veto-sdk 2.2.0 → 2.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +933 -57
- package/dist/admin/client.d.ts +93 -0
- package/dist/admin/client.d.ts.map +1 -0
- package/dist/admin/client.js +365 -0
- package/dist/admin/client.js.map +1 -0
- package/dist/admin/types.d.ts +205 -0
- package/dist/admin/types.d.ts.map +1 -0
- package/dist/admin/types.js +2 -0
- package/dist/admin/types.js.map +1 -0
- package/dist/audit/chain.d.ts +13 -0
- package/dist/audit/chain.d.ts.map +1 -0
- package/dist/audit/chain.js +32 -0
- package/dist/audit/chain.js.map +1 -0
- package/dist/browser/protect.d.ts.map +1 -1
- package/dist/browser/protect.js +9 -1
- package/dist/browser/protect.js.map +1 -1
- package/dist/browser/types.d.ts +4 -1
- package/dist/browser/types.d.ts.map +1 -1
- package/dist/browser/veto.d.ts.map +1 -1
- package/dist/browser/veto.js +33 -2
- package/dist/browser/veto.js.map +1 -1
- package/dist/cli/bin.js +0 -0
- package/dist/cli/compile.js +2 -2
- package/dist/cli/compile.js.map +1 -1
- package/dist/cli/repl-generate.js +1 -1
- package/dist/cli/repl-generate.js.map +1 -1
- package/dist/cli/runner.d.ts.map +1 -1
- package/dist/cli/runner.js +129 -8
- package/dist/cli/runner.js.map +1 -1
- package/dist/cli/templates.d.ts +1 -1
- package/dist/cli/templates.d.ts.map +1 -1
- package/dist/cli/templates.js +1 -1
- package/dist/compiler/evaluator.d.ts.map +1 -1
- package/dist/compiler/evaluator.js +6 -0
- package/dist/compiler/evaluator.js.map +1 -1
- package/dist/core/events.d.ts +2 -0
- package/dist/core/events.d.ts.map +1 -1
- package/dist/core/events.js +33 -4
- package/dist/core/events.js.map +1 -1
- package/dist/core/history.d.ts +14 -0
- package/dist/core/history.d.ts.map +1 -1
- package/dist/core/history.js +73 -13
- package/dist/core/history.js.map +1 -1
- package/dist/core/protect.d.ts +4 -0
- package/dist/core/protect.d.ts.map +1 -1
- package/dist/core/protect.js +9 -1
- package/dist/core/protect.js.map +1 -1
- package/dist/core/validator.d.ts +4 -0
- package/dist/core/validator.d.ts.map +1 -1
- package/dist/core/validator.js +119 -97
- package/dist/core/validator.js.map +1 -1
- package/dist/core/veto.d.ts +35 -1
- package/dist/core/veto.d.ts.map +1 -1
- package/dist/core/veto.js +106 -6
- package/dist/core/veto.js.map +1 -1
- package/dist/custom/types.d.ts +1 -1
- package/dist/custom/types.d.ts.map +1 -1
- package/dist/deterministic/regex-safety.d.ts.map +1 -1
- package/dist/deterministic/regex-safety.js +42 -1
- package/dist/deterministic/regex-safety.js.map +1 -1
- package/dist/extractors/content.d.ts.map +1 -1
- package/dist/extractors/content.js +40 -23
- package/dist/extractors/content.js.map +1 -1
- package/dist/index.d.ts +11 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +9 -0
- package/dist/index.js.map +1 -1
- package/dist/integrations/langchain/middleware.d.ts +1 -1
- package/dist/integrations/langchain/middleware.js +1 -1
- package/dist/integrations/vercel-ai/middleware.d.ts +1 -1
- package/dist/integrations/vercel-ai/middleware.js +1 -1
- package/dist/observability/otel.d.ts +29 -0
- package/dist/observability/otel.d.ts.map +1 -0
- package/dist/observability/otel.js +43 -0
- package/dist/observability/otel.js.map +1 -0
- package/dist/policy/generator.d.ts.map +1 -1
- package/dist/policy/generator.js +4 -2
- package/dist/policy/generator.js.map +1 -1
- package/dist/proxy/anthropic-interceptor.d.ts +51 -0
- package/dist/proxy/anthropic-interceptor.d.ts.map +1 -0
- package/dist/proxy/anthropic-interceptor.js +132 -0
- package/dist/proxy/anthropic-interceptor.js.map +1 -0
- package/dist/proxy/interceptor.d.ts +55 -0
- package/dist/proxy/interceptor.d.ts.map +1 -0
- package/dist/proxy/interceptor.js +111 -0
- package/dist/proxy/interceptor.js.map +1 -0
- package/dist/proxy/server.d.ts +21 -0
- package/dist/proxy/server.d.ts.map +1 -0
- package/dist/proxy/server.js +545 -0
- package/dist/proxy/server.js.map +1 -0
- package/dist/proxy/types.d.ts +18 -0
- package/dist/proxy/types.d.ts.map +1 -0
- package/dist/proxy/types.js +7 -0
- package/dist/proxy/types.js.map +1 -0
- package/dist/rate-limiting/evaluator.d.ts +17 -0
- package/dist/rate-limiting/evaluator.d.ts.map +1 -0
- package/dist/rate-limiting/evaluator.js +48 -0
- package/dist/rate-limiting/evaluator.js.map +1 -0
- package/dist/rate-limiting/redis-store.d.ts +36 -0
- package/dist/rate-limiting/redis-store.d.ts.map +1 -0
- package/dist/rate-limiting/redis-store.js +68 -0
- package/dist/rate-limiting/redis-store.js.map +1 -0
- package/dist/rate-limiting/store.d.ts +8 -0
- package/dist/rate-limiting/store.d.ts.map +1 -0
- package/dist/rate-limiting/store.js +60 -0
- package/dist/rate-limiting/store.js.map +1 -0
- package/dist/rate-limiting/types.d.ts +9 -0
- package/dist/rate-limiting/types.d.ts.map +1 -0
- package/dist/rate-limiting/types.js +2 -0
- package/dist/rate-limiting/types.js.map +1 -0
- package/dist/rules/condition-evaluator.d.ts +6 -0
- package/dist/rules/condition-evaluator.d.ts.map +1 -1
- package/dist/rules/condition-evaluator.js +60 -18
- package/dist/rules/condition-evaluator.js.map +1 -1
- package/dist/rules/expression-validator.d.ts.map +1 -1
- package/dist/rules/expression-validator.js +5 -0
- package/dist/rules/expression-validator.js.map +1 -1
- package/dist/rules/loader.d.ts.map +1 -1
- package/dist/rules/loader.js +2 -0
- package/dist/rules/loader.js.map +1 -1
- package/dist/rules/local-evaluator.d.ts +11 -15
- package/dist/rules/local-evaluator.d.ts.map +1 -1
- package/dist/rules/local-evaluator.js +62 -29
- package/dist/rules/local-evaluator.js.map +1 -1
- package/dist/rules/policy-ir-schema.d.ts +43 -1
- package/dist/rules/policy-ir-schema.d.ts.map +1 -1
- package/dist/rules/policy-ir-schema.js +27 -1
- package/dist/rules/policy-ir-schema.js.map +1 -1
- package/dist/rules/types.d.ts +20 -1
- package/dist/rules/types.d.ts.map +1 -1
- package/dist/rules/types.js.map +1 -1
- package/dist/testing/runner.d.ts +21 -0
- package/dist/testing/runner.d.ts.map +1 -0
- package/dist/testing/runner.js +239 -0
- package/dist/testing/runner.js.map +1 -0
- package/dist/testing/types.d.ts +39 -0
- package/dist/testing/types.d.ts.map +1 -0
- package/dist/testing/types.js +7 -0
- package/dist/testing/types.js.map +1 -0
- package/dist/types/config.d.ts +1 -0
- package/dist/types/config.d.ts.map +1 -1
- package/dist/types/config.js.map +1 -1
- package/package.json +30 -17
package/dist/core/validator.js
CHANGED
|
@@ -13,9 +13,11 @@ export class ValidationEngine {
|
|
|
13
13
|
validators = [];
|
|
14
14
|
logger;
|
|
15
15
|
defaultDecision;
|
|
16
|
+
otelTracer;
|
|
16
17
|
constructor(options) {
|
|
17
18
|
this.logger = options.logger;
|
|
18
19
|
this.defaultDecision = options.defaultDecision;
|
|
20
|
+
this.otelTracer = options.otelTracer ?? null;
|
|
19
21
|
}
|
|
20
22
|
/**
|
|
21
23
|
* Add a validator to the engine.
