veto-sdk 1.17.0 → 2.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +69 -203
- package/dist/browser/index.d.ts +1 -1
- package/dist/browser/index.d.ts.map +1 -1
- package/dist/browser/index.js.map +1 -1
- package/dist/browser/types.d.ts +17 -1
- package/dist/browser/types.d.ts.map +1 -1
- package/dist/browser/veto.d.ts +10 -0
- package/dist/browser/veto.d.ts.map +1 -1
- package/dist/browser/veto.js +69 -5
- package/dist/browser/veto.js.map +1 -1
- package/dist/cli/bin.js +0 -0
- package/dist/cli/compile.d.ts +22 -1
- package/dist/cli/compile.d.ts.map +1 -1
- package/dist/cli/compile.js +100 -21
- package/dist/cli/compile.js.map +1 -1
- package/dist/cli/diff.d.ts +2 -25
- package/dist/cli/diff.d.ts.map +1 -1
- package/dist/cli/diff.js +5 -327
- package/dist/cli/diff.js.map +1 -1
- package/dist/cli/headless.js +1 -1
- package/dist/cli/headless.js.map +1 -1
- package/dist/cli/index.d.ts +3 -1
- package/dist/cli/index.d.ts.map +1 -1
- package/dist/cli/index.js +2 -0
- package/dist/cli/index.js.map +1 -1
- package/dist/cli/repl-generate.d.ts.map +1 -1
- package/dist/cli/repl-generate.js +346 -17
- package/dist/cli/repl-generate.js.map +1 -1
- package/dist/cli/replay-engine.d.ts +77 -0
- package/dist/cli/replay-engine.d.ts.map +1 -0
- package/dist/cli/replay-engine.js +379 -0
- package/dist/cli/replay-engine.js.map +1 -0
- package/dist/cli/replay.d.ts +57 -0
- package/dist/cli/replay.d.ts.map +1 -0
- package/dist/cli/replay.js +202 -0
- package/dist/cli/replay.js.map +1 -0
- package/dist/cli/runner.d.ts.map +1 -1
- package/dist/cli/runner.js +20 -0
- package/dist/cli/runner.js.map +1 -1
- package/dist/cli/templates.d.ts +1 -1
- package/dist/cli/templates.d.ts.map +1 -1
- package/dist/cli/templates.js +1 -1
- package/dist/cloud/client.d.ts.map +1 -1
- package/dist/cloud/client.js +6 -1
- package/dist/cloud/client.js.map +1 -1
- package/dist/cloud/types.d.ts +33 -2
- package/dist/cloud/types.d.ts.map +1 -1
- package/dist/core/events.d.ts +11 -1
- package/dist/core/events.d.ts.map +1 -1
- package/dist/core/events.js +4 -0
- package/dist/core/events.js.map +1 -1
- package/dist/core/interceptor.d.ts +20 -1
- package/dist/core/interceptor.d.ts.map +1 -1
- package/dist/core/interceptor.js +47 -3
- package/dist/core/interceptor.js.map +1 -1
- package/dist/core/output-validator.d.ts +11 -0
- package/dist/core/output-validator.d.ts.map +1 -1
- package/dist/core/output-validator.js +88 -15
- package/dist/core/output-validator.js.map +1 -1
- package/dist/core/protect.d.ts +3 -1
- package/dist/core/protect.d.ts.map +1 -1
- package/dist/core/protect.js +14 -4
- package/dist/core/protect.js.map +1 -1
- package/dist/core/veto.d.ts +54 -1
- package/dist/core/veto.d.ts.map +1 -1
- package/dist/core/veto.js +471 -91
- package/dist/core/veto.js.map +1 -1
- package/dist/deterministic/types.d.ts +103 -0
- package/dist/deterministic/types.d.ts.map +1 -1
- package/dist/economic/budget-engine.d.ts +29 -0
- package/dist/economic/budget-engine.d.ts.map +1 -0
- package/dist/economic/budget-engine.js +146 -0
- package/dist/economic/budget-engine.js.map +1 -0
- package/dist/economic/connectors/ap2.d.ts +51 -0
- package/dist/economic/connectors/ap2.d.ts.map +1 -0
- package/dist/economic/connectors/ap2.js +133 -0
- package/dist/economic/connectors/ap2.js.map +1 -0
- package/dist/economic/connectors/index.d.ts +8 -0
- package/dist/economic/connectors/index.d.ts.map +1 -0
- package/dist/economic/connectors/index.js +8 -0
- package/dist/economic/connectors/index.js.map +1 -0
- package/dist/economic/connectors/mpp.d.ts +41 -0
- package/dist/economic/connectors/mpp.d.ts.map +1 -0
- package/dist/economic/connectors/mpp.js +97 -0
- package/dist/economic/connectors/mpp.js.map +1 -0
- package/dist/economic/connectors/x402.d.ts +20 -0
- package/dist/economic/connectors/x402.d.ts.map +1 -0
- package/dist/economic/connectors/x402.js +142 -0
- package/dist/economic/connectors/x402.js.map +1 -0
- package/dist/economic/evaluator.d.ts +77 -0
- package/dist/economic/evaluator.d.ts.map +1 -0
- package/dist/economic/evaluator.js +231 -0
- package/dist/economic/evaluator.js.map +1 -0
- package/dist/economic/index.d.ts +13 -0
- package/dist/economic/index.d.ts.map +1 -0
- package/dist/economic/index.js +15 -0
- package/dist/economic/index.js.map +1 -0
- package/dist/economic/types.d.ts +188 -0
- package/dist/economic/types.d.ts.map +1 -0
- package/dist/economic/types.js +10 -0
- package/dist/economic/types.js.map +1 -0
- package/dist/extractors/content.d.ts +42 -0
- package/dist/extractors/content.d.ts.map +1 -0
- package/dist/extractors/content.js +154 -0
- package/dist/extractors/content.js.map +1 -0
- package/dist/extractors/index.d.ts +7 -0
- package/dist/extractors/index.d.ts.map +1 -0
- package/dist/extractors/index.js +7 -0
- package/dist/extractors/index.js.map +1 -0
- package/dist/index.d.ts +10 -4
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +10 -2
- package/dist/index.js.map +1 -1
