veto-leash 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/IMPLEMENTATION_PLAN.md +2194 -0
- package/LICENSE +201 -0
- package/README.md +260 -0
- package/dist/audit/index.d.ts +38 -0
- package/dist/audit/index.d.ts.map +1 -0
- package/dist/audit/index.js +132 -0
- package/dist/audit/index.js.map +1 -0
- package/dist/cli.d.ts +3 -0
- package/dist/cli.d.ts.map +1 -0
- package/dist/cli.js +406 -0
- package/dist/cli.js.map +1 -0
- package/dist/cloud/index.d.ts +40 -0
- package/dist/cloud/index.d.ts.map +1 -0
- package/dist/cloud/index.js +115 -0
- package/dist/cloud/index.js.map +1 -0
- package/dist/compiler/builtins.d.ts +6 -0
- package/dist/compiler/builtins.d.ts.map +1 -0
- package/dist/compiler/builtins.js +129 -0
- package/dist/compiler/builtins.js.map +1 -0
- package/dist/compiler/cache.d.ts +6 -0
- package/dist/compiler/cache.d.ts.map +1 -0
- package/dist/compiler/cache.js +49 -0
- package/dist/compiler/cache.js.map +1 -0
- package/dist/compiler/index.d.ts +3 -0
- package/dist/compiler/index.d.ts.map +1 -0
- package/dist/compiler/index.js +48 -0
- package/dist/compiler/index.js.map +1 -0
- package/dist/compiler/llm.d.ts +3 -0
- package/dist/compiler/llm.d.ts.map +1 -0
- package/dist/compiler/llm.js +69 -0
- package/dist/compiler/llm.js.map +1 -0
- package/dist/compiler/prompt.d.ts +2 -0
- package/dist/compiler/prompt.d.ts.map +1 -0
- package/dist/compiler/prompt.js +37 -0
- package/dist/compiler/prompt.js.map +1 -0
- package/dist/config/loader.d.ts +22 -0
- package/dist/config/loader.d.ts.map +1 -0
- package/dist/config/loader.js +100 -0
- package/dist/config/loader.js.map +1 -0
- package/dist/config/schema.d.ts +42 -0
- package/dist/config/schema.d.ts.map +1 -0
- package/dist/config/schema.js +93 -0
- package/dist/config/schema.js.map +1 -0
- package/dist/matcher.d.ts +22 -0
- package/dist/matcher.d.ts.map +1 -0
- package/dist/matcher.js +69 -0
- package/dist/matcher.js.map +1 -0
- package/dist/native/aider.d.ts +10 -0
- package/dist/native/aider.d.ts.map +1 -0
- package/dist/native/aider.js +120 -0
- package/dist/native/aider.js.map +1 -0
- package/dist/native/claude-code.d.ts +14 -0
- package/dist/native/claude-code.d.ts.map +1 -0
- package/dist/native/claude-code.js +273 -0
- package/dist/native/claude-code.js.map +1 -0
- package/dist/native/cursor.d.ts +11 -0
- package/dist/native/cursor.d.ts.map +1 -0
- package/dist/native/cursor.js +105 -0
- package/dist/native/cursor.js.map +1 -0
- package/dist/native/index.d.ts +35 -0
- package/dist/native/index.d.ts.map +1 -0
- package/dist/native/index.js +171 -0
- package/dist/native/index.js.map +1 -0
- package/dist/native/opencode.d.ts +22 -0
- package/dist/native/opencode.d.ts.map +1 -0
- package/dist/native/opencode.js +225 -0
- package/dist/native/opencode.js.map +1 -0
- package/dist/native/windsurf.d.ts +14 -0
- package/dist/native/windsurf.d.ts.map +1 -0
- package/dist/native/windsurf.js +198 -0
- package/dist/native/windsurf.js.map +1 -0
- package/dist/types.d.ts +38 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/types.js +11 -0
- package/dist/types.js.map +1 -0
- package/dist/ui/colors.d.ts +21 -0
- package/dist/ui/colors.d.ts.map +1 -0
- package/dist/ui/colors.js +41 -0
- package/dist/ui/colors.js.map +1 -0
- package/dist/watchdog/index.d.ts +25 -0
- package/dist/watchdog/index.d.ts.map +1 -0
- package/dist/watchdog/index.js +57 -0
- package/dist/watchdog/index.js.map +1 -0
- package/dist/watchdog/restore.d.ts +16 -0
- package/dist/watchdog/restore.d.ts.map +1 -0
- package/dist/watchdog/restore.js +56 -0
- package/dist/watchdog/restore.js.map +1 -0
- package/dist/watchdog/snapshot.d.ts +38 -0
- package/dist/watchdog/snapshot.d.ts.map +1 -0
- package/dist/watchdog/snapshot.js +166 -0
- package/dist/watchdog/snapshot.js.map +1 -0
- package/dist/watchdog/watcher.d.ts +28 -0
- package/dist/watchdog/watcher.d.ts.map +1 -0
- package/dist/watchdog/watcher.js +117 -0
- package/dist/watchdog/watcher.js.map +1 -0
- package/dist/wrapper/daemon.d.ts +12 -0
- package/dist/wrapper/daemon.d.ts.map +1 -0
- package/dist/wrapper/daemon.js +103 -0
- package/dist/wrapper/daemon.js.map +1 -0
- package/dist/wrapper/shims.d.ts +4 -0
- package/dist/wrapper/shims.d.ts.map +1 -0
- package/dist/wrapper/shims.js +390 -0
- package/dist/wrapper/shims.js.map +1 -0
- package/dist/wrapper/spawn.d.ts +4 -0
- package/dist/wrapper/spawn.d.ts.map +1 -0
- package/dist/wrapper/spawn.js +35 -0
- package/dist/wrapper/spawn.js.map +1 -0
- package/package.json +46 -0
- package/src/audit/index.ts +172 -0
- package/src/cli.ts +503 -0
- package/src/cloud/index.ts +139 -0
- package/src/compiler/builtins.ts +137 -0
- package/src/compiler/cache.ts +51 -0
- package/src/compiler/index.ts +59 -0
- package/src/compiler/llm.ts +83 -0
- package/src/compiler/prompt.ts +37 -0
- package/src/config/loader.ts +126 -0
- package/src/config/schema.ts +136 -0
