sentinel-agentos 0.3.6 → 0.3.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/src/dashboard.html +175 -0
- package/package.json +3 -2
- package/LICENSE +0 -21
- package/README.md +0 -1797
- package/dist/adapters/evaluation-bridge.d.ts +0 -78
- package/dist/adapters/evaluation-bridge.d.ts.map +0 -1
- package/dist/adapters/evaluation-bridge.js +0 -273
- package/dist/adapters/evaluation-bridge.js.map +0 -1
- package/dist/adapters/memory-bridge.d.ts +0 -110
- package/dist/adapters/memory-bridge.d.ts.map +0 -1
- package/dist/adapters/memory-bridge.js +0 -316
- package/dist/adapters/memory-bridge.js.map +0 -1
- package/dist/adapters/migrate.d.ts +0 -2
- package/dist/adapters/migrate.d.ts.map +0 -1
- package/dist/adapters/migrate.js +0 -63
- package/dist/adapters/migrate.js.map +0 -1
- package/dist/api.d.ts +0 -151
- package/dist/api.d.ts.map +0 -1
- package/dist/api.js +0 -179
- package/dist/api.js.map +0 -1
- package/dist/cli.d.ts +0 -16
- package/dist/cli.d.ts.map +0 -1
- package/dist/cli.js +0 -350
- package/dist/cli.js.map +0 -1
- package/dist/core.d.ts +0 -151
- package/dist/core.d.ts.map +0 -1
- package/dist/core.js +0 -341
- package/dist/core.js.map +0 -1
- package/dist/evaluator/exec-evaluator.d.ts +0 -102
- package/dist/evaluator/exec-evaluator.d.ts.map +0 -1
- package/dist/evaluator/exec-evaluator.js +0 -266
- package/dist/evaluator/exec-evaluator.js.map +0 -1
- package/dist/evaluator/feedback.d.ts +0 -57
- package/dist/evaluator/feedback.d.ts.map +0 -1
- package/dist/evaluator/feedback.js +0 -225
- package/dist/evaluator/feedback.js.map +0 -1
- package/dist/evaluator/profiler.d.ts +0 -55
- package/dist/evaluator/profiler.d.ts.map +0 -1
- package/dist/evaluator/profiler.js +0 -117
- package/dist/evaluator/profiler.js.map +0 -1
- package/dist/guard/audit-log.d.ts +0 -47
- package/dist/guard/audit-log.d.ts.map +0 -1
- package/dist/guard/audit-log.js +0 -199
- package/dist/guard/audit-log.js.map +0 -1
- package/dist/guard/container-sandbox.d.ts +0 -25
- package/dist/guard/container-sandbox.d.ts.map +0 -1
- package/dist/guard/container-sandbox.js +0 -145
- package/dist/guard/container-sandbox.js.map +0 -1
- package/dist/guard/risk-gate.d.ts +0 -101
- package/dist/guard/risk-gate.d.ts.map +0 -1
- package/dist/guard/risk-gate.js +0 -200
- package/dist/guard/risk-gate.js.map +0 -1
- package/dist/guard/sandbox.d.ts +0 -112
- package/dist/guard/sandbox.d.ts.map +0 -1
- package/dist/guard/sandbox.js +0 -379
- package/dist/guard/sandbox.js.map +0 -1
- package/dist/guard/schema-gate.d.ts +0 -90
- package/dist/guard/schema-gate.d.ts.map +0 -1
- package/dist/guard/schema-gate.js +0 -452
- package/dist/guard/schema-gate.js.map +0 -1
- package/dist/guard/snapshot-verify.d.ts +0 -111
- package/dist/guard/snapshot-verify.d.ts.map +0 -1
- package/dist/guard/snapshot-verify.js +0 -571
- package/dist/guard/snapshot-verify.js.map +0 -1
- package/dist/index.d.ts +0 -28
- package/dist/index.d.ts.map +0 -1
- package/dist/index.js +0 -59
- package/dist/index.js.map +0 -1
- package/dist/memory/episodic.d.ts +0 -76
- package/dist/memory/episodic.d.ts.map +0 -1
- package/dist/memory/episodic.js +0 -289
- package/dist/memory/episodic.js.map +0 -1
- package/dist/memory/semantic.d.ts +0 -68
- package/dist/memory/semantic.d.ts.map +0 -1
- package/dist/memory/semantic.js +0 -299
- package/dist/memory/semantic.js.map +0 -1
- package/dist/memory/working.d.ts +0 -53
- package/dist/memory/working.d.ts.map +0 -1
- package/dist/memory/working.js +0 -166
- package/dist/memory/working.js.map +0 -1
- package/dist/middleware/openclaw.d.ts +0 -45
- package/dist/middleware/openclaw.d.ts.map +0 -1
- package/dist/middleware/openclaw.js +0 -95
- package/dist/middleware/openclaw.js.map +0 -1
- package/dist/middleware/wrapper.d.ts +0 -54
- package/dist/middleware/wrapper.d.ts.map +0 -1
- package/dist/middleware/wrapper.js +0 -155
- package/dist/middleware/wrapper.js.map +0 -1
- package/dist/server.d.ts +0 -45
- package/dist/server.d.ts.map +0 -1
- package/dist/server.js +0 -246
- package/dist/server.js.map +0 -1
- package/dist/types/index.d.ts +0 -228
- package/dist/types/index.d.ts.map +0 -1
- package/dist/types/index.js +0 -23
- package/dist/types/index.js.map +0 -1
- package/scripts/sentinel-light.js +0 -234
|
@@ -1,452 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
-
if (k2 === undefined) k2 = k;
|
|
4
|
-
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
-
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
-
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
-
}
|
|
8
|
-
Object.defineProperty(o, k2, desc);
|
|
9
|
-
}) : (function(o, m, k, k2) {
|
|
10
|
-
if (k2 === undefined) k2 = k;
|
|
11
|
-
o[k2] = m[k];
|
|
12
|
-
}));
|
|
13
|
-
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
-
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
-
}) : function(o, v) {
|
|
16
|
-
o["default"] = v;
|
|
17
|
-
});
|
|
18
|
-
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
-
var ownKeys = function(o) {
|
|
20
|
-
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
-
var ar = [];
|
|
22
|
-
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
-
return ar;
|
|
24
|
-
};
|
|
25
|
-
return ownKeys(o);
|
|
26
|
-
};
|
|
27
|
-
return function (mod) {
|
|
28
|
-
if (mod && mod.__esModule) return mod;
|
|
29
|
-
var result = {};
|
|
30
|
-
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
-
__setModuleDefault(result, mod);
|
|
32
|
-
return result;
|
|
33
|
-
};
|
|
34
|
-
})();
|
|
35
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
-
exports.SchemaGate = void 0;
|
|
37
|
-
const path = __importStar(require("path"));
|
|
38
|
-
/**
|
|
39
|
-
* Schema Gate — deterministic parameter validation with JSON Schema x- extensions.