|
|
@@ -86,117 +88,137 @@ export class ValidationEngine {
|
|
|
86
88
|
* @returns Aggregated validation result
|
|
87
89
|
*/
|
|
88
90
|
async validate(context) {
|
|
91
|
+
const span = this.otelTracer?.startSpan('veto.validate') ?? null;
|
|
89
92
|
const startTime = performance.now();
|
|
90
93
|
const validatorResults = [];
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
// If no validators, return default decision
|
|
99
|
-
if (applicableValidators.length === 0) {
|
|
100
|
-
const defaultResult = { decision: this.defaultDecision };
|
|
101
|
-
this.logger.debug('No applicable validators, using default decision', {
|
|
102
|
-
decision: this.defaultDecision,
|
|
94
|
+
try {
|
|
95
|
+
// Get validators that apply to this tool
|
|
96
|
+
const applicableValidators = this.getApplicableValidators(context.toolName);
|
|
97
|
+
this.logger.debug('Starting validation', {
|
|
98
|
+
toolName: context.toolName,
|
|
99
|
+
callId: context.callId,
|
|
100
|
+
validatorCount: applicableValidators.length,
|
|
103
101
|
});
|
|
104
|
-
return
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
}
|
|
110
|
-
let finalResult = { decision: 'allow' };
|
|
111
|
-
let currentContext = context;
|
|
112
|
-
// Run validators in sequence
|
|
113
|
-
for (const validator of applicableValidators) {
|
|
114
|
-
const validatorStart = performance.now();
|
|
115
|
-
try {
|
|
116
|
-
const result = await validator.validate(currentContext);
|
|
117
|
-
const durationMs = performance.now() - validatorStart;
|
|
118
|
-
validatorResults.push({
|
|
119
|
-
validatorName: validator.name,
|
|
120
|
-
result,
|
|
121
|
-
durationMs,
|
|
122
|
-
});
|
|
123
|
-
this.logger.debug('Validator completed', {
|
|
124
|
-
validatorName: validator.name,
|
|
125
|
-
decision: result.decision,
|
|
126
|
-
durationMs: Math.round(durationMs * 100) / 100,
|
|
102
|
+
// If no validators, return default decision
|
|
103
|
+
if (applicableValidators.length === 0) {
|
|
104
|
+
const defaultResult = { decision: this.defaultDecision };
|
|
105
|
+
this.logger.debug('No applicable validators, using default decision', {
|
|
106
|
+
decision: this.defaultDecision,
|
|
127
107
|
});
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
108
|
+
const totalDurationMs = performance.now() - startTime;
|
|
109
|
+
span?.setAttribute('tool.name', context.toolName);
|
|
110
|
+
span?.setAttribute('veto.decision', defaultResult.decision);
|
|
111
|
+
span?.setAttribute('veto.duration_ms', totalDurationMs);
|
|
112
|
+
span?.end();
|
|
113
|
+
return {
|
|
114
|
+
finalResult: defaultResult,
|
|
115
|
+
validatorResults: [],
|
|
116
|
+
totalDurationMs,
|
|
117
|
+
};
|
|
118
|
+
}
|
|
119
|
+
let finalResult = { decision: 'allow' };
|
|
120
|
+
let currentContext = context;
|
|
121
|
+
// Run validators in sequence
|
|
122
|
+
for (const validator of applicableValidators) {
|
|
123
|
+
const validatorStart = performance.now();
|
|
124
|
+
try {
|
|
125
|
+
const result = await validator.validate(currentContext);
|
|
126
|
+
const durationMs = performance.now() - validatorStart;
|
|
127
|
+
validatorResults.push({
|
|
128
|
+
validatorName: validator.name,
|
|
129
|
+
result,
|
|
130
|
+
durationMs,
|
|
137
131
|
});
|
|
138
|
-
|
|
132
|
+
this.logger.debug('Validator completed', {
|
|
133
|
+
validatorName: validator.name,
|
|
134
|
+
decision: result.decision,
|
|
135
|
+
durationMs: Math.round(durationMs * 100) / 100,
|
|
136
|
+
});
|
|
137
|
+
// Handle different decisions
|
|
138
|
+
if (result.decision === 'deny') {
|
|
139
|
+
// Stop on first denial
|
|
140
|
+
finalResult = result;
|
|
141
|
+
this.logger.info('Tool call denied by validator', {
|
|
142
|
+
toolName: context.toolName,
|
|
143
|
+
callId: context.callId,
|
|
144
|
+
validator: validator.name,
|
|
145
|
+
reason: result.reason,
|
|
146
|
+
});
|
|
147
|
+
break;
|
|
148
|
+
}
|
|
149
|
+
else if (result.decision === 'require_approval') {
|
|
150
|
+
// Stop on approval requirement so callers can route to HITL flows.
|
|
151
|
+
finalResult = result;
|
|
152
|
+
this.logger.info('Tool call requires approval by validator', {
|
|
153
|
+
toolName: context.toolName,
|
|
154
|
+
callId: context.callId,
|
|
155
|
+
validator: validator.name,
|
|
156
|
+
reason: result.reason,
|
|
157
|
+
});
|
|
158
|
+
break;
|
|
159
|
+
}
|
|
160
|
+
else if (result.decision === 'modify' && result.modifiedArguments) {
|
|
161
|
+
// Update context with modified arguments for next validator
|
|
162
|
+
currentContext = {
|
|
163
|
+
...currentContext,
|
|
164
|
+
arguments: result.modifiedArguments,
|
|
165
|
+
};
|
|
166
|
+
finalResult = result;
|
|
167
|
+
}
|
|
168
|
+
else if (result.decision === 'allow') {
|
|
169
|
+
// Continue to next validator
|
|
170
|
+
finalResult = result;
|
|
171
|
+
}
|
|
139
172
|
}
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
this.logger.
|
|
173
|
+
catch (error) {
|
|
174
|
+
const durationMs = performance.now() - validatorStart;
|
|
175
|
+
const errorMessage = error instanceof Error ? error.message : String(error);
|
|
176
|
+
this.logger.error('Validator threw an error', {
|
|
177
|
+
validatorName: validator.name,
|
|
144
178
|
toolName: context.toolName,
|
|
145
179
|
callId: context.callId,
|
|
146
|
-
|
|
147
|
-
|
|
180
|
+
}, error instanceof Error ? error : new Error(errorMessage));
|
|
181
|
+
// Treat validator errors as denials for safety
|
|
182
|
+
validatorResults.push({
|
|
183
|
+
validatorName: validator.name,
|
|
184
|
+
result: {
|
|
185
|
+
decision: 'deny',
|
|
186
|
+
reason: `Validator error: ${errorMessage}`,
|
|
187
|
+
},
|
|
188
|
+
durationMs,
|
|
148
189
|
});
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
// Update context with modified arguments for next validator
|
|
153
|
-
currentContext = {
|
|
154
|
-
...currentContext,
|
|
155
|
-
arguments: result.modifiedArguments,
|
|
190
|
+
finalResult = {
|
|
191
|
+
decision: 'deny',
|
|
192
|
+
reason: `Validator "${validator.name}" threw an error: ${errorMessage}`,
|
|
156
193
|
};
|
|
157
|
-
|
|
158
|
-
}
|
|
159
|
-
else if (result.decision === 'allow') {
|
|
160
|
-
// Continue to next validator
|
|
161
|
-
finalResult = result;
|
|
194
|
+
break;
|
|
162
195
|
}
|
|
163
196
|
}
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
result: {
|
|
176
|
-
decision: 'deny',
|
|
177
|
-
reason: `Validator error: ${errorMessage}`,
|
|
178
|
-
},
|
|
179
|
-
durationMs,
|
|
180
|
-
});
|
|
181
|
-
finalResult = {
|
|
182
|
-
decision: 'deny',
|
|
183
|
-
reason: `Validator "${validator.name}" threw an error: ${errorMessage}`,
|
|
184
|
-
};
|
|
185
|
-
break;
|
|
197
|
+
const totalDurationMs = performance.now() - startTime;
|
|
198
|
+
this.logger.debug('Validation complete', {
|
|
199
|
+
toolName: context.toolName,
|
|
200
|
+
callId: context.callId,
|
|
201
|
+
finalDecision: finalResult.decision,
|
|
202
|
+
totalDurationMs: Math.round(totalDurationMs * 100) / 100,
|
|
203
|
+
});
|
|
204
|
+
span?.setAttribute('tool.name', context.toolName);
|
|
205
|
+
span?.setAttribute('veto.decision', finalResult.decision);
|
|
206
|
+
if (finalResult.metadata?.ruleId !== undefined) {
|
|
207
|
+
span?.setAttribute('veto.rule_id', String(finalResult.metadata.ruleId));
|
|
186
208
|
}
|
|
209
|
+
span?.setAttribute('veto.duration_ms', totalDurationMs);
|
|
210
|
+
span?.end();
|
|
211
|
+
return {
|
|
212
|
+
finalResult,
|
|
213
|
+
validatorResults,
|
|
214
|
+
totalDurationMs,
|
|
215
|
+
};
|
|
216
|
+
}
|
|
217
|
+
catch (err) {
|
|
218
|
+
span?.setStatus({ code: 2 }); // SpanStatusCode.ERROR
|
|
219
|
+
span?.end();
|
|
220
|
+
throw err;
|
|
187
221
|
}
|
|
188
|
-
const totalDurationMs = performance.now() - startTime;
|
|
189
|
-
this.logger.debug('Validation complete', {
|
|
190
|
-
toolName: context.toolName,
|
|
191
|
-
callId: context.callId,
|
|
192
|
-
finalDecision: finalResult.decision,
|
|
193
|
-
totalDurationMs: Math.round(totalDurationMs * 100) / 100,
|
|
194
|
-
});
|
|
195
|
-
return {
|
|
196
|
-
finalResult,
|
|
197
|
-
validatorResults,
|
|
198
|
-
totalDurationMs,
|
|
199
|
-
};
|
|
200
222
|
}
|
|
201
223
|
/**
|
|
202
224
|
* Sort validators by priority (lower runs first).
