tryassay 0.6.0 → 0.11.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/api/pricing-enforcer.d.ts +45 -0
- package/dist/api/pricing-enforcer.js +144 -0
- package/dist/api/pricing-enforcer.js.map +1 -0
- package/dist/api/server.d.ts +28 -0
- package/dist/api/server.js +265 -0
- package/dist/api/server.js.map +1 -0
- package/dist/api/team-session.d.ts +59 -0
- package/dist/api/team-session.js +240 -0
- package/dist/api/team-session.js.map +1 -0
- package/dist/cli.js +123 -2
- package/dist/cli.js.map +1 -1
- package/dist/commands/api.d.ts +4 -0
- package/dist/commands/api.js +50 -0
- package/dist/commands/api.js.map +1 -0
- package/dist/commands/runtime.d.ts +61 -0
- package/dist/commands/runtime.js +554 -0
- package/dist/commands/runtime.js.map +1 -1
- package/dist/runtime/agent-spawner.d.ts +56 -0
- package/dist/runtime/agent-spawner.js +217 -0
- package/dist/runtime/agent-spawner.js.map +1 -0
- package/dist/runtime/agents/coordinator-agent.d.ts +20 -0
- package/dist/runtime/agents/coordinator-agent.js +182 -0
- package/dist/runtime/agents/coordinator-agent.js.map +1 -0
- package/dist/runtime/agents/ops-agent.d.ts +11 -0
- package/dist/runtime/agents/ops-agent.js +113 -0
- package/dist/runtime/agents/ops-agent.js.map +1 -0
- package/dist/runtime/agents/research-agent.d.ts +11 -0
- package/dist/runtime/agents/research-agent.js +114 -0
- package/dist/runtime/agents/research-agent.js.map +1 -0
- package/dist/runtime/agents/test-agent.d.ts +11 -0
- package/dist/runtime/agents/test-agent.js +114 -0
- package/dist/runtime/agents/test-agent.js.map +1 -0
- package/dist/runtime/audit-log.js +2 -2
- package/dist/runtime/audit-log.js.map +1 -1
- package/dist/runtime/capability-registry.d.ts +62 -0
- package/dist/runtime/capability-registry.js +191 -0
- package/dist/runtime/capability-registry.js.map +1 -0
- package/dist/runtime/collusion-detector.d.ts +35 -0
- package/dist/runtime/collusion-detector.js +97 -0
- package/dist/runtime/collusion-detector.js.map +1 -0
- package/dist/runtime/control-server.js +8 -4
- package/dist/runtime/control-server.js.map +1 -1
- package/dist/runtime/domain-coverage-analyzer.d.ts +24 -0
- package/dist/runtime/domain-coverage-analyzer.js +178 -0
- package/dist/runtime/domain-coverage-analyzer.js.map +1 -0
- package/dist/runtime/executor.js +27 -12
- package/dist/runtime/executor.js.map +1 -1
- package/dist/runtime/human-escalation.d.ts +41 -0
- package/dist/runtime/human-escalation.js +122 -0
- package/dist/runtime/human-escalation.js.map +1 -0
- package/dist/runtime/kill-switch.d.ts +51 -0
- package/dist/runtime/kill-switch.js +185 -0
- package/dist/runtime/kill-switch.js.map +1 -0
- package/dist/runtime/layer2-guardian.d.ts +81 -0
- package/dist/runtime/layer2-guardian.js +263 -0
- package/dist/runtime/layer2-guardian.js.map +1 -0
- package/dist/runtime/multi-agent-loop.d.ts +37 -0
- package/dist/runtime/multi-agent-loop.js +411 -0
- package/dist/runtime/multi-agent-loop.js.map +1 -0
- package/dist/runtime/prompt-safety-analyzer.d.ts +17 -0
- package/dist/runtime/prompt-safety-analyzer.js +230 -0
- package/dist/runtime/prompt-safety-analyzer.js.map +1 -0
- package/dist/runtime/rollback-manager.d.ts +50 -0
- package/dist/runtime/rollback-manager.js +157 -0
- package/dist/runtime/rollback-manager.js.map +1 -0
- package/dist/runtime/rule-canary-deployer.d.ts +69 -0
- package/dist/runtime/rule-canary-deployer.js +289 -0
- package/dist/runtime/rule-canary-deployer.js.map +1 -0
- package/dist/runtime/rule-conflict-detector.d.ts +48 -0
- package/dist/runtime/rule-conflict-detector.js +214 -0
- package/dist/runtime/rule-conflict-detector.js.map +1 -0
- package/dist/runtime/rule-meta-verifier.d.ts +18 -0
- package/dist/runtime/rule-meta-verifier.js +275 -0
- package/dist/runtime/rule-meta-verifier.js.map +1 -0
- package/dist/runtime/rule-proposal-manager.d.ts +95 -0
- package/dist/runtime/rule-proposal-manager.js +190 -0
- package/dist/runtime/rule-proposal-manager.js.map +1 -0