- package/dist/policy/generator.d.ts +110 -0
- package/dist/policy/generator.d.ts.map +1 -0
- package/dist/policy/generator.js +463 -0
- package/dist/policy/generator.js.map +1 -0
- package/dist/policy/index.d.ts +7 -0
- package/dist/policy/index.d.ts.map +1 -0
- package/dist/policy/index.js +7 -0
- package/dist/policy/index.js.map +1 -0
- package/dist/providers/adapters.d.ts +27 -0
- package/dist/providers/adapters.d.ts.map +1 -1
- package/dist/providers/adapters.js +58 -0
- package/dist/providers/adapters.js.map +1 -1
- package/dist/rules/condition-evaluator.d.ts +2 -1
- package/dist/rules/condition-evaluator.d.ts.map +1 -1
- package/dist/rules/condition-evaluator.js +97 -7
- package/dist/rules/condition-evaluator.js.map +1 -1
- package/dist/rules/index.d.ts +1 -0
- package/dist/rules/index.d.ts.map +1 -1
- package/dist/rules/index.js +1 -0
- package/dist/rules/index.js.map +1 -1
- package/dist/rules/local-evaluator.d.ts +69 -0
- package/dist/rules/local-evaluator.d.ts.map +1 -0
- package/dist/rules/local-evaluator.js +217 -0
- package/dist/rules/local-evaluator.js.map +1 -0
- package/dist/rules/policy-ir-schema.d.ts +132 -1
- package/dist/rules/policy-ir-schema.d.ts.map +1 -1
- package/dist/rules/policy-ir-schema.js +114 -0
- package/dist/rules/policy-ir-schema.js.map +1 -1
- package/dist/rules/policy-packs.d.ts.map +1 -1
- package/dist/rules/policy-packs.js +1 -0
- package/dist/rules/policy-packs.js.map +1 -1
- package/dist/rules/types.d.ts +3 -1
- package/dist/rules/types.d.ts.map +1 -1
- package/dist/rules/types.js.map +1 -1
- package/dist/types/config.d.ts +2 -1
- package/dist/types/config.d.ts.map +1 -1
- package/dist/types/config.js.map +1 -1
- package/dist/utils/logger.d.ts +38 -2
- package/dist/utils/logger.d.ts.map +1 -1
- package/dist/utils/logger.js +231 -26
- package/dist/utils/logger.js.map +1 -1
- package/package.json +9 -1
- package/packs/economic-agent.yaml +62 -0
package/README.md
CHANGED
|
@@ -1,20 +1,23 @@
|
|
|
1
|
-
#
|
|
1
|
+
# veto-sdk
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
[](https://www.npmjs.com/package/veto-sdk)
|
|
4
|
+
[](../../LICENSE)
|
|
4
5
|
|
|
5
|
-
|
|
6
|
+
A guardrail system for AI agent tool calls. Veto intercepts and validates tool calls made by AI models before execution — blocking, allowing, or routing to human approval.
|
|
6
7
|
|
|
7
|
-
|
|
8
|
-
2. **Wrap** your tools using `veto.wrap()`.
|
|
9
|
-
3. **Pass** the wrapped tools to your AI agent/model.
|
|
8
|
+
## How it works
|
|
10
9
|
|
|
11
|
-
|
|
10
|
+
1. **Initialize** Veto (loads your YAML rules).
|
|
11
|
+
2. **Wrap** your tools with `veto.wrap()`.
|
|
12
|
+
3. **Pass** the wrapped tools to your agent — types preserved, interface unchanged.
|
|
13
|
+
|
|
14
|
+
When the AI calls a tool, Veto automatically:
|
|
12
15
|
|
|
13
16
|
1. Intercepts the call.
|
|
14
|
-
2. Validates arguments against your rules (
|
|
15
|
-
3.
|
|
17
|
+
2. Validates arguments against your rules (deterministic conditions first, optional LLM for semantic rules).
|
|
18
|
+
3. **allow** → executes · **block** → denied with reason · **ask** → approval queue.
|
|
16
19
|
|
|
17
|
-
The
|
|
20
|
+
The agent is unaware of the guardrail.
|
|
18
21
|
|
|
19
22
|
## Installation
|
|
20
23
|
|
|
@@ -22,51 +25,41 @@ The AI model remains unaware of the guardrail - the tool interface is preserved.
|
|
|
22
25
|
npm install veto-sdk
|
|
23
26
|
```
|
|
24
27
|
|
|
25
|
-
For a complete
|
|
28
|
+
For a complete human-in-the-loop example, see the [HITL guide](../../docs/hitl-guide.md).
|
|
26
29
|
|
|
27
|
-
## Quick
|
|
30
|
+
## Quick start
|
|
28
31
|
|
|
29
32
|
### 1. Initialize Veto
|
|
30
33
|
|
|
31
|
-
Run the CLI to create configuration:
|
|
32
|
-
|
|
33
34
|
```bash
|
|
34
35
|
npx veto init
|
|
35
36
|
```
|
|
36
37
|
|
|
37
|
-
|
|
38
|
+
Creates `./veto/veto.config.yaml` and default rules.
|
|
38
39
|
|
|
39
|
-
### 2. Wrap
|
|
40
|
+
### 2. Wrap your tools
|
|
40
41
|
|
|
41
|
-
|
|
42
|
+
`wrap()` is provider-agnostic — works with LangChain, Vercel AI SDK, or any custom tool object.
|
|
42
43
|
|
|
43
44
|
```typescript
|
|
44
45
|
import { Veto } from 'veto-sdk';
|
|
45
|
-
import { tool } from '@langchain/core/tools';
|
|
46
|
+
import { tool } from '@langchain/core/tools';
|
|
46
47
|
|
|
47
|
-
// 1. Define your tools normally
|
|
48
48
|
const myTools = [
|
|
49
|
-
tool(async (args) => { ... }, { name: 'my_tool', ... }),
|
|
50
|
-
// ...
|
|
49
|
+
tool(async (args) => { /* ... */ }, { name: 'my_tool', /* ... */ }),
|
|
51
50
|
];
|
|
52
51
|
|
|
53
|
-
// 2. Initialize Veto
|
|
54
52
|
const veto = await Veto.init();
|
|
55
53
|
|
|
56
|
-
//
|
|
57
|
-
// Types are preserved: wrappedTools has same type as myTools
|
|
54
|
+
// Types are preserved: wrappedTools has the same type as myTools
|
|
58
55
|
const wrappedTools = veto.wrap(myTools);
|
|
59
56
|
|
|
60
|
-
|
|
61
|
-
const agent = createAgent({
|
|
62
|
-
tools: wrappedTools,
|
|
63
|
-
// ...