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validator.js","sourceRoot":"","sources":["../../src/core/validator.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAQH,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"validator.js","sourceRoot":"","sources":["../../src/core/validator.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAQH,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAgCxD;;GAEG;AACH,MAAM,OAAO,gBAAgB;IACV,UAAU,GAAqB,EAAE,CAAC;IAClC,MAAM,CAAS;IACf,eAAe,CAA8B;IAC7C,UAAU,CAAoB;IAE/C,YAAY,OAAgC;QAC1C,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;QAC/C,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,IAAI,CAAC;IAC/C,CAAC;IAED;;;;OAIG;IACH,YAAY,CAAC,SAAqC;QAChD,MAAM,UAAU,GAAG,kBAAkB,CAAC,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACzE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACjC,IAAI,CAAC,cAAc,EAAE,CAAC;QACtB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,EAAE;YACnC,IAAI,EAAE,UAAU,CAAC,IAAI;YACrB,QAAQ,EAAE,UAAU,CAAC,QAAQ;YAC7B,eAAe,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM;SACxC,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,aAAa,CAAC,UAA6C;QACzD,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,MAAM,UAAU,GAAG,kBAAkB,CAAC,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YACzE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACnC,CAAC;QACD,IAAI,CAAC,cAAc,EAAE,CAAC;QACtB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,EAAE;YACpC,KAAK,EAAE,UAAU,CAAC,MAAM;YACxB,eAAe,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM;SACxC,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACH,eAAe,CAAC,IAAY;QAC1B,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;QAChE,IAAI,KAAK,KAAK,CAAC,CAAC,EAAE,CAAC;YACjB,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YACjC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;YACjD,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,eAAe;QACb,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC;QAC3B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,aAAa;QACX,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,QAAQ,CAAC,OAA0B;QACvC,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,eAAe,CAAC,IAAI,IAAI,CAAC;QACjE,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QACpC,MAAM,gBAAgB,GAAmD,EAAE,CAAC;QAE5E,IAAI,CAAC;YACH,yCAAyC;YACzC,MAAM,oBAAoB,GAAG,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAE5E,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE;gBACvC,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,cAAc,EAAE,oBAAoB,CAAC,MAAM;aAC5C,CAAC,CAAC;YAEH,4CAA4C;YAC5C,IAAI,oBAAoB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACtC,MAAM,aAAa,GAAqB,EAAE,QAAQ,EAAE,IAAI,CAAC,eAAe,EAAE,CAAC;gBAC3E,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,kDAAkD,EAAE;oBACpE,QAAQ,EAAE,IAAI,CAAC,eAAe;iBAC/B,CAAC,CAAC;gBACH,MAAM,eAAe,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;gBACtD,IAAI,EAAE,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;gBAClD,IAAI,EAAE,YAAY,CAAC,eAAe,EAAE,aAAa,CAAC,QAAQ,CAAC,CAAC;gBAC5D,IAAI,EAAE,YAAY,CAAC,kBAAkB,EAAE,eAAe,CAAC,CAAC;gBACxD,IAAI,EAAE,GAAG,EAAE,CAAC;gBACZ,OAAO;oBACL,WAAW,EAAE,aAAa;oBAC1B,gBAAgB,EAAE,EAAE;oBACpB,eAAe;iBAChB,CAAC;YACJ,CAAC;YAED,IAAI,WAAW,GAAqB,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;YAC1D,IAAI,cAAc,GAAG,OAAO,CAAC;YAE7B,6BAA6B;YAC7B,KAAK,MAAM,SAAS,IAAI,oBAAoB,EAAE,CAAC;gBAC7C,MAAM,cAAc,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;gBAEzC,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;oBACxD,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,cAAc,CAAC;oBAEtD,gBAAgB,CAAC,IAAI,CAAC;wBACpB,aAAa,EAAE,SAAS,CAAC,IAAI;wBAC7B,MAAM;wBACN,UAAU;qBACX,CAAC,CAAC;oBAEH,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE;wBACvC,aAAa,EAAE,SAAS,CAAC,IAAI;wBAC7B,QAAQ,EAAE,MAAM,CAAC,QAAQ;wBACzB,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,UAAU,GAAG,GAAG,CAAC,GAAG,GAAG;qBAC/C,CAAC,CAAC;oBAEH,6BAA6B;oBAC7B,IAAI,MAAM,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;wBAC/B,uBAAuB;wBACvB,WAAW,GAAG,MAAM,CAAC;wBACrB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,+BAA+B,EAAE;4BAChD,QAAQ,EAAE,OAAO,CAAC,QAAQ;4BAC1B,MAAM,EAAE,OAAO,CAAC,MAAM;4BACtB,SAAS,EAAE,SAAS,CAAC,IAAI;4BACzB,MAAM,EAAE,MAAM,CAAC,MAAM;yBACtB,CAAC,CAAC;wBACH,MAAM;oBACR,CAAC;yBAAM,IAAI,MAAM,CAAC,QAAQ,KAAK,kBAAkB,EAAE,CAAC;wBAClD,mEAAmE;wBACnE,WAAW,GAAG,MAAM,CAAC;wBACrB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0CAA0C,EAAE;4BAC3D,QAAQ,EAAE,OAAO,CAAC,QAAQ;4BAC1B,MAAM,EAAE,OAAO,CAAC,MAAM;4BACtB,SAAS,EAAE,SAAS,CAAC,IAAI;4BACzB,MAAM,EAAE,MAAM,CAAC,MAAM;yBACtB,CAAC,CAAC;wBACH,MAAM;oBACR,CAAC;yBAAM,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,IAAI,MAAM,CAAC,iBAAiB,EAAE,CAAC;wBACpE,4DAA4D;wBAC5D,cAAc,GAAG;4BACf,GAAG,cAAc;4BACjB,SAAS,EAAE,MAAM,CAAC,iBAAiB;yBACpC,CAAC;wBACF,WAAW,GAAG,MAAM,CAAC;oBACvB,CAAC;yBAAM,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;wBACvC,6BAA6B;wBAC7B,WAAW,GAAG,MAAM,CAAC;oBACvB,CAAC;gBACH,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,cAAc,CAAC;oBACtD,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;oBAE5E,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,0BAA0B,EAC1B;wBACE,aAAa,EAAE,SAAS,CAAC,IAAI;wBAC7B,QAAQ,EAAE,OAAO,CAAC,QAAQ;wBAC1B,MAAM,EAAE,OAAO,CAAC,MAAM;qBACvB,EACD,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,YAAY,CAAC,CACzD,CAAC;oBAEF,+CAA+C;oBAC/C,gBAAgB,CAAC,IAAI,CAAC;wBACpB,aAAa,EAAE,SAAS,CAAC,IAAI;wBAC7B,MAAM,EAAE;4BACN,QAAQ,EAAE,MAAM;4BAChB,MAAM,EAAE,oBAAoB,YAAY,EAAE;yBAC3C;wBACD,UAAU;qBACX,CAAC,CAAC;oBAEH,WAAW,GAAG;wBACZ,QAAQ,EAAE,MAAM;wBAChB,MAAM,EAAE,cAAc,SAAS,CAAC,IAAI,qBAAqB,YAAY,EAAE;qBACxE,CAAC;oBACF,MAAM;gBACR,CAAC;YACH,CAAC;YAED,MAAM,eAAe,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;YAEtD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE;gBACvC,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,aAAa,EAAE,WAAW,CAAC,QAAQ;gBACnC,eAAe,EAAE,IAAI,CAAC,KAAK,CAAC,eAAe,GAAG,GAAG,CAAC,GAAG,GAAG;aACzD,CAAC,CAAC;YAEH,IAAI,EAAE,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;YAClD,IAAI,EAAE,YAAY,CAAC,eAAe,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAC;YAC1D,IAAI,WAAW,CAAC,QAAQ,EAAE,MAAM,KAAK,SAAS,EAAE,CAAC;gBAC/C,IAAI,EAAE,YAAY,CAAC,cAAc,EAAE,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;YAC1E,CAAC;YACD,IAAI,EAAE,YAAY,CAAC,kBAAkB,EAAE,eAAe,CAAC,CAAC;YACxD,IAAI,EAAE,GAAG,EAAE,CAAC;YAEZ,OAAO;gBACL,WAAW;gBACX,gBAAgB;gBAChB,eAAe;aAChB,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,EAAE,SAAS,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,uBAAuB;YACrD,IAAI,EAAE,GAAG,EAAE,CAAC;YACZ,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED;;OAEG;IACK,cAAc;QACpB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,GAAG,CAAC,CAAC,CAAC;IAC5E,CAAC;IAED;;OAEG;IACK,uBAAuB,CAAC,QAAgB;QAC9C,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,EAAE;YAC1C,yDAAyD;YACzD,IAAI,CAAC,SAAS,CAAC,UAAU,IAAI,SAAS,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC/D,OAAO,IAAI,CAAC;YACd,CAAC;YACD,2CAA2C;YAC3C,OAAO,SAAS,CAAC,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACjD,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,UAAU,0BAA0B;IACxC,OAAO;QACL,IAAI,EAAE,aAAa;QACnB,WAAW,EAAE,0CAA0C;QACvD,QAAQ,EAAE,IAAI,EAAE,WAAW;QAC3B,QAAQ,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;KACxC,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,wBAAwB,CACtC,SAAmB,EACnB,MAAM,GAAG,iBAAiB;IAE1B,OAAO;QACL,IAAI,EAAE,WAAW;QACjB,WAAW,EAAE,iBAAiB,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QACpD,QAAQ,EAAE,CAAC,EAAE,YAAY;QACzB,UAAU,EAAE,SAAS;QACrB,QAAQ,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;YACtB,QAAQ,EAAE,MAAM;YAChB,MAAM,EAAE,GAAG,MAAM,KAAK,OAAO,CAAC,QAAQ,EAAE;SACzC,CAAC;KACH,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,wBAAwB,CACtC,SAAmB,EACnB,MAAM,GAAG,0BAA0B;IAEnC,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;IACnC,OAAO;QACL,IAAI,EAAE,WAAW;QACjB,WAAW,EAAE,sBAAsB,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QACzD,QAAQ,EAAE,CAAC,EAAE,YAAY;QACzB,QAAQ,EAAE,CAAC,OAAO,EAAE,EAAE;YACpB,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAClC,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;YAC/B,CAAC;YACD,OAAO;gBACL,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,GAAG,MAAM,KAAK,OAAO,CAAC,QAAQ,EAAE;aACzC,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC"}
|
package/dist/core/veto.d.ts
CHANGED
|
@@ -20,6 +20,7 @@ import { VetoCloudClient } from '../cloud/client.js';
|
|
|
20
20
|
import { type OutputValidationResult } from './output-validator.js';
|
|
21
21
|
import type { VetoBrowserOptions as SharedVetoBrowserOptions, VetoFromCloudOptions as SharedVetoFromCloudOptions } from '../browser/types.js';
|
|
22
22
|
import { type VetoWebhookEventType } from './events.js';
|
|
23
|
+
import { type VetoTracer } from '../observability/otel.js';
|
|
23
24
|
/**
|
|
24
25
|
* Veto operating mode.
