npm - sovr-mcp-proxy - Versions diffs - 7.0.0 → 7.2.0 - Mend

sovr-mcp-proxy 7.0.0 → 7.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/dist/auditDashboard.d.mts +208 -0
package/dist/auditDashboard.d.ts +208 -0
package/dist/auditDashboard.js +398 -0
package/dist/auditDashboard.mjs +370 -0
package/dist/mcpProxyInterceptor.d.mts +256 -0
package/dist/mcpProxyInterceptor.d.ts +256 -0
package/dist/mcpProxyInterceptor.js +579 -0
package/dist/mcpProxyInterceptor.mjs +552 -0
package/dist/semanticAnalyzer.d.mts +247 -0
package/dist/semanticAnalyzer.d.ts +247 -0
package/dist/semanticAnalyzer.js +911 -0
package/dist/semanticAnalyzer.mjs +874 -0
package/dist/teamPolicyManager.d.mts +202 -0
package/dist/teamPolicyManager.d.ts +202 -0
package/dist/teamPolicyManager.js +529 -0
package/dist/teamPolicyManager.mjs +502 -0
package/package.json +2 -2

package/dist/teamPolicyManager.d.mts ADDED Viewed

@@ -0,0 +1,202 @@
+/**
+ * SOVR Team Policy Manager — Multi-User Policy Distribution & Role Inheritance
+ *
+ * P2-2: Enterprise-grade policy management for teams.
+ *
+ * Features:
+ *   - Role-based policy inheritance (admin > lead > developer > viewer)
+ *   - YAML/JSON policy DSL with validation
+ *   - Policy versioning with rollback
+ *   - Per-user overrides with audit trail
+ *   - Policy distribution to team members
+ *   - Canary deployment (gradual policy rollout)
+ *   - Conflict resolution (most restrictive wins)
+ */
+type RoleLevel = 'admin' | 'lead' | 'developer' | 'viewer' | 'custom';
+interface TeamMember {
+    /** Unique member ID */
+    id: string;
+    /** Display name */
+    name: string;
+    /** Role level */
+    role: RoleLevel;
+    /** Custom policy overrides */
+    overrides?: PolicyOverride[];
+    /** Is member active */
+    active: boolean;
+    /** Canary group (for gradual rollout) */
+    canaryGroup?: string;
+    /** Custom tags for filtering */
+    tags?: string[];
+}
+interface PolicyRule {
+    /** Rule ID */
+    id: string;
+    /** Human-readable name */
+    name: string;
+    /** Action type */
+    action: 'allow' | 'block' | 'require-approval' | 'transform' | 'log-only';
+    /** Target tools (glob patterns) */
+    tools: string[];
+    /** Conditions (all must match) */
+    conditions?: PolicyCondition[];
+    /** Priority (higher = evaluated first) */
+    priority: number;
+    /** Is this rule enabled */
+    enabled: boolean;
+    /** Description */
+    description?: string;
+}
+interface PolicyCondition {
+    /** Field to check */
+    field: 'risk_score' | 'tool_name' | 'argument' | 'time_of_day' | 'day_of_week' | 'session_age';
+    /** Operator */
+    operator: 'eq' | 'neq' | 'gt' | 'lt' | 'gte' | 'lte' | 'contains' | 'matches' | 'in';
+    /** Value to compare */
+    value: string | number | string[];
+}
+interface PolicyOverride {
+    /** Rule ID to override */
+    ruleId: string;
+    /** New action */
+    action: PolicyRule['action'];
+    /** Reason for override */
+    reason: string;
+    /** Who approved this override */
+    approvedBy?: string;
+    /** Expiry (ISO timestamp) */
+    expiresAt?: string;
+}
+interface PolicyVersion {
+    /** Version number */
+    version: number;
+    /** ISO timestamp */
+    createdAt: string;
+    /** Who created this version */
+    createdBy: string;
+    /** Change description */
+    description: string;
+    /** The rules in this version */
+    rules: PolicyRule[];
+    /** Role-specific rule sets */
+    roleRules: Record<RoleLevel, string[]>;
+    /** Is this the active version */
+    active: boolean;
+    /** Hash for integrity */
+    hash: string;
+}
+interface PolicySet {
+    /** Policy set name */
+    name: string;
+    /** Current active version */
+    activeVersion: number;
+    /** All versions */
+    versions: PolicyVersion[];
+    /** Team members */
+    members: TeamMember[];
+    /** Global settings */
+    settings: PolicySettings;
+}
+interface PolicySettings {
+    /** Default action when no rule matches */
+    defaultAction: 'allow' | 'block' | 'require-approval';
+    /** Conflict resolution strategy */
+    conflictResolution: 'most-restrictive' | 'least-restrictive' | 'priority-based';
