
+
throw new Error('sql.execute is disabled: executor is in read_only mode');
|
|
100
|
+
}
|
|
101
|
+
this.checkBlockedTables(query);
|
|
102
|
+
const result = await this.pool.query(query, Array.isArray(params) ? params : undefined);
|
|
103
|
+
return {
|
|
104
|
+
body: result.rows?.slice(0, this.config.max_rows) ?? [],
|
|
105
|
+
rows_affected: result.rowCount ?? 0,
|
|
106
|
+
};
|
|
107
|
+
}
|
|
108
|
+
/** Close the connection pool. */
|
|
109
|
+
async close() {
|
|
110
|
+
await this.pool.end();
|
|
111
|
+
}
|
|
112
|
+
}
|
|
113
|
+
exports.SQLExecutor = SQLExecutor;
|
|
114
|
+
//# sourceMappingURL=sql-executor.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sql-executor.js","sourceRoot":"","sources":["../../../src/executor/sql-executor.ts"],"names":[],"mappings":";;;AAAA,2BAA0B;AAM1B;;;;GAIG;AACH,MAAa,WAAW;IAItB,YAAY,MAAyB;QACnC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,IAAI,GAAG,IAAI,SAAI,CAAC;YACnB,gBAAgB,EAAE,MAAM,CAAC,iBAAiB;YAC1C,iBAAiB,EAAE,MAAM,CAAC,UAAU;SACrC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,QAAkB;QAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QAE5C,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,OAAO;gBACV,OAAO,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YAC9B,KAAK,SAAS;gBACZ,OAAO,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;YACnC;gBACE,MAAM,IAAI,KAAK,CAAC,2BAA2B,MAAM,EAAE,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;IAEO,aAAa,CAAC,QAAkB;QACtC,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,IAAI,OAAO,QAAQ,CAAC,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YACrE,OAAO,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC;QAC9B,CAAC;QAED,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;QACpC,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE,CAAC;YACpB,OAAO,QAAQ,CAAC,SAAS,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;QAC1C,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,2BAA2B,QAAQ,EAAE,CAAC,CAAC;IACzD,CAAC;IAED;;OAEG;IACK,kBAAkB,CAAC,KAAa;QACtC,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC;QAC3C,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO;QAE7C,+CAA+C;QAC/C,MAAM,aAAa,GAAG;YACpB,8BAA8B;YAC9B,8BAA8B;YAC9B,8BAA8B;YAC9B,gCAAgC;YAChC,+BAA+B;SAChC,CAAC;QAEF,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;QAC3C,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;YACpC,IAAI,KAAK,CAAC;YACV,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC9C,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;QAED,KAAK,MAAM,KAAK,IAAI,gBAAgB,EAAE,CAAC;YACrC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;gBACjD,MAAM,IAAI,KAAK,CAAC,oBAAoB,KAAK,cAAc,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACK,UAAU,CAAC,KAAa;QAC9B,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC3C,yCAAyC;QACzC,OAAO,6BAA6B,CAAC,IAAI,CAAC,OAAO,CAAC;YAChD,CAAC,qEAAqE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACzF,CAAC;IAEO,KAAK,CAAC,KAAK,CAAC,QAAkB;QACpC,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,QAAQ,CAAC,IAAI,CAAC;QAExC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;QACvE,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;QACzE,CAAC;QAED,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAE/B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAClC,KAAK,EACL,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAC3C,CAAC;QAEF,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAExD,OAAO;YACL,IAAI,EAAE,IAAI;YACV,aAAa,EAAE,MAAM,CAAC,QAAQ,IAAI,CAAC;SACpC,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,UAAU,CAAC,QAAkB;QACzC,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,QAAQ,CAAC,IAAI,CAAC;QAExC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;QACzE,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;QAC5E,CAAC;QAED,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAE/B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAClC,KAAK,EACL,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAC3C,CAAC;QAEF,OAAO;YACL,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE;YACvD,aAAa,EAAE,MAAM,CAAC,QAAQ,IAAI,CAAC;SACpC,CAAC;IACJ,CAAC;IAED,iCAAiC;IACjC,KAAK,CAAC,KAAK;QACT,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;IACxB,CAAC;CACF;AAtID,kCAsIC"}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
import { ToolCall } from '../types/tool-call';
|
|
2
|
+
import { ToolOutput } from '../types/tool-result';
|
|
3
|
+
import { ToolExecutor } from './interfaces';
|
|
4
|
+
import { WebSocketExecutorConfig } from '../types/config';
|
|
5
|
+
/**
|
|
6
|
+
* WebSocket executor for managed WebSocket connections.