|
|
64
|
-
});
|
|
57
|
+
const agent = createAgent({ tools: wrappedTools });
|
|
65
58
|
```
|
|
66
59
|
|
|
67
|
-
### 3. Configure
|
|
60
|
+
### 3. Configure rules
|
|
68
61
|
|
|
69
|
-
Edit `veto/rules/financial.yaml
|
|
62
|
+
Edit `veto/rules/financial.yaml`:
|
|
70
63
|
|
|
71
64
|
```yaml
|
|
72
65
|
rules:
|
|
@@ -88,38 +81,33 @@ rules:
|
|
|
88
81
|
```yaml
|
|
89
82
|
version: "1.0"
|
|
90
83
|
|
|
91
|
-
#
|
|
92
|
-
mode: "strict"
|
|
84
|
+
# "strict" blocks calls, "log" only logs them
|
|
85
|
+
mode: "strict"
|
|
93
86
|
|
|
94
|
-
# Validation
|
|
87
|
+
# Validation backend
|
|
95
88
|
validation:
|
|
96
|
-
mode: "custom"
|
|
89
|
+
mode: "custom" # "api", "kernel", or "custom"
|
|
97
90
|
|
|
98
|
-
# Custom
|
|
91
|
+
# Custom provider (if mode is custom)
|
|
99
92
|
custom:
|
|
100
|
-
provider: "gemini"
|
|
93
|
+
provider: "gemini" # openai | anthropic | gemini
|
|
101
94
|
model: "gemini-3-flash-preview"
|
|
102
95
|
|
|
103
|
-
# Logging
|
|
104
96
|
logging:
|
|
105
97
|
level: "info"
|
|
106
98
|
|
|
107
|
-
# Rules
|
|
108
99
|
rules:
|
|
109
100
|
directory: "./rules"
|
|
110
101
|
recursive: true
|
|
111
|
-
|
|
102
|
+
|
|
103
|
+
# Human-in-the-loop approval (for action: ask)
|
|
112
104
|
# approval:
|
|
113
105
|
# callbackUrl: "http://localhost:8787/approvals"
|
|
114
106
|
# timeout: 30000
|
|
115
|
-
# timeoutBehavior: "block"
|
|
116
|
-
# includeCustomContext: false # opt-in: forward validation context.custom to webhook
|
|
117
|
-
# responseSchema:
|
|
118
|
-
# decisionField: "decision"
|
|
119
|
-
# reasonField: "reason"
|
|
107
|
+
# timeoutBehavior: "block"
|
|
120
108
|
```
|
|
121
109
|
|
|
122
|
-
## API
|
|
110
|
+
## API reference
|
|
123
111
|
|
|
124
112
|
### `Veto.init(options?)`
|
|
125
113
|
|
|
@@ -131,16 +119,16 @@ const veto = await Veto.init();
|
|
|
131
119
|
|
|
132
120
|
### `veto.wrap<T>(tools: T[]): T[]`
|
|
133
121
|
|
|
134
|
-
|
|
122
|
+
Wrap an array of tools. Injects Veto validation into each tool's execution handler. Preserves types for full framework compatibility.
|
|
135
123
|
|
|
136
124
|
```typescript
|
|
137
125
|
const wrappedForLangChain = veto.wrap(langChainTools);
|
|
138
|
-
const wrappedForVercel
|
|
126
|
+
const wrappedForVercel = veto.wrap(vercelTools);
|
|
139
127
|
```
|
|
140
128
|
|
|
141
129
|
### `veto.wrapTool<T>(tool: T): T`
|
|
142
130
|
|
|
143
|
-
|
|
131
|
+
Wrap a single tool.
|
|
144
132
|
|
|
145
133
|
```typescript
|
|
146
134
|
const safeTool = veto.wrapTool(myTool);
|
|
@@ -148,191 +136,69 @@ const safeTool = veto.wrapTool(myTool);
|
|
|
148
136
|
|
|
149
137
|
### `veto.getHistoryStats()`
|
|
150
138
|
|
|
151
|
-
|
|
139
|
+
Statistics on allowed vs blocked calls.
|
|
152
140
|
|
|
153
141
|
```typescript
|
|
154
142
|
const stats = veto.getHistoryStats();
|
|
155
|
-
console.log(stats);
|
|
156
143
|
// { totalCalls: 5, allowedCalls: 4, deniedCalls: 1, ... }
|
|
157
144
|
```
|
|
158
145
|
|
|
159
146
|
### `veto.clearHistory()`
|
|
160
147
|
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
```typescript
|
|
164
|
-
veto.clearHistory();
|
|
165
|
-
```
|
|
148
|
+
Reset history statistics.
|
|
166
149
|
|
|
167
150
|
### `veto.exportDecisions(format)`
|
|
168
151
|
|
|
169
|
-
|
|
152
|
+
Export decision history as JSON or CSV.
|
|
170
153
|
|
|
171
154
|
```typescript
|
|
172
|
-
const
|
|
173
|
-
const
|
|
174
|
-
```
|
|
175
|
-
|
|
176
|
-
## CLI Commands
|
|
177
|
-
|
|
178
|
-
Canonical package:
|
|
179
|
-
|
|
180
|
-
```bash
|
|
181
|
-
npx veto-cli@latest
|
|
182
|
-
```
|
|
183
|
-
|
|
184
|
-
Compatibility package (still supported):
|
|
185
|
-
|
|
186
|
-
```bash
|
|
187
|
-
npx veto-sdk@latest
|
|
155
|
+
const json = veto.exportDecisions("json");
|
|
156
|
+
const csv = veto.exportDecisions("csv");
|
|
188
157
|
```
|
|
189
158
|
|
|
190
|
-
|
|
191
|
-
| ------------------------------------------------------------------------------------- | ----------------------------------------------- |
|
|
192
|
-
| `veto` | Start Veto Studio (default interactive mode) |
|
|
193
|
-
| `veto studio` | Start Veto Studio explicitly |
|
|
194
|
-
| `veto repl --legacy` | Start legacy line-based REPL |
|
|
195
|
-
| `veto policy generate --tool <name> --prompt <text> [--target local\|cloud] [--json]` | Generate policy YAML (interactive-independent) |
|
|
196
|
-
| `veto policy apply --file <path> [--target local\|cloud] [--json]` | Apply policy file locally or create cloud draft |
|
|
197
|
-
| `veto guard check --tool <name> --args <json> [--mode ...] [--json]` | Run a deterministic guard check for a tool call |
|
|
198
|
-
| `veto cloud login` | Start cloud device login |
|
|
199
|
-
| `veto cloud whoami` | Show cloud CLI context |
|
|
200
|
-
| `veto doctor` | Runtime/auth/connectivity diagnostics |
|
|
201
|
-
| `veto init`, `veto learn`, `veto compile`, `veto test`, `veto scan`, `veto diff` | Existing core workflows |
|
|
202
|
-
| `veto version` | Show version |
|
|
203
|
-
|
|
204
|
-
Migration notes:
|
|
205
|
-
|
|
206
|
-
- Legacy REPL is still available via `veto repl --legacy`.
|
|
207
|
-
- `veto-cli` is the canonical package. `veto-sdk` CLI path remains compatibility-first.
|
|
208
|
-
- Studio template fallback is opt-in (`--demo-template` or `studio.generation.allowTemplateFallback: true`).
|
|
209
|
-
- Studio defaults to Ink on Node.js. OpenTUI remains optional (`--renderer opentui`) for Bun runtimes.