+    /** Enable canary deployment */
+    enableCanary: boolean;
+    /** Canary percentage (0-100) */
+    canaryPercentage: number;
+    /** Require approval for policy changes */
+    requireApprovalForChanges: boolean;
+    /** Notification webhook URL */
+    notificationWebhook?: string;
+}
+interface PolicyEvaluation {
+    /** Final decision */
+    decision: 'allow' | 'block' | 'require-approval' | 'transform' | 'log-only';
+    /** Matched rules */
+    matchedRules: Array<{
+        ruleId: string;
+        ruleName: string;
+        action: string;
+    }>;
+    /** Applied overrides */
+    appliedOverrides: PolicyOverride[];
+    /** Effective role */
+    effectiveRole: RoleLevel;
+    /** Policy version used */
+    policyVersion: number;
+    /** Evaluation duration (ms) */
+    durationMs: number;
+}
+declare class TeamPolicyManager {
+    private policySet;
+    constructor(name: string, settings?: Partial<PolicySettings>);
+    /** Add a team member */
+    addMember(member: Omit<TeamMember, 'active'>): void;
+    /** Update a team member */
+    updateMember(id: string, updates: Partial<TeamMember>): void;
+    /** Remove a team member (soft delete) */
+    deactivateMember(id: string): void;
+    /** Get all active members */
+    getMembers(): TeamMember[];
+    /** Get member by ID */
+    getMember(id: string): TeamMember | undefined;
+    /** Create a new policy version */
+    createVersion(createdBy: string, description: string, rules: PolicyRule[], roleRules?: Record<RoleLevel, string[]>): PolicyVersion;
+    /** Rollback to a previous version */
+    rollback(targetVersion: number): PolicyVersion;
+    /** Get all versions */
+    getVersions(): PolicyVersion[];
+    /** Get active version */
+    getActiveVersion(): PolicyVersion | undefined;
+    /** Compare two versions */
+    diffVersions(v1: number, v2: number): {
+        added: PolicyRule[];
+        removed: PolicyRule[];
+        modified: Array<{
+            ruleId: string;
+            changes: string[];
+        }>;
+    };
+    /** Evaluate a tool call against the policy for a specific member */
+    evaluate(memberId: string, toolName: string, context: {
+        riskScore: number;
+        arguments?: Record<string, unknown>;
+    }): PolicyEvaluation;
+    /** Check if a member should use the canary policy */
+    isInCanaryGroup(memberId: string): boolean;
+    /** Assign members to canary group */
+    assignCanaryGroup(memberIds: string[]): void;
+    /** Promote canary to stable (all members get the canary policy) */
+    promoteCanary(): void;
+    /** Export policy as YAML-compatible object */
+    exportPolicy(): object;
+    /** Import policy from object */
+    importPolicy(data: {
+        rules: PolicyRule[];
+        roles?: Record<RoleLevel, string[]>;
+        settings?: Partial<PolicySettings>;
+        members?: Array<Omit<TeamMember, 'active'>>;
+    }, importedBy: string): PolicyVersion;
+    /** Export as JSON string */
+    toJSON(): string;
+    get name(): string;
+    get settings(): PolicySettings;
+    get memberCount(): number;
+    get versionCount(): number;
+    private flattenDefaultRules;
+    private generateRoleRules;
+    private getInheritedRuleIds;
+    private matchesTool;
+    private matchesConditions;
+    private evaluateCondition;
+    private resolveConflict;
+    private computeHash;
+}
+/** Create a team policy manager with defaults */
+declare function createTeamPolicyManager(name: string, settings?: Partial<PolicySettings>): TeamPolicyManager;
+/** Create a strict enterprise policy manager */
+declare function createEnterprisePolicyManager(name: string): TeamPolicyManager;
+export { type PolicyCondition, type PolicyEvaluation, type PolicyOverride, type PolicyRule, type PolicySet, type PolicySettings, type PolicyVersion, type RoleLevel, type TeamMember, TeamPolicyManager, createEnterprisePolicyManager, createTeamPolicyManager };

package/dist/teamPolicyManager.d.ts ADDED Viewed

@@ -0,0 +1,202 @@
+/**
+ * SOVR Team Policy Manager — Multi-User Policy Distribution & Role Inheritance
+ *
+ * P2-2: Enterprise-grade policy management for teams.