- package/src/matcher.ts +89 -0
- package/src/native/aider.ts +150 -0
- package/src/native/claude-code.ts +308 -0
- package/src/native/cursor.ts +131 -0
- package/src/native/index.ts +233 -0
- package/src/native/opencode.ts +310 -0
- package/src/native/windsurf.ts +231 -0
- package/src/types.ts +48 -0
- package/src/ui/colors.ts +50 -0
- package/src/watchdog/index.ts +82 -0
- package/src/watchdog/restore.ts +74 -0
- package/src/watchdog/snapshot.ts +209 -0
- package/src/watchdog/watcher.ts +150 -0
- package/src/wrapper/daemon.ts +133 -0
- package/src/wrapper/shims.ts +409 -0
- package/src/wrapper/spawn.ts +47 -0
- package/tsconfig.json +20 -0
|
@@ -0,0 +1,129 @@
|
|
|
1
|
+
// src/compiler/builtins.ts
|
|
2
|
+
export const BUILTINS = {
|
|
3
|
+
'test files': {
|
|
4
|
+
include: [
|
|
5
|
+
'*.test.*',
|
|
6
|
+
'*.spec.*',
|
|
7
|
+
'**/*.test.*',
|
|
8
|
+
'**/*.spec.*',
|
|
9
|
+
'__tests__/**',
|
|
10
|
+
'test/**/*.ts',
|
|
11
|
+
'test/**/*.js',
|
|
12
|
+
'test/**/*.tsx',
|
|
13
|
+
'test/**/*.jsx',
|
|
14
|
+
],
|
|
15
|
+
exclude: [
|
|
16
|
+
'test-results.*',
|
|
17
|
+
'test-output.*',
|
|
18
|
+
'**/coverage/**',
|
|
19
|
+
'*.log',
|
|
20
|
+
'*.xml',
|
|
21
|
+
],
|
|
22
|
+
description: 'Test source files (not artifacts)',
|
|
23
|
+
},
|
|
24
|
+
'test source files': {
|
|
25
|
+
include: [
|
|
26
|
+
'*.test.*',
|
|
27
|
+
'*.spec.*',
|
|
28
|
+
'**/*.test.*',
|
|
29
|
+
'**/*.spec.*',
|
|
30
|
+
'__tests__/**',
|
|
31
|
+
'test/**/*.ts',
|
|
32
|
+
'test/**/*.js',
|
|
33
|
+
],
|
|
34
|
+
exclude: ['test-results.*', 'test-output.*', '**/coverage/**', '*.log'],
|
|
35
|
+
description: 'Test source files (not artifacts)',
|
|
36
|
+
},
|
|
37
|
+
config: {
|
|
38
|
+
include: [
|
|
39
|
+
'*.config.*',
|
|
40
|
+
'**/*.config.*',
|
|
41
|
+
'tsconfig*',
|
|
42
|
+
'.eslintrc*',
|
|
43
|
+
'.prettierrc*',
|
|
44
|
+
'vite.config.*',
|
|
45
|
+
'webpack.config.*',
|
|
46
|
+
'jest.config.*',
|
|
47
|
+
'vitest.config.*',
|
|
48
|
+
'next.config.*',
|
|
49
|
+
],
|
|
50
|
+
exclude: [],
|
|
51
|
+
description: 'Configuration files',
|
|
52
|
+
},
|
|
53
|
+
env: {
|
|
54
|
+
include: ['.env', '.env.*', '**/.env', '**/.env.*'],
|
|
55
|
+
exclude: ['.env.example', '.env.template', '.env.sample'],
|
|
56
|
+
description: 'Environment files (secrets)',
|
|
57
|
+
},
|
|
58
|
+
'.env': {
|
|
59
|
+
include: ['.env', '.env.*', '**/.env', '**/.env.*'],
|
|
60
|
+
exclude: ['.env.example', '.env.template', '.env.sample'],
|
|
61
|
+
description: 'Environment files (secrets)',
|
|
62
|
+
},
|
|
63
|
+
migrations: {
|
|
64
|
+
include: [
|
|
65
|
+
'**/migrations/**',
|
|
66
|
+
'*migrate*',
|
|
67
|
+
'prisma/migrations/**',
|
|
68
|
+
'db/migrate/**',
|
|
69
|
+
'**/db/**/*.sql',
|
|
70
|
+
'drizzle/**',
|
|
71
|
+
],
|
|
72
|
+
exclude: [],
|
|
73
|
+
description: 'Database migrations',
|
|
74
|
+
},
|
|
75
|
+
'database migrations': {
|
|
76
|
+
include: [
|
|
77
|
+
'**/migrations/**',
|
|
78
|
+
'*migrate*',
|
|
79
|
+
'prisma/migrations/**',
|
|
80
|
+
'db/migrate/**',
|
|
81
|
+
'drizzle/**',
|
|
82
|
+
],
|
|
83
|
+
exclude: [],
|
|
84
|
+
description: 'Database migrations',
|
|
85
|
+
},
|
|
86
|
+
'lock files': {
|
|
87
|
+
include: [
|
|
88
|
+
'package-lock.json',
|
|
89
|
+
'yarn.lock',
|
|
90
|
+
'pnpm-lock.yaml',
|
|
91
|
+
'Gemfile.lock',
|
|
92
|
+
'Cargo.lock',
|
|
93
|
+
'poetry.lock',
|
|
94
|
+
'*.lock',
|
|
95
|
+
],
|
|
96
|
+
exclude: [],
|
|
97
|
+
description: 'Dependency lock files',
|
|
98
|
+
},
|
|
99
|
+
node_modules: {
|
|
100
|
+
include: ['node_modules/**', '**/node_modules/**'],
|
|
101
|
+
exclude: [],
|
|
102
|
+
description: 'Node modules directory',
|
|
103
|
+
},
|
|
104
|
+
'.md files': {
|
|
105
|
+
include: ['*.md', '**/*.md'],
|
|
106
|
+
exclude: [],
|
|
107
|
+
description: 'Markdown files',
|
|
108
|
+
},
|
|
109
|
+
'src/core': {
|
|
110
|
+
include: ['src/core/**'],
|
|
111
|
+
exclude: ['src/core/**/*.log', 'src/core/**/*.tmp'],
|
|
112
|
+
description: 'Core source directory',
|
|
113
|
+
},
|
|
114
|
+
};
|
|
115
|
+
export function findBuiltin(phrase) {
|
|
116
|
+
const normalized = phrase.toLowerCase().trim();
|
|
117
|
+
// Direct match
|
|
118
|
+
if (BUILTINS[normalized]) {
|
|
119
|
+
return BUILTINS[normalized];
|
|
120
|
+
}
|
|
121
|
+
// Partial match
|
|
122
|
+
for (const [key, value] of Object.entries(BUILTINS)) {
|
|
123
|
+
if (normalized.includes(key) || key.includes(normalized)) {
|
|
124
|
+
return value;
|
|
125
|
+
}
|
|
126
|
+
}
|
|
127
|
+
return null;
|
|
128
|
+
}
|
|
129
|
+