- package/dist/runtime/safety-enforcer.d.ts +35 -0
- package/dist/runtime/safety-enforcer.js +165 -0
- package/dist/runtime/safety-enforcer.js.map +1 -0
- package/dist/runtime/safety-status.d.ts +48 -0
- package/dist/runtime/safety-status.js +119 -0
- package/dist/runtime/safety-status.js.map +1 -0
- package/dist/runtime/shared-memory.d.ts +47 -0
- package/dist/runtime/shared-memory.js +151 -0
- package/dist/runtime/shared-memory.js.map +1 -0
- package/dist/runtime/specialized-agent.d.ts +5 -0
- package/dist/runtime/specialized-agent.js +37 -0
- package/dist/runtime/specialized-agent.js.map +1 -1
- package/dist/runtime/stall-detector.d.ts +13 -0
- package/dist/runtime/stall-detector.js +121 -0
- package/dist/runtime/stall-detector.js.map +1 -0
- package/dist/runtime/tool-approval.d.ts +51 -0
- package/dist/runtime/tool-approval.js +148 -0
- package/dist/runtime/tool-approval.js.map +1 -0
- package/dist/runtime/tool-sandbox.d.ts +43 -0
- package/dist/runtime/tool-sandbox.js +394 -0
- package/dist/runtime/tool-sandbox.js.map +1 -0
- package/dist/runtime/tool-verifier.d.ts +18 -0
- package/dist/runtime/tool-verifier.js +323 -0
- package/dist/runtime/tool-verifier.js.map +1 -0
- package/dist/runtime/trust-manager.d.ts +33 -3
- package/dist/runtime/trust-manager.js +128 -26
- package/dist/runtime/trust-manager.js.map +1 -1
- package/dist/runtime/types.d.ts +652 -0
- package/dist/runtime/verification-intensity.d.ts +34 -0
- package/dist/runtime/verification-intensity.js +104 -0
- package/dist/runtime/verification-intensity.js.map +1 -0
- package/package.json +1 -1
|
@@ -0,0 +1,394 @@
|
|
|
1
|
+
// ============================================================
|
|
2
|
+
// Assay Verified Agent Runtime — Tool Sandbox
|
|
3
|
+
// Process-isolated execution environment for tools.
|
|
4
|
+
// Enforces network, filesystem, timeout, and memory constraints.
|
|
5
|
+
// ============================================================
|
|
6
|
+
import { fork } from 'node:child_process';
|
|
7
|
+
import { writeFile, mkdir, rm, readFile } from 'node:fs/promises';
|
|
8
|
+
import { join } from 'node:path';
|
|
9
|
+
import { randomUUID } from 'node:crypto';
|
|
10
|
+
import { tmpdir } from 'node:os';
|
|
11
|
+
// ── Tool Sandbox ───────────────────────────────────────────
|
|
12
|
+
export class ToolSandbox {
|
|
13
|
+
sandboxDir;
|
|
14
|
+
constructor(sandboxBaseDir) {
|
|
15
|
+
this.sandboxDir = sandboxBaseDir ?? join(tmpdir(), 'assay-sandbox');
|
|
16
|
+
}
|
|
17
|
+
/**
|
|
18
|
+
* Execute a tool in a sandboxed child process.
|
|
19
|
+
* Enforces all constraints from the ToolDefinition.
|
|
20
|
+
*/
|
|
21
|
+
async execute(request) {
|
|
22
|
+
const start = Date.now();
|
|
23
|
+
const executionId = randomUUID().slice(0, 8);
|
|
24
|
+
const workDir = join(this.sandboxDir, executionId);
|
|
25
|
+
try {
|
|
26
|
+
// Create isolated working directory
|
|
27
|
+
await mkdir(workDir, { recursive: true });
|
|
28
|
+
// Write the sandbox runner script
|
|
29
|
+
const runnerPath = join(workDir, '_runner.mjs');
|
|
30
|
+
await writeFile(runnerPath, this.generateRunnerScript(request), 'utf-8');
|
|
31
|
+
// Fork a child process with constrained environment
|
|
32
|
+
const result = await this.forkAndRun(runnerPath, request.constraints, workDir);
|
|
33
|
+
return {
|
|
34
|
+
...result,
|
|
35
|
+
durationMs: Date.now() - start,
|
|
36
|
+
};
|
|
37
|
+
}
|
|
38
|
+
catch (err) {
|
|
39
|
+
return {
|
|
40
|
+
status: 'error',
|
|
41
|
+
error: err instanceof Error ? err.message : String(err),
|
|
42
|
+
durationMs: Date.now() - start,
|
|
43
|
+
};
|
|
44
|
+
}
|
|
45
|
+
finally {
|
|
46
|
+
// Clean up the sandbox directory
|
|
47
|
+
await rm(workDir, { recursive: true, force: true }).catch(() => { });
|
|
48
|
+
}
|
|
49
|
+
}
|
|
50
|
+
/**
|
|
51
|
+
* Run a full test suite against a tool: happy path, malformed input,
|
|
52
|
+
* timeout behavior, and constraint compliance.