+ *
+ * Features:
+ *   - Role-based policy inheritance (admin > lead > developer > viewer)
+ *   - YAML/JSON policy DSL with validation
+ *   - Policy versioning with rollback
+ *   - Per-user overrides with audit trail
+ *   - Policy distribution to team members
+ *   - Canary deployment (gradual policy rollout)
+ *   - Conflict resolution (most restrictive wins)
+ */
+type RoleLevel = 'admin' | 'lead' | 'developer' | 'viewer' | 'custom';
+interface TeamMember {
+    /** Unique member ID */
+    id: string;
+    /** Display name */
+    name: string;
+    /** Role level */
+    role: RoleLevel;
+    /** Custom policy overrides */
+    overrides?: PolicyOverride[];
+    /** Is member active */
+    active: boolean;
+    /** Canary group (for gradual rollout) */
+    canaryGroup?: string;
+    /** Custom tags for filtering */
+    tags?: string[];
+}
+interface PolicyRule {
+    /** Rule ID */
+    id: string;
+    /** Human-readable name */
+    name: string;
+    /** Action type */
+    action: 'allow' | 'block' | 'require-approval' | 'transform' | 'log-only';
+    /** Target tools (glob patterns) */
+    tools: string[];
+    /** Conditions (all must match) */
+    conditions?: PolicyCondition[];
+    /** Priority (higher = evaluated first) */
+    priority: number;
+    /** Is this rule enabled */
+    enabled: boolean;
+    /** Description */
+    description?: string;
+}
+interface PolicyCondition {
+    /** Field to check */
+    field: 'risk_score' | 'tool_name' | 'argument' | 'time_of_day' | 'day_of_week' | 'session_age';
+    /** Operator */
+    operator: 'eq' | 'neq' | 'gt' | 'lt' | 'gte' | 'lte' | 'contains' | 'matches' | 'in';
+    /** Value to compare */
+    value: string | number | string[];
+}
+interface PolicyOverride {
+    /** Rule ID to override */
+    ruleId: string;
+    /** New action */
+    action: PolicyRule['action'];
+    /** Reason for override */
+    reason: string;
+    /** Who approved this override */
+    approvedBy?: string;
+    /** Expiry (ISO timestamp) */
+    expiresAt?: string;
+}
+interface PolicyVersion {
+    /** Version number */
+    version: number;
+    /** ISO timestamp */
+    createdAt: string;
+    /** Who created this version */
+    createdBy: string;
+    /** Change description */
+    description: string;
+    /** The rules in this version */
+    rules: PolicyRule[];
+    /** Role-specific rule sets */
+    roleRules: Record<RoleLevel, string[]>;
+    /** Is this the active version */
+    active: boolean;
+    /** Hash for integrity */
+    hash: string;
+}
+interface PolicySet {
+    /** Policy set name */
+    name: string;
+    /** Current active version */
+    activeVersion: number;
+    /** All versions */
+    versions: PolicyVersion[];
+    /** Team members */
+    members: TeamMember[];
+    /** Global settings */
+    settings: PolicySettings;
+}
+interface PolicySettings {
+    /** Default action when no rule matches */
+    defaultAction: 'allow' | 'block' | 'require-approval';
+    /** Conflict resolution strategy */
+    conflictResolution: 'most-restrictive' | 'least-restrictive' | 'priority-based';
+    /** Enable canary deployment */
+    enableCanary: boolean;
+    /** Canary percentage (0-100) */
+    canaryPercentage: number;
+    /** Require approval for policy changes */
+    requireApprovalForChanges: boolean;
+    /** Notification webhook URL */
+    notificationWebhook?: string;
+}
+interface PolicyEvaluation {
+    /** Final decision */
+    decision: 'allow' | 'block' | 'require-approval' | 'transform' | 'log-only';