|
|
7
|
+
* Handles tool calls with tool name `ws.*` (e.g., ws.connect, ws.send, ws.close).
|
|
8
|
+
* Manages a connection pool by connection_id with URL allowlisting.
|
|
9
|
+
*/
|
|
10
|
+
export declare class WebSocketExecutor implements ToolExecutor {
|
|
11
|
+
private config;
|
|
12
|
+
private connections;
|
|
13
|
+
constructor(config: WebSocketExecutorConfig);
|
|
14
|
+
execute(toolCall: ToolCall): Promise<ToolOutput>;
|
|
15
|
+
private resolveAction;
|
|
16
|
+
/**
|
|
17
|
+
* Check if a URL matches any of the allowed URL patterns.
|
|
18
|
+
*/
|
|
19
|
+
private isUrlAllowed;
|
|
20
|
+
private connect;
|
|
21
|
+
private send;
|
|
22
|
+
private wsClose;
|
|
23
|
+
/** Close all managed connections. */
|
|
24
|
+
closeAll(): Promise<void>;
|
|
25
|
+
}
|
|
26
|
+
//# sourceMappingURL=websocket-executor.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"websocket-executor.d.ts","sourceRoot":"","sources":["../../../src/executor/websocket-executor.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AAQ1D;;;;GAIG;AACH,qBAAa,iBAAkB,YAAW,YAAY;IACpD,OAAO,CAAC,MAAM,CAA0B;IACxC,OAAO,CAAC,WAAW,CAA6C;gBAEpD,MAAM,EAAE,uBAAuB;IAIrC,OAAO,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,UAAU,CAAC;IAetD,OAAO,CAAC,aAAa;IAcrB;;OAEG;IACH,OAAO,CAAC,YAAY;YAiBN,OAAO;YA6CP,IAAI;YA8DJ,OAAO;IAqBrB,qCAAqC;IAC/B,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;CAMhC"}
|
|
@@ -0,0 +1,205 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
35
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
36
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
37
|
+
};
|
|
38
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
39
|
+
exports.WebSocketExecutor = void 0;
|
|
40
|
+
const ws_1 = __importDefault(require("ws"));
|
|
41
|
+
const crypto = __importStar(require("crypto"));
|
|
42
|
+
/**
|
|
43
|
+
* WebSocket executor for managed WebSocket connections.
|
|
44
|
+
* Handles tool calls with tool name `ws.*` (e.g., ws.connect, ws.send, ws.close).
|
|
45
|
+
* Manages a connection pool by connection_id with URL allowlisting.
|
|
46
|
+
*/
|
|
47
|
+
class WebSocketExecutor {
|
|
48
|
+
constructor(config) {
|
|
49
|
+
this.connections = new Map();
|
|
50
|
+
this.config = config;
|
|
51
|
+
}
|
|
52
|
+
async execute(toolCall) {
|
|
53
|
+
const action = this.resolveAction(toolCall);
|
|
54
|
+
switch (action) {
|
|
55
|
+
case 'connect':
|
|
56
|
+
return this.connect(toolCall);
|
|
57
|
+
case 'send':
|
|
58
|
+
return this.send(toolCall);
|
|
59
|
+
case 'close':
|
|
60
|
+
return this.wsClose(toolCall);
|
|
61
|
+
default:
|
|
62
|
+
throw new Error(`Unsupported WebSocket action: ${action}`);
|
|
63
|
+
}
|
|
64
|
+
}
|
|
65
|
+
resolveAction(toolCall) {
|
|
66
|
+
if (toolCall.args.action && typeof toolCall.args.action === 'string') {
|
|
67
|
+
return toolCall.args.action;
|
|
68
|
+
}
|
|
69
|
+
const toolName = toolCall.tool.name;
|
|
70
|
+
const dotIndex = toolName.indexOf('.');
|
|
71
|
+
if (dotIndex !== -1) {
|
|
72
|
+
return toolName.substring(dotIndex + 1);
|
|
73
|
+
}
|
|
74
|
+
throw new Error(`Unsupported WebSocket action: ${toolName}`);
|
|
75
|
+
}
|
|
76
|
+
/**
|
|
77
|
+
* Check if a URL matches any of the allowed URL patterns.