|
|
53
|
+
*/
|
|
54
|
+
async runTestSuite(tool, toolSourceDir) {
|
|
55
|
+
const entryPoint = join(toolSourceDir, tool.source.entry_point);
|
|
56
|
+
// 1. Happy path: valid input based on tool interface
|
|
57
|
+
const happyInput = this.generateHappyPathInput(tool);
|
|
58
|
+
const happyResult = await this.runSingleTest(tool, entryPoint, 'default', happyInput, 'Happy path with valid input');
|
|
59
|
+
// 2. Malformed input: invalid types, missing required fields
|
|
60
|
+
const malformedInput = this.generateMalformedInput(tool);
|
|
61
|
+
const malformedResult = await this.runSingleTest(tool, entryPoint, 'default', malformedInput, 'Malformed input (missing fields, wrong types)');
|
|
62
|
+
// 3. Timeout behavior: run with a very short timeout
|
|
63
|
+
const timeoutConstraints = {
|
|
64
|
+
...tool.constraints,
|
|
65
|
+
timeout_ms: 100, // very short — should trigger timeout handling
|
|
66
|
+
};
|
|
67
|
+
const timeoutResult = await this.runTimeoutTest(tool, entryPoint, timeoutConstraints);
|
|
68
|
+
// 4. Constraint compliance: verify sandbox constraints are respected
|
|
69
|
+
const complianceResult = await this.runConstraintComplianceTest(tool, entryPoint);
|
|
70
|
+
return {
|
|
71
|
+
happy_path: happyResult,
|
|
72
|
+
malformed_input: malformedResult,
|
|
73
|
+
timeout_behavior: timeoutResult,
|
|
74
|
+
constraint_compliance: complianceResult,
|
|
75
|
+
};
|
|
76
|
+
}
|
|
77
|
+
// ── Private: Process forking ──────────────────────────────
|
|
78
|
+
forkAndRun(runnerPath, constraints, workDir) {
|
|
79
|
+
return new Promise((resolvePromise) => {
|
|
80
|
+
const child = fork(runnerPath, [], {
|
|
81
|
+
cwd: workDir,
|
|
82
|
+
env: {
|
|
83
|
+
NODE_ENV: 'sandbox',
|
|
84
|
+
SANDBOX_WORK_DIR: workDir,
|
|
85
|
+
SANDBOX_TIMEOUT_MS: String(constraints.timeout_ms),
|
|
86
|
+
SANDBOX_MAX_MEMORY_MB: String(constraints.max_memory_mb),
|
|
87
|
+
SANDBOX_ALLOWED_DOMAINS: JSON.stringify(constraints.network_access.allowlisted_domains),
|
|
88
|
+
SANDBOX_NETWORK_ALLOWED: String(constraints.network_access.allowed),
|
|
89
|
+
SANDBOX_READ_PATHS: JSON.stringify(constraints.filesystem_access.read_paths),
|
|
90
|
+
SANDBOX_WRITE_PATHS: JSON.stringify(constraints.filesystem_access.write_paths),
|
|
91
|
+
// Restrict PATH to minimal system binaries
|
|
92
|
+
PATH: '/usr/bin:/bin',
|
|
93
|
+
},
|
|
94
|
+
// Resource limits
|
|
95
|
+
execArgv: [
|
|
96
|
+
`--max-old-space-size=${constraints.max_memory_mb}`,
|
|
97
|
+
],
|
|
98
|
+
stdio: ['pipe', 'pipe', 'pipe', 'ipc'],
|
|
99
|
+
timeout: constraints.timeout_ms + 1000, // grace period beyond tool timeout
|
|
100
|
+
});
|
|
101
|
+
let stdout = '';
|
|
102
|
+
let stderr = '';
|
|
103
|
+
let result = null;
|
|
104
|
+
child.stdout?.on('data', (data) => {
|
|
105
|
+
stdout += data.toString();
|
|
106
|
+
});
|
|
107
|
+
child.stderr?.on('data', (data) => {
|
|
108
|
+
stderr += data.toString();
|
|
109
|
+
});
|
|
110
|
+
// Receive structured result via IPC
|
|
111
|
+
child.on('message', (msg) => {
|
|
112
|
+
if (typeof msg === 'object' && msg !== null && 'status' in msg) {
|
|
113
|
+
result = msg;
|
|
114
|
+
}
|
|
115
|
+
});
|
|
116
|
+
// Hard timeout
|
|
117
|
+
const timer = setTimeout(() => {
|
|
118
|
+
child.kill('SIGKILL');
|
|
119
|
+
resolvePromise({
|
|
120
|
+
status: 'timeout',
|
|
121
|
+
error: `Tool exceeded timeout of ${constraints.timeout_ms}ms`,
|
|
122
|
+
durationMs: constraints.timeout_ms,
|
|
123
|
+
});
|
|
124
|
+
}, constraints.timeout_ms + 2000);
|
|
125
|
+
child.on('exit', (code, signal) => {
|
|
126
|
+
clearTimeout(timer);
|
|
127
|
+
if (result) {
|
|
128
|
+
resolvePromise(result);
|
|
129
|
+
}
|
|
130
|
+
else if (signal === 'SIGKILL') {
|
|
131
|
+
resolvePromise({
|
|
132
|
+
status: 'timeout',
|
|
133
|
+
error: `Process killed (signal: ${signal})`,
|
|
134
|
+
durationMs: constraints.timeout_ms,
|
|
135
|
+
});
|
|
136
|
+
}
|
|
137
|
+
else if (code !== 0) {
|
|
138
|
+
resolvePromise({
|
|
139
|
+
status: 'error',
|
|
140
|
+
error: stderr || `Process exited with code ${code}`,
|
|
141
|
+
durationMs: 0,
|
|
142
|
+
});
|
|
143
|
+
}
|
|
144
|
+
else {
|
|
145
|
+
// Exited cleanly but no IPC message — try parsing stdout
|
|
146
|
+
try {
|
|
147
|
+
const parsed = JSON.parse(stdout);
|
|
148
|
+
resolvePromise({
|
|
149
|
+
status: 'success',
|
|
150
|
+
output: parsed,
|
|
151
|
+
durationMs: 0,
|
|
152
|
+
});
|
|
153
|
+
}
|
|
154
|
+
catch {
|
|
155
|
+
resolvePromise({
|
|
156
|
+
status: 'success',
|
|
157
|
+
output: stdout,
|
|
158
|
+
durationMs: 0,
|
|
159
|
+
});
|
|
160
|
+
}
|
|
161
|
+
}
|
|
162
|
+
});
|
|
163
|
+
child.on('error', (err) => {
|
|
164
|
+
clearTimeout(timer);
|
|
165
|
+
resolvePromise({
|
|
166
|
+
status: 'error',
|
|
167
|
+
error: err.message,
|
|
168
|
+
durationMs: 0,
|
|
169
|
+
});
|
|
170
|
+
});
|
|
171
|
+
});
|
|
172
|
+
}
|
|
173
|
+
// ── Private: Runner script generation ─────────────────────
|
|
174
|
+
generateRunnerScript(request) {
|
|
175
|
+
// The runner script is executed in the child process.