|
|
210
|
-
|
|
211
|
-
Veto Studio examples:
|
|
159
|
+
## CLI commands
|
|
212
160
|
|
|
213
161
|
```bash
|
|
214
|
-
|
|
215
|
-
npx veto-cli@latest
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
npx veto-cli@latest studio
|
|
219
|
-
|
|
220
|
-
# Force ANSI renderer
|
|
221
|
-
npx veto-cli@latest studio --renderer ansi
|
|
222
|
-
|
|
223
|
-
# Open a specific workspace from multi-repo root
|
|
224
|
-
npx veto-cli@latest studio --directory ./packages/sdk
|
|
225
|
-
|
|
226
|
-
# Enable explicit template demo mode (otherwise no silent fallback in Studio)
|
|
227
|
-
npx veto-cli@latest studio --demo-template
|
|
228
|
-
|
|
229
|
-
# Legacy line-based REPL remains available
|
|
230
|
-
npx veto-cli@latest repl --legacy
|
|
162
|
+
npx veto-cli@latest # Veto Studio (interactive TUI)
|
|
163
|
+
npx veto-cli@latest policy generate --tool <name> --prompt <text>
|
|
164
|
+
npx veto-cli@latest guard check --tool <name> --args <json> --json
|
|
165
|
+
npx veto-cli@latest scan --fail-uncovered # CI gate
|
|
231
166
|
```
|
|
232
167
|
|
|
233
|
-
|
|
168
|
+
→ [Full CLI reference](../cli/README.md)
|
|
234
169
|
|
|
235
|
-
|
|
236
|
-
# Test a call locally (no network)
|
|
237
|
-
/test transfer_funds({"amount": 50000})
|
|
238
|
-
|
|
239
|
-
# Ask a what-if question in plain language
|
|
240
|
-
what would happen if my agent tried to transfer $50,000?
|
|
241
|
-
|
|
242
|
-
# Explain a rule
|
|
243
|
-
/explain fin-block-high-transfers
|
|
244
|
-
|
|
245
|
-
# Run scenario suite
|
|
246
|
-
test my agent against current rules
|
|
247
|
-
|
|
248
|
-
# Export merged rules
|
|
249
|
-
/export
|
|
250
|
-
```
|
|
251
|
-
|
|
252
|
-
Coverage audit examples:
|
|
253
|
-
|
|
254
|
-
```bash
|
|
255
|
-
# Human-readable coverage report
|
|
256
|
-
npx veto scan
|
|
257
|
-
|
|
258
|
-
# Scan an explicit workspace directory
|
|
259
|
-
npx veto scan --directory ./packages/sdk
|
|
260
|
-
|
|
261
|
-
# Include examples/ and tests/ directories in scan scope
|
|
262
|
-
npx veto scan --include-examples --include-tests
|
|
263
|
-
|
|
264
|
-
# CI gate: fail when uncovered tools are found
|
|
265
|
-
npx veto scan --fail-uncovered
|
|
266
|
-
|
|
267
|
-
# Include inline YAML snippets for uncovered tools
|
|
268
|
-
npx veto scan --suggest
|
|
269
|
-
|
|
270
|
-
# Machine-readable output for CI pipelines
|
|
271
|
-
npx veto scan --format json
|
|
272
|
-
```
|
|
273
|
-
|
|
274
|
-
Policy diff examples:
|
|
275
|
-
|
|
276
|
-
```bash
|
|
277
|
-
# Compare working rule file against HEAD (git snapshot)
|
|
278
|
-
npx veto diff financial.yaml
|
|
279
|
-
|
|
280
|
-
# Compare two explicit snapshots (file or directory mode)
|
|
281
|
-
npx veto diff --old ./rules-v1 --new ./rules-v2
|
|
282
|
-
|
|
283
|
-
# Include deterministic replay impact from historical calls
|
|
284
|
-
npx veto diff financial.yaml --log calls.jsonl
|
|
285
|
-
|
|
286
|
-
# Machine-readable structural + impact report
|
|
287
|
-
npx veto diff --old ./rules-v1 --new ./rules-v2 --log calls.jsonl --format json
|
|
288
|
-
```
|
|
289
|
-
|
|
290
|
-
## General Rule YAML Format
|
|
291
|
-
|
|
292
|
-
Each rule file (e.g., `veto/rules/policy.yaml`) can contain one or more rules.
|
|
170
|
+
## Rule YAML format
|
|
293
171
|
|
|
294
172
|
```yaml
|
|
295
173
|
rules:
|
|
296
|
-
- id: unique-rule-id
|
|
297
|
-
name: Human readable name
|
|
298
|
-
enabled: true
|
|
299
|
-
severity: high
|
|
300
|
-
action: block
|
|
301
|
-
|
|
302
|
-
# Scope:
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
|
|
306
|
-
|
|
307
|
-
#
|
|
174
|
+
- id: unique-rule-id # required
|
|
175
|
+
name: Human readable name # required
|
|
176
|
+
enabled: true # optional, default: true
|
|
177
|
+
severity: high # critical | high | medium | low | info
|
|
178
|
+
action: block # block | warn | log | allow | ask
|
|
179
|
+
|
|
180
|
+
# Scope: which tools does this rule apply to?
|
|
181
|
+
# Omit or leave empty to apply to ALL tools (global rule).
|
|
182
|
+
tools:
|
|
183
|
+
- make_payment
|
|
184
|
+
|
|
185
|
+
# Static conditions (optional) — evaluated locally, zero latency
|
|
308
186
|
conditions:
|
|
309
|
-
- field: arguments.amount
|
|
310
|
-
operator: greater_than
|
|
187
|
+
- field: arguments.amount # dot notation for nested args
|
|
188
|
+
operator: greater_than # equals | contains | starts_with | ends_with | greater_than | less_than
|
|
311
189
|
value: 1000
|
|
312
190
|
|
|
313
|
-
#
|
|
314
|
-
# Natural language guidance for the validation LLM.
|
|
191
|
+
# Semantic guidance for LLM validation (optional)
|
|
315
192
|
description: "Ensure the payment recipient is a verified vendor."
|
|
316
193
|
```
|
|
317
194
|
|
|
318
|
-
## Rule
|
|
319
|
-
|
|
320
|
-
Veto uses a two-step process to determine if a tool call is safe:
|
|
321
|
-
|
|
322
|
-
### 1. Rule Selection (Which rules apply?)
|
|
323
|
-
|
|
324
|
-
Veto selects rules based on the `tools` list in your YAML:
|
|
325
|
-
|
|
326
|
-
- **Tool-Specific Rules**: If a rule lists specific tools (e.g., `tools: [make_payment]`), it ONLY applies when those tools are called.