|
|
78
|
+
*/
|
|
79
|
+
isUrlAllowed(url) {
|
|
80
|
+
if (!this.config.allowed_urls || this.config.allowed_urls.length === 0) {
|
|
81
|
+
return false;
|
|
82
|
+
}
|
|
83
|
+
for (const pattern of this.config.allowed_urls) {
|
|
84
|
+
// Convert glob-like pattern to regex
|
|
85
|
+
const escaped = pattern.replace(/[.+?^${}()|[\]\\]/g, '\\$&').replace(/\*/g, '.*');
|
|
86
|
+
const regex = new RegExp(`^${escaped}$`);
|
|
87
|
+
if (regex.test(url)) {
|
|
88
|
+
return true;
|
|
89
|
+
}
|
|
90
|
+
}
|
|
91
|
+
return false;
|
|
92
|
+
}
|
|
93
|
+
async connect(toolCall) {
|
|
94
|
+
const { url, connection_id: providedId } = toolCall.args;
|
|
95
|
+
if (!url || typeof url !== 'string') {
|
|
96
|
+
throw new Error('Missing or invalid "url" argument for ws.connect');
|
|
97
|
+
}
|
|
98
|
+
if (!this.isUrlAllowed(url)) {
|
|
99
|
+
throw new Error(`URL "${url}" is not in the allowed URLs list`);
|
|
100
|
+
}
|
|
101
|
+
const connectionId = (typeof providedId === 'string' ? providedId : null)
|
|
102
|
+
|| crypto.randomUUID();
|
|
103
|
+
return new Promise((resolve, reject) => {
|
|
104
|
+
const timeout = setTimeout(() => {
|
|
105
|
+
ws.close();
|
|
106
|
+
reject(new Error(`WebSocket connection timeout after ${this.config.connect_timeout_ms}ms`));
|
|
107
|
+
}, this.config.connect_timeout_ms);
|
|
108
|
+
const ws = new ws_1.default(url, {
|
|
109
|
+
maxPayload: this.config.max_message_size_bytes,
|
|
110
|
+
});
|
|
111
|
+
ws.on('open', () => {
|
|
112
|
+
clearTimeout(timeout);
|
|
113
|
+
this.connections.set(connectionId, {
|
|
114
|
+
ws,
|
|
115
|
+
url,
|
|
116
|
+
createdAt: Date.now(),
|
|
117
|
+
});
|
|
118
|
+
resolve({
|
|
119
|
+
body: { connected: true, connection_id: connectionId },
|
|
120
|
+
metadata: { url },
|
|
121
|
+
});
|
|
122
|
+
});
|
|
123
|
+
ws.on('error', (err) => {
|
|
124
|
+
clearTimeout(timeout);
|
|
125
|
+
reject(new Error(`WebSocket connection failed: ${err.message}`));
|
|
126
|
+
});
|
|
127
|
+
});
|
|
128
|
+
}
|
|
129
|
+
async send(toolCall) {
|
|
130
|
+
const { connection_id, message, wait_for_response } = toolCall.args;
|
|
131
|
+
if (!connection_id || typeof connection_id !== 'string') {
|
|
132
|
+
throw new Error('Missing or invalid "connection_id" argument for ws.send');
|
|
133
|
+
}
|
|
134
|
+
if (message === undefined || message === null) {
|
|
135
|
+
throw new Error('Missing "message" argument for ws.send');
|
|
136
|
+
}
|
|
137
|
+
const conn = this.connections.get(connection_id);
|
|
138
|
+
if (!conn) {
|
|
139
|
+
throw new Error(`No connection found with id "${connection_id}"`);
|
|
140
|
+
}
|
|
141
|
+
if (conn.ws.readyState !== ws_1.default.OPEN) {
|
|
142
|
+
this.connections.delete(connection_id);
|
|
143
|
+
throw new Error(`Connection "${connection_id}" is no longer open`);
|
|
144
|
+
}
|
|
145
|
+
const data = typeof message === 'string' ? message : JSON.stringify(message);
|
|
146
|
+
if (Buffer.byteLength(data) > this.config.max_message_size_bytes) {
|
|
147
|
+
throw new Error(`Message size exceeds max allowed ${this.config.max_message_size_bytes} bytes`);
|
|
148
|
+
}
|
|
149
|
+
return new Promise((resolve, reject) => {
|
|
150
|
+
if (wait_for_response) {
|
|
151
|
+
const responseTimeout = setTimeout(() => {
|
|
152
|
+
conn.ws.removeAllListeners('message');
|
|
153
|
+
resolve({
|
|
154
|
+
body: null,
|
|
155
|
+
metadata: { connection_id, timeout: true },
|
|
156
|
+
});
|
|
157
|
+
}, this.config.connect_timeout_ms);
|
|
158
|
+
conn.ws.once('message', (responseData) => {
|
|
159
|
+
clearTimeout(responseTimeout);
|
|
160
|
+
resolve({
|
|
161
|
+
body: responseData.toString(),
|
|
162
|
+
metadata: { connection_id },
|
|
163
|
+
});
|
|
164
|
+
});
|