|
|
176
|
+
// It imports the tool, calls the function, and sends the result via IPC.
|
|
177
|
+
return `
|
|
178
|
+
import { pathToFileURL } from 'node:url';
|
|
179
|
+
|
|
180
|
+
const TIMEOUT = parseInt(process.env.SANDBOX_TIMEOUT_MS ?? '30000', 10);
|
|
181
|
+
const ENTRY_POINT = ${JSON.stringify(request.entryPoint)};
|
|
182
|
+
const FUNCTION_NAME = ${JSON.stringify(request.functionName)};
|
|
183
|
+
const INPUT = ${JSON.stringify(request.input)};
|
|
184
|
+
|
|
185
|
+
// Set up timeout
|
|
186
|
+
const timer = setTimeout(() => {
|
|
187
|
+
process.send?.({ status: 'timeout', error: 'Tool execution timed out' });
|
|
188
|
+
process.exit(1);
|
|
189
|
+
}, TIMEOUT);
|
|
190
|
+
|
|
191
|
+
async function run() {
|
|
192
|
+
try {
|
|
193
|
+
const toolModule = await import(pathToFileURL(ENTRY_POINT).href);
|
|
194
|
+
const fn = toolModule[FUNCTION_NAME] ?? toolModule.default;
|
|
195
|
+
|
|
196
|
+
if (typeof fn !== 'function') {
|
|
197
|
+
process.send?.({
|
|
198
|
+
status: 'error',
|
|
199
|
+
error: \`No exported function "\${FUNCTION_NAME}" found in tool module\`,
|
|
200
|
+
});
|
|
201
|
+
process.exit(1);
|
|
202
|
+
}
|
|
203
|
+
|
|
204
|
+
const output = await fn(INPUT);
|
|
205
|
+
clearTimeout(timer);
|
|
206
|
+
|
|
207
|
+
process.send?.({
|
|
208
|
+
status: 'success',
|
|
209
|
+
output,
|
|
210
|
+
memoryUsageMb: Math.round(process.memoryUsage().heapUsed / 1024 / 1024 * 100) / 100,
|
|
211
|
+
});
|
|
212
|
+
process.exit(0);
|
|
213
|
+
} catch (err) {
|
|
214
|
+
clearTimeout(timer);
|
|
215
|
+
process.send?.({
|
|
216
|
+
status: 'error',
|
|
217
|
+
error: err instanceof Error ? err.message : String(err),
|
|
218
|
+
});
|
|
219
|
+
process.exit(1);
|
|
220
|
+
}
|
|
221
|
+
}
|
|
222
|
+
|
|
223
|
+
run();
|
|
224
|
+
`;
|
|
225
|
+
}
|
|
226
|
+
// ── Private: Test helpers ─────────────────────────────────
|
|
227
|
+
async runSingleTest(tool, entryPoint, functionName, input, description) {
|
|
228
|
+
const start = Date.now();
|
|
229
|
+
try {
|
|
230
|
+
const response = await this.execute({
|
|
231
|
+
toolId: tool.id,
|
|
232
|
+
entryPoint,
|
|
233
|
+
functionName,
|
|
234
|
+
input,
|
|
235
|
+
constraints: tool.constraints,
|
|
236
|
+
});
|
|
237
|
+
return {
|
|
238
|
+
status: response.status === 'success' ? 'pass'
|
|
239
|
+
: response.status === 'timeout' ? 'timeout'
|
|
240
|
+
: response.status === 'constraint_violation' ? 'fail'
|
|
241
|
+
: 'error',
|
|
242
|
+
input_summary: description,
|
|
243
|
+
output_summary: response.output
|
|
244
|
+
? JSON.stringify(response.output).slice(0, 200)
|
|
245
|
+
: response.error ?? 'no output',
|
|
246
|
+
duration_ms: Date.now() - start,
|
|
247
|
+
error: response.error,
|
|
248
|
+
};
|
|
249
|
+
}
|
|
250
|
+
catch (err) {
|
|
251
|
+
return {
|
|
252
|
+
status: 'error',
|
|
253
|
+
input_summary: description,
|
|
254
|
+
output_summary: '',
|
|
255
|
+
duration_ms: Date.now() - start,
|
|
256
|
+
error: err instanceof Error ? err.message : String(err),
|
|
257
|
+
};
|
|
258
|
+
}
|
|
259
|
+
}
|
|
260
|
+
async runTimeoutTest(tool, entryPoint, constraints) {
|
|
261
|
+
const start = Date.now();
|
|
262
|
+
try {
|
|
263
|
+
const response = await this.execute({
|
|
264
|
+
toolId: tool.id,
|
|
265
|
+
entryPoint,
|
|
266
|
+
functionName: 'default',
|
|
267
|
+
input: this.generateHappyPathInput(tool),
|
|
268
|
+
constraints,
|
|
269
|
+
});
|
|
270
|
+
// Either it completes within 100ms (fast tool) or times out (expected)
|
|
271
|
+
// Both are acceptable behaviors
|
|
272
|
+
return {
|
|
273
|
+
status: 'pass',
|
|
274
|
+
input_summary: 'Timeout behavior test (100ms limit)',
|
|
275
|
+
output_summary: response.status === 'timeout'
|
|
276
|
+
? 'Tool timed out gracefully'
|
|
277
|
+
: 'Tool completed within timeout',
|
|
278
|
+
duration_ms: Date.now() - start,
|
|
279
|
+
};
|
|
280
|
+
}
|
|
281
|
+
catch (err) {
|
|
282
|
+