|
|
327
|
-
- **Global Rules**: If `tools` is missing or empty `[]`, the rule activates for **EVERY** tool call. Use this for universal policies (e.g., "Do not reveal internal file paths").
|
|
328
|
-
|
|
329
|
-
### 2. Validation Execution
|
|
195
|
+
## Rule matching logic
|
|
330
196
|
|
|
331
|
-
|
|
197
|
+
Veto uses a two-step process:
|
|
332
198
|
|
|
333
|
-
|
|
334
|
-
|
|
199
|
+
1. **Rule selection** — rules with a matching `tools` list apply. Rules with no `tools` (global rules) apply to every call.
|
|
200
|
+
2. **Validation** — static `conditions` are checked first (local, no API call). If conditions match, the rule triggers immediately. Otherwise, the rule's `name` and `description` are sent to the LLM for semantic validation.
|
|
335
201
|
|
|
336
202
|
## License
|
|
337
203
|
|
|
338
|
-
|
|
204
|
+
Apache-2.0 © [Plaw, Inc.](https://plaw.io)
|
package/dist/browser/index.d.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { Veto } from './veto.js';
|
|
2
2
|
export { protect, type ProtectOptions, type ProtectMode, } from './protect.js';
|
|
3
3
|
export { Veto };
|
|
4
|
-
export type { VetoBrowserOptions, GuardResult, GuardContext, } from './types.js';
|
|
4
|
+
export type { VetoBrowserOptions, VetoFromCloudOptions, VetoMode, GuardResult, GuardContext, } from './types.js';
|
|
5
5
|
export type { Rule, OutputRule, RuleCondition, RuleSeverity, RuleAction, } from '../rules/types.js';
|
|
6
6
|
export type { OutputValidationResult } from '../core/output-validator.js';
|
|
7
7
|
export { ToolCallDeniedError } from '../core/interceptor.js';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/browser/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAGjC,OAAO,EACL,OAAO,EACP,KAAK,cAAc,EACnB,KAAK,WAAW,GACjB,MAAM,cAAc,CAAC;AAEtB,OAAO,EAAE,IAAI,EAAE,CAAC;AAChB,YAAY,EACV,kBAAkB,EAClB,WAAW,EACX,YAAY,GACb,MAAM,YAAY,CAAC;AACpB,YAAY,EACV,IAAI,EACJ,UAAU,EACV,aAAa,EACb,YAAY,EACZ,UAAU,GACX,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAC1E,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAC9D,OAAO,EAAE,qBAAqB,EAAE,MAAM,+BAA+B,CAAC;AACtE,OAAO,EAAE,4BAA4B,EAAE,MAAM,iCAAiC,CAAC;AAoB/E,wBAAgB,UAAU,CAAC,CAAC,EAC1B,IAAI,EAAE,IAAI,EACV,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,GACzD,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,CAAC,CAAC,CAW/C;AAED,wBAAgB,WAAW,CACzB,IAAI,EAAE,IAAI,EACV,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,GAClE,MAAM,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC,CAYrE"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/browser/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAGjC,OAAO,EACL,OAAO,EACP,KAAK,cAAc,EACnB,KAAK,WAAW,GACjB,MAAM,cAAc,CAAC;AAEtB,OAAO,EAAE,IAAI,EAAE,CAAC;AAChB,YAAY,EACV,kBAAkB,EAClB,oBAAoB,EACpB,QAAQ,EACR,WAAW,EACX,YAAY,GACb,MAAM,YAAY,CAAC;AACpB,YAAY,EACV,IAAI,EACJ,UAAU,EACV,aAAa,EACb,YAAY,EACZ,UAAU,GACX,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAC1E,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAC9D,OAAO,EAAE,qBAAqB,EAAE,MAAM,+BAA+B,CAAC;AACtE,OAAO,EAAE,4BAA4B,EAAE,MAAM,iCAAiC,CAAC;AAoB/E,wBAAgB,UAAU,CAAC,CAAC,EAC1B,IAAI,EAAE,IAAI,EACV,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,GACzD,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,CAAC,CAAC,CAW/C;AAED,wBAAgB,WAAW,CACzB,IAAI,EAAE,IAAI,EACV,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,GAClE,MAAM,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC,CAYrE"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/browser/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAE7D,OAAO,EACL,OAAO,GAGR,MAAM,cAAc,CAAC;AAEtB,OAAO,EAAE,IAAI,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/browser/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAE7D,OAAO,EACL,OAAO,GAGR,MAAM,cAAc,CAAC;AAEtB,OAAO,EAAE,IAAI,EAAE,CAAC;AAgBhB,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAC9D,OAAO,EAAE,qBAAqB,EAAE,MAAM,+BAA+B,CAAC;AACtE,OAAO,EAAE,4BAA4B,EAAE,MAAM,iCAAiC,CAAC;AAE/E,SAAS,wBAAwB,CAC/B,MAA0C;IAE1C,MAAM,QAAQ,GAAiC,MAAM,CAAC,QAAQ,KAAK,kBAAkB;QACnF,CAAC,CAAC,kBAAkB;QACpB,CAAC,CAAC,MAAM,CAAC;IAEX,OAAO;QACL,QAAQ;QACR,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,QAAQ,EAAE;YACR,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,UAAU,EAAE,MAAM,CAAC,UAAU;SAC9B;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,UAAU,CACxB,IAAU,EACV,QAAgB,EAChB,OAA0D;IAE1D,OAAO,KAAK,EAAE,IAAI,EAAE,EAAE;QACpB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAChD,IACE,CAAC,MAAM,CAAC,QAAQ,KAAK,MAAM,IAAI,MAAM,CAAC,QAAQ,KAAK,kBAAkB,CAAC;eACnE,MAAM,CAAC,MAAM,KAAK,IAAI,EACzB,CAAC;YACD,MAAM,IAAI,mBAAmB,CAAC,QAAQ,EAAE,OAAO,EAAE,wBAAwB,CAAC,MAAM,CAAC,CAAC,CAAC;QACrF,CAAC;QACD,OAAO,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,WAAW,CACzB,IAAU,EACV,OAAmE;IAEnE,MAAM,OAAO,GAAwE,EAAE,CAAC;IAExF,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACtD,OAAO,CAAC,IAAI,CAAC,GAAG,UAAU,CACxB,IAAI,EACJ,IAAI,EACJ,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,MAAM,OAAO,CAAC,IAAI,CAAC,CACpC,CAAC;IACJ,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}
|
package/dist/browser/types.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type { LogLevel, NamedValidator, ValidationContext, Validator } from '../types/config.js';
|
|
1
|
+
import type { LogLevel, NamedValidator, StreamLogMode, ValidationContext, Validator } from '../types/config.js';
|
|
2
2
|
import type { OutputRule, Rule, RuleSeverity } from '../rules/types.js';