|
|
25
26
|
* - "strict": Block tool calls when validation fails
|
|
@@ -153,6 +154,13 @@ interface VetoConfigFile {
|
|
|
153
154
|
};
|
|
154
155
|
/** Economic authorization policy (x402, MPP, AP2 support) */
|
|
155
156
|
economic?: EconomicPolicyConfig;
|
|
157
|
+
/** Tamper-evident append-only audit log configuration */
|
|
158
|
+
audit?: {
|
|
159
|
+
/** Enable the audit log. Defaults to false. */
|
|
160
|
+
enabled?: boolean;
|
|
161
|
+
/** Path for the audit log file. Defaults to .veto/audit.log */
|
|
162
|
+
path?: string;
|
|
163
|
+
};
|
|
156
164
|
}
|
|
157
165
|
/**
|
|
158
166
|
* Options for creating a Veto instance.
|
|
@@ -231,6 +239,29 @@ export interface VetoOptions {
|
|
|
231
239
|
onDecisionMade?: (result: GuardResult & {
|
|
232
240
|
toolName: string;
|
|
233
241
|
}) => void;
|
|
242
|
+
/**
|
|
243
|
+
* OpenTelemetry integration options.
|
|
244
|
+
* Requires @opentelemetry/api as an optional peer dependency.
|
|
245
|
+
* When @opentelemetry/api is not installed, all spans are no-ops.
|
|
246
|
+
*/
|
|
247
|
+
telemetry?: {
|
|
248
|
+
/** Set to false to disable OTEL instrumentation entirely. Defaults to true (auto-detect). */
|
|
249
|
+
enabled?: boolean;
|
|
250
|
+
/** Service name reported to the tracer. Defaults to 'veto-sdk'. */
|
|
251
|
+
serviceName?: string;
|
|
252
|
+
};
|
|
253
|
+
/**
|
|
254
|
+
* Tamper-evident append-only audit log. Each decision is hashed and chained.
|
|
255
|
+
* Verify with `veto audit verify`.
|
|
256
|
+
*/
|
|
257
|
+
audit?: {
|
|
258
|
+
/** Enable the audit log. Defaults to false. */
|
|
259
|
+
enabled?: boolean;
|
|
260
|
+
/** Path for the audit log file. Defaults to .veto/audit.log */
|
|
261
|
+
path?: string;
|
|
262
|
+
};
|
|
263
|
+
/** @internal Pre-resolved tracer injected by init() after async OTEL load. */
|
|
264
|
+
_otelTracer?: VetoTracer | null;
|
|
234
265
|
}
|
|
235
266
|
export type VetoBrowserOptions = SharedVetoBrowserOptions<VetoCloudClient> & {
|
|
236
267
|
budget?: VetoConfigFile['budget'];
|
|
@@ -304,6 +335,7 @@ export declare class Veto {
|
|
|
304
335
|
private readonly browserMode;
|
|
305
336
|
private readonly compiledExpressionCache;
|
|
306
337
|
private refreshIntervalId;
|
|
338
|
+
private otelTracer;
|
|
307
339
|
private constructor();
|
|
308
340
|
/**
|
|
309
341
|
* Initialize Veto by loading configuration and rules.
|
|
@@ -504,7 +536,7 @@ export declare class Veto {
|
|
|
504
536
|
* const wrappedTools = veto.wrap(tools);
|
|
505
537
|
*
|
|
506
538
|
* const agent = createAgent({
|
|
507
|
-
* model: 'openai:gpt-
|
|
539
|
+
* model: 'openai:gpt-5.4',
|
|
508
540
|
* tools: wrappedTools, // Same type as input!
|
|
509
541
|
* });
|
|
510
542
|
* ```
|
|
@@ -623,6 +655,8 @@ export declare class Veto {
|
|
|
623
655
|
*/
|
|
624
656
|
resetEconomicBudget(scope?: BudgetScope): void;
|
|
625
657
|
dispose(): void;
|
|
658
|
+
/** Await pending async audit log writes. Call before reading the log in tests or on shutdown. */
|
|
659
|
+
flushAuditLog(): Promise<void>;
|
|
626
660
|
}
|
|
627
661
|
export { ToolCallDeniedError };
|
|
628
662
|
export { BudgetExceededError };
|
package/dist/core/veto.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"veto.d.ts","sourceRoot":"","sources":["../../src/core/veto.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EACV,cAAc,EACd,QAAQ,EACT,MAAM,kBAAkB,CAAC;AAC1B,OAAO,KAAK,EACV,oBAAoB,EACpB,SAAS,EACT,cAAc,EACd,iBAAiB,EAEjB,QAAQ,EACR,aAAa,EAEd,MAAM,oBAAoB,CAAC;AAO5B,OAAO,EAAkB,KAAK,YAAY,EAAE,MAAM,cAAc,CAAC;AACjE,OAAO,EAAiB,mBAAmB,EAAE,KAAK,YAAY,EAAE,MAAM,aAAa,CAAC;AACpF,OAAO,EAAe,mBAAmB,EAAE,KAAK,kBAAkB,EAAsB,MAAM,kBAAkB,CAAC;AACjH,OAAO,KAAK,EAAE,eAAe,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,WAAW,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAG5I,OAAO,KAAK,EAAE,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACrF,OAAO,KAAK,EAEV,YAAY,EAMb,MAAM,mBAAmB,CAAC;AAK3B,OAAO,KAAK,EAAE,YAAY,IAAI,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAG5E,OAAO,KAAK,EAAwC,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AACrG,OAAO,EAAE,eAAe,EAAwB,MAAM,oBAAoB,CAAC;AAI3E,OAAO,EAAmB,KAAK,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AACrF,OAAO,KAAK,EACV,kBAAkB,IAAI,wBAAwB,EAC9C,oBAAoB,IAAI,0BAA0B,EACnD,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAIL,KAAK,oBAAoB,EAC1B,MAAM,aAAa,CAAC;AAErB;;;;;GAKG;AACH,MAAM,MAAM,QAAQ,GAAG,QAAQ,GAAG,KAAK,GAAG,QAAQ,CAAC;AAEnD;;;;;;;GAOG;AACH,MAAM,MAAM,cAAc,GAAG,OAAO,GAAG,KAAK,GAAG,QAAQ,GAAG,QAAQ,GAAG,OAAO,CAAC;AAI7E;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;AAEjF;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,sDAAsD;IACtD,WAAW,EAAE,cAAc,EAAE,CAAC;IAC9B,mDAAmD;IACnD,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;CACjD;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,kEAAkE;IAClE,QAAQ,CAAC,EAAE,eAAe,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,OAAO,GAAG,MAAM,GAAG,kBAAkB,CAAC;IAChD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,YAAY,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,+EAA+E;IAC/E,cAAc,CAAC,EAAE,qBAAqB,CAAC;CACxC;AAID;;GAEG;AACH,UAAU,cAAc;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,QAAQ,CAAC;IAChB,UAAU,CAAC,EAAE;QACX,IAAI,CAAC,EAAE,cAAc,CAAC;KACvB,CAAC;IACF,GAAG,CAAC,EAAE;QACJ,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,CAAC;IACF,MAAM,CAAC,EAAE;QACP,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,MAAM,CAAC,EAAE;QACP,QAAQ,CAAC,EAAE,QAAQ,GAAG,YAAY,GAAG,QAAQ,GAAG,WAAW,CAAC;QAC5D,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,KAAK,CAAC,EAAE;QACN,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,CAAC;IACF,QAAQ,CAAC,EAAE;QACT,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,eAAe,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC;QACpC,yGAAyG;QACzG,oBAAoB,CAAC,EAAE,OAAO,CAAC;QAC/B,cAAc,CAAC,EAAE;YACf,aAAa,CAAC,EAAE,MAAM,CAAC;YACvB,WAAW,CAAC,EAAE,MAAM,CAAC;SACtB,CAAC;KACH,CAAC;IACF,OAAO,CAAC,EAAE;QACR,KAAK,CAAC,EAAE,QAAQ,CAAC;QACjB,UAAU,CAAC,EAAE,aAAa,CAAC;KAC5B,CAAC;IACF,KAAK,CAAC,EAAE;QACN,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,SAAS,CAAC,EAAE,OAAO,CAAC;KACrB,CAAC;IACF,MAAM,CAAC,EAAE;QACP,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,MAAM,CAAC,EAAE,SAAS,CAAC;KACpB,CAAC;IACF,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,CAAC;IACxC,MAAM,CAAC,EAAE;QACP,OAAO,CAAC,EAAE;YACR,GAAG,CAAC,EAAE,MAAM,CAAC;YACb,EAAE,CAAC,EAAE,oBAAoB,EAAE,CAAC;YAC5B,YAAY,CAAC,EAAE,YAAY,CAAC;YAC5B,MAAM,CAAC,EAAE,OAAO,GAAG,WAAW,GAAG,SAAS,GAAG,KAAK,CAAC;SACpD,CAAC;KACH,CAAC;IACF,6DAA6D;IAC7D,QAAQ,CAAC,EAAE,oBAAoB,CAAC;CACjC;AAuDD;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;;OAIG;IACH,IAAI,CAAC,EAAE,QAAQ,CAAC;IAEhB;;;OAGG;IACH,QAAQ,CAAC,EAAE,QAAQ,CAAC;IAEpB;;;OAGG;IACH,UAAU,CAAC,EAAE,aAAa,CAAC;IAE3B;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;;OAGG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd;;OAEG;IACH,UAAU,CAAC,EAAE,CAAC,SAAS,GAAG,cAAc,CAAC,EAAE,CAAC;IAE5C;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,YAAY,CAAC,EAAE,gBAAgB,CAAC;IAEhC;;OAEG;IACH,WAAW,CAAC,EAAE,eAAe,CAAC;IAE9B;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,CACnB,OAAO,EAAE,iBAAiB,EAC1B,UAAU,EAAE,MAAM,KACf,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE1B,kGAAkG;IAClG,cAAc,CAAC,EAAE,CAAC,MAAM,EAAE,WAAW,GAAG;