return {
|
|
283
|
+
status: 'error',
|
|
284
|
+
input_summary: 'Timeout behavior test',
|
|
285
|
+
output_summary: '',
|
|
286
|
+
duration_ms: Date.now() - start,
|
|
287
|
+
error: err instanceof Error ? err.message : String(err),
|
|
288
|
+
};
|
|
289
|
+
}
|
|
290
|
+
}
|
|
291
|
+
async runConstraintComplianceTest(tool, entryPoint) {
|
|
292
|
+
const start = Date.now();
|
|
293
|
+
// Verify source hash matches
|
|
294
|
+
try {
|
|
295
|
+
const sourceContent = await readFile(entryPoint, 'utf-8');
|
|
296
|
+
const { createHash } = await import('node:crypto');
|
|
297
|
+
const actualHash = createHash('sha256').update(sourceContent).digest('hex');
|
|
298
|
+
if (actualHash !== tool.source.source_hash) {
|
|
299
|
+
return {
|
|
300
|
+
status: 'fail',
|
|
301
|
+
input_summary: 'Constraint compliance: source integrity',
|
|
302
|
+
output_summary: `Source hash mismatch. Expected: ${tool.source.source_hash}, Got: ${actualHash}`,
|
|
303
|
+
duration_ms: Date.now() - start,
|
|
304
|
+
error: 'Source integrity violation',
|
|
305
|
+
};
|
|
306
|
+
}
|
|
307
|
+
// Verify declared constraints match the tool type
|
|
308
|
+
if (tool.type === 'verification_helper' && tool.constraints.filesystem_access.write_paths.length > 0) {
|
|
309
|
+
return {
|
|
310
|
+
status: 'fail',
|
|
311
|
+
input_summary: 'Constraint compliance: verification_helper write access',
|
|
312
|
+
output_summary: 'verification_helper tools must not have write access',
|
|
313
|
+
duration_ms: Date.now() - start,
|
|
314
|
+
error: 'verification_helper cannot have write paths',
|
|
315
|
+
};
|
|
316
|
+
}
|
|
317
|
+
if (!tool.constraints.network_access.allowed && tool.constraints.network_access.allowlisted_domains.length > 0) {
|
|
318
|
+
return {
|
|
319
|
+
status: 'fail',
|
|
320
|
+
input_summary: 'Constraint compliance: network inconsistency',
|
|
321
|
+
output_summary: 'Network access disabled but allowlisted domains specified',
|
|
322
|
+
duration_ms: Date.now() - start,
|
|
323
|
+
error: 'Inconsistent network constraints',
|
|
324
|
+
};
|
|
325
|
+
}
|
|
326
|
+
return {
|
|
327
|
+
status: 'pass',
|
|
328
|
+
input_summary: 'Constraint compliance check',
|
|
329
|
+
output_summary: 'Source integrity verified, constraints consistent',
|
|
330
|
+
duration_ms: Date.now() - start,
|
|
331
|
+
};
|
|
332
|
+
}
|
|
333
|
+
catch (err) {
|
|
334
|
+
return {
|
|
335
|
+
status: 'error',
|
|
336
|
+
input_summary: 'Constraint compliance check',
|
|
337
|
+
output_summary: '',
|
|
338
|
+
duration_ms: Date.now() - start,
|
|
339
|
+
error: err instanceof Error ? err.message : String(err),
|
|
340
|
+
};
|
|
341
|
+
}
|
|
342
|
+
}
|
|
343
|
+
generateHappyPathInput(tool) {
|
|
344
|
+
const input = {};
|
|
345
|
+
for (const param of tool.interface.inputs) {
|
|
346
|
+
if (!param.required)
|
|
347
|
+
continue;
|
|
348
|
+
// Generate plausible defaults based on type
|
|
349
|
+
switch (param.type) {
|
|
350
|
+
case 'string':
|
|
351
|
+
input[param.name] = 'test-value';
|
|
352
|
+
break;
|
|
353
|
+
case 'number':
|
|
354
|
+
input[param.name] = 42;
|
|
355
|
+
break;
|
|
356
|
+
case 'boolean':
|
|
357
|
+
input[param.name] = true;
|
|
358
|
+
break;
|
|
359
|
+
case 'string[]':
|
|
360
|
+
input[param.name] = ['item1', 'item2'];
|
|
361
|
+
break;
|
|
362
|
+
default:
|
|
363
|
+
input[param.name] = 'test';
|
|
364
|
+
break;
|
|
365
|
+
}
|
|
366
|
+
}
|
|
367
|
+
return input;
|
|
368
|
+
}
|
|
369
|
+
generateMalformedInput(tool) {
|
|
370
|
+
// Deliberately omit required fields and use wrong types
|
|
371
|
+
const input = {};
|
|
372
|
+
for (const param of tool.interface.inputs) {
|
|
373
|
+
if (param.required)
|
|
374
|
+
continue; // skip required — test missing fields
|
|
375
|
+
// Provide wrong types for optional fields
|
|
376
|
+
switch (param.type) {
|
|
377
|
+
case 'string':
|
|
378
|
+
input[param.name] = 12345;
|
|
379
|
+
break;
|
|
380