//# sourceMappingURL=builtins.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"builtins.js","sourceRoot":"","sources":["../../src/compiler/builtins.ts"],"names":[],"mappings":"AAAA,2BAA2B;AAM3B,MAAM,CAAC,MAAM,QAAQ,GAAkC;IACrD,YAAY,EAAE;QACZ,OAAO,EAAE;YACP,UAAU;YACV,UAAU;YACV,aAAa;YACb,aAAa;YACb,cAAc;YACd,cAAc;YACd,cAAc;YACd,eAAe;YACf,eAAe;SAChB;QACD,OAAO,EAAE;YACP,gBAAgB;YAChB,eAAe;YACf,gBAAgB;YAChB,OAAO;YACP,OAAO;SACR;QACD,WAAW,EAAE,mCAAmC;KACjD;IACD,mBAAmB,EAAE;QACnB,OAAO,EAAE;YACP,UAAU;YACV,UAAU;YACV,aAAa;YACb,aAAa;YACb,cAAc;YACd,cAAc;YACd,cAAc;SACf;QACD,OAAO,EAAE,CAAC,gBAAgB,EAAE,eAAe,EAAE,gBAAgB,EAAE,OAAO,CAAC;QACvE,WAAW,EAAE,mCAAmC;KACjD;IACD,MAAM,EAAE;QACN,OAAO,EAAE;YACP,YAAY;YACZ,eAAe;YACf,WAAW;YACX,YAAY;YACZ,cAAc;YACd,eAAe;YACf,kBAAkB;YAClB,eAAe;YACf,iBAAiB;YACjB,eAAe;SAChB;QACD,OAAO,EAAE,EAAE;QACX,WAAW,EAAE,qBAAqB;KACnC;IACD,GAAG,EAAE;QACH,OAAO,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,CAAC;QACnD,OAAO,EAAE,CAAC,cAAc,EAAE,eAAe,EAAE,aAAa,CAAC;QACzD,WAAW,EAAE,6BAA6B;KAC3C;IACD,MAAM,EAAE;QACN,OAAO,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,CAAC;QACnD,OAAO,EAAE,CAAC,cAAc,EAAE,eAAe,EAAE,aAAa,CAAC;QACzD,WAAW,EAAE,6BAA6B;KAC3C;IACD,UAAU,EAAE;QACV,OAAO,EAAE;YACP,kBAAkB;YAClB,WAAW;YACX,sBAAsB;YACtB,eAAe;YACf,gBAAgB;YAChB,YAAY;SACb;QACD,OAAO,EAAE,EAAE;QACX,WAAW,EAAE,qBAAqB;KACnC;IACD,qBAAqB,EAAE;QACrB,OAAO,EAAE;YACP,kBAAkB;YAClB,WAAW;YACX,sBAAsB;YACtB,eAAe;YACf,YAAY;SACb;QACD,OAAO,EAAE,EAAE;QACX,WAAW,EAAE,qBAAqB;KACnC;IACD,YAAY,EAAE;QACZ,OAAO,EAAE;YACP,mBAAmB;YACnB,WAAW;YACX,gBAAgB;YAChB,cAAc;YACd,YAAY;YACZ,aAAa;YACb,QAAQ;SACT;QACD,OAAO,EAAE,EAAE;QACX,WAAW,EAAE,uBAAuB;KACrC;IACD,YAAY,EAAE;QACZ,OAAO,EAAE,CAAC,iBAAiB,EAAE,oBAAoB,CAAC;QAClD,OAAO,EAAE,EAAE;QACX,WAAW,EAAE,wBAAwB;KACtC;IACD,WAAW,EAAE;QACX,OAAO,EAAE,CAAC,MAAM,EAAE,SAAS,CAAC;QAC5B,OAAO,EAAE,EAAE;QACX,WAAW,EAAE,gBAAgB;KAC9B;IACD,UAAU,EAAE;QACV,OAAO,EAAE,CAAC,aAAa,CAAC;QACxB,OAAO,EAAE,CAAC,mBAAmB,EAAE,mBAAmB,CAAC;QACnD,WAAW,EAAE,uBAAuB;KACrC;CACF,CAAC;AAEF,MAAM,UAAU,WAAW,CAAC,MAAc;IACxC,MAAM,UAAU,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;IAE/C,eAAe;IACf,IAAI,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QACzB,OAAO,QAAQ,CAAC,UAAU,CAAC,CAAC;IAC9B,CAAC;IAED,gBAAgB;IAChB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpD,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YACzD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
import type { Policy } from '../types.js';
|
|
2
|
+
export declare function hashInput(input: string): string;
|
|
3
|
+
export declare function getFromCache(input: string): Policy | null;
|
|
4
|
+
export declare function saveToCache(input: string, policy: Policy): void;
|
|
5
|
+
export declare function clearCache(): void;
|
|
6
|
+
//# sourceMappingURL=cache.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cache.d.ts","sourceRoot":"","sources":["../../src/compiler/cache.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAK1C,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAK/C;AAED,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CASzD;AAED,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI,CAW/D;AAED,wBAAgB,UAAU,IAAI,IAAI,CAQjC"}
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
// src/compiler/cache.ts
|
|
2
|
+
import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'fs';
|
|
3
|
+
import { join } from 'path';
|
|
4
|
+
import { homedir } from 'os';
|
|
5
|
+
import { createHash } from 'crypto';
|
|
6
|
+
const CACHE_DIR = join(homedir(), '.config', 'veto-leash');
|
|
7
|
+
const CACHE_FILE = join(CACHE_DIR, 'cache.json');
|
|
8
|
+
export function hashInput(input) {
|
|
9
|
+
return createHash('sha256')
|
|
10
|
+
.update(input.toLowerCase().trim())
|
|
11
|
+
.digest('hex')
|
|
12
|
+
.slice(0, 16);
|
|
13
|
+
}
|
|
14
|
+
export function getFromCache(input) {
|
|
15
|
+
try {
|
|
16
|
+
if (!existsSync(CACHE_FILE))
|
|
17
|
+
return null;
|
|
18
|
+
const cache = JSON.parse(readFileSync(CACHE_FILE, 'utf-8'));
|
|
19
|
+
const key = hashInput(input);
|
|
20
|
+
return cache[key] ?? null;
|
|
21
|
+
}
|
|
22
|
+
catch {
|
|
23
|
+
return null;
|
|
24
|
+
}
|
|
25
|
+
}
|
|
26
|
+
export function saveToCache(input, policy) {
|
|
27
|
+
try {
|
|
28
|
+
mkdirSync(CACHE_DIR, { recursive: true });
|
|
29
|
+
const cache = existsSync(CACHE_FILE)
|
|
30
|
+
? JSON.parse(readFileSync(CACHE_FILE, 'utf-8'))
|
|
31
|
+
: {};
|
|
32
|
+
cache[hashInput(input)] = policy;
|
|
33
|
+
writeFileSync(CACHE_FILE, JSON.stringify(cache, null, 2));
|
|
34
|
+
}
|
|
35
|
+
catch {
|
|
36
|
+
// Ignore cache write failures
|
|
37
|
+
}
|
|
38
|
+
}
|
|
39
|
+
export function clearCache() {
|
|
40
|
+
try {
|
|
41
|
+
if (existsSync(CACHE_FILE)) {
|
|
42
|
+
writeFileSync(CACHE_FILE, '{}');
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
catch {
|
|
46
|
+
// Ignore
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