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE,KAAK,IAAI,CAAC;CACvE;AAED,MAAM,MAAM,kBAAkB,GAAG,wBAAwB,CAAC,eAAe,CAAC,GAAG;IAC3E,MAAM,CAAC,EAAE,cAAc,CAAC,QAAQ,CAAC,CAAC;IAClC,KAAK,CAAC,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC;IAChC,QAAQ,CAAC,EAAE,cAAc,CAAC,UAAU,CAAC,CAAC;IACtC,MAAM,CAAC,EAAE,cAAc,CAAC,QAAQ,CAAC,CAAC;CACnC,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG,0BAA0B,CAAC;AAE9D;;;;;;;;;;;;;;;;;;;GAmBG;AACH,qBAAa,IAAI;IACf,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,sBAAsB,CAAyB;IAEvE,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAmB;IACpD,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAiB;IAChD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAuB;IACrD,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAA2B;IAC7D,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAA2B;IAChE,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAc;IAC1C,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAkB;IAClD,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAsB;IAG1D,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAW;IAChC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAW;IAC5C,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAiB;IAChD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAc;IAC1C,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;IACvC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAS;IAG/B,OAAO,CAAC,YAAY,CAAiC;IACrD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAsB;IAGnD,OAAO,CAAC,YAAY,CAAiC;IACrD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAsB;IAGnD,OAAO,CAAC,WAAW,CAAgC;IACnD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAyB;IACrD,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAsB;IAC1D,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAsB;IAC1D,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAGV;IAC1B,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAuD;IAGvF,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAiD;IAGrF,OAAO,CAAC,QAAQ,CAAC,WAAW,CAA4B;IACxD,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAmC;IAG3E,OAAO,CAAC,UAAU,CAAmB;IACrC,OAAO,CAAC,gBAAgB,CAAgB;IACxC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAS;IACxC,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAU;IAC9C,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAU;IACtC,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAA8B;IACtE,OAAO,CAAC,iBAAiB,CAA+C;IAExE,OAAO;IAyTP;;;;;;;;;;;;;;;;;;;;OAoBG;WACU,IAAI,CAAC,OAAO,GAAE,WAAgB,GAAG,OAAO,CAAC,IAAI,CAAC;IAiE3D,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,kBAAkB,GAAG,IAAI;WAqEtC,SAAS,CAAC,OAAO,EAAE,oBAAoB,GAAG,OAAO,CAAC,IAAI,CAAC;IAgCpE,OAAO,CAAC,MAAM,CAAC,YAAY;IAO3B,OAAO,CAAC,MAAM,CAAC,kBAAkB;IAoBjC,OAAO,CAAC,MAAM,CAAC,uBAAuB;IAWtC,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAc/B,OAAO,CAAC,MAAM,CAAC,mBAAmB;IAKlC,OAAO,CAAC,MAAM,CAAC,qBAAqB;IAWpC,OAAO,CAAC,MAAM,CAAC,UAAU;mBAuCJ,gBAAgB;mBAIhB,kBAAkB;mBAIlB,cAAc;mBAKd,eAAe;IAmBpC;;OAEG;mBACkB,SAAS;IAoG9B;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,aAAa;IA+B5B;;OAEG;IACH,OAAO,CAAC,eAAe;IAKvB,OAAO,CAAC,qBAAqB;IAO7B,OAAO,CAAC,sBAAsB;IAS9B,OAAO,CAAC,iBAAiB;IAIzB,OAAO,CAAC,0BAA0B;IAIlC,OAAO,CAAC,sBAAsB;IAO9B,OAAO,CAAC,qBAAqB;IAQ7B,OAAO,CAAC,gBAAgB;IAmBxB,OAAO,CAAC,uBAAuB;IAkC/B,OAAO,CAAC,gBAAgB;IAIxB,OAAO,CAAC,cAAc;IAItB,OAAO,CAAC,aAAa;IAIrB,OAAO,CAAC,WAAW;IAInB,OAAO,CAAC,mBAAmB;IAU3B,OAAO,CAAC,eAAe;IAWvB,OAAO,CAAC,WAAW;IAYnB;;OAEG;YACW,eAAe;IAiD7B;;OAEG;YACW,cAAc;IAwC5B;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAkEzB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAuBxB;;OAEG;YACW,iBAAiB;IAiJ/B,OAAO,CAAC,2BAA2B;IA8BnC,OAAO,CAAC,gBAAgB;IA+BxB,OAAO,CAAC,sBAAsB;IAc9B,OAAO,CAAC,mBAAmB;IAI3B,OAAO,CAAC,+BAA+B;IAuBvC,OAAO,CAAC,uBAAuB;IAyC/B,OAAO,CAAC,gCAAgC;IAYxC,OAAO,CAAC,uBAAuB;IA8B/B;;OAEG;YACW,eAAe;IAyB7B;;OAEG;YACW,kBAAkB;IAyBhC;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAkE5B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IA0B3B;;OAEG;YACW,eAAe;IA2B7B;;OAEG;YACW,kBAAkB;IAyBhC;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAkE5B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IA0B3B;;OAEG;IACH,OAAO,CAAC,cAAc;IAatB;;;OAGG;IACH,OAAO,CAAC,qBAAqB;IA4C7B;;;OAGG;YACW,iBAAiB;IAoN/B;;OAEG;YACW,kBAAkB;YA6FlB,uBAAuB;YAkJvB,wBAAwB;YAgDxB,WAAW;IAwBzB,OAAO,CAAC,0BAA0B;IAQlC,OAAO,CAAC,yBAAyB;IA4CjC,OAAO,CAAC,iBAAiB;IAoCzB,OAAO,CAAC,sBAAsB;IA2B9B,OAAO,CAAC,wBAAwB;IAgBhC,OAAO,CAAC,iBAAiB;IAyBzB,OAAO,CAAC,kBAAkB;IAW1B;;;;;;;;OAQG;IACH,OAAO,CAAC,iBAAiB;IAyCzB,OAAO,CAAC,aAAa;IAwBrB,OAAO,CAAC,qBAAqB;IAqB7B,OAAO,CAAC,uBAAuB;IA0B/B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAU3B;;OAEG;IACH,OAAO,CAAC,KAAK;IAIb,OAAO,CAAC,mBAAmB;IA6B3B,OAAO,CAAC,qBAAqB;IA6B7B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA8BG;IACH,IAAI,CAAC,CAAC,SAAS;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,EAAE,KAAK,EAAE,CAAC,EAAE,GAAG,CAAC,EAAE;IAIjD;;;;;OAKG;IACH,QAAQ,CAAC,CAAC,SAAS;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC;IAuIhD;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACH,YAAY,CACV,KAAK,EAAE,OAAO,EAAE,EAChB,YAAY,EAAE,eAAe,GAC5B;QACD,KAAK,EAAE,OAAO,EAAE,CAAC;QACjB,QAAQ,EAAE,CAAC,IAAI,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;SAAE,KAAK,OAAO,CAAC,aAAa,CAAC,CAAC;KACnG;IAuDD;;;;;;OAMG;IACG,gBAAgB,CAAC,IAAI,EAAE,QAAQ,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAwBnE;;OAEG;IACH,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,GAAG,sBAAsB;IAIzE;;;;OAIG;IACG,KAAK,CACT,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,OAAO,GAAE,YAAiB,GACzB,OAAO,CAAC,WAAW,CAAC;IA4JvB;;;;;;;;OAQG;IACH,qBAAqB,CACnB,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,aAAa,GAAG,UAAU,GACrC,IAAI;IAQP;;;;OAIG;IACH,wBAAwB,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI;IAQjD;;OAEG;IACH,qBAAqB,CACnB,QAAQ,EAAE,MAAM,GACf,aAAa,GAAG,UAAU,GAAG,SAAS;IAIzC;;;OAGG;IACG,aAAa,CAAC,aAAa,EAAE,qBAAqB,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IASpE,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC;IAkB7B,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC;IA+BvC,OAAO,CAAC,kBAAkB;IAmB1B;;OAEG;IACH,eAAe,IAAI,YAAY;IAI/B;;OAEG;IACH,eAAe,CAAC,MAAM,GAAE,oBAA6B,GAAG,MAAM;IAI9D;;OAEG;IACH,YAAY,IAAI,IAAI;IAIpB,eAAe,IAAI,YAAY,GAAG,IAAI;IAItC,WAAW,IAAI,IAAI;IAInB;;;OAGG;IACH,uBAAuB,CAAC,KAAK,GAAE,WAAuB,GAAG,oBAAoB,GAAG,IAAI;IAIpF;;OAEG;IACH,mBAAmB,CAAC,KAAK,GAAE,WAAuB,GAAG,IAAI;IAIzD,OAAO,IAAI,IAAI;CAMhB;AAGD,OAAO,EAAE,mBAAmB,EAAE,CAAC;AAC/B,OAAO,EAAE,mBAAmB,EAAE,CAAC"}
|
|
1
|
+