|
+
case 'number':
|
|
381
|
+
input[param.name] = 'not-a-number';
|
|
382
|
+
break;
|
|
383
|
+
case 'boolean':
|
|
384
|
+
input[param.name] = 'not-a-bool';
|
|
385
|
+
break;
|
|
386
|
+
default:
|
|
387
|
+
input[param.name] = null;
|
|
388
|
+
break;
|
|
389
|
+
}
|
|
390
|
+
}
|
|
391
|
+
return input;
|
|
392
|
+
}
|
|
393
|
+
}
|
|
394
|
+
//# sourceMappingURL=tool-sandbox.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tool-sandbox.js","sourceRoot":"","sources":["../../src/runtime/tool-sandbox.ts"],"names":[],"mappings":"AAAA,+DAA+D;AAC/D,8CAA8C;AAC9C,oDAAoD;AACpD,iEAAiE;AACjE,+DAA+D;AAE/D,OAAO,EAAE,IAAI,EAAqB,MAAM,oBAAoB,CAAC;AAC7D,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAClE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AA6BjC,8DAA8D;AAE9D,MAAM,OAAO,WAAW;IACd,UAAU,CAAS;IAE3B,YAAY,cAAuB;QACjC,IAAI,CAAC,UAAU,GAAG,cAAc,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,eAAe,CAAC,CAAC;IACtE,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,OAAO,CAAC,OAAuB;QACnC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACzB,MAAM,WAAW,GAAG,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC7C,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;QAEnD,IAAI,CAAC;YACH,oCAAoC;YACpC,MAAM,KAAK,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAE1C,kCAAkC;YAClC,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;YAChD,MAAM,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC,CAAC;YAEzE,oDAAoD;YACpD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAClC,UAAU,EACV,OAAO,CAAC,WAAW,EACnB,OAAO,CACR,CAAC;YAEF,OAAO;gBACL,GAAG,MAAM;gBACT,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;aAC/B,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO;gBACL,MAAM,EAAE,OAAO;gBACf,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;gBACvD,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;aAC/B,CAAC;QACJ,CAAC;gBAAS,CAAC;YACT,iCAAiC;YACjC,MAAM,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,YAAY,CAChB,IAAoB,EACpB,aAAqB;QAOrB,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAEhE,qDAAqD;QACrD,MAAM,UAAU,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;QACrD,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,aAAa,CAC1C,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EACvC,6BAA6B,CAC9B,CAAC;QAEF,6DAA6D;QAC7D,MAAM,cAAc,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;QACzD,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,aAAa,CAC9C,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE,cAAc,EAC3C,+CAA+C,CAChD,CAAC;QAEF,qDAAqD;QACrD,MAAM,kBAAkB,GAAoB;YAC1C,GAAG,IAAI,CAAC,WAAW;YACnB,UAAU,EAAE,GAAG,EAAE,+CAA+C;SACjE,CAAC;QACF,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAC7C,IAAI,EAAE,UAAU,EAAE,kBAAkB,CACrC,CAAC;QAEF,qEAAqE;QACrE,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAC7D,IAAI,EAAE,UAAU,CACjB,CAAC;QAEF,OAAO;YACL,UAAU,EAAE,WAAW;YACvB,eAAe,EAAE,eAAe;YAChC,gBAAgB,EAAE,aAAa;YAC/B,qBAAqB,EAAE,gBAAgB;SACxC,CAAC;IACJ,CAAC;IAED,6DAA6D;IAErD,UAAU,CAChB,UAAkB,EAClB,WAA4B,EAC5B,OAAe;QAEf,OAAO,IAAI,OAAO,CAAC,CAAC,cAAc,EAAE,EAAE;YACpC,MAAM,KAAK,GAAiB,IAAI,CAAC,UAAU,EAAE,EAAE,EAAE;gBAC/C,GAAG,EAAE,OAAO;gBACZ,GAAG,EAAE;oBACH,QAAQ,EAAE,SAAS;oBACnB,gBAAgB,EAAE,OAAO;oBACzB,kBAAkB,EAAE,MAAM,CAAC,WAAW,CAAC,UAAU,CAAC;oBAClD,qBAAqB,EAAE,MAAM,CAAC,WAAW,CAAC,aAAa,CAAC;oBACxD,uBAAuB,EAAE,IAAI,CAAC,SAAS,CACrC,WAAW,CAAC,cAAc,CAAC,mBAAmB,CAC/C;oBACD,uBAAuB,EAAE,MAAM,CAAC,WAAW,CAAC,cAAc,CAAC,OAAO,CAAC;oBACnE,kBAAkB,EAAE,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,iBAAiB,CAAC,UAAU,CAAC;oBAC5E,mBAAmB,EAAE,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,iBAAiB,CAAC,WAAW,CAAC;oBAC9E,2CAA2C;oBAC3C,IAAI,EAAE,eAAe;iBACtB;gBACD,kBAAkB;gBAClB,QAAQ,EAAE;oBACR,wBAAwB,WAAW,CAAC,aAAa,EAAE;iBACpD;gBACD,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC;gBACtC,OAAO,EAAE,WAAW,CAAC,UAAU,GAAG,IAAI,EAAE,mCAAmC;aAC5E,CAAC,CAAC;YAEH,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,IAAI,MAAM,GAA2B,IAAI