//# sourceMappingURL=cache.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cache.js","sourceRoot":"","sources":["../../src/compiler/cache.ts"],"names":[],"mappings":"AAAA,wBAAwB;AAExB,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AACxE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAC7B,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAGpC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,YAAY,CAAC,CAAC;AAC3D,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;AAEjD,MAAM,UAAU,SAAS,CAAC,KAAa;IACrC,OAAO,UAAU,CAAC,QAAQ,CAAC;SACxB,MAAM,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;SAClC,MAAM,CAAC,KAAK,CAAC;SACb,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,KAAa;IACxC,IAAI,CAAC;QACH,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;YAAE,OAAO,IAAI,CAAC;QACzC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;QAC5D,MAAM,GAAG,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;QAC7B,OAAO,KAAK,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,KAAa,EAAE,MAAc;IACvD,IAAI,CAAC;QACH,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1C,MAAM,KAAK,GAAG,UAAU,CAAC,UAAU,CAAC;YAClC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YAC/C,CAAC,CAAC,EAAE,CAAC;QACP,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,GAAG,MAAM,CAAC;QACjC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC5D,CAAC;IAAC,MAAM,CAAC;QACP,8BAA8B;IAChC,CAAC;AACH,CAAC;AAED,MAAM,UAAU,UAAU;IACxB,IAAI,CAAC;QACH,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3B,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,SAAS;IACX,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/compiler/index.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAK1C,wBAAsB,OAAO,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAmDlE"}
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
// src/compiler/index.ts
|
|
2
|
+
import { findBuiltin } from './builtins.js';
|
|
3
|
+
import { getFromCache, saveToCache } from './cache.js';
|
|
4
|
+
import { compileWithLLM } from './llm.js';
|
|
5
|
+
export async function compile(restriction) {
|
|
6
|
+
const normalized = restriction.toLowerCase().trim();
|
|
7
|
+
// Extract action from input
|
|
8
|
+
let action = 'modify';
|
|
9
|
+
let targetPhrase = normalized;
|
|
10
|
+
const actionPatterns = [
|
|
11
|
+
[/^(don'?t\s+)?(delete|remove|rm)\s+/, 'delete'],
|
|
12
|
+
[/^(don'?t\s+)?(modify|edit|change|update|write|touch)\s+/, 'modify'],
|
|
13
|
+
[/^(don'?t\s+)?(run|execute|running|executing)\s+/, 'execute'],
|
|
14
|
+
[/^(don'?t\s+)?(read|view|access)\s+/, 'read'],
|
|
15
|
+
[/^(protect|preserve|keep|save)\s+/, 'modify'],
|
|
16
|
+
// "no running X" → execute, "no X" (files) → modify
|
|
17
|
+
[/^no\s+(running|executing)\s+/, 'execute'],
|
|
18
|
+
[/^no\s+/, 'modify'], // Default "no X" to modify (protects files)
|
|
19
|
+
];
|
|
20
|
+
for (const [pattern, act] of actionPatterns) {
|
|
21
|
+
if (pattern.test(normalized)) {
|
|
22
|
+
action = act;
|
|
23
|
+
targetPhrase = normalized.replace(pattern, '').trim();
|
|
24
|
+
break;
|
|
25
|
+
}
|
|
26
|
+
}
|
|
27
|
+
// Strip filler words
|
|
28
|
+
targetPhrase = targetPhrase
|
|
29
|
+
.replace(/^(any|all|the)\s+/g, '')
|
|
30
|
+
.replace(/\s+(files?|directories?|folders?)$/g, '')
|
|
31
|
+
.trim();
|
|
32
|
+
// Layer 1: Builtins (instant)
|
|
33
|
+
const builtin = findBuiltin(targetPhrase);
|
|
34
|
+
if (builtin) {
|
|
35
|
+
return { action, ...builtin };
|
|
36
|
+
}
|
|
37
|
+
// Layer 2: Cache (instant)
|
|
38
|
+
const cached = getFromCache(normalized);
|
|
39
|
+
if (cached) {
|
|
40
|
+
return cached;
|
|
41
|
+
}
|
|
42
|
+
// Layer 3: LLM compilation (~100ms)
|
|
43
|
+
const policy = await compileWithLLM(restriction, action);
|
|
44
|
+
// Save to cache for next time
|
|
45
|
+
saveToCache(normalized, policy);
|
|
46
|
+
return policy;
|
|
47
|
+
}
|
|
48
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/compiler/index.ts"],"names":[],"mappings":"AAAA,wBAAwB;AAGxB,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACvD,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAE1C,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,WAAmB;IAC/C,MAAM,UAAU,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;IAEpD,4BAA4B;IAC5B,IAAI,MAAM,GAAqB,QAAQ,CAAC;IACxC,IAAI,YAAY,GAAG,UAAU,CAAC;IAE9B,MAAM,cAAc,GAAsC;QACxD,CAAC,oCAAoC,EAAE,QAAQ,CAAC;QAChD,CAAC,yDAAyD,EAAE,QAAQ,CAAC;QACrE,CAAC,iDAAiD,EAAE,SAAS,CAAC;QAC9D,CAAC,oCAAoC,EAAE,MAAM,CAAC;QAC9C,CAAC,kCAAkC,EAAE,QAAQ,CAAC;QAC9C,oDAAoD;QACpD,CAAC,8BAA8B,EAAE,SAAS,CAAC;QAC3C,CAAC,QAAQ,EAAE,QAAQ,CAAC,EAAE,4CAA4C;KACnE,CAAC;IAEF,KAAK,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,IAAI,cAAc,EAAE,CAAC;QAC5C,IAAI,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YAC7B,MAAM,GAAG,GAAG,CAAC;YACb,YAAY,GAAG,UAAU,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;YACtD,MAAM;QACR,CAAC;IACH,CAAC;IAED,qBAAqB;IACrB,YAAY,GAAG,YAAY;SACxB,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC;SACjC,OAAO,CAAC,qCAAqC,EAAE,EAAE,CAAC;SAClD,IAAI,EAAE,CAAC;IAEV,8BAA8B;IAC9B,MAAM,OAAO,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC;IAC1C,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,EAAE,CAAC;IAChC,CAAC;IAED,2BAA2B;IAC3B,MAAM,MAAM,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC;IACxC,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,oCAAoC;IACpC,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IAEzD,8BAA8B;IAC9B,WAAW,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IAEhC,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"llm.d.ts","sourceRoot":"","sources":["../../src/compiler/llm.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AA0C1C,wBAAsB,cAAc,CAClC,WAAW,EAAE,MAAM,EACnB,eAAe,EAAE,MAAM,CAAC,QAAQ,CAAC,GAChC,OAAO,CAAC,MAAM,CAAC,CAkCjB"}