|
165
|
+
}
|
|
166
|
+
conn.ws.send(data, (err) => {
|
|
167
|
+
if (err) {
|
|
168
|
+
reject(new Error(`Failed to send message: ${err.message}`));
|
|
169
|
+
return;
|
|
170
|
+
}
|
|
171
|
+
if (!wait_for_response) {
|
|
172
|
+
resolve({
|
|
173
|
+
body: { sent: true },
|
|
174
|
+
metadata: { connection_id },
|
|
175
|
+
});
|
|
176
|
+
}
|
|
177
|
+
});
|
|
178
|
+
});
|
|
179
|
+
}
|
|
180
|
+
async wsClose(toolCall) {
|
|
181
|
+
const { connection_id } = toolCall.args;
|
|
182
|
+
if (!connection_id || typeof connection_id !== 'string') {
|
|
183
|
+
throw new Error('Missing or invalid "connection_id" argument for ws.close');
|
|
184
|
+
}
|
|
185
|
+
const conn = this.connections.get(connection_id);
|
|
186
|
+
if (!conn) {
|
|
187
|
+
throw new Error(`No connection found with id "${connection_id}"`);
|
|
188
|
+
}
|
|
189
|
+
conn.ws.close();
|
|
190
|
+
this.connections.delete(connection_id);
|
|
191
|
+
return {
|
|
192
|
+
body: { closed: true },
|
|
193
|
+
metadata: { connection_id },
|
|
194
|
+
};
|
|
195
|
+
}
|
|
196
|
+
/** Close all managed connections. */
|
|
197
|
+
async closeAll() {
|
|
198
|
+
for (const [id, conn] of this.connections) {
|
|
199
|
+
conn.ws.close();
|
|
200
|
+
this.connections.delete(id);
|
|
201
|
+
}
|
|
202
|
+
}
|
|
203
|
+
}
|
|
204
|
+
exports.WebSocketExecutor = WebSocketExecutor;
|
|
205
|
+
//# sourceMappingURL=websocket-executor.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"websocket-executor.js","sourceRoot":"","sources":["../../../src/executor/websocket-executor.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,4CAA2B;AAC3B,+CAAiC;AAYjC;;;;GAIG;AACH,MAAa,iBAAiB;IAI5B,YAAY,MAA+B;QAFnC,gBAAW,GAAmC,IAAI,GAAG,EAAE,CAAC;QAG9D,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,QAAkB;QAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QAE5C,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,SAAS;gBACZ,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAChC,KAAK,MAAM;gBACT,OAAO,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC7B,KAAK,OAAO;gBACV,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAChC;gBACE,MAAM,IAAI,KAAK,CAAC,iCAAiC,MAAM,EAAE,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;IAEO,aAAa,CAAC,QAAkB;QACtC,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,IAAI,OAAO,QAAQ,CAAC,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YACrE,OAAO,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC;QAC9B,CAAC;QAED,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;QACpC,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE,CAAC;YACpB,OAAO,QAAQ,CAAC,SAAS,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;QAC1C,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,iCAAiC,QAAQ,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED;;OAEG;IACK,YAAY,CAAC,GAAW;QAC9B,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvE,OAAO,KAAK,CAAC;QACf,CAAC;QAED,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YAC/C,qCAAqC;YACrC,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;YACnF,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,OAAO,GAAG,CAAC,CAAC;YACzC,IAAI,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBACpB,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,KAAK,CAAC,OAAO,CAAC,QAAkB;QACtC,MAAM,EAAE,GAAG,EAAE,aAAa,EAAE,UAAU,EAAE,GAAG,QAAQ,CAAC,IAAI,CAAC;QAEzD,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACtE,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,QAAQ,GAAG,mCAAmC,CAAC,CAAC;QAClE,CAAC;QAED,MAAM,YAAY,GAAG,CAAC,OAAO,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC;eACpE,MAAM,CAAC,UAAU,EAAE,CAAC;QAEzB,OAAO,IAAI,OAAO,CAAa,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACjD,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC9B,EAAE,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,CAAC,IAAI,KAAK,CAAC,sCAAsC,IAAI,CAAC,MAAM,CAAC,kBAAkB,IAAI,CAAC,CAAC,CAAC;YAC9F,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC;YAEnC,MAAM,EAAE,GAAG,IAAI,YAAS,CAAC,GAAG,EAAE;gBAC5B,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,sBAAsB;aAC/C,CAAC,CAAC;YAEH,EAAE,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE;gBACjB,YAAY,CAAC,OAAO,CAAC,CAAC;gBACtB,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,EAAE;oBACjC,EAAE;oBACF,GAAG;oBACH,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;iBACtB,CAAC,CAAC;gBAEH,OAAO,CAAC;oBACN,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,aAAa,EAAE,YAAY,EAAE;oBACtD,QAAQ,EAAE,EAAE,GAAG,EAAE;iBAClB,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;gBAC5B,YAAY,CAAC,OAAO,CAAC,CAAC;gBACtB,MAAM,CAAC,IAAI,KAAK,CAAC,gCAAgC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;YACnE,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,IAAI,CAAC,QAAkB;QACnC,MAAM,EAAE,aAAa,EAAE,OAAO,EAAE,iBAAiB,EAAE,GAAG,QAAQ,CAAC,IAAI,CAAC;QAEpE,IAAI,CAAC,aAAa,IAAI,OAAO,aAAa,KAAK,QAAQ,EAAE,CAAC;YACxD,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;QAC7E,CAAC;QAED,IAAI,OAAO,KAAK,SAAS,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;YAC9C,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC5D,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QACjD,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,gCAAgC,aAAa,GAAG,CAAC,CAAC;QACpE,CAAC;QAED,IAAI,IAAI,CAAC,EAAE,CAAC,UAAU,KAAK,YAAS,CAAC,IAAI,EAAE,CAAC;YAC1C,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,eAAe,aAAa,qBAAqB,CAAC,CAAC;QACrE,CAAC;QAED,MAAM,IAAI,GAAG,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAE7E,IAAI,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,sBAAsB,EAAE,CAAC;YACjE,MAAM,IAAI,KAAK,CAAC,oCAAoC,IAAI,CAAC,MAAM,CAAC,sBAAsB,QAAQ,CAAC,CAAC;QAClG,CAAC;QAED,OAAO,IAAI,OAAO,CAAa,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACjD,IAAI,iBAAiB,EAAE,CAAC;gBACtB,MAAM,eAAe,GAAG,UAAU,CAAC,GAAG,EAAE;oBACtC,IAAI,CAAC,EAAE,CAAC,kBAAkB,CAAC,SAAS,CAAC,CAAC;oBACtC,OAAO,CAAC;wBACN,IAAI,EAAE,IAAI;wBACV,QAAQ,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,IAAI,EAAE;qBAC3C,CAAC,CAAC;gBACL,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC;gBAEnC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,YAA4B,EAAE,EAAE;oBACvD,YAAY,CAAC,eAAe,CAAC,CAAC;oBAC9B,OAAO,CAAC;wBACN,IAAI,EAAE,YAAY,CAAC,QAAQ,EAAE;wBAC7B,QAAQ,EAAE,EAAE,aAAa,EAAE;qBAC5B,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;YACL,CAAC;YAED,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,GAAW,EAAE,EAAE;gBACjC,IAAI,GAAG,EAAE,CAAC;oBACR,MAAM,CAAC,IAAI,KAAK,CAAC,2BAA2B,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;oBAC5D,OAAO;gBACT,CAAC;gBAED,IAAI,CAAC,iBAAiB,EAAE,CAAC;oBACvB,OAAO,CAAC;wBACN,IAAI,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;wBACpB,QAAQ,EAAE,EAAE,aAAa,EAAE;qBAC5B,CAAC,CAAC;gBACL,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,OAAO,CAAC,QAAkB;QACtC,MAAM,EAAE,aAAa,EAAE,GAAG,QAAQ,CAAC,IAAI,CAAC;QAExC,IAAI,CAAC,aAAa,IAAI,OAAO,aAAa,KAAK,QAAQ,EAAE,CAAC;YACxD,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;QAC9E,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QACjD,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,gCAAgC,aAAa,GAAG,CAAC,CAAC;QACpE,CAAC;QAED,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;QAChB,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QAEvC,OAAO;YACL,IAAI,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE;YACtB,QAAQ,EAAE,EAAE,aAAa,EAAE;SAC5B,CAAC;IACJ,CAAC;IAED,qCAAqC;IACrC,KAAK,CAAC,QAAQ;QACZ,KAAK,MAAM,CAAC,EAAE,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YAC1C,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;CACF;AAhMD,8CAgMC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/interceptor/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC"}