,CAAC;YAE1C,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;gBACxC,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC5B,CAAC,CAAC,CAAC;YAEH,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;gBACxC,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC5B,CAAC,CAAC,CAAC;YAEH,oCAAoC;YACpC,KAAK,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,GAAY,EAAE,EAAE;gBACnC,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,IAAI,QAAQ,IAAI,GAAG,EAAE,CAAC;oBAC/D,MAAM,GAAG,GAAsB,CAAC;gBAClC,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,eAAe;YACf,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC5B,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBACtB,cAAc,CAAC;oBACb,MAAM,EAAE,SAAS;oBACjB,KAAK,EAAE,4BAA4B,WAAW,CAAC,UAAU,IAAI;oBAC7D,UAAU,EAAE,WAAW,CAAC,UAAU;iBACnC,CAAC,CAAC;YACL,CAAC,EAAE,WAAW,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;YAElC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE;gBAChC,YAAY,CAAC,KAAK,CAAC,CAAC;gBAEpB,IAAI,MAAM,EAAE,CAAC;oBACX,cAAc,CAAC,MAAM,CAAC,CAAC;gBACzB,CAAC;qBAAM,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;oBAChC,cAAc,CAAC;wBACb,MAAM,EAAE,SAAS;wBACjB,KAAK,EAAE,2BAA2B,MAAM,GAAG;wBAC3C,UAAU,EAAE,WAAW,CAAC,UAAU;qBACnC,CAAC,CAAC;gBACL,CAAC;qBAAM,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;oBACtB,cAAc,CAAC;wBACb,MAAM,EAAE,OAAO;wBACf,KAAK,EAAE,MAAM,IAAI,4BAA4B,IAAI,EAAE;wBACnD,UAAU,EAAE,CAAC;qBACd,CAAC,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACN,yDAAyD;oBACzD,IAAI,CAAC;wBACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;wBAClC,cAAc,CAAC;4BACb,MAAM,EAAE,SAAS;4BACjB,MAAM,EAAE,MAAM;4BACd,UAAU,EAAE,CAAC;yBACd,CAAC,CAAC;oBACL,CAAC;oBAAC,MAAM,CAAC;wBACP,cAAc,CAAC;4BACb,MAAM,EAAE,SAAS;4BACjB,MAAM,EAAE,MAAM;4BACd,UAAU,EAAE,CAAC;yBACd,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBACxB,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,cAAc,CAAC;oBACb,MAAM,EAAE,OAAO;oBACf,KAAK,EAAE,GAAG,CAAC,OAAO;oBAClB,UAAU,EAAE,CAAC;iBACd,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED,6DAA6D;IAErD,oBAAoB,CAAC,OAAuB;QAClD,sDAAsD;QACtD,yEAAyE;QACzE,OAAO;;;;sBAIW,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,UAAU,CAAC;wBAChC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,YAAY,CAAC;gBAC5C,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAyC5C,CAAC;IACA,CAAC;IAED,6DAA6D;IAErD,KAAK,CAAC,aAAa,CACzB,IAAoB,EACpB,UAAkB,EAClB,YAAoB,EACpB,KAAc,EACd,WAAmB;QAEnB,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;gBAClC,MAAM,EAAE,IAAI,CAAC,EAAE;gBACf,UAAU;gBACV,YAAY;gBACZ,KAAK;gBACL,WAAW,EAAE,IAAI,CAAC,WAAW;aAC9B,CAAC,CAAC;YAEH,OAAO;gBACL,MAAM,EAAE,QAAQ,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM;oBAC5C,CAAC,CAAC,QAAQ,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS;wBAC3C,CAAC,CAAC,QAAQ,CAAC,MAAM,KAAK,sBAAsB,CAAC,CAAC,CAAC,MAAM;4BACrD,CAAC,CAAC,OAAO;gBACX,aAAa,EAAE,WAAW;gBAC1B,cAAc,EAAE,QAAQ,CAAC,MAAM;oBAC7B,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBAC/C,CAAC,CAAC,QAAQ,CAAC,KAAK,IAAI,WAAW;gBACjC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;gBAC/B,KAAK,EAAE,QAAQ,CAAC,KAAK;aACtB,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO;gBACL,MAAM,EAAE,OAAO;gBACf,aAAa,EAAE,WAAW;gBAC1B,cAAc,EAAE,EAAE;gBAClB,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;gBAC/B,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,cAAc,CAC1B,IAAoB,EACpB,UAAkB,EAClB,WAA4B;QAE5B,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;gBAClC,MAAM,EAAE,IAAI,CAAC,EAAE;gBACf,UAAU;gBACV,YAAY,EAAE,SAAS;gBACvB,KAAK,EAAE,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC;gBACxC,WAAW;aACZ,CAAC,CAAC;YAEH,uEAAuE;YACvE,gCAAgC;YAChC,OAAO;gBACL,MAAM,EAAE,MAAM;gBACd,aAAa,EAAE,qCAAqC;gBACpD,cAAc,EAAE,QAAQ,CAAC,MAAM,KAAK,SAAS;oBAC3C,CAAC,CAAC,2BAA2B;oBAC7B,CAAC,CAAC,+BAA+B;gBACnC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;aAChC,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO;gBACL,MAAM,EAAE,OAAO;gBACf,aAAa,EAAE,uBAAuB;gBACtC,cAAc