|
|
40
|
-
*
|
|
41
|
-
* Implements every validation rule from DESIGN.md §4.2:
|
|
42
|
-
* - required fields ✓
|
|
43
|
-
* - type checking ✓
|
|
44
|
-
* - allowed values ✓
|
|
45
|
-
* - numeric range ✓
|
|
46
|
-
* - regex patterns ✓
|
|
47
|
-
* - path scope constraint (x-path-scope) ✓
|
|
48
|
-
* - path allow/deny globs (x-path-allow/x-path-deny) ✓
|
|
49
|
-
* - max parameter size (x-max-size) ✓
|
|
50
|
-
* - secret parameter marking (x-secret) ✓
|
|
51
|
-
* - parameter dependencies (x-depends-on) ✓
|
|
52
|
-
* - mutually exclusive params (x-mutually-exclusive) ✓
|
|
53
|
-
* - custom validators ✓
|
|
54
|
-
*
|
|
55
|
-
* Zero LLM dependency. Pure deterministic logic.
|
|
56
|
-
*/
|
|
57
|
-
class SchemaGate {
|
|
58
|
-
rules = new Map();
|
|
59
|
-
constructor(config) {
|
|
60
|
-
if (config?.schema) {
|
|
61
|
-
for (const rule of config.schema.rules) {
|
|
62
|
-
this.registerRule({
|
|
63
|
-
tool: rule.tool,
|
|
64
|
-
required: rule.required,
|
|
65
|
-
types: rule.types,
|
|
66
|
-
allowedValues: rule.allowedValues,
|
|
67
|
-
patterns: rule.patterns,
|
|
68
|
-
pathScope: rule.pathScope,
|
|
69
|
-
pathAllow: rule.pathAllow,
|
|
70
|
-
pathDeny: rule.pathDeny,
|
|
71
|
-
maxSize: rule.maxSize,
|
|
72
|
-
secrets: rule.secrets,
|
|
73
|
-
dependsOn: rule.dependsOn,
|
|
74
|
-
mutuallyExclusive: rule.mutuallyExclusive,
|
|
75
|
-
workspaceRoot: rule.workspaceRoot,
|
|
76
|
-
});
|
|
77
|
-
}
|
|
78
|
-
}
|
|
79
|
-
}
|
|
80
|
-
/** Register a schema rule for a tool */
|
|
81
|
-
registerRule(rule) {
|
|
82
|
-
this.rules.set(rule.tool, rule);
|
|
83
|
-
}
|
|
84
|
-
/** Register multiple rules at once */
|
|
85
|
-
registerRules(rules) {
|
|
86
|
-
rules.forEach((r) => this.registerRule(r));
|
|
87
|
-
}
|
|
88
|
-
/** Get all registered rules */
|
|
89
|
-
getRules() {
|
|
90
|
-
return Array.from(this.rules.values());
|
|
91
|
-
}
|
|
92
|
-
/** Check if a tool has a registered rule */
|
|
93
|
-
hasRule(tool) {
|
|
94
|
-
return this.rules.has(tool);
|
|
95
|
-
}
|
|
96
|
-
/**
|
|
97
|
-
* Full validation: runs all applicable checks.
|
|
98
|
-
* Returns { pass: boolean, errors: SchemaError[] }.
|
|
99
|
-
*/
|
|
100
|
-
check(toolName, params) {
|
|
101
|
-
const rule = this.rules.get(toolName);
|
|
102
|
-
if (!rule) {
|
|
103
|
-
// No rule registered → pass by default (unrestricted tool)
|
|
104
|
-
return { pass: true };
|
|
105
|
-
}
|
|
106
|
-
const errors = [];
|
|
107
|
-
// 1. Required fields
|
|
108
|
-
if (rule.required) {
|
|
109
|
-
for (const field of rule.required) {
|
|
110
|
-
if (params[field] === undefined || params[field] === null) {
|
|
111
|
-
errors.push({
|
|
112
|
-
field,
|
|
113
|
-
actual: undefined,
|
|
114
|
-
expected: 'defined (required)',
|
|
115
|
-
message: `Missing required parameter: "${field}"`,
|
|
116
|
-
});
|
|
117
|
-
}
|
|
118
|
-
}
|
|
119
|
-
}
|
|
120
|
-
// 2. Type checking
|
|
121
|
-
if (rule.types) {
|
|
122
|
-
for (const [field, expectedType] of Object.entries(rule.types)) {
|
|
123
|
-
if (params[field] !== undefined && params[field] !== null) {
|
|
124
|
-
const actualType = typeof params[field];
|
|
125
|
-
if (expectedType === 'array') {
|
|
126
|
-
if (!Array.isArray(params[field])) {
|
|
127
|
-
errors.push({
|
|
128
|
-
field,
|
|
129
|
-
actual: params[field],
|
|
130
|
-
expected: expectedType,
|
|
131
|
-
message: `Expected ${expectedType} for "${field}", got ${actualType}`,
|
|
132
|
-
});
|
|
133
|
-
}
|
|
134
|
-
}
|
|
135
|
-
else if (expectedType === 'object') {
|
|
136
|
-
if (typeof params[field] !== 'object' || Array.isArray(params[field])) {
|
|
137
|
-
errors.push({
|
|
138
|
-
field,
|
|
139
|
-
actual: params[field],
|
|
140
|
-
expected: expectedType,
|
|
141
|
-
message: `Expected ${expectedType} for "${field}", got ${actualType}`,
|
|
142
|
-
});
|
|
143
|
-
}
|
|
144
|
-
}
|
|
145
|
-
else if (actualType !== expectedType) {
|
|
146
|
-
errors.push({
|
|
147
|
-
field,
|
|
148
|
-
actual: params[field],
|
|
149
|
-
expected: expectedType,
|
|
150
|
-
message: `Expected ${expectedType} for "${field}", got ${actualType}`,
|
|
151
|
-
});
|
|
152
|
-
}
|
|
153
|
-
}
|
|
154
|
-
}
|
|
155
|
-
}
|
|
156
|
-
// 3. Allowed values
|
|
157
|
-
if (rule.allowedValues) {
|
|
158
|
-
for (const [field, values] of Object.entries(rule.allowedValues)) {
|
|
159
|
-
if (params[field] !== undefined && !values.includes(params[field])) {