|
|
3
3
|
import type { BudgetConfig, ToolCostMap } from '../core/budget.js';
|
|
4
4
|
export type VetoMode = 'strict' | 'log' | 'shadow';
|
|
@@ -41,6 +41,8 @@ export interface VetoBrowserOptions<TCloudClient = BrowserCloudClient> {
|
|
|
41
41
|
outputRules?: OutputRule[];
|
|
42
42
|
mode?: VetoMode;
|
|
43
43
|
logLevel?: LogLevel;
|
|
44
|
+
stream?: boolean;
|
|
45
|
+
streamMode?: StreamLogMode;
|
|
44
46
|
sessionId?: string;
|
|
45
47
|
agentId?: string;
|
|
46
48
|
userId?: string;
|
|
@@ -52,10 +54,24 @@ export interface VetoBrowserOptions<TCloudClient = BrowserCloudClient> {
|
|
|
52
54
|
onApprovalRequired?: (context: ValidationContext, approvalId: string) => void | Promise<void>;
|
|
53
55
|
budget?: BudgetConfig;
|
|
54
56
|
costs?: ToolCostMap;
|
|
57
|
+
/** Callback fired after every guard() invocation. Enables UI logging, audit trails, analytics. */
|
|
58
|
+
onDecisionMade?: (result: GuardResult & {
|
|
59
|
+
toolName: string;
|
|
60
|
+
}) => void;
|
|
55
61
|
}
|
|
56
62
|
export interface VetoFromCloudOptions {
|
|
57
63
|
apiKey: string;
|
|
58
64
|
endpoint?: string;
|
|
59
65
|
refreshIntervalMs?: number;
|
|
66
|
+
mode?: VetoMode;
|
|
67
|
+
logLevel?: LogLevel;
|
|
68
|
+
sessionId?: string;
|
|
69
|
+
agentId?: string;
|
|
70
|
+
userId?: string;
|
|
71
|
+
role?: string;
|
|
72
|
+
validators?: (Validator | NamedValidator)[];
|
|
73
|
+
onApprovalRequired?: (context: ValidationContext, approvalId: string) => void | Promise<void>;
|
|
74
|
+
budget?: BudgetConfig;
|
|
75
|
+
costs?: ToolCostMap;
|
|
60
76
|
}
|
|
61
77
|
//# sourceMappingURL=types.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/browser/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,QAAQ,EACR,cAAc,EACd,iBAAiB,EACjB,SAAS,EACV,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACxE,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEnE,MAAM,MAAM,QAAQ,GAAG,QAAQ,GAAG,KAAK,GAAG,QAAQ,CAAC;AAEnD,MAAM,WAAW,YAAY;IAC3B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,OAAO,GAAG,MAAM,GAAG,kBAAkB,CAAC;IAChD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,YAAY,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,4BAA4B;IAC3C,QAAQ,EAAE,IAAI,EAAE,CAAC;IACjB,WAAW,CAAC,EAAE,UAAU,EAAE,CAAC;CAC5B;AAED,MAAM,WAAW,2BAA2B;IAC1C,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,QAAQ,EAAE,OAAO,GAAG,MAAM,CAAC;IAC3B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,eAAe,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,QAAQ,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,kBAAkB;IACjC,aAAa,EAAE,MAAM,OAAO,CAAC,4BAA4B,CAAC,CAAC;IAC3D,WAAW,EAAE,CAAC,OAAO,EAAE,2BAA2B,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5E,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;CACtB;AAED,MAAM,WAAW,kBAAkB,CAAC,YAAY,GAAG,kBAAkB;IACnE,KAAK,EAAE,IAAI,EAAE,CAAC;IACd,WAAW,CAAC,EAAE,UAAU,EAAE,CAAC;IAC3B,IAAI,CAAC,EAAE,QAAQ,CAAC;IAChB,QAAQ,CAAC,EAAE,QAAQ,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,CAAC,SAAS,GAAG,cAAc,CAAC,EAAE,CAAC;IAC5C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,YAAY,CAAC;IAC3B,kBAAkB,CAAC,EAAE,CACnB,OAAO,EAAE,iBAAiB,EAC1B,UAAU,EAAE,MAAM,KACf,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1B,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,KAAK,CAAC,EAAE,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/browser/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,QAAQ,EACR,cAAc,EACd,aAAa,EACb,iBAAiB,EACjB,SAAS,EACV,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACxE,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEnE,MAAM,MAAM,QAAQ,GAAG,QAAQ,GAAG,KAAK,GAAG,QAAQ,CAAC;AAEnD,MAAM,WAAW,YAAY;IAC3B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,OAAO,GAAG,MAAM,GAAG,kBAAkB,CAAC;IAChD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,YAAY,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,4BAA4B;IAC3C,QAAQ,EAAE,IAAI,EAAE,CAAC;IACjB,WAAW,CAAC,EAAE,UAAU,EAAE,CAAC;CAC5B;AAED,MAAM,WAAW,2BAA2B;IAC1C,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,QAAQ,EAAE,OAAO,GAAG,MAAM,CAAC;IAC3B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,eAAe,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,QAAQ,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,kBAAkB;IACjC,aAAa,EAAE,MAAM,OAAO,CAAC,4BAA4B,CAAC,CAAC;IAC3D,WAAW,EAAE,CAAC,OAAO,EAAE,2BAA2B,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5E,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;CACtB;AAED,MAAM,WAAW,kBAAkB,CAAC,YAAY,GAAG,kBAAkB;IACnE,KAAK,EAAE,IAAI,EAAE,CAAC;IACd,WAAW,CAAC,EAAE,UAAU,EAAE,CAAC;IAC3B,IAAI,CAAC,EAAE,QAAQ,CAAC;IAChB,QAAQ,CAAC,EAAE,QAAQ,CAAC;IACpB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,aAAa,CAAC;IAC3B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,CAAC,SAAS,GAAG,cAAc,CAAC,EAAE,CAAC;IAC5C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,YAAY,CAAC;IAC3B,kBAAkB,CAAC,EAAE,CACnB,OAAO,EAAE,iBAAiB,EAC1B,UAAU,EAAE,MAAM,KACf,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1B,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,KAAK,CAAC,EAAE,WAAW,CAAC;IACpB,kGAAkG;IAClG,cAAc,CAAC,EAAE,CAAC,MAAM,EAAE,WAAW,GAAG;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE,KAAK,IAAI,CAAC;CACvE;AAED,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,IAAI,CAAC,EAAE,QAAQ,CAAC;IAChB,QAAQ,CAAC,EAAE,QAAQ,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,CAAC,SAAS,GAAG,cAAc,CAAC,EAAE,CAAC;IAC5C,kBAAkB,CAAC,EAAE,CACnB,OAAO,EAAE,iBAAiB,EAC1B,UAAU,EAAE,MAAM,KACf,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1B,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,KAAK,CAAC,EAAE,WAAW,CAAC;CACrB"}