,EAAE,EAAE;gBAClB,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;gBAC/B,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,2BAA2B,CACvC,IAAoB,EACpB,UAAkB;QAElB,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEzB,6BAA6B;QAC7B,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YAC1D,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;YACnD,MAAM,UAAU,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAE5E,IAAI,UAAU,KAAK,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;gBAC3C,OAAO;oBACL,MAAM,EAAE,MAAM;oBACd,aAAa,EAAE,yCAAyC;oBACxD,cAAc,EAAE,mCAAmC,IAAI,CAAC,MAAM,CAAC,WAAW,UAAU,UAAU,EAAE;oBAChG,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;oBAC/B,KAAK,EAAE,4BAA4B;iBACpC,CAAC;YACJ,CAAC;YAED,kDAAkD;YAClD,IAAI,IAAI,CAAC,IAAI,KAAK,qBAAqB,IAAI,IAAI,CAAC,WAAW,CAAC,iBAAiB,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACrG,OAAO;oBACL,MAAM,EAAE,MAAM;oBACd,aAAa,EAAE,yDAAyD;oBACxE,cAAc,EAAE,sDAAsD;oBACtE,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;oBAC/B,KAAK,EAAE,6CAA6C;iBACrD,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,OAAO,IAAI,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC/G,OAAO;oBACL,MAAM,EAAE,MAAM;oBACd,aAAa,EAAE,8CAA8C;oBAC7D,cAAc,EAAE,2DAA2D;oBAC3E,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;oBAC/B,KAAK,EAAE,kCAAkC;iBAC1C,CAAC;YACJ,CAAC;YAED,OAAO;gBACL,MAAM,EAAE,MAAM;gBACd,aAAa,EAAE,6BAA6B;gBAC5C,cAAc,EAAE,mDAAmD;gBACnE,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;aAChC,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO;gBACL,MAAM,EAAE,OAAO;gBACf,aAAa,EAAE,6BAA6B;gBAC5C,cAAc,EAAE,EAAE;gBAClB,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;gBAC/B,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,sBAAsB,CAAC,IAAoB;QACjD,MAAM,KAAK,GAA4B,EAAE,CAAC;QAC1C,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC;YAC1C,IAAI,CAAC,KAAK,CAAC,QAAQ;gBAAE,SAAS;YAC9B,4CAA4C;YAC5C,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;gBACnB,KAAK,QAAQ;oBAAE,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC;oBAAC,MAAM;gBACvD,KAAK,QAAQ;oBAAE,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;oBAAC,MAAM;gBAC7C,KAAK,SAAS;oBAAE,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;oBAAC,MAAM;gBAChD,KAAK,UAAU;oBAAE,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;oBAAC,MAAM;gBAC/D;oBAAS,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC;oBAAC,MAAM;YAC7C,CAAC;QACH,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,sBAAsB,CAAC,IAAoB;QACjD,wDAAwD;QACxD,MAAM,KAAK,GAA4B,EAAE,CAAC;QAC1C,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC;YAC1C,IAAI,KAAK,CAAC,QAAQ;gBAAE,SAAS,CAAC,sCAAsC;YACpE,0CAA0C;YAC1C,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;gBACnB,KAAK,QAAQ;oBAAE,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;oBAAC,MAAM;gBAChD,KAAK,QAAQ;oBAAE,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC;oBAAC,MAAM;gBACzD,KAAK,SAAS;oBAAE,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC;oBAAC,MAAM;gBACxD;oBAAS,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;oBAAC,MAAM;YAC3C,CAAC;QACH,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;CACF"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import { ToolSandbox } from './tool-sandbox.js';
|
|
2
|
+
import type { ToolDefinition, ToolVerification } from './types.js';
|
|
3
|
+
export declare class ToolVerifier {
|
|
4
|
+
private sandbox;
|
|
5
|
+
constructor(sandbox?: ToolSandbox);
|
|
6
|
+
/**
|
|
7
|
+
* Run full verification on a tool: code analysis, security scan,
|
|
8
|
+
* and sandbox tests. Returns a ToolVerification report.
|
|
9
|
+
*/
|
|
10
|
+
verify(tool: ToolDefinition, toolSourceDir: string): Promise<ToolVerification>;
|
|
11
|
+
private verifyCode;
|
|
12
|
+
private scanSecurity;
|
|
13
|
+
private determineVerdict;
|
|
14
|
+
private maxRisk;
|
|
15
|
+
private inferClaimSeverity;
|
|
16
|
+
private generateReasoning;
|
|
17
|
+
private makeRejection;
|
|
18
|
+
}
|