|
|
160
|
-
errors.push({
|
|
161
|
-
field,
|
|
162
|
-
actual: params[field],
|
|
163
|
-
expected: `one of [${values.join(', ')}]`,
|
|
164
|
-
message: `"${params[field]}" is not an allowed value for "${field}". Allowed: ${values.join(', ')}`,
|
|
165
|
-
});
|
|
166
|
-
}
|
|
167
|
-
}
|
|
168
|
-
}
|
|
169
|
-
// 4. Numeric range / string length / array length
|
|
170
|
-
if (rule.min) {
|
|
171
|
-
for (const [field, minVal] of Object.entries(rule.min)) {
|
|
172
|
-
const val = params[field];
|
|
173
|
-
if (typeof val === 'number') {
|
|
174
|
-
if (val < minVal) {
|
|
175
|
-
errors.push({
|
|
176
|
-
field,
|
|
177
|
-
actual: val,
|
|
178
|
-
expected: `>= ${minVal}`,
|
|
179
|
-
message: `"${field}" must be >= ${minVal}, got ${val}`,
|
|
180
|
-
});
|
|
181
|
-
}
|
|
182
|
-
}
|
|
183
|
-
else if (typeof val === 'string') {
|
|
184
|
-
if (val.length < minVal) {
|
|
185
|
-
errors.push({
|
|
186
|
-
field,
|
|
187
|
-
actual: `length ${val.length}`,
|
|
188
|
-
expected: `length >= ${minVal}`,
|
|
189
|
-
message: `"${field}" length must be >= ${minVal}, got ${val.length}`,
|
|
190
|
-
});
|
|
191
|
-
}
|
|
192
|
-
}
|
|
193
|
-
else if (Array.isArray(val)) {
|
|
194
|
-
if (val.length < minVal) {
|
|
195
|
-
errors.push({
|
|
196
|
-
field,
|
|
197
|
-
actual: `length ${val.length}`,
|
|
198
|
-
expected: `length >= ${minVal}`,
|
|
199
|
-
message: `"${field}" array length must be >= ${minVal}, got ${val.length}`,
|
|
200
|
-
});
|
|
201
|
-
}
|
|
202
|
-
}
|
|
203
|
-
}
|
|
204
|
-
}
|
|
205
|
-
if (rule.max) {
|
|
206
|
-
for (const [field, maxVal] of Object.entries(rule.max)) {
|
|
207
|
-
const val = params[field];
|
|
208
|
-
if (typeof val === 'number') {
|
|
209
|
-
if (val > maxVal) {
|
|
210
|
-
errors.push({
|
|
211
|
-
field,
|
|
212
|
-
actual: val,
|
|
213
|
-
expected: `<= ${maxVal}`,
|
|
214
|
-
message: `"${field}" must be <= ${maxVal}, got ${val}`,
|
|
215
|
-
});
|
|
216
|
-
}
|
|
217
|
-
}
|
|
218
|
-
else if (typeof val === 'string') {
|
|
219
|
-
if (val.length > maxVal) {
|
|
220
|
-
errors.push({
|
|
221
|
-
field,
|
|
222
|
-
actual: `length ${val.length}`,
|
|
223
|
-
expected: `length <= ${maxVal}`,
|
|
224
|
-
message: `"${field}" length must be <= ${maxVal}, got ${val.length}`,
|
|
225
|
-
});
|
|
226
|
-
}
|
|
227
|
-
}
|
|
228
|
-
else if (Array.isArray(val)) {
|
|
229
|
-
if (val.length > maxVal) {
|
|
230
|
-
errors.push({
|
|
231
|
-
field,
|
|
232
|
-
actual: `length ${val.length}`,
|
|
233
|
-
expected: `length <= ${maxVal}`,
|
|
234
|
-
message: `"${field}" array length must be <= ${maxVal}, got ${val.length}`,
|
|
235
|
-
});
|
|
236
|
-
}
|
|
237
|
-
}
|
|
238
|
-
}
|
|
239
|
-
}
|
|
240
|
-
// 5. Regex patterns
|
|
241
|
-
if (rule.patterns) {
|
|
242
|
-
for (const [field, pattern] of Object.entries(rule.patterns)) {
|
|
243
|
-
const val = params[field];
|
|
244
|
-
if (typeof val === 'string') {
|
|
245
|
-
try {
|
|
246
|
-
const regex = new RegExp(pattern);
|
|
247
|
-
if (!regex.test(val)) {
|
|
248
|
-
errors.push({
|
|
249
|
-
field,
|
|
250
|
-
actual: val,
|
|
251
|
-
expected: `match /${pattern}/`,
|
|
252
|
-
message: `"${field}" does not match pattern /${pattern}/: "${val}"`,
|
|
253
|
-
});
|
|
254
|
-
}
|
|
255
|
-
}
|
|
256
|
-
catch {
|
|
257
|
-
errors.push({
|
|
258
|
-
field,
|
|
259
|
-
actual: val,
|
|
260
|
-
expected: 'valid regex',
|
|
261
|
-
message: `Invalid regex pattern "${pattern}" for "${field}"`,
|
|
262
|
-
});
|
|
263
|
-
}
|
|
264
|
-
}
|
|
265
|
-
}
|
|
266
|
-
}
|
|
267
|
-
// 6. Path scope constraint (x-path-scope)
|
|
268
|
-
if (rule.pathScope && rule.workspaceRoot) {
|
|
269
|
-
for (const [field, scope] of Object.entries(rule.pathScope)) {
|
|
270
|
-
const val = params[field];
|
|
271
|
-
if (typeof val === 'string') {
|
|
272
|
-
const resolvedPath = path.isAbsolute(val)
|
|
273
|
-
? val
|
|
274
|
-
: path.resolve(rule.workspaceRoot, val);
|
|
275
|
-
if (scope === 'workspace') {
|
|
276
|
-
const normalizedRoot = path.resolve(rule.workspaceRoot);
|
|
277
|
-
const normalizedPath = path.resolve(resolvedPath);
|
|
278
|
-
if (!normalizedPath.startsWith(normalizedRoot + path.sep) && normalizedPath !== normalizedRoot) {
|
|
279
|
-
errors.push({
|
|
280
|
-
field,
|
|
281
|
-
actual: val,
|
|
282
|
-
expected: `within workspace (${normalizedRoot})`,
|
|
283
|
-