|
package/dist/browser/veto.d.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import type { ValidationResult } from '../types/config.js';
|
|
2
|
+
import type { OutputRule, Rule } from '../rules/types.js';
|
|
2
3
|
import { type HistoryStats } from '../core/history.js';
|
|
3
4
|
import { type BudgetStatus } from '../core/budget.js';
|
|
4
5
|
import { type OutputValidationResult } from '../core/output-validator.js';
|
|
@@ -17,7 +18,12 @@ export declare class Veto {
|
|
|
17
18
|
private readonly outputValidator;
|
|
18
19
|
private readonly cloudClient;
|
|
19
20
|
private readonly onApprovalRequired?;
|
|
21
|
+
private readonly onDecisionMade?;
|
|
20
22
|
private rulesState;
|
|
23
|
+
private cloudRules;
|
|
24
|
+
private cloudOutputRules;
|
|
25
|
+
private localRules;
|
|
26
|
+
private localOutputRules;
|
|
21
27
|
private readonly compiledExpressionCache;
|
|
22
28
|
private refreshIntervalId;
|
|
23
29
|
private constructor();
|
|
@@ -65,6 +71,10 @@ export declare class Veto {
|
|
|
65
71
|
}>(tool: T): T;
|
|
66
72
|
validateOutput(toolName: string, output: unknown): OutputValidationResult;
|
|
67
73
|
refreshRules(): Promise<void>;
|
|
74
|
+
addRules(rules: Rule[], outputRules?: OutputRule[]): void;
|
|
75
|
+
removeRule(ruleId: string): void;
|
|
76
|
+
getRules(): Rule[];
|
|
77
|
+
private reindex;
|
|
68
78
|
getHistoryStats(): HistoryStats;
|
|
69
79
|
clearHistory(): void;
|
|
70
80
|
getBudgetStatus(): BudgetStatus | null;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"veto.d.ts","sourceRoot":"","sources":["../../src/browser/veto.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAGV,gBAAgB,EAEjB,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"veto.d.ts","sourceRoot":"","sources":["../../src/browser/veto.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAGV,gBAAgB,EAEjB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAE,UAAU,EAAE,IAAI,EAAgB,MAAM,mBAAmB,CAAC;AAMxE,OAAO,EAAkB,KAAK,YAAY,EAAE,MAAM,oBAAoB,CAAC;AACvE,OAAO,EAAiB,KAAK,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACrE,OAAO,EAAmB,KAAK,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAC3F,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,KAAK,EAIV,YAAY,EACZ,WAAW,EACX,kBAAkB,EAClB,oBAAoB,EAErB,MAAM,YAAY,CAAC;AAmOpB,qBAAa,IAAI;IACf,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAW;IAChC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAS;IAC/B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAmB;IAC9C,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAiB;IAChD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAuB;IACrD,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAkB;IAClD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAA4B;IACxD,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAGV;IAC1B,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAuD;IAEvF,OAAO,CAAC,UAAU,CAAmB;IACrC,OAAO,CAAC,UAAU,CAAc;IAChC,OAAO,CAAC,gBAAgB,CAAoB;IAC5C,OAAO,CAAC,UAAU,CAAc;IAChC,OAAO,CAAC,gBAAgB,CAAoB;IAC5C,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAA8B;IACtE,OAAO,CAAC,iBAAiB,CAA+C;IAExE,OAAO;IAsCP,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,kBAAkB,GAAG,IAAI;WAKtC,SAAS,CAAC,OAAO,EAAE,oBAAoB,GAAG,OAAO,CAAC,IAAI,CAAC;IA4BpE,OAAO,CAAC,kBAAkB;IAmB1B,OAAO,CAAC,eAAe;IAKvB,OAAO,CAAC,qBAAqB;IAK7B,OAAO,CAAC,gBAAgB;IAIxB,OAAO,CAAC,cAAc;IAItB,OAAO,CAAC,aAAa;IAIrB,OAAO,CAAC,WAAW;IAInB,OAAO,CAAC,sBAAsB;IAI9B,OAAO,CAAC,mBAAmB;IAiC3B,OAAO,CAAC,cAAc;IAStB,OAAO,CAAC,mBAAmB;IAI3B,OAAO,CAAC,iBAAiB;IAYzB,OAAO,CAAC,kBAAkB;IAsB1B,OAAO,CAAC,sBAAsB;IAgB9B,OAAO,CAAC,aAAa;YAmHP,aAAa;IAmB3B,OAAO,CAAC,aAAa;IAwCrB,OAAO,CAAC,cAAc;IAoChB,KAAK,CACT,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,OAAO,GAAE,YAAiB,GACzB,OAAO,CAAC,WAAW,CAAC;IAqCjB,gBAAgB,CAAC,IAAI,EAAE;QAC3B,EAAE,CAAC,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,MAAM,CAAC;QACb,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACpC,GAAG,OAAO,CAAC;QACV,OAAO,EAAE,OAAO,CAAC;QACjB,gBAAgB,EAAE,gBAAgB,CAAC;QACnC,YAAY,EAAE;YAAE,EAAE,CAAC,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,CAAC;YAAC,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;SAAE,CAAC;QAChF,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACzC,CAAC;YAwBY,oBAAoB;IAqBlC,IAAI,CAAC,CAAC,SAAS;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,EAAE,KAAK,EAAE,CAAC,EAAE,GAAG,CAAC,EAAE;IAIjD,QAAQ,CAAC,CAAC,SAAS;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC;IA8EhD,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,GAAG,sBAAsB;IAInE,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC;IAWnC,QAAQ,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,IAAI;IAwBzD,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAMhC,QAAQ,IAAI,IAAI,EAAE;IAIlB,OAAO,CAAC,OAAO;IAQf,eAAe,IAAI,YAAY;IAI/B,YAAY,IAAI,IAAI;IAIpB,eAAe,IAAI,YAAY,GAAG,IAAI;IAItC,WAAW,IAAI,IAAI;IAInB,OAAO,IAAI,IAAI;CAQhB;AAED,OAAO,EAAE,mBAAmB,EAAE,CAAC"}
|
package/dist/browser/veto.js
CHANGED
|
@@ -88,7 +88,7 @@ function normalizePoliciesResponse(payload) {
|
|
|
88
88
|
};
|
|
89
89
|
}
|
|
90
90
|
function createInlineCloudClient(apiKey, endpoint, logger) {
|
|
91
|
-
const baseUrl = (endpoint ?? 'https://api.