+    /** Matched rules */
+    matchedRules: Array<{
+        ruleId: string;
+        ruleName: string;
+        action: string;
+    }>;
+    /** Applied overrides */
+    appliedOverrides: PolicyOverride[];
+    /** Effective role */
+    effectiveRole: RoleLevel;
+    /** Policy version used */
+    policyVersion: number;
+    /** Evaluation duration (ms) */
+    durationMs: number;
+}
+declare class TeamPolicyManager {
+    private policySet;
+    constructor(name: string, settings?: Partial<PolicySettings>);
+    /** Add a team member */
+    addMember(member: Omit<TeamMember, 'active'>): void;
+    /** Update a team member */
+    updateMember(id: string, updates: Partial<TeamMember>): void;
+    /** Remove a team member (soft delete) */
+    deactivateMember(id: string): void;
+    /** Get all active members */
+    getMembers(): TeamMember[];
+    /** Get member by ID */
+    getMember(id: string): TeamMember | undefined;
+    /** Create a new policy version */
+    createVersion(createdBy: string, description: string, rules: PolicyRule[], roleRules?: Record<RoleLevel, string[]>): PolicyVersion;
+    /** Rollback to a previous version */
+    rollback(targetVersion: number): PolicyVersion;
+    /** Get all versions */
+    getVersions(): PolicyVersion[];
+    /** Get active version */
+    getActiveVersion(): PolicyVersion | undefined;
+    /** Compare two versions */
+    diffVersions(v1: number, v2: number): {
+        added: PolicyRule[];
+        removed: PolicyRule[];
+        modified: Array<{
+            ruleId: string;
+            changes: string[];
+        }>;
+    };
+    /** Evaluate a tool call against the policy for a specific member */
+    evaluate(memberId: string, toolName: string, context: {
+        riskScore: number;
+        arguments?: Record<string, unknown>;
+    }): PolicyEvaluation;
+    /** Check if a member should use the canary policy */
+    isInCanaryGroup(memberId: string): boolean;
+    /** Assign members to canary group */
+    assignCanaryGroup(memberIds: string[]): void;
+    /** Promote canary to stable (all members get the canary policy) */
+    promoteCanary(): void;
+    /** Export policy as YAML-compatible object */
+    exportPolicy(): object;
+    /** Import policy from object */
+    importPolicy(data: {
+        rules: PolicyRule[];
+        roles?: Record<RoleLevel, string[]>;
+        settings?: Partial<PolicySettings>;
+        members?: Array<Omit<TeamMember, 'active'>>;
+    }, importedBy: string): PolicyVersion;
+    /** Export as JSON string */
+    toJSON(): string;
+    get name(): string;
+    get settings(): PolicySettings;
+    get memberCount(): number;
+    get versionCount(): number;
+    private flattenDefaultRules;
+    private generateRoleRules;
+    private getInheritedRuleIds;
+    private matchesTool;
+    private matchesConditions;
+    private evaluateCondition;
+    private resolveConflict;
+    private computeHash;
+}
+/** Create a team policy manager with defaults */
+declare function createTeamPolicyManager(name: string, settings?: Partial<PolicySettings>): TeamPolicyManager;
+/** Create a strict enterprise policy manager */
+declare function createEnterprisePolicyManager(name: string): TeamPolicyManager;
+export { type PolicyCondition, type PolicyEvaluation, type PolicyOverride, type PolicyRule, type PolicySet, type PolicySettings, type PolicyVersion, type RoleLevel, type TeamMember, TeamPolicyManager, createEnterprisePolicyManager, createTeamPolicyManager };