message: `"${field}" path is outside the workspace: "${val}"`,
|
|
284
|
-
});
|
|
285
|
-
}
|
|
286
|
-
}
|
|
287
|
-
}
|
|
288
|
-
}
|
|
289
|
-
}
|
|
290
|
-
// 7. Path allow/deny patterns (x-path-allow/x-path-deny)
|
|
291
|
-
if (rule.pathDeny) {
|
|
292
|
-
for (const [field, patterns] of Object.entries(rule.pathDeny)) {
|
|
293
|
-
const val = params[field];
|
|
294
|
-
if (typeof val === 'string') {
|
|
295
|
-
for (const pattern of patterns) {
|
|
296
|
-
if (this.matchGlob(val, pattern)) {
|
|
297
|
-
errors.push({
|
|
298
|
-
field,
|
|
299
|
-
actual: val,
|
|
300
|
-
expected: `not matching deny pattern "${pattern}"`,
|
|
301
|
-
message: `"${field}" path is denied by pattern "${pattern}": "${val}"`,
|
|
302
|
-
});
|
|
303
|
-
break;
|
|
304
|
-
}
|
|
305
|
-
}
|
|
306
|
-
}
|
|
307
|
-
}
|
|
308
|
-
}
|
|
309
|
-
if (rule.pathAllow) {
|
|
310
|
-
for (const [field, patterns] of Object.entries(rule.pathAllow)) {
|
|
311
|
-
const val = params[field];
|
|
312
|
-
if (typeof val === 'string') {
|
|
313
|
-
let allowed = false;
|
|
314
|
-
for (const pattern of patterns) {
|
|
315
|
-
if (this.matchGlob(val, pattern)) {
|
|
316
|
-
allowed = true;
|
|
317
|
-
break;
|
|
318
|
-
}
|
|
319
|
-
}
|
|
320
|
-
if (!allowed) {
|
|
321
|
-
errors.push({
|
|
322
|
-
field,
|
|
323
|
-
actual: val,
|
|
324
|
-
expected: `matching one of [${patterns.join(', ')}]`,
|
|
325
|
-
message: `"${field}" path not in allow list: "${val}"`,
|
|
326
|
-
});
|
|
327
|
-
}
|
|
328
|
-
}
|
|
329
|
-
}
|
|
330
|
-
}
|
|
331
|
-
// 8. Max parameter size (x-max-size)
|
|
332
|
-
if (rule.maxSize) {
|
|
333
|
-
for (const [field, maxBytes] of Object.entries(rule.maxSize)) {
|
|
334
|
-
const val = params[field];
|
|
335
|
-
if (typeof val === 'string') {
|
|
336
|
-
const sizeBytes = Buffer.byteLength(val, 'utf-8');
|
|
337
|
-
if (sizeBytes > maxBytes) {
|
|
338
|
-
errors.push({
|
|
339
|
-
field,
|
|
340
|
-
actual: `${sizeBytes} bytes`,
|
|
341
|
-
expected: `<= ${maxBytes} bytes`,
|
|
342
|
-
message: `"${field}" exceeds max size: ${sizeBytes} > ${maxBytes} bytes`,
|
|
343
|
-
});
|
|
344
|
-
}
|
|
345
|
-
}
|
|
346
|
-
}
|
|
347
|
-
}
|
|
348
|
-
// 9. Parameter dependencies (x-depends-on)
|
|
349
|
-
if (rule.dependsOn) {
|
|
350
|
-
for (const [field, dep] of Object.entries(rule.dependsOn)) {
|
|
351
|
-
if (params[field] !== undefined && params[field] !== null && params[field] !== false) {
|
|
352
|
-
for (const requiredField of dep.required) {
|
|
353
|
-
if (params[requiredField] === undefined || params[requiredField] === null) {
|
|
354
|
-
errors.push({
|
|
355
|
-
field: requiredField,
|
|
356
|
-
actual: undefined,
|
|
357
|
-
expected: `defined when "${field}" is set`,
|
|
358
|
-
message: `"${field}" is set, but dependent field "${requiredField}" is missing`,
|
|
359
|
-
});
|
|
360
|
-
}
|
|
361
|
-
}
|
|
362
|
-
}
|
|
363
|
-
}
|
|
364
|
-
}
|
|
365
|
-
// 10. Mutually exclusive params (x-mutually-exclusive)
|
|
366
|
-
if (rule.mutuallyExclusive) {
|
|
367
|
-
for (const group of rule.mutuallyExclusive) {
|
|
368
|
-
const present = [];
|
|
369
|
-
for (const field of group) {
|
|
370
|
-
if (params[field] !== undefined && params[field] !== null) {
|
|
371
|
-
present.push(field);
|
|
372
|
-
}
|
|
373
|
-
}
|
|
374
|
-
if (present.length > 1) {
|
|
375
|
-
for (const field of present) {
|
|
376
|
-
errors.push({
|
|
377
|
-
field,
|
|
378
|
-
actual: 'set',
|
|
379
|
-
expected: `only one of [${group.join(', ')}]`,
|
|
380
|
-
message: `Mutually exclusive parameters are both set: [${present.join(', ')}]`,
|
|
381
|
-
});
|
|
382
|
-
}
|
|
383
|
-
}
|
|
384
|
-
}
|
|
385
|
-
}
|
|
386
|
-
// 11. Custom validators
|
|
387
|
-
if (rule.custom) {
|
|
388
|
-
for (const [field, validator] of Object.entries(rule.custom)) {
|
|
389
|
-
const val = params[field];
|
|
390
|
-
if (val !== undefined) {
|
|
391
|
-
const customError = validator(val);
|
|
392
|
-
if (customError) {
|
|
393
|
-
errors.push({
|
|
394
|
-
field,
|
|
395
|
-
actual: val,
|
|
396
|
-
expected: 'custom validation pass',
|
|
397
|
-
message: customError,
|
|
398
|
-
});
|
|
399
|
-
}
|
|
400
|
-
}
|
|
401
|
-
}
|
|
402
|
-
}
|
|
403
|
-
return {
|
|
404
|
-
pass: errors.length === 0,
|
|
405
|
-
errors: errors.length > 0 ? errors : undefined,
|
|
406
|
-
};
|
|
407
|
-
}
|
|
408
|
-
/**
|
|
409
|
-
* Check if a parameter is marked as secret (x-secret).