|
|
91
|
+
const baseUrl = (endpoint ?? 'https://api.veto.so').replace(/\/$/, '');
|
|
92
92
|
const headers = {
|
|
93
93
|
'Content-Type': 'application/json',
|
|
94
94
|
'X-Veto-API-Key': apiKey,
|
|
@@ -198,7 +198,12 @@ export class Veto {
|
|
|
198
198
|
outputValidator;
|
|
199
199
|
cloudClient;
|
|
200
200
|
onApprovalRequired;
|
|
201
|
+
onDecisionMade;
|
|
201
202
|
rulesState;
|
|
203
|
+
cloudRules = [];
|
|
204
|
+
cloudOutputRules = [];
|
|
205
|
+
localRules = [];
|
|
206
|
+
localOutputRules = [];
|
|
202
207
|
compiledExpressionCache = new Map();
|
|
203
208
|
refreshIntervalId = null;
|
|
204
209
|
constructor(options, logger) {
|
|
@@ -209,11 +214,14 @@ export class Veto {
|
|
|
209
214
|
this.userId = options.userId;
|
|
210
215
|
this.role = options.role;
|
|
211
216
|
this.validators = toNamedValidators(options.validators);
|
|
212
|
-
this.
|
|
217
|
+
this.cloudRules = options.rules;
|
|
218
|
+
this.cloudOutputRules = options.outputRules ?? [];
|
|
219
|
+
this.rulesState = indexRules(this.cloudRules, this.cloudOutputRules);
|
|
213
220
|
this.cloudClient = options.cloudClient ?? (options.apiKey
|
|
214
221
|
? createInlineCloudClient(options.apiKey, options.endpoint, logger)
|
|
215
222
|
: null);
|
|
216
223
|
this.onApprovalRequired = options.onApprovalRequired;
|
|
224
|
+
this.onDecisionMade = options.onDecisionMade;
|
|
217
225
|
this.historyTracker = new HistoryTracker({
|
|
218
226
|
maxSize: 100,
|
|
219
227
|
logger: this.logger,
|
|
@@ -235,12 +243,22 @@ export class Veto {
|
|
|
235
243
|
return new Veto(options, logger);
|
|
236
244
|
}
|
|
237
245
|
static async fromCloud(options) {
|
|
238
|
-
const logger = createLogger('warn');
|
|
246
|
+
const logger = createLogger(options.logLevel ?? 'warn');
|
|
239
247
|
const cloudClient = createInlineCloudClient(options.apiKey, options.endpoint, logger);
|
|
240
248
|
const policies = await cloudClient.fetchPolicies();
|
|
241
249
|
const veto = Veto.fromRules({
|
|
242
250
|
rules: policies.policies,
|
|
243
251
|
outputRules: policies.outputRules,
|
|
252
|
+
mode: options.mode,
|
|
253
|
+
logLevel: options.logLevel,
|
|
254
|
+
sessionId: options.sessionId,
|
|
255
|
+
agentId: options.agentId,
|
|
256
|
+
userId: options.userId,
|
|
257
|
+
role: options.role,
|
|
258
|
+
validators: options.validators,
|
|
259
|
+
onApprovalRequired: options.onApprovalRequired,
|
|
260
|
+
budget: options.budget,
|
|
261
|
+
costs: options.costs,
|
|
244
262
|
apiKey: options.apiKey,
|
|
245
263
|
endpoint: options.endpoint,
|
|
246
264
|
cloudClient,
|
|
@@ -536,7 +554,17 @@ export class Veto {
|
|
|
536
554
|
const durationMs = Date.now() - start;
|
|
537
555
|
this.historyTracker.record(toolName, args, result, durationMs);
|
|
538
556
|
this.reportDecision(validationContext, result, durationMs);
|
|
539
|
-
|
|
557
|
+
const guardResult = this.toGuardResult(result);
|
|
558
|
+
try {
|
|
559
|
+
const maybePromise = this.onDecisionMade?.({ ...guardResult, toolName });
|
|
560
|
+
if (maybePromise && typeof maybePromise.catch === 'function') {
|
|
561
|
+
maybePromise.catch(() => { });
|
|
562
|
+
}
|
|
563
|
+
}
|
|
564
|
+
catch {
|
|
565
|
+
// swallow — callback errors must not break guard flow
|
|
566
|
+
}
|
|
567
|
+
return guardResult;
|
|
540
568
|
}
|
|
541
569
|
async validateToolCall(call) {
|
|
542
570
|
const guardResult = await this.guard(call.name, call.arguments);
|
|
@@ -644,7 +672,43 @@ export class Veto {
|
|
|
644
672
|
throw new Error('No cloud client configured');
|
|
645
673
|
}
|
|
646
674
|
const remote = await this.cloudClient.fetchPolicies();
|
|
647
|
-
this.
|
|
675
|
+
this.cloudRules = remote.policies;
|
|
676
|
+
this.cloudOutputRules = remote.outputRules ?? [];
|
|
677
|
+
this.reindex();
|
|
678
|
+
}
|
|
679
|
+
addRules(rules, outputRules) {
|
|
680
|
+
for (const rule of rules) {
|
|
681
|
+
const idx = this.localRules.findIndex(r => r.id === rule.id);
|
|
682
|
+
if (idx >= 0) {
|
|
683
|
+
this.localRules[idx] = rule;
|
|
684
|
+
}
|
|
685
|
+
else {
|
|
686
|
+
this.localRules.push(rule);
|
|
687
|
+
}
|
|
688
|
+
}
|
|
689
|
+
if (outputRules) {
|
|
690
|
+
for (const rule of outputRules) {
|
|
691
|
+
const idx = this.localOutputRules.findIndex(r => r.id === rule.id);
|
|
692
|
+
if (idx >= 0) {
|
|
693
|
+
this.localOutputRules[idx] = rule;
|
|
694
|
+
}
|
|
695
|
+
else {
|
|
696
|
+
this.localOutputRules.push(rule);
|
|
697
|
+
}
|
|
698
|
+
}
|
|
699
|
+
}
|
|
700
|
+
this.reindex();
|
|
701
|
+
}
|
|
702
|
+
removeRule(ruleId) {
|
|
703
|
+
this.localRules = this.localRules.filter(r => r.id !== ruleId);
|
|
704
|
+
this.localOutputRules = this.localOutputRules.filter(r => r.id !== ruleId);
|
|
705
|
+
this.reindex();
|
|
706
|
+
}
|
|
707
|
+
getRules() {
|
|
708
|
+
return [...this.rulesState.allRules];
|
|
709
|
+
}
|
|
710
|
+
reindex() {
|
|
711
|
+
this.rulesState = indexRules([...this.localRules, ...this.cloudRules], [...this.localOutputRules, ...this.cloudOutputRules]);
|
|
648
712
|
this.compiledExpressionCache.clear();
|
|
649
713
|
}
|
|
650
714
|
getHistoryStats() {
|