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.ProviderInterceptor = void 0;
|
|
4
|
+
var provider_interceptor_1 = require("./provider-interceptor");
|
|
5
|
+
Object.defineProperty(exports, "ProviderInterceptor", { enumerable: true, get: function () { return provider_interceptor_1.ProviderInterceptor; } });
|
|
6
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/interceptor/index.ts"],"names":[],"mappings":";;;AAAA,+DAAgF;AAAvE,2HAAA,mBAAmB,OAAA"}
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
import { ProviderInterceptConfig } from '../types/config';
|
|
2
|
+
export interface ProviderToolBlock {
|
|
3
|
+
provider: 'claude' | 'openai' | 'gemini' | 'unknown';
|
|
4
|
+
tool_name: string;
|
|
5
|
+
tool_type: string;
|
|
6
|
+
inputs: Record<string, unknown>;
|
|
7
|
+
outputs?: unknown;
|
|
8
|
+
block_index: number;
|
|
9
|
+
}
|
|
10
|
+
type Provider = ProviderToolBlock['provider'];
|
|
11
|
+
export declare class ProviderInterceptor {
|
|
12
|
+
private urlPatterns;
|
|
13
|
+
private scanInputs;
|
|
14
|
+
private scanOutputs;
|
|
15
|
+
constructor(config: ProviderInterceptConfig);
|
|
16
|
+
/** Check if a URL matches any provider pattern */
|
|
17
|
+
matchesProvider(url: string): boolean;
|
|
18
|
+
/** Detect which provider a URL belongs to */
|
|
19
|
+
detectProvider(url: string): Provider;
|
|
20
|
+
/** Extract tool blocks from a request body (pre-execution) */
|
|
21
|
+
extractFromRequest(body: unknown, provider: string): ProviderToolBlock[];
|
|
22
|
+
/** Extract tool blocks from a response body (post-execution) */
|
|
23
|
+
extractFromResponse(body: unknown, provider: string): ProviderToolBlock[];
|
|
24
|
+
/** Get all inputs as a flat object for DLP scanning */
|
|
25
|
+
flattenInputsForDLP(blocks: ProviderToolBlock[]): Record<string, unknown>;
|
|
26
|
+
/** Get all outputs as a flat object for DLP scanning */
|
|
27
|
+
flattenOutputsForDLP(blocks: ProviderToolBlock[]): Record<string, unknown>;
|
|
28
|
+
private extractClaudeRequest;
|
|
29
|
+
private extractClaudeResponse;
|
|
30
|
+
private extractOpenAIRequest;
|
|
31
|
+
private extractOpenAIResponse;
|
|
32
|
+
private extractGeminiRequest;
|
|
33
|
+
private extractGeminiResponse;
|
|
34
|
+
}
|
|
35
|
+
export {};
|
|
36
|
+
//# sourceMappingURL=provider-interceptor.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"provider-interceptor.d.ts","sourceRoot":"","sources":["../../../src/interceptor/provider-interceptor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AAE1D,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,QAAQ,GAAG,QAAQ,GAAG,QAAQ,GAAG,SAAS,CAAC;IACrD,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,KAAK,QAAQ,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;AAyB9C,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,WAAW,CAAW;IAC9B,OAAO,CAAC,UAAU,CAAU;IAC5B,OAAO,CAAC,WAAW,CAAU;gBAEjB,MAAM,EAAE,uBAAuB;IAS3C,kDAAkD;IAClD,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAIrC,6CAA6C;IAC7C,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,QAAQ;IAOrC,8DAA8D;IAC9D,kBAAkB,CAAC,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,GAAG,iBAAiB,EAAE;IAcxE,gEAAgE;IAChE,mBAAmB,CAAC,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,GAAG,iBAAiB,EAAE;IAczE,uDAAuD;IACvD,mBAAmB,CAAC,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAUzE,wDAAwD;IACxD,oBAAoB,CAAC,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAY1E,OAAO,CAAC,oBAAoB;IAkC5B,OAAO,CAAC,qBAAqB;IAsB7B,OAAO,CAAC,oBAAoB;IAwB5B,OAAO,CAAC,qBAAqB;IA6B7B,OAAO,CAAC,oBAAoB;IAwB5B,OAAO,CAAC,qBAAqB;CAyB9B"}
|