|
|
410
|
-
*/
|
|
411
|
-
isSecret(toolName, field) {
|
|
412
|
-
const rule = this.rules.get(toolName);
|
|
413
|
-
return rule?.secrets?.includes(field) ?? false;
|
|
414
|
-
}
|
|
415
|
-
/**
|
|
416
|
-
* Get all secret field names for a tool.
|
|
417
|
-
*/
|
|
418
|
-
getSecrets(toolName) {
|
|
419
|
-
return this.rules.get(toolName)?.secrets ?? [];
|
|
420
|
-
}
|
|
421
|
-
/**
|
|
422
|
-
* Simple glob matching for path allow/deny patterns.
|
|
423
|
-
* Supports *, **, ? wildcards.
|
|
424
|
-
*/
|
|
425
|
-
matchGlob(filePath, pattern) {
|
|
426
|
-
// Handle ** patterns: "**/.env" → matches any path ending with /.env
|
|
427
|
-
if (pattern.startsWith('**/')) {
|
|
428
|
-
const suffix = pattern.slice(3);
|
|
429
|
-
return filePath.endsWith('/' + suffix) || filePath === suffix;
|
|
430
|
-
}
|
|
431
|
-
// Handle trailing **: "src/**" → matches anything under src/
|
|
432
|
-
if (pattern.endsWith('/**')) {
|
|
433
|
-
const prefix = pattern.slice(0, -3);
|
|
434
|
-
return filePath.startsWith(prefix + '/') || filePath === prefix;
|
|
435
|
-
}
|
|
436
|
-
// Handle full globs via regex conversion
|
|
437
|
-
const regexStr = pattern
|
|
438
|
-
.replace(/[.+^${}()|[\]\\]/g, '\\$&')
|
|
439
|
-
.replace(/\*\*/g, '___DOUBLESTAR___')
|
|
440
|
-
.replace(/\*/g, '[^/]*')
|
|
441
|
-
.replace(/___DOUBLESTAR___/g, '.*')
|
|
442
|
-
.replace(/\?/g, '[^/]');
|
|
443
|
-
try {
|
|
444
|
-
return new RegExp(`^${regexStr}$`).test(filePath);
|
|
445
|
-
}
|
|
446
|
-
catch {
|
|
447
|
-
return filePath === pattern; // Fallback to exact match
|
|
448
|
-
}
|
|
449
|
-
}
|
|
450
|
-
}
|
|
451
|
-
exports.SchemaGate = SchemaGate;
|
|
452
|
-
//# sourceMappingURL=schema-gate.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"schema-gate.js","sourceRoot":"","sources":["../../src/guard/schema-gate.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,2CAA6B;AAuC7B;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAa,UAAU;IACb,KAAK,GAA4B,IAAI,GAAG,EAAE,CAAC;IAEnD,YAAY,MAAoB;QAC9B,IAAI,MAAM,EAAE,MAAM,EAAE,CAAC;YACnB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBACvC,IAAI,CAAC,YAAY,CAAC;oBAChB,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,KAAK,EAAG,IAAY,CAAC,KAAK;oBAC1B,aAAa,EAAG,IAAY,CAAC,aAAa;oBAC1C,QAAQ,EAAG,IAAY,CAAC,QAAQ;oBAChC,SAAS,EAAG,IAAY,CAAC,SAAS;oBAClC,SAAS,EAAG,IAAY,CAAC,SAAS;oBAClC,QAAQ,EAAG,IAAY,CAAC,QAAQ;oBAChC,OAAO,EAAG,IAAY,CAAC,OAAO;oBAC9B,OAAO,EAAG,IAAY,CAAC,OAAO;oBAC9B,SAAS,EAAG,IAAY,CAAC,SAAS;oBAClC,iBAAiB,EAAG,IAAY,CAAC,iBAAiB;oBAClD,aAAa,EAAG,IAAY,CAAC,aAAa;iBAC3C,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,wCAAwC;IACxC,YAAY,CAAC,IAAgB;QAC3B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAClC,CAAC;IAED,sCAAsC;IACtC,aAAa,CAAC,KAAmB;QAC/B,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7C,CAAC;IAED,+BAA+B;IAC/B,QAAQ;QACN,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IACzC,CAAC;IAED,4CAA4C;IAC5C,OAAO,CAAC,IAAY;QAClB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC;IAED;;;OAGG;IACH,KAAK,CACH,QAAgB,EAChB,MAA+B;QAE/B,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAEtC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,2DAA2D;YAC3D,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;QACxB,CAAC;QAED,MAAM,MAAM,GAAkB,EAAE,CAAC;QAEjC,qBAAqB;QACrB,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAClC,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,SAAS,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,IAAI,EAAE,CAAC;oBAC1D,MAAM,CAAC,IAAI,CAAC;wBACV,KAAK;wBACL,MAAM,EAAE,SAAS;wBACjB,QAAQ,EAAE,oBAAoB;wBAC9B,OAAO,EAAE,gCAAgC,KAAK,GAAG;qBAClD,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,mBAAmB;QACnB,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,KAAK,MAAM,CAAC,KAAK,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC/D,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,SAAS,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,IAAI,EAAE,CAAC;oBAC1D,MAAM,UAAU,GAAG,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;oBACxC,IAAI,YAAY,KAAK,OAAO,EAAE,CAAC;wBAC7B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;4BAClC,MAAM,CAAC,IAAI,CAAC;gCACV,KAAK;gCACL,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC;gCACrB,QAAQ,EAAE,YAAY;gCACtB,OAAO,EAAE,YAAY,YAAY,SAAS,KAAK,UAAU,UAAU,EAAE;6BACtE,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;yBAAM,IAAI,YAAY,KAAK,QAAQ,EAAE,CAAC;wBACrC,IAAI,OAAO,MAAM,CAAC,KAAK,CAAC,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;4BACtE,MAAM,CAAC,IAAI,CAAC;gCACV,KAAK;gCACL,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC;gCACrB,QAAQ,EAAE,YAAY;gCACtB,OAAO,EAAE,YAAY,YAAY,SAAS,KAAK,UAAU,UAAU,EAAE;6BACtE,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;yBAAM,IAAI,UAAU,KAAK,YAAY,EAAE,CAAC;wBACvC,MAAM,CAAC,IAAI,CAAC;4BACV,KAAK;4BACL,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC;4BACrB,QAAQ,EAAE,YAAY;4BACtB,OAAO,EAAE,YAAY,YAAY,SAAS,KAAK,UAAU,UAAU,EAAE;yBACtE,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,oBAAoB;QACpB,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,KAAK,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC;gBACjE,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,SAAS,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;oBACnE,MAAM,CAAC,IAAI,CAAC;wBACV,KAAK;wBACL,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC;wBACrB,QAAQ,EAAE,WAAW,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;wBACzC,OAAO,