{"version":3,"file":"veto.d.ts","sourceRoot":"","sources":["../../src/core/veto.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EACV,cAAc,EACd,QAAQ,EACT,MAAM,kBAAkB,CAAC;AAC1B,OAAO,KAAK,EACV,oBAAoB,EACpB,SAAS,EACT,cAAc,EACd,iBAAiB,EAEjB,QAAQ,EACR,aAAa,EAEd,MAAM,oBAAoB,CAAC;AAO5B,OAAO,EAAkB,KAAK,YAAY,EAAE,MAAM,cAAc,CAAC;AACjE,OAAO,EAAiB,mBAAmB,EAAE,KAAK,YAAY,EAAE,MAAM,aAAa,CAAC;AACpF,OAAO,EAAe,mBAAmB,EAAE,KAAK,kBAAkB,EAAsB,MAAM,kBAAkB,CAAC;AACjH,OAAO,KAAK,EAAE,eAAe,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,WAAW,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAG5I,OAAO,KAAK,EAAE,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACrF,OAAO,KAAK,EAEV,YAAY,EAMb,MAAM,mBAAmB,CAAC;AAM3B,OAAO,KAAK,EAAE,YAAY,IAAI,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAG5E,OAAO,KAAK,EAAwC,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AACrG,OAAO,EAAE,eAAe,EAAwB,MAAM,oBAAoB,CAAC;AAI3E,OAAO,EAAmB,KAAK,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AACrF,OAAO,KAAK,EACV,kBAAkB,IAAI,wBAAwB,EAC9C,oBAAoB,IAAI,0BAA0B,EACnD,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAIL,KAAK,oBAAoB,EAC1B,MAAM,aAAa,CAAC;AACrB,OAAO,EAAe,KAAK,UAAU,EAAE,MAAM,0BAA0B,CAAC;AAExE;;;;;GAKG;AACH,MAAM,MAAM,QAAQ,GAAG,QAAQ,GAAG,KAAK,GAAG,QAAQ,CAAC;AAEnD;;;;;;;GAOG;AACH,MAAM,MAAM,cAAc,GAAG,OAAO,GAAG,KAAK,GAAG,QAAQ,GAAG,QAAQ,GAAG,OAAO,CAAC;AAI7E;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;AAEjF;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,sDAAsD;IACtD,WAAW,EAAE,cAAc,EAAE,CAAC;IAC9B,mDAAmD;IACnD,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;CACjD;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,kEAAkE;IAClE,QAAQ,CAAC,EAAE,eAAe,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,OAAO,GAAG,MAAM,GAAG,kBAAkB,CAAC;IAChD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,YAAY,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,+EAA+E;IAC/E,cAAc,CAAC,EAAE,qBAAqB,CAAC;CACxC;AAID;;GAEG;AACH,UAAU,cAAc;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,QAAQ,CAAC;IAChB,UAAU,CAAC,EAAE;QACX,IAAI,CAAC,EAAE,cAAc,CAAC;KACvB,CAAC;IACF,GAAG,CAAC,EAAE;QACJ,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,CAAC;IACF,MAAM,CAAC,EAAE;QACP,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,MAAM,CAAC,EAAE;QACP,QAAQ,CAAC,EAAE,QAAQ,GAAG,YAAY,GAAG,QAAQ,GAAG,WAAW,CAAC;QAC5D,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,KAAK,CAAC,EAAE;QACN,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,CAAC;IACF,QAAQ,CAAC,EAAE;QACT,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,eAAe,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC;QACpC,yGAAyG;QACzG,oBAAoB,CAAC,EAAE,OAAO,CAAC;QAC/B,cAAc,CAAC,EAAE;YACf,aAAa,CAAC,EAAE,MAAM,CAAC;YACvB,WAAW,CAAC,EAAE,MAAM,CAAC;SACtB,CAAC;KACH,CAAC;IACF,OAAO,CAAC,EAAE;QACR,KAAK,CAAC,EAAE,QAAQ,CAAC;QACjB,UAAU,CAAC,EAAE,aAAa,CAAC;KAC5B,CAAC;IACF,KAAK,CAAC,EAAE;QACN,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,SAAS,CAAC,EAAE,OAAO,CAAC;KACrB,CAAC;IACF,MAAM,CAAC,EAAE;QACP,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,MAAM,CAAC,EAAE,SAAS,CAAC;KACpB,CAAC;IACF,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,CAAC;IACxC,MAAM,CAAC,EAAE;QACP,OAAO,CAAC,EAAE;YACR,GAAG,CAAC,EAAE,MAAM,CAAC;YACb,EAAE,CAAC,EAAE,oBAAoB,EAAE,CAAC;YAC5B,YAAY,CAAC,EAAE,YAAY,CAAC;YAC5B,MAAM,CAAC,EAAE,OAAO,GAAG,WAAW,GAAG,SAAS,GAAG,KAAK,CAAC;SACpD,CAAC;KACH,CAAC;IACF,6DAA6D;IAC7D,QAAQ,CAAC,EAAE,oBAAoB,CAAC;IAChC,yDAAyD;IACzD,KAAK,CAAC,EAAE;QACN,+CAA+C;QAC/C,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,+DAA+D;QAC/D,IAAI,CAAC,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AAuDD;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;;OAIG;IACH,IAAI,CAAC,EAAE,QAAQ,CAAC;IAEhB;;;OAGG;IACH,QAAQ,CAAC,EAAE,QAAQ,CAAC;IAEpB;;;OAGG;IACH,UAAU,CAAC,EAAE,aAAa,CAAC;IAE3B;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;;OAGG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd;;OAEG;IACH,UAAU,CAAC,EAAE,CAAC,SAAS,GAAG,cAAc,CAAC,EAAE,CAAC;IAE5C;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,YAAY,CAAC,EAAE,gBAAgB,CAAC;IAEhC;;OAEG;IACH,WAAW,CAAC,EAAE,eAAe,CAAC;IAE9B;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,CACnB,OAAO,EAAE,iBAAiB,EAC1B,UAAU,EAAE,MAAM,KACf,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE1B,kGAAkG;IAClG,cAAc,CAAC,EAAE,CAAC,MAAM,EAAE,WAAW,GAAG;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE,KAAK,IAAI,CAAC;IAEtE;;;;OAIG;IACH,SAAS,CAAC,EAAE;QACV,6FAA6F;QAC7F,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,mEAAmE;QACnE,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;IAEF;;;OAGG;IACH,KAAK,CAAC,EAAE;QACN,+CAA+C;QAC/C,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,+DAA+D;QAC/D,IAAI,CAAC,EAAE,MAAM,CAAC;KACf,CAAC;IAEF,8EAA8E;IAC9E,WAAW,CAAC,EAAE,UAAU,GAAG,IAAI,CAAC;CACjC;AAED,MAAM,MAAM,kBAAkB,GAAG,wBAAwB,CAAC,eAAe,CAAC,GAAG;IAC3E,MAAM,CAAC,EAAE,cAAc,CAAC,QAAQ,CAAC,CAAC;IAClC,KAAK,CAAC,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC;IAChC,QAAQ,CAAC,EAAE,cAAc,CAAC,UAAU,CAAC,CAAC;IACtC,MAAM,CAAC,EAAE,cAAc,CAAC,QAAQ,CAAC,CAAC;CACnC,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG,0BAA0B,CAAC;AAE9D;;;;;;;;;;;;;;;;;;;GAmBG;AACH,qBAAa,IAAI;IACf,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,sBAAsB,CAAyB;IAEvE,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAmB;IACpD,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAiB;IAChD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAuB;IACrD,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAA2B;IAC7D,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAA2B;IAChE,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAc;IAC1C,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAkB;IAClD,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAsB;IAG1D,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAW;IAChC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAW;IAC5C,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAiB;IAChD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAc;IAC1C,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;IACvC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAS;IAG/B,OAAO,CAAC,YAAY,CAAiC;IACrD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAsB;IAGnD,OAAO,CAAC,YAAY,CAAiC;IACrD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAsB;IAGnD,OAAO,CAAC,WAAW,CAAgC;IACnD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAyB;IACrD,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAsB;IAC1D,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAsB;IAC1D,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAGV;IAC1B,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAuD;IAGvF,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAiD;IAGrF,OAAO,CAAC,QAAQ,CAAC,WAAW,CAA4B;IACxD,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAmC;IAG3E,OAAO,CAAC,UAAU,CAAmB;IACrC,OAAO,CAAC,gBAAgB,CAAgB;IACxC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAS;IACxC,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAU;IAC9C,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAU;IACtC,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAA8B;IACtE,OAAO,CAAC,iBAAiB,CAA+C;IACxE,OAAO,CAAC,UAAU,CAA2B;IAE7C,OAAO;IA+TP;;;;;;;;;;;;;;;;;;;;OAoBG;WACU,IAAI,CAAC,OAAO,GAAE,WAAgB,GAAG,OAAO,CAAC,IAAI,CAAC;IAuE3D,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,kBAAkB,GAAG,IAAI;WAqEtC,SAAS,CAAC,OAAO,EAAE,oBAAoB,GAAG,OAAO,CAAC,IAAI,CAAC;IAgCpE,OAAO,CAAC,MAAM,CAAC,YAAY;IAO3B,OAAO,CAAC,MAAM,CAAC,kBAAkB;IAoBjC,OAAO,CAAC,MAAM,CAAC,uBAAuB;IAWtC,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAc/B,OAAO,CAAC,MAAM,CAAC,mBAAmB;IAKlC,OAAO,CAAC,MAAM,CAAC,qBAAqB;IAWpC,OAAO,CAAC,MAAM,CAAC,UAAU;mBAuCJ,gBAAgB;mBAIhB,kBAAkB;mBAIlB,cAAc;mBAKd,eAAe;IAmBpC;;OAEG;mBACkB,SAAS;IAoG9B;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,aAAa;IA+B5B;;OAEG;IACH,OAAO,CAAC,eAAe;IAKvB,OAAO,CAAC,qBAAqB;IAO7B,OAAO,CAAC,sBAAsB;IAS9B,OAAO,CAAC,iBAAiB;IAIzB,OAAO,CAAC,0BAA0B;IAIlC,OAAO,CAAC,sBAAsB;IAO9B,OAAO,CAAC,qBAAqB;IAQ7B,OAAO,CAAC,gBAAgB;IAmBxB,OAAO,CAAC,uBAAuB;IAkC/B,OAAO,CAAC,gBAAgB;IAIxB,OAAO,CAAC,cAAc;IAItB,OAAO,CAAC,aAAa;IAIrB,OAAO,CAAC,WAAW;IAInB,OAAO,CAAC,mBAAmB;IAU3B,OAAO,CAAC,eAAe;IAWvB,OAAO,CAAC,WAAW;IAYnB;;OAEG;YACW,eAAe;IAiD7B;;OAEG;YACW,