|
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
// src/compiler/llm.ts
|
|
2
|
+
import { GoogleGenAI } from '@google/genai';
|
|
3
|
+
import { SYSTEM_PROMPT } from './prompt.js';
|
|
4
|
+
// Native JSON schema - GUARANTEES valid output from Gemini
|
|
5
|
+
const POLICY_SCHEMA = {
|
|
6
|
+
type: 'object',
|
|
7
|
+
properties: {
|
|
8
|
+
action: {
|
|
9
|
+
type: 'string',
|
|
10
|
+
enum: ['delete', 'modify', 'execute', 'read'],
|
|
11
|
+
},
|
|
12
|
+
include: {
|
|
13
|
+
type: 'array',
|
|
14
|
+
items: { type: 'string' },
|
|
15
|
+
description: 'Glob patterns for protected files',
|
|
16
|
+
},
|
|
17
|
+
exclude: {
|
|
18
|
+
type: 'array',
|
|
19
|
+
items: { type: 'string' },
|
|
20
|
+
description: 'Glob patterns for safe exceptions',
|
|
21
|
+
},
|
|
22
|
+
description: {
|
|
23
|
+
type: 'string',
|
|
24
|
+
description: 'Human-readable description of what is protected',
|
|
25
|
+
},
|
|
26
|
+
},
|
|
27
|
+
required: ['action', 'include', 'exclude', 'description'],
|
|
28
|
+
};
|
|
29
|
+
let ai = null;
|
|
30
|
+
function getAI() {
|
|
31
|
+
if (!ai) {
|
|
32
|
+
const apiKey = process.env.GEMINI_API_KEY;
|
|
33
|
+
if (!apiKey) {
|
|
34
|
+
throw new Error('GEMINI_API_KEY not set');
|
|
35
|
+
}
|
|
36
|
+
ai = new GoogleGenAI({ apiKey });
|
|
37
|
+
}
|
|
38
|
+
return ai;
|
|
39
|
+
}
|
|
40
|
+
export async function compileWithLLM(restriction, suggestedAction) {
|
|
41
|
+
const client = getAI();
|
|
42
|
+
const prompt = `${SYSTEM_PROMPT}
|
|
43
|
+
|
|
44
|
+
The user has indicated the action should be: "${suggestedAction}"
|
|
45
|
+
|
|
46
|
+
Restriction: "${restriction}"`;
|
|
47
|
+
const response = await client.models.generateContent({
|
|
48
|
+
model: 'gemini-2.0-flash',
|
|
49
|
+
contents: prompt,
|
|
50
|
+
config: {
|
|
51
|
+
temperature: 0,
|
|
52
|
+
maxOutputTokens: 512,
|
|
53
|
+
responseMimeType: 'application/json',
|
|
54
|
+
responseSchema: POLICY_SCHEMA,
|
|
55
|
+
},
|
|
56
|
+
});
|
|
57
|
+
// response.text is GUARANTEED valid JSON matching schema
|
|
58
|
+
const text = response.text;
|
|
59
|
+
if (!text) {
|
|
60
|
+
throw new Error('Empty response from Gemini');
|
|
61
|
+
}
|
|
62
|
+
const parsed = JSON.parse(text);
|
|
63
|
+
// Override action with suggested action if not present
|
|
64
|
+
if (!parsed.action) {
|
|
65
|
+
parsed.action = suggestedAction;
|
|
66
|
+
}
|
|
67
|
+
return parsed;
|
|
68
|
+
}
|
|
69
|
+
//# sourceMappingURL=llm.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"llm.js","sourceRoot":"","sources":["../../src/compiler/llm.ts"],"names":[],"mappings":"AAAA,sBAAsB;AAEtB,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAE5C,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE5C,2DAA2D;AAC3D,MAAM,aAAa,GAAG;IACpB,IAAI,EAAE,QAAQ;IACd,UAAU,EAAE;QACV,MAAM,EAAE;YACN,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC;SAC9C;QACD,OAAO,EAAE;YACP,IAAI,EAAE,OAAO;YACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;YACzB,WAAW,EAAE,mCAAmC;SACjD;QACD,OAAO,EAAE;YACP,IAAI,EAAE,OAAO;YACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;YACzB,WAAW,EAAE,mCAAmC;SACjD;QACD,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,iDAAiD;SAC/D;KACF;IACD,QAAQ,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,aAAa,CAAC;CACjD,CAAC;AAEX,IAAI,EAAE,GAAuB,IAAI,CAAC;AAElC,SAAS,KAAK;IACZ,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;QACD,EAAE,GAAG,IAAI,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;IACnC,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,WAAmB,EACnB,eAAiC;IAEjC,MAAM,MAAM,GAAG,KAAK,EAAE,CAAC;IAEvB,MAAM,MAAM,GAAG,GAAG,aAAa;;gDAEe,eAAe;;gBAE/C,WAAW,GAAG,CAAC;IAE7B,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC;QACnD,KAAK,EAAE,kBAAkB;QACzB,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE;YACN,WAAW,EAAE,CAAC;YACd,eAAe,EAAE,GAAG;YACpB,gBAAgB,EAAE,kBAAkB;YACpC,cAAc,EAAE,aAAa;SAC9B;KACF,CAAC,CAAC;IAEH,yDAAyD;IACzD,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;IAC3B,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAChD,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAW,CAAC;IAE1C,uDAAuD;IACvD,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QACnB,MAAM,CAAC,MAAM,GAAG,eAAe,CAAC;IAClC,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -0,0 +1,2 @@
|
|
|
1
|
+