EAAE,IAAI,MAAM,CAAC,KAAK,CAAC,kCAAkC,KAAK,eAAe,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;qBACpG,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,kDAAkD;QAClD,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;YACb,KAAK,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBACvD,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;gBAC1B,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;oBAC5B,IAAI,GAAG,GAAG,MAAM,EAAE,CAAC;wBACjB,MAAM,CAAC,IAAI,CAAC;4BACV,KAAK;4BACL,MAAM,EAAE,GAAG;4BACX,QAAQ,EAAE,MAAM,MAAM,EAAE;4BACxB,OAAO,EAAE,IAAI,KAAK,gBAAgB,MAAM,SAAS,GAAG,EAAE;yBACvD,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;qBAAM,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;oBACnC,IAAI,GAAG,CAAC,MAAM,GAAG,MAAM,EAAE,CAAC;wBACxB,MAAM,CAAC,IAAI,CAAC;4BACV,KAAK;4BACL,MAAM,EAAE,UAAU,GAAG,CAAC,MAAM,EAAE;4BAC9B,QAAQ,EAAE,aAAa,MAAM,EAAE;4BAC/B,OAAO,EAAE,IAAI,KAAK,uBAAuB,MAAM,SAAS,GAAG,CAAC,MAAM,EAAE;yBACrE,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;qBAAM,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC9B,IAAI,GAAG,CAAC,MAAM,GAAG,MAAM,EAAE,CAAC;wBACxB,MAAM,CAAC,IAAI,CAAC;4BACV,KAAK;4BACL,MAAM,EAAE,UAAU,GAAG,CAAC,MAAM,EAAE;4BAC9B,QAAQ,EAAE,aAAa,MAAM,EAAE;4BAC/B,OAAO,EAAE,IAAI,KAAK,6BAA6B,MAAM,SAAS,GAAG,CAAC,MAAM,EAAE;yBAC3E,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QACD,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;YACb,KAAK,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBACvD,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;gBAC1B,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;oBAC5B,IAAI,GAAG,GAAG,MAAM,EAAE,CAAC;wBACjB,MAAM,CAAC,IAAI,CAAC;4BACV,KAAK;4BACL,MAAM,EAAE,GAAG;4BACX,QAAQ,EAAE,MAAM,MAAM,EAAE;4BACxB,OAAO,EAAE,IAAI,KAAK,gBAAgB,MAAM,SAAS,GAAG,EAAE;yBACvD,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;qBAAM,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;oBACnC,IAAI,GAAG,CAAC,MAAM,GAAG,MAAM,EAAE,CAAC;wBACxB,MAAM,CAAC,IAAI,CAAC;4BACV,KAAK;4BACL,MAAM,EAAE,UAAU,GAAG,CAAC,MAAM,EAAE;4BAC9B,QAAQ,EAAE,aAAa,MAAM,EAAE;4BAC/B,OAAO,EAAE,IAAI,KAAK,uBAAuB,MAAM,SAAS,GAAG,CAAC,MAAM,EAAE;yBACrE,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;qBAAM,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC9B,IAAI,GAAG,CAAC,MAAM,GAAG,MAAM,EAAE,CAAC;wBACxB,MAAM,CAAC,IAAI,CAAC;4BACV,KAAK;4BACL,MAAM,EAAE,UAAU,GAAG,CAAC,MAAM,EAAE;4BAC9B,QAAQ,EAAE,aAAa,MAAM,EAAE;4BAC/B,OAAO,EAAE,IAAI,KAAK,6BAA6B,MAAM,SAAS,GAAG,CAAC,MAAM,EAAE;yBAC3E,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,oBAAoB;QACpB,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,KAAK,MAAM,CAAC,KAAK,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC7D,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;gBAC1B,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;oBAC5B,IAAI,CAAC;wBACH,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC;wBAClC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;4BACrB,MAAM,CAAC,IAAI,CAAC;gCACV,KAAK;gCACL,MAAM,EAAE,GAAG;gCACX,QAAQ,EAAE,UAAU,OAAO,GAAG;gCAC9B,OAAO,EAAE,IAAI,KAAK,6BAA6B,OAAO,OAAO,GAAG,GAAG;6BACpE,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;oBAAC,MAAM,CAAC;wBACP,MAAM,CAAC,IAAI,CAAC;4BACV,KAAK;4BACL,MAAM,EAAE,GAAG;4BACX,QAAQ,EAAE,aAAa;4BACvB,OAAO,EAAE,0BAA0B,OAAO,UAAU,KAAK,GAAG;yBAC7D,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,0CAA0C;QAC1C,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACzC,KAAK,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC5D,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;gBAC1B,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;oBAC5B,MAAM,YAAY,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;wBACvC,CAAC,CAAC,GAAG;wBACL,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC;oBAE1C,IAAI,KAAK,KAAK,WAAW,EAAE,CAAC;wBAC1B,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;wBACxD,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;wBAElD,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,cAAc,KAAK,cAAc,EAAE,CAAC;4BAC/F,MAAM,CAAC,IAAI,CAAC;gCACV,KAAK;gCACL,MAAM,EAAE,GAAG;gCACX,QAAQ,EAAE,qBAAqB,cAAc,GAAG;gCAChD,OAAO,EAAE,IAAI,KAAK,qCAAqC,GAAG,GAAG;6BAC9D,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,yDAAyD;QACzD,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,KAAK,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC9D,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;gBAC1B,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;oBAC5B,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;wBAC/B,IAAI,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,OAAO,CAAC,EAAE,CAAC;4BACjC,MAAM,CAAC,IAAI,CAAC;gCACV,KAAK;gCACL,MAAM,EAAE,GAAG;gCACX,QAAQ,EAAE,8BAA8B,OAAO,GAAG;gCAClD,OAAO,EAAE,IAAI,KAAK,gCAAgC,OAAO,OAAO,GAAG,GAAG;6BACvE,CAAC,CAAC;4BACH,MAAM;wBACR,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,KAAK,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC/D,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;gBAC1B,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;oBAC5B,IAAI,OAAO,GAAG,KAAK,CAAC;oBACpB,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;wBAC/B,IAAI,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,OAAO,CAAC,EAAE,CAAC;4BACjC,OAAO,GAAG,IAAI,CAAC;4BACf,MAAM;wBACR,CAAC;oBACH,CAAC;oBACD,IAAI,CAAC,OAAO,EAAE,CAAC;wBACb,MAAM,CAAC,IAAI,CAAC;4BACV,KAAK;4BACL,MAAM,EAAE,GAAG;4BACX,QAAQ,EAAE,oBAAoB,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;4BACpD,OAAO,EAAE,IAAI,KAAK,8BAA8B,GAAG,GAAG;yBACvD,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,qCAAqC;QACrC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,KAAK,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC7D,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;gBAC1B,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;oBAC5B,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;oBAClD,IAAI,SAAS,GAAG,QAAQ,EAAE,CAAC;wBACzB,MAAM,CAAC,IAAI,CAAC;4BACV,KAAK;4BACL,MAAM,EAAE,GAAG,SAAS,QAAQ;4BAC5B,QAAQ,EAAE,MAAM,QAAQ,QAAQ;4BAChC,OAAO,EAAE,IAAI,KAAK,uBAAuB,SAAS,MAAM,QAAQ,QAAQ;yBACzE,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,2CAA2C;QAC3C,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,KAAK,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC1D,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,SAAS,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,KAAK,EAAE,CAAC;oBACrF,KAAK,MAAM,aAAa,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;wBACzC,IAAI,MAAM,CAAC,aAAa,CAAC,KAAK,SAAS,IAAI,MAAM,CAAC,aAAa,CAAC,KAAK,IAAI,EAAE,CAAC;4BAC1E,MAAM,CAAC,IAAI,CAAC;gCACV,KAAK,EAAE,aAAa;gCACpB,MAAM,EAAE,SAAS;gCACjB,QAAQ,EAAE,iBAAiB,KAAK,UAAU;gCAC1C,OAAO,EAAE,IAAI,KAAK,kCAAkC,aAAa,cAAc;6BAChF,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,uDAAuD;QACvD,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC3B,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAC3C,MAAM,OAAO,GAAa,EAAE,CAAC;gBAC7B,KAAK,MAAM,KAAK,IAAI,KAAK,EAAE,CAAC;oBAC1B,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,SAAS,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,IAAI,EAAE,CAAC;wBAC1D,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;oBACtB,CAAC;gBACH,CAAC;gBACD,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACvB,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;wBAC5B,MAAM,CAAC,IAAI,CAAC;4BACV,KAAK;4BACL,MAAM,EAAE,KAAK;4BACb,QAAQ,EAAE,gBAAgB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;4BAC7C,OAAO,EAAE,gDAAgD,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;yBAC/E,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,wBAAwB;QACxB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,KAAK,MAAM,CAAC,KAAK,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC7D,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;gBAC1B,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;oBACtB,MAAM,WAAW,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;oBACnC,IAAI,WAAW,EAAE,CAAC;wBAChB,MAAM,CAAC,IAAI,CAAC;4BACV,KAAK;4BACL,MAAM,EAAE,GAAG;4BACX,QAAQ,EAAE,wBAAwB;4BAClC,OAAO,EAAE,WAAW;yBACrB,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO;YACL,IAAI,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;YACzB,MAAM,EAAE,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;SAC/C,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,QAAgB,EAAE,KAAa;QACtC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACtC,OAAO,IAAI,EAAE,OAAO,EAAE,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC;IACjD,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,QAAgB;QACzB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,OAAO,IAAI,EAAE,CAAC;IACjD,CAAC;IAED;;;OAGG;IACK,SAAS,CAAC,QAAgB,EAAE,OAAe;QACjD,qEAAqE;QACrE,IAAI,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;YAC9B,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAChC,OAAO,QAAQ,CAAC,QAAQ,CAAC,GAAG,GAAG,MAAM,CAAC,IAAI,QAAQ,KAAK,MAAM,CAAC;QAChE,CAAC;QAED,6DAA6D;QAC7D,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5B,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YACpC,OAAO,QAAQ,CAAC,UAAU,CAAC,MAAM,GAAG,GAAG,CAAC,IAAI,QAAQ,KAAK,MAAM,CAAC;QAClE,CAAC;QAED,yCAAyC;QACzC,MAAM,QAAQ,GAAG,OAAO;aACrB,OAAO,CAAC,mBAAmB,EAAE,MAAM,CAAC;aACpC,OAAO,CAAC,OAAO,EAAE,kBAAkB,CAAC;aACpC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC;aACvB,OAAO,CAAC,mBAAmB,EAAE,IAAI,CAAC;aAClC,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAE1B,IAAI,CAAC;YACH,OAAO,IAAI,MAAM,CAAC,IAAI,QAAQ,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACpD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,QAAQ,KAAK,OAAO,CAAC,CAAC,0BAA0B;QACzD,CAAC;IACH,CAAC;CACF;AAjaD,gCAiaC"}
|
|
@@ -1,111 +0,0 @@
|
|
|
1
|
-
import { Snapshot, DiffInfo, VerifyCheck } from '../types';
|
|
2
|
-
/**
|
|
3
|
-
* Snapshot scope determines how much state to capture.
|
|
4
|
-
*/
|
|
5
|
-
export type SnapshotScope = 'file' | 'workspace' | 'full';
|
|
6
|
-
/**
|
|
7
|
-
* Snapshot Gate �?captures pre-execution state for later diff/rollback.
|
|
8
|
-
*
|
|
9
|
-
* Takes a lightweight snapshot (file hashes, git status, env vars)
|
|
10
|
-
* before a tool call executes so that Verify Gate and Rollback
|
|
11
|
-
* can compare before/after state.
|
|
12
|
-
*/
|
|
13
|
-
export declare class SnapshotGate {
|
|
14
|
-
private workspaceRoot;
|
|
15
|
-
constructor(workspaceRoot: string);
|
|
16
|
-
/**
|
|
17
|
-
* Create a snapshot before a tool call.
|
|
18
|
-
*
|
|
19
|
-
* @param toolCallId - Unique ID for this tool call
|
|
20
|
-
* @param toolName - Name of the tool being called
|
|
21
|
-
* @param affectedFiles - Files expected to be affected (for scoped snapshots)
|
|
22
|
-
* @param scope - Snapshot scope (file/workspace/full)
|
|
23
|
-
*/
|
|
24
|
-
takeSnapshot(toolCallId: string, _toolName: string, affectedFiles?: string[], scope?: SnapshotScope): Snapshot;
|
|
25
|
-
/**
|
|
26
|
-
* Compute the diff between a snapshot and the current filesystem state.