cAAc;IAwC5B;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAkEzB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAuBxB;;OAEG;YACW,iBAAiB;IAuN/B,OAAO,CAAC,2BAA2B;IA8BnC,OAAO,CAAC,gBAAgB;IA+BxB,OAAO,CAAC,sBAAsB;IAc9B,OAAO,CAAC,mBAAmB;IAI3B,OAAO,CAAC,+BAA+B;IAuBvC,OAAO,CAAC,uBAAuB;IAyC/B,OAAO,CAAC,gCAAgC;IAYxC,OAAO,CAAC,uBAAuB;IAkC/B;;OAEG;YACW,eAAe;IAyB7B;;OAEG;YACW,kBAAkB;IAyBhC;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAkE5B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IA0B3B;;OAEG;YACW,eAAe;IA2B7B;;OAEG;YACW,kBAAkB;IAyBhC;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAkE5B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IA0B3B;;OAEG;IACH,OAAO,CAAC,cAAc;IAatB;;;OAGG;IACH,OAAO,CAAC,qBAAqB;IA4C7B;;;OAGG;YACW,iBAAiB;IAoN/B;;OAEG;YACW,kBAAkB;YA6FlB,uBAAuB;YAkJvB,wBAAwB;YAgDxB,WAAW;IAwBzB,OAAO,CAAC,0BAA0B;IAQlC,OAAO,CAAC,yBAAyB;IA4CjC,OAAO,CAAC,iBAAiB;IAoCzB,OAAO,CAAC,sBAAsB;IA2B9B,OAAO,CAAC,wBAAwB;IAgBhC,OAAO,CAAC,iBAAiB;IAyBzB,OAAO,CAAC,kBAAkB;IAW1B;;;;;;;;OAQG;IACH,OAAO,CAAC,iBAAiB;IAyCzB,OAAO,CAAC,aAAa;IAwBrB,OAAO,CAAC,qBAAqB;IAqB7B,OAAO,CAAC,uBAAuB;IA0B/B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAU3B;;OAEG;IACH,OAAO,CAAC,KAAK;IAIb,OAAO,CAAC,mBAAmB;IA6B3B,OAAO,CAAC,qBAAqB;IA6B7B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA8BG;IACH,IAAI,CAAC,CAAC,SAAS;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,EAAE,KAAK,EAAE,CAAC,EAAE,GAAG,CAAC,EAAE;IAIjD;;;;;OAKG;IACH,QAAQ,CAAC,CAAC,SAAS;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC;IAuIhD;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACH,YAAY,CACV,KAAK,EAAE,OAAO,EAAE,EAChB,YAAY,EAAE,eAAe,GAC5B;QACD,KAAK,EAAE,OAAO,EAAE,CAAC;QACjB,QAAQ,EAAE,CAAC,IAAI,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;SAAE,KAAK,OAAO,CAAC,aAAa,CAAC,CAAC;KACnG;IAuDD;;;;;;OAMG;IACG,gBAAgB,CAAC,IAAI,EAAE,QAAQ,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAwBnE;;OAEG;IACH,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,GAAG,sBAAsB;IAIzE;;;;OAIG;IACG,KAAK,CACT,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,OAAO,GAAE,YAAiB,GACzB,OAAO,CAAC,WAAW,CAAC;IAoKvB;;;;;;;;OAQG;IACH,qBAAqB,CACnB,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,aAAa,GAAG,UAAU,GACrC,IAAI;IAQP;;;;OAIG;IACH,wBAAwB,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI;IAQjD;;OAEG;IACH,qBAAqB,CACnB,QAAQ,EAAE,MAAM,GACf,aAAa,GAAG,UAAU,GAAG,SAAS;IAIzC;;;OAGG;IACG,aAAa,CAAC,aAAa,EAAE,qBAAqB,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IASpE,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC;IAkB7B,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC;IA+BvC,OAAO,CAAC,kBAAkB;IAsB1B;;OAEG;IACH,eAAe,IAAI,YAAY;IAI/B;;OAEG;IACH,eAAe,CAAC,MAAM,GAAE,oBAA6B,GAAG,MAAM;IAI9D;;OAEG;IACH,YAAY,IAAI,IAAI;IAIpB,eAAe,IAAI,YAAY,GAAG,IAAI;IAItC,WAAW,IAAI,IAAI;IAInB;;;OAGG;IACH,uBAAuB,CAAC,KAAK,GAAE,WAAuB,GAAG,oBAAoB,GAAG,IAAI;IAIpF;;OAEG;IACH,mBAAmB,CAAC,KAAK,GAAE,WAAuB,GAAG,IAAI;IAIzD,OAAO,IAAI,IAAI;IAOf,iGAAiG;IAC3F,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC;CAGrC;AAGD,OAAO,EAAE,mBAAmB,EAAE,CAAC;AAC/B,OAAO,EAAE,mBAAmB,EAAE,CAAC"}
|
package/dist/core/veto.js
CHANGED
|
@@ -16,11 +16,13 @@ import { EconomicEvaluator } from '../economic/evaluator.js';
|
|
|
16
16
|
import { LocalBudgetEngine } from '../economic/budget-engine.js';
|
|
17
17
|
import { compile, evaluate } from '../compiler/index.js';
|
|
18
18
|
import { evaluateConditionCollections } from '../rules/condition-evaluator.js';
|
|
19
|
+
import { evaluateRateLimits } from '../rate-limiting/evaluator.js';
|
|
19
20
|
import { VetoCloudClient, ApprovalTimeoutError } from '../cloud/client.js';
|
|
20
21
|
import { PolicyCache } from '../cloud/policy-cache.js';
|
|
21
22
|
import { validateDeterministic } from '../deterministic/validator.js';
|
|
22
23
|
import { OutputValidator } from './output-validator.js';
|
|
23
24
|
import { EventWebhookEmitter, resolveEventWebhookConfig, } from './events.js';
|
|
25
|
+
import { tryLoadOtel } from '../observability/otel.js';
|
|
24
26
|
const RESERVED_LOCAL_CONTEXT_KEYS = new Set(['market', 'budget', 'portfolio']);
|
|
25
27
|
class LocalApprovalTimeoutError extends Error {
|
|
26
28
|
constructor(timeoutMs) {
|
|
@@ -100,6 +102,7 @@ export class Veto {
|
|
|
100
102
|
browserMode;
|
|
101
103
|
compiledExpressionCache = new Map();
|
|
102
104
|
refreshIntervalId = null;
|
|
105
|
+
otelTracer = null;
|
|
103
106
|
constructor(options, config, rules, logger, browserMode = false, localRulesSource) {
|
|
104
107
|
this.logger = logger;
|
|
105
108
|
this.configDir = options.configDir ?? './veto';
|
|
@@ -108,6 +111,7 @@ export class Veto {
|
|
|
108
111
|
this.localRulesDir = localRulesSource?.dir;
|
|
109
112
|
this.localRulesRecursive = localRulesSource?.recursive ?? true;
|
|
110
113
|
this.browserMode = browserMode;
|
|
114
|
+
this.otelTracer = options._otelTracer ?? null;
|
|
111
115
|
const envMode = this.browserMode
|
|
112
116
|
? undefined
|
|
113
117
|
: Veto.parseEnvMode(process.env.VETO_MODE);
|
|
@@ -283,6 +287,7 @@ export class Veto {
|
|
|
283
287
|
this.validationEngine = new ValidationEngine({
|
|
284
288
|
logger: this.logger,
|
|
285
289
|
defaultDecision,
|
|
290
|
+
otelTracer: this.otelTracer,
|
|
286
291
|
});
|
|
287
292
|
// Add the rule validator based on validation mode
|
|
288
293
|
this.validationEngine.addValidator({
|
|
@@ -318,9 +323,13 @@ export class Veto {
|
|
|
318
323
|
this.validationEngine.addValidators(options.validators);
|
|
319
324
|
}
|
|
320
325
|
// Initialize history tracker
|
|
326
|
+
const auditCfg = options.audit ?? (config.audit?.enabled ? config.audit : undefined);
|
|
321
327
|
this.historyTracker = new HistoryTracker({
|
|
322
328
|
maxSize: 100,
|
|
323
329
|
logger: this.logger,
|
|
330
|
+
auditLog: auditCfg?.enabled
|
|
331
|
+
? { enabled: true, path: auditCfg.path }
|
|
332
|
+
: undefined,
|
|
324
333
|
});
|
|
325
334
|
// Initialize budget tracker (if configured)
|
|
326
335
|
if (config.budget?.max !== undefined && config.budget.max > 0) {
|
|
@@ -442,7 +451,12 @@ export class Veto {
|
|
|
442
451
|
const rulesDir = pathModule.resolve(configDir, config.rules?.directory ?? './rules');
|
|
443
452
|
const recursive = config.rules?.recursive ?? true;
|
|
444
453
|
const rules = await Veto.loadRules(rulesDir, recursive, logger, fsModule, pathModule, parseYaml);
|
|
445
|
-
|
|
454
|
+
// Load OTEL tracer before constructing so the validation engine receives it.
|
|
455
|
+
let otelTracer = null;
|
|
456
|
+
if (options.telemetry?.enabled !== false) {
|
|
457
|
+
otelTracer = await tryLoadOtel(options.telemetry?.serviceName);
|
|
458
|
+
}
|
|
459
|
+
return new Veto({ ...options, configDir, _otelTracer: otelTracer }, config, rules.state, logger, false, {
|
|
446
460
|
dir: rulesDir,
|
|
447
461
|
recursive,
|
|
448
462
|
sourceFiles: rules.sourceFiles,
|
|
@@ -1030,6 +1044,72 @@ export class Veto {
|
|
|
1030
1044
|
if (!this.matchesLocalRule(rule, context, localContext)) {
|
|
1031
1045
|
continue;
|
|
1032
1046
|
}
|
|
1047
|
+
if (rule.rate_limits && rule.rate_limits.length > 0) {
|
|
1048
|
+
const rateLimitDenial = await evaluateRateLimits(rule.rate_limits, context, context.toolName, this.logger, rule.id);
|
|
1049
|
+
if (rateLimitDenial === null) {
|
|
1050
|
+
// Rate limit not exceeded — rule doesn't fire yet.