export declare const SYSTEM_PROMPT = "You are a permission policy compiler for AI coding agents.\n\nConvert natural language restrictions into precise glob patterns.\n\nCRITICAL: Understand SEMANTIC INTENT, not just keywords.\n\nEXAMPLES OF SEMANTIC UNDERSTANDING:\n\n\"test files\" means TEST SOURCE CODE:\n include: [\"*.test.*\", \"*.spec.*\", \"__tests__/**\", \"test/**/*.ts\"]\n exclude: [\"test-results.*\", \"test-output.*\", \"coverage/**\"]\n \n\"config files\" means CONFIGURATION, not files that configure:\n include: [\"*.config.*\", \"tsconfig*\", \".eslintrc*\", \"vite.config.*\"]\n exclude: []\n\n\"env files\" means ENVIRONMENT SECRETS:\n include: [\".env\", \".env.*\", \"**/.env\", \"**/.env.*\"]\n exclude: [\".env.example\", \".env.template\"]\n\n\"migrations\" means DATABASE SCHEMA CHANGES:\n include: [\"**/migrations/**\", \"*migrate*\", \"prisma/migrations/**\"]\n exclude: []\n\nPATTERN RULES:\n- Always include **/ variants for recursive matching\n- \"starts with X\" \u2192 [\"X*\", \"**/X*\"] \n- \"ends with X\" \u2192 [\"*X\", \"**/*X\"]\n- \"contains X\" \u2192 [\"*X*\", \"**/*X*\"]\n- \"in directory X\" \u2192 [\"X/**\"]\n\nINCLUDE = what to PROTECT (be generous)\nEXCLUDE = what to ALLOW (carve out exceptions)\n\nOutput JSON only. No explanation.";
|
|
2
|
+
//# sourceMappingURL=prompt.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"prompt.d.ts","sourceRoot":"","sources":["../../src/compiler/prompt.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,aAAa,8uCAkCQ,CAAC"}
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
// src/compiler/prompt.ts
|
|
2
|
+
export const SYSTEM_PROMPT = `You are a permission policy compiler for AI coding agents.
|
|
3
|
+
|
|
4
|
+
Convert natural language restrictions into precise glob patterns.
|
|
5
|
+
|
|
6
|
+
CRITICAL: Understand SEMANTIC INTENT, not just keywords.
|
|
7
|
+
|
|
8
|
+
EXAMPLES OF SEMANTIC UNDERSTANDING:
|
|
9
|
+
|
|
10
|
+
"test files" means TEST SOURCE CODE:
|
|
11
|
+
include: ["*.test.*", "*.spec.*", "__tests__/**", "test/**/*.ts"]
|
|
12
|
+
exclude: ["test-results.*", "test-output.*", "coverage/**"]
|
|
13
|
+
|
|
14
|
+
"config files" means CONFIGURATION, not files that configure:
|
|
15
|
+
include: ["*.config.*", "tsconfig*", ".eslintrc*", "vite.config.*"]
|
|
16
|
+
exclude: []
|
|
17
|
+
|
|
18
|
+
"env files" means ENVIRONMENT SECRETS:
|
|
19
|
+
include: [".env", ".env.*", "**/.env", "**/.env.*"]
|
|
20
|
+
exclude: [".env.example", ".env.template"]
|
|
21
|
+
|
|
22
|
+
"migrations" means DATABASE SCHEMA CHANGES:
|
|
23
|
+
include: ["**/migrations/**", "*migrate*", "prisma/migrations/**"]
|
|
24
|
+
exclude: []
|
|
25
|
+
|
|
26
|
+
PATTERN RULES:
|
|
27
|
+
- Always include **/ variants for recursive matching
|
|
28
|
+
- "starts with X" → ["X*", "**/X*"]
|
|
29
|
+
- "ends with X" → ["*X", "**/*X"]
|
|
30
|
+
- "contains X" → ["*X*", "**/*X*"]
|
|
31
|
+
- "in directory X" → ["X/**"]
|
|
32
|
+
|
|
33
|
+
INCLUDE = what to PROTECT (be generous)
|
|
34
|
+
EXCLUDE = what to ALLOW (carve out exceptions)
|
|
35
|
+
|
|
36
|
+
Output JSON only. No explanation.`;
|
|
37
|
+
//# sourceMappingURL=prompt.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"prompt.js","sourceRoot":"","sources":["../../src/compiler/prompt.ts"],"names":[],"mappings":"AAAA,yBAAyB;AAEzB,MAAM,CAAC,MAAM,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kCAkCK,CAAC"}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
import { type LeashConfig, type CompiledLeashConfig } from './schema.js';
|
|
2
|
+
/**
|
|
3
|
+
* Find .leash config file in current directory
|
|
4
|
+
*/
|
|
5
|
+
export declare function findLeashConfig(dir?: string): string | null;
|
|
6
|
+
/**
|
|
7
|
+
* Load and parse .leash config
|
|
8
|
+
*/
|
|
9
|
+
export declare function loadLeashConfig(path: string): LeashConfig | null;
|
|
10
|
+
/**
|
|
11
|
+
* Compile all policies in a .leash config
|
|
12
|
+
*/
|
|
13
|
+
export declare function compileLeashConfig(config: LeashConfig): Promise<CompiledLeashConfig>;
|
|
14
|
+
/**
|
|
15
|
+
* Create a new .leash config file
|
|
16
|
+
*/
|
|
17
|
+
export declare function createLeashConfig(dir?: string): string;
|
|
18
|
+
/**
|
|
19
|
+
* Check if current directory has a .leash config
|
|
20
|
+
*/
|
|
21
|
+
export declare function hasLeashConfig(dir?: string): boolean;
|
|
22
|
+
//# sourceMappingURL=loader.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"loader.d.ts","sourceRoot":"","sources":["../../src/config/loader.ts"],"names":[],"mappings":"AAMA,OAAO,EAKL,KAAK,WAAW,EAChB,KAAK,mBAAmB,EACzB,MAAM,aAAa,CAAC;AASrB;;GAEG;AACH,wBAAgB,eAAe,CAAC,GAAG,GAAE,MAAsB,GAAG,MAAM,GAAG,IAAI,CAW1E;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI,CA0BhE;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,MAAM,EAAE,WAAW,GAClB,OAAO,CAAC,mBAAmB,CAAC,CAwB9B;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,GAAE,MAAsB,GAAG,MAAM,CAerE;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,GAAG,GAAE,MAAsB,GAAG,OAAO,CAEnE"}