|
|
27
|
-
*/
|
|
28
|
-
computeDiff(snapshot: Snapshot): DiffInfo | null;
|
|
29
|
-
/**
|
|
30
|
-
* Get current git HEAD and dirty status.
|
|
31
|
-
*/
|
|
32
|
-
private getGitStatus;
|
|
33
|
-
/**
|
|
34
|
-
* Roll back a file to the snapshot state using git.
|
|
35
|
-
*/
|
|
36
|
-
rollbackFile(snapshot: Snapshot, file: string): boolean;
|
|
37
|
-
/**
|
|
38
|
-
* Roll back all changed files to their snapshot state.
|
|
39
|
-
*/
|
|
40
|
-
rollback(snapshot: Snapshot): {
|
|
41
|
-
success: boolean;
|
|
42
|
-
filesRolledBack: string[];
|
|
43
|
-
errors: string[];
|
|
44
|
-
};
|
|
45
|
-
}
|
|
46
|
-
/**
|
|
47
|
-
* Verify Gate �?post-execution state verification.
|
|
48
|
-
*
|
|
49
|
-
* Checks that what the agent claimed actually happened.
|
|
50
|
-
* Zero LLM dependency: file existence, hash changes, lint, typecheck, etc.
|
|
51
|
-
*/
|
|
52
|
-
export declare class VerifyGate {
|
|
53
|
-
private workspaceRoot;
|
|
54
|
-
constructor(workspaceRoot: string);
|
|
55
|
-
/**
|
|
56
|
-
* Run verification checks after a tool call.
|
|
57
|
-
*
|
|
58
|
-
* @param toolName - The tool that was called
|
|
59
|
-
* @param snapshot - Pre-execution snapshot
|
|
60
|
-
* @param claimedResult - What the agent claims the result was
|
|
61
|
-
*/
|
|
62
|
-
verify(toolName: string, snapshot: Snapshot, claimedResult?: {
|
|
63
|
-
files?: string[];
|
|
64
|
-
published?: boolean;
|
|
65
|
-
pushed?: boolean;
|
|
66
|
-
}): {
|
|
67
|
-
status: 'PASS' | 'WARN' | 'FAIL';
|
|
68
|
-
checks: VerifyCheck[];
|
|
69
|
-
};
|
|
70
|
-
/**
|
|
71
|
-
* Verify that claimed files actually exist.
|
|
72
|
-
*/
|
|
73
|
-
private verifyFiles;
|
|
74
|
-
/**
|
|
75
|
-
* Verify that files actually changed compared to snapshot.
|
|
76
|
-
*/
|
|
77
|
-
private verifyFileChanges;
|
|
78
|
-
/**
|
|
79
|
-
* Verify npm publish actually happened.
|
|
80
|
-
*/
|
|
81
|
-
private verifyNpmPublish;
|
|
82
|
-
/**
|
|
83
|
-
* Verify git push actually happened.
|
|
84
|
-
*/
|
|
85
|
-
private verifyGitPush;
|
|
86
|
-
/**
|
|
87
|
-
* Verify that claimed result is valid JSON (if applicable).
|
|
88
|
-
*/
|
|
89
|
-
private verifyResultFormat;
|
|
90
|
-
/**
|
|
91
|
-
* Verify that the result is not empty when it shouldn't be.
|
|
92
|
-
*/
|
|
93
|
-
private verifyNonEmptyResult;
|
|
94
|
-
/**
|
|
95
|
-
* Run ESLint on src/ directory.
|
|
96
|
-
*/
|
|
97
|
-
private verifyLint;
|
|
98
|
-
/**
|
|
99
|
-
* Run TypeScript type checking.
|
|
100
|
-
*/
|
|
101
|
-
private verifyTypeCheck;
|
|
102
|
-
/**
|
|
103
|
-
* Check if tool name indicates a file-modifying tool.
|
|
104
|
-
*/
|
|
105
|
-
private isFileTool;
|
|
106
|
-
/**
|
|
107
|
-
* Evaluate all checks and determine overall status.
|
|
108
|
-
*/
|
|
109
|
-
private evaluateChecks;
|
|
110
|
-
}
|
|
111
|
-
//# sourceMappingURL=snapshot-verify.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"snapshot-verify.d.ts","sourceRoot":"","sources":["../../src/guard/snapshot-verify.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAyD3D;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,MAAM,GAAG,WAAW,GAAG,MAAM,CAAC;AAS1D;;;;;;GAMG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,aAAa,CAAS;gBAElB,aAAa,EAAE,MAAM;IAIjC;;;;;;;OAOG;IACH,YAAY,CACV,UAAU,EAAE,MAAM,EAClB,SAAS,EAAE,MAAM,EACjB,aAAa,GAAE,MAAM,EAAO,EAC5B,KAAK,GAAE,aAAsB,GAC5B,QAAQ;IA6BX;;OAEG;IACH,WAAW,CAAC,QAAQ,EAAE,QAAQ,GAAG,QAAQ,GAAG,IAAI;IAmEhD;;OAEG;IACH,OAAO,CAAC,YAAY;IAoBpB;;OAEG;IACH,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO;IAYvD;;OAEG;IACH,QAAQ,CAAC,QAAQ,EAAE,QAAQ,GAAG;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,eAAe,EAAE,MAAM,EAAE,CAAC;QAAC,MAAM,EAAE,MAAM,EAAE,CAAA;KAAE;CAmBhG;AAED;;;;;GAKG;AACH,qBAAa,UAAU;IACrB,OAAO,CAAC,aAAa,CAAS;gBAElB,aAAa,EAAE,MAAM;IAIjC;;;;;;OAMG;IACH,MAAM,CACJ,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,QAAQ,EAClB,aAAa,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;QAAC,SAAS,CAAC,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,OAAO,CAAA;KAAE,GAC1E;QAAE,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;QAAC,MAAM,EAAE,WAAW,EAAE,CAAA;KAAE;IAoC9D;;OAEG;IACH,OAAO,CAAC,WAAW;IAyBnB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAwCzB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAwCxB;;OAEG;IACH,OAAO,CAAC,aAAa;IAyCrB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA4B1B;;OAEG;IACH,OAAO,CAAC,oBAAoB;IA2B5B;;OAEG;IACH,OAAO,CAAC,UAAU;IAgBlB;;OAEG;IACH,OAAO,CAAC,eAAe;IAgBvB;;OAEG;IACH,OAAO,CAAC,UAAU;IAWlB;;OAEG;IACH,OAAO,CAAC,cAAc;CAUvB"}
|