|
|
1051
|
+
continue;
|
|
1052
|
+
}
|
|
1053
|
+
// Rate limit exceeded — apply the rule's declared action.
|
|
1054
|
+
const rateLimitedRule = { ...rule, description: rateLimitDenial };
|
|
1055
|
+
if (rateLimitedRule.action === 'block' && !firstBlockRule) {
|
|
1056
|
+
firstBlockRule = rateLimitedRule;
|
|
1057
|
+
}
|
|
1058
|
+
else if (rateLimitedRule.action === 'require_approval' && !firstApprovalRule) {
|
|
1059
|
+
firstApprovalRule = rateLimitedRule;
|
|
1060
|
+
}
|
|
1061
|
+
else if (rateLimitedRule.action === 'allow' && !firstAllowRule) {
|
|
1062
|
+
firstAllowRule = rateLimitedRule;
|
|
1063
|
+
}
|
|
1064
|
+
else if ((rateLimitedRule.action === 'warn' || rateLimitedRule.action === 'log') && !firstNonBlockingRule) {
|
|
1065
|
+
firstNonBlockingRule = rateLimitedRule;
|
|
1066
|
+
}
|
|
1067
|
+
continue;
|
|
1068
|
+
}
|
|
1069
|
+
if (rule.action === 'require_payment') {
|
|
1070
|
+
const paymentCfg = rule.payment;
|
|
1071
|
+
if (!paymentCfg) {
|
|
1072
|
+
this.logger.warn('[veto] require_payment rule has no payment config — treating as block', {
|
|
1073
|
+
ruleId: rule.id,
|
|
1074
|
+
});
|
|
1075
|
+
if (!firstBlockRule)
|
|
1076
|
+
firstBlockRule = { ...rule, action: 'block' };
|
|
1077
|
+
continue;
|
|
1078
|
+
}
|
|
1079
|
+
if (paymentCfg.protocol === 'ap2') {
|
|
1080
|
+
this.logger.warn('[veto] AP2 mandate signature verification not yet implemented. ' +
|
|
1081
|
+
'Use x402 or MPP for production payment gates.');
|
|
1082
|
+
}
|
|
1083
|
+
if (!this.economicEvaluator) {
|
|
1084
|
+
this.logger.warn('[veto] require_payment rule matched but no economic evaluator configured — failing closed', {
|
|
1085
|
+
ruleId: rule.id,
|
|
1086
|
+
});
|
|
1087
|
+
if (!firstBlockRule)
|
|
1088
|
+
firstBlockRule = { ...rule, action: 'block', description: 'Payment required but no payment provider configured' };
|
|
1089
|
+
continue;
|
|
1090
|
+
}
|
|
1091
|
+
const econCtx = {
|
|
1092
|
+
cost: paymentCfg.amount,
|
|
1093
|
+
currency: paymentCfg.currency,
|
|
1094
|
+
protocol: paymentCfg.protocol,
|
|
1095
|
+
protocol_metadata: paymentCfg.chain_id !== undefined ? { chain_id: paymentCfg.chain_id } : undefined,
|
|
1096
|
+
};
|
|
1097
|
+
const payResult = this.economicEvaluator.evaluate(econCtx);
|
|
1098
|
+
if (payResult.decision !== 'allow') {
|
|
1099
|
+
if (!firstBlockRule) {
|
|
1100
|
+
firstBlockRule = {
|
|
1101
|
+
...rule,
|
|
1102
|
+
action: 'block',
|
|
1103
|
+
description: payResult.denial?.reason ?? 'Payment required',
|
|
1104
|
+
};
|
|
1105
|
+
}
|
|
1106
|
+
continue;
|
|
1107
|
+
}
|
|
1108
|
+
// Payment passed — treat as allow
|
|
1109
|
+
if (!firstAllowRule)
|
|
1110
|
+
firstAllowRule = rule;
|
|
1111
|
+
continue;
|
|
1112
|
+
}
|
|
1033
1113
|
if (rule.action === 'block' && !firstBlockRule) {
|
|
1034
1114
|
firstBlockRule = rule;
|
|
1035
1115
|
continue;
|
|
@@ -1228,6 +1308,11 @@ export class Veto {
|
|
|
1228
1308
|
if (!ast) {
|
|
1229
1309
|
try {
|
|
1230
1310
|
ast = compile(expression);
|
|
1311
|
+
if (this.compiledExpressionCache.size >= 10_000) {
|
|
1312
|
+
const firstKey = this.compiledExpressionCache.keys().next().value;
|
|
1313
|
+
if (firstKey !== undefined)
|
|
1314
|
+
this.compiledExpressionCache.delete(firstKey);
|
|
1315
|
+
}
|
|
1231
1316
|
this.compiledExpressionCache.set(expression, ast);
|
|
1232
1317
|
}
|
|
1233
1318
|
catch (error) {
|
|
@@ -2294,7 +2379,7 @@ export class Veto {
|
|
|
2294
2379
|
* const wrappedTools = veto.wrap(tools);
|
|
2295
2380
|
*
|
|
2296
2381
|
* const agent = createAgent({
|
|
2297
|
-
* model: 'openai:gpt-
|
|
2382
|
+
* model: 'openai:gpt-5.4',
|
|
2298
2383
|
* tools: wrappedTools, // Same type as input!
|
|
2299
2384
|
* });
|
|
2300
2385
|
* ```
|
|
@@ -2607,7 +2692,6 @@ export class Veto {
|
|
|
2607
2692
|
};
|
|
2608
2693
|
const aggregatedResult = await this.validationEngine.validate(validationContext);
|
|
2609
2694
|
const validationResult = aggregatedResult.finalResult;
|
|
2610
|
-
this.historyTracker.record(toolName, args, validationResult, aggregatedResult.totalDurationMs);
|
|
2611
2695
|
this.emitDecisionEvent(validationContext, validationResult);
|
|
2612
2696
|
this.logClientDecision(validationContext, validationResult, aggregatedResult.totalDurationMs);
|
|
2613
2697
|
// If behavioral rules allow and economic context exists, reserve budget.
|
|
@@ -2622,12 +2706,19 @@ export class Veto {
|
|
|
2622
2706
|
const reserveResult = this.economicEvaluator.reserveBudget(effectiveEconomic.cost, effectiveEconomic.currency);
|
|
2623
2707
|
if (reserveResult.decision !== 'allow') {
|
|
2624
2708
|
this.emitEconomicEvent(toolName, args, reserveResult, effectiveEconomic);
|
|
2625
|
-
const
|
|
2626
|
-
...
|
|
2627
|
-
decision: reserveResult.decision,
|
|
2709
|
+
const econDenialResult = {
|
|
2710
|
+
...validationResult,
|
|
2711
|
+
decision: reserveResult.decision === 'deny' ? 'deny' : validationResult.decision,
|
|
2628
2712
|
reason: reserveResult.denial
|
|
2629
2713
|
? `Economic: ${reserveResult.denial.reason}`
|
|
2630
2714
|
: 'Budget reservation failed',
|
|
2715
|
+
};
|
|
2716
|
+
// Record the FINAL decision (economic denial), not the behavioral allow
|
|
2717
|
+
this.historyTracker.record(toolName, args, econDenialResult, aggregatedResult.totalDurationMs);
|
|
2718
|
+
const result = {
|
|
2719
|
+
...behavioralResult,
|
|
2720
|
+
decision: reserveResult.decision,
|
|
2721
|
+
reason: econDenialResult.reason,
|
|
2631
2722
|
economicDenial: reserveResult.denial,
|
|
2632
2723
|
};
|
|
2633
2724
|
this.notifyDecisionMade(result, toolName);
|
|
@@ -2636,6 +2727,8 @@ export class Veto {
|
|
|
2636
2727
|
// Emit spend_committed event on successful reservation
|
|
2637
2728
|
this.emitEconomicEvent(toolName, args, reserveResult, effectiveEconomic, 'spend_committed');
|
|
2638
2729
|
}
|
|
2730
|
+
// Record history AFTER economic check so audit log reflects the actual outcome
|
|
2731
|
+
this.historyTracker.record(toolName, args, validationResult, aggregatedResult.totalDurationMs);
|
|
2639
2732
|
this.notifyDecisionMade(behavioralResult, toolName);
|
|
2640
2733
|
return behavioralResult;
|
|
2641
2734
|
}
|
|
@@ -2734,6 +2827,9 @@ export class Veto {
|
|
|
2734
2827
|
});
|
|
2735
2828
|
});
|
|
2736
2829
|
}, refreshIntervalMs);
|
|
2830
|
+
if (typeof this.refreshIntervalId === 'object' && this.refreshIntervalId !== null && 'unref' in this.refreshIntervalId) {
|
|
2831
|
+
this.refreshIntervalId.unref();
|
|
2832
|
+
}
|
|
2737
2833
|
}
|
|
2738
2834
|
/**
|
|
2739
2835
|
* Get history statistics.
|
|
@@ -2778,6 +2874,10 @@ export class Veto {
|
|
|
2778
2874
|
this.refreshIntervalId = null;
|
|
2779
2875
|
}
|
|
2780
2876
|
}
|
|
2877
|
+
/** Await pending async audit log writes. Call before reading the log in tests or on shutdown. */
|
|
2878
|
+
async flushAuditLog() {
|
|
2879
|
+
await this.historyTracker.flushAuditLog();
|
|
2880
|
+
}
|
|
2781
2881
|
}
|
|
2782
2882
|
// Re-export error classes
|
|
2783
2883
|
export { ToolCallDeniedError };
|