|
|
@@ -0,0 +1,100 @@
|
|
|
1
|
+
// src/config/loader.ts
|
|
2
|
+
// Load and parse .leash configuration files
|
|
3
|
+
import { existsSync, readFileSync, writeFileSync } from 'fs';
|
|
4
|
+
import { join } from 'path';
|
|
5
|
+
import { parse as parseYaml } from 'yaml';
|
|
6
|
+
import { validateConfig, generateDefaultConfig, generateLeashYaml, DEFAULT_SETTINGS, } from './schema.js';
|
|
7
|
+
import { compile } from '../compiler/index.js';
|
|
8
|
+
import { COLORS, SYMBOLS, createSpinner } from '../ui/colors.js';
|
|
9
|
+
const LEASH_FILE = '.leash';
|
|
10
|
+
const LEASH_YAML = '.leash.yaml';
|
|
11
|
+
const LEASH_YML = '.leash.yml';
|
|
12
|
+
const LEASH_JSON = '.leash.json';
|
|
13
|
+
/**
|
|
14
|
+
* Find .leash config file in current directory
|
|
15
|
+
*/
|
|
16
|
+
export function findLeashConfig(dir = process.cwd()) {
|
|
17
|
+
const candidates = [LEASH_FILE, LEASH_YAML, LEASH_YML, LEASH_JSON];
|
|
18
|
+
for (const name of candidates) {
|
|
19
|
+
const path = join(dir, name);
|
|
20
|
+
if (existsSync(path)) {
|
|
21
|
+
return path;
|
|
22
|
+
}
|
|
23
|
+
}
|
|
24
|
+
return null;
|
|
25
|
+
}
|
|
26
|
+
/**
|
|
27
|
+
* Load and parse .leash config
|
|
28
|
+
*/
|
|
29
|
+
export function loadLeashConfig(path) {
|
|
30
|
+
if (!existsSync(path)) {
|
|
31
|
+
return null;
|
|
32
|
+
}
|
|
33
|
+
try {
|
|
34
|
+
const content = readFileSync(path, 'utf-8');
|
|
35
|
+
let config;
|
|
36
|
+
if (path.endsWith('.json')) {
|
|
37
|
+
config = JSON.parse(content);
|
|
38
|
+
}
|
|
39
|
+
else {
|
|
40
|
+
config = parseYaml(content);
|
|
41
|
+
}
|
|
42
|
+
if (!validateConfig(config)) {
|
|
43
|
+
console.error(`${COLORS.error}${SYMBOLS.error} Invalid .leash config${COLORS.reset}`);
|
|
44
|
+
return null;
|
|
45
|
+
}
|
|
46
|
+
return config;
|
|
47
|
+
}
|
|
48
|
+
catch (err) {
|
|
49
|
+
console.error(`${COLORS.error}${SYMBOLS.error} Failed to parse .leash: ${err.message}${COLORS.reset}`);
|
|
50
|
+
return null;
|
|
51
|
+
}
|
|
52
|
+
}
|
|
53
|
+
/**
|
|
54
|
+
* Compile all policies in a .leash config
|
|
55
|
+
*/
|
|
56
|
+
export async function compileLeashConfig(config) {
|
|
57
|
+
const compiled = {
|
|
58
|
+
version: 1,
|
|
59
|
+
policies: [],
|
|
60
|
+
settings: { ...DEFAULT_SETTINGS, ...config.settings },
|
|
61
|
+
cloud: config.cloud,
|
|
62
|
+
};
|
|
63
|
+
const spinner = createSpinner(`Compiling ${config.policies.length} policies...`);
|
|
64
|
+
for (const restriction of config.policies) {
|
|
65
|
+
try {
|
|
66
|
+
const policy = await compile(restriction);
|
|
67
|
+
compiled.policies.push({ restriction, policy });
|
|
68
|
+
}
|
|
69
|
+
catch (err) {
|
|
70
|
+
spinner.stop();
|
|
71
|
+
console.error(`${COLORS.error}${SYMBOLS.error} Failed to compile: "${restriction}"${COLORS.reset}`);
|
|
72
|
+
console.error(` ${err.message}`);
|
|
73
|
+
throw err;
|
|
74
|
+
}
|
|
75
|
+
}
|
|
76
|
+
spinner.stop();
|
|
77
|
+
return compiled;
|
|
78
|
+
}
|
|
79
|
+
/**
|
|
80
|
+
* Create a new .leash config file
|
|
81
|
+
*/
|
|
82
|
+
export function createLeashConfig(dir = process.cwd()) {
|
|
83
|
+
const path = join(dir, LEASH_FILE);
|
|
84
|
+
if (existsSync(path)) {
|
|
85
|
+
console.log(`${COLORS.warning}${SYMBOLS.warning} .leash already exists${COLORS.reset}`);
|
|
86
|
+
return path;
|
|
87
|
+
}
|
|
88
|
+
const config = generateDefaultConfig();
|
|
89
|
+
const content = generateLeashYaml(config);
|
|
90
|
+
writeFileSync(path, content);
|
|
91
|
+
console.log(`${COLORS.success}${SYMBOLS.success} Created ${path}${COLORS.reset}`);
|
|
92
|
+
return path;
|
|
93
|
+
}
|
|
94
|
+
/**
|
|
95
|
+
* Check if current directory has a .leash config
|
|
96
|
+
*/
|
|
97
|
+
export function hasLeashConfig(dir = process.cwd()) {
|
|
98
|
+
return findLeashConfig(dir) !== null;
|
|
99
|
+
}
|
|
100
|
+
//# sourceMappingURL=loader.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"loader.js","sourceRoot":"","sources":["../../src/config/loader.ts"],"names":[],"mappings":"AAAA,uBAAuB;AACvB,4CAA4C;AAE5C,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,IAAI,CAAC;AAC7D,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,KAAK,IAAI,SAAS,EAAE,MAAM,MAAM,CAAC;AAC1C,OAAO,EACL,cAAc,EACd,qBAAqB,EACrB,iBAAiB,EACjB,gBAAgB,GAGjB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AAC/C,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEjE,MAAM,UAAU,GAAG,QAAQ,CAAC;AAC5B,MAAM,UAAU,GAAG,aAAa,CAAC;AACjC,MAAM,SAAS,GAAG,YAAY,CAAC;AAC/B,MAAM,UAAU,GAAG,aAAa,CAAC;AAEjC;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,MAAc,OAAO,CAAC,GAAG,EAAE;IACzD,MAAM,UAAU,GAAG,CAAC,UAAU,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;IAEnE,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAC7B,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACrB,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,IAAY;IAC1C,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAE5C,IAAI,MAAe,CAAC;QAEpB,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3B,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC/B,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;QAC9B,CAAC;QAED,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,KAAK,CAAC,GAAG,MAAM,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,yBAAyB,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;YACtF,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,GAAG,MAAM,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,4BAA6B,GAAa,CAAC,OAAO,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;QAClH,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,MAAmB;IAEnB,MAAM,QAAQ,GAAwB;QACpC,OAAO,EAAE,CAAC;QACV,QAAQ,EAAE,EAAE;QACZ,QAAQ,EAAE,EAAE,GAAG,gBAAgB,EAAE,GAAG,MAAM,CAAC,QAAQ,EAAE;QACrD,KAAK,EAAE,MAAM,CAAC,KAAK;KACpB,CAAC;IAEF,MAAM,OAAO,GAAG,aAAa,CAAC,aAAa,MAAM,CAAC,QAAQ,CAAC,MAAM,cAAc,CAAC,CAAC;IAEjF,KAAK,MAAM,WAAW,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QAC1C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,CAAC;YAC1C,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC,CAAC;QAClD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,GAAG,MAAM,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,wBAAwB,WAAW,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;YACpG,OAAO,CAAC,KAAK,CAAC,KAAM,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;YAC7C,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,OAAO,CAAC,IAAI,EAAE,CAAC;IACf,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAc,OAAO,CAAC,GAAG,EAAE;IAC3D,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;IAEnC,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACrB,OAAO,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,yBAAyB,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;QACxF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,MAAM,GAAG,qBAAqB,EAAE,CAAC;IACvC,MAAM,OAAO,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAE1C,aAAa,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC7B,OAAO,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,YAAY,IAAI,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;IAElF,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,MAAc,OAAO,CAAC,GAAG,EAAE;IACxD,OAAO,eAAe,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC;AACvC,CAAC"}
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
import type { Policy } from '../types.js';
|
|
2
|
+
export interface LeashConfig {
|
|
3
|
+
version: 1;
|
|
4
|
+
policies: string[];
|
|
5
|
+
settings?: LeashSettings;
|
|
6
|
+
cloud?: LeashCloudConfig;
|
|
7
|
+
}
|
|
8
|
+
export interface LeashSettings {
|
|
9
|
+
fail_closed?: boolean;
|
|
10
|
+
audit_log?: boolean;
|
|
11
|
+
verbose?: boolean;
|
|
12
|
+
}
|
|
13
|
+
export interface LeashCloudConfig {
|
|
14
|
+
team_id?: string;
|
|
15
|
+
sync?: boolean;
|
|
16
|
+
}
|
|
17
|
+
export interface CompiledLeashConfig {
|
|
18
|
+
version: 1;
|
|
19
|
+
policies: Array<{
|
|
20
|
+
restriction: string;
|
|
21
|
+
policy: Policy;
|
|
22
|
+
}>;
|
|
23
|
+
settings: LeashSettings;
|
|
24
|
+
cloud?: LeashCloudConfig;
|
|
25
|
+
}
|
|
26
|
+
/**
|
|
27
|
+
* Default settings
|
|
28
|
+
*/
|
|
29
|
+
export declare const DEFAULT_SETTINGS: LeashSettings;
|
|
30
|
+
/**
|
|
31
|
+
* Validate a .leash config object
|
|
32
|
+
*/
|
|
33
|
+
export declare function validateConfig(config: unknown): config is LeashConfig;
|
|
34
|
+
/**
|
|
35
|
+
* Generate a default .leash config
|
|
36
|
+
*/
|
|
37
|
+
export declare function generateDefaultConfig(): LeashConfig;
|
|
38
|
+
/**
|
|
39
|
+
* Generate YAML content for a .leash file
|
|
40
|
+
*/
|
|
41
|
+
export declare function generateLeashYaml(config: LeashConfig): string;
|
|
42
|
+
//# sourceMappingURL=schema.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../src/config/schema.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAE1C,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,CAAC,CAAC;IACX,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,CAAC,EAAE,aAAa,CAAC;IACzB,KAAK,CAAC,EAAE,gBAAgB,CAAC;CAC1B;AAED,MAAM,WAAW,aAAa;IAC5B,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,gBAAgB;IAC/B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,CAAC,CAAC;IACX,QAAQ,EAAE,KAAK,CAAC;QACd,WAAW,EAAE,MAAM,CAAC;QACpB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC,CAAC;IACH,QAAQ,EAAE,aAAa,CAAC;IACxB,KAAK,CAAC,EAAE,gBAAgB,CAAC;CAC1B;AAED;;GAEG;AACH,eAAO,MAAM,gBAAgB,EAAE,aAI9B,CAAC;AAEF;;GAEG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,OAAO,GAAG,MAAM,IAAI,WAAW,CA+BrE;AAED;;GAEG;AACH,wBAAgB,qBAAqB,IAAI,WAAW,CAYnD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,WAAW,GAAG,MAAM,CAqC7D"}
|