veto-sdk 2.6.0 → 2.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/compile.js +1 -1
- package/dist/cli/compile.js.map +1 -1
- package/dist/cli/templates.js +1 -1
- package/dist/core/interceptor.d.ts +2 -2
- package/dist/core/interceptor.d.ts.map +1 -1
- package/dist/core/interceptor.js +1 -1
- package/dist/core/interceptor.js.map +1 -1
- package/dist/core/veto.d.ts +8 -0
- package/dist/core/veto.d.ts.map +1 -1
- package/dist/core/veto.js +74 -18
- package/dist/core/veto.js.map +1 -1
- package/dist/custom/providers/anthropic.d.ts +0 -13
- package/dist/custom/providers/anthropic.d.ts.map +1 -1
- package/dist/custom/providers/anthropic.js +39 -40
- package/dist/custom/providers/anthropic.js.map +1 -1
- package/dist/custom/providers/openai.d.ts +0 -13
- package/dist/custom/providers/openai.d.ts.map +1 -1
- package/dist/custom/providers/openai.js +40 -41
- package/dist/custom/providers/openai.js.map +1 -1
- package/dist/custom/providers/utils.d.ts +10 -0
- package/dist/custom/providers/utils.d.ts.map +1 -0
- package/dist/custom/providers/utils.js +130 -0
- package/dist/custom/providers/utils.js.map +1 -0
- package/dist/custom/types.d.ts +11 -18
- package/dist/custom/types.d.ts.map +1 -1
- package/dist/custom/types.js +70 -28
- package/dist/custom/types.js.map +1 -1
- package/dist/rules/index.d.ts +1 -0
- package/dist/rules/index.d.ts.map +1 -1
- package/dist/rules/index.js +1 -0
- package/dist/rules/index.js.map +1 -1
- package/dist/rules/policy-packs.d.ts.map +1 -1
- package/dist/rules/policy-packs.js +3 -0
- package/dist/rules/policy-packs.js.map +1 -1
- package/dist/utils/logger.d.ts +8 -0
- package/dist/utils/logger.d.ts.map +1 -1
- package/dist/utils/logger.js +73 -27
- package/dist/utils/logger.js.map +1 -1
- package/package.json +1 -1
- package/packs/eu-ai-act-starter.yaml +155 -0
- package/packs/hipaa-lite.yaml +154 -0
- package/packs/soc2-lite.yaml +136 -0
package/dist/utils/logger.js
CHANGED
|
@@ -97,12 +97,61 @@ function formatCallArguments(args, maxLength = 120) {
|
|
|
97
97
|
}
|
|
98
98
|
return truncate(formatValue(args), maxLength);
|
|
99
99
|
}
|
|
100
|
+
/** JS-object-literal arg rendering: `{key: 'value', n: 1}`. Empty args render as `{}`. */
|
|
101
|
+
function formatJsArgs(args, maxLength = 80) {
|
|
102
|
+
if (!args || Object.keys(args).length === 0) {
|
|
103
|
+
return '{}';
|
|
104
|
+
}
|
|
105
|
+
return truncate(formatValue(args), maxLength);
|
|
106
|
+
}
|
|
100
107
|
function formatDuration(latencyMs) {
|
|
101
108
|
if (typeof latencyMs !== 'number' || !Number.isFinite(latencyMs) || latencyMs < 0) {
|
|
102
109
|
return null;
|
|
103
110
|
}
|
|
104
111
|
return `${Math.round(latencyMs)}ms`;
|
|
105
112
|
}
|
|
113
|
+
/**
|
|
114
|
+
* Compact latency cell for the decision stream. Auto-scales: ms → s → m → h.
|
|
115
|
+
* Returns "-" when there's no measured latency (e.g. an `await` decision that
|
|
116
|
+
* hasn't resolved yet).
|
|
117
|
+
*/
|
|
118
|
+
function formatLatencyCell(latencyMs) {
|
|
119
|
+
if (typeof latencyMs !== 'number' || !Number.isFinite(latencyMs) || latencyMs < 0) {
|
|
120
|
+
return '-';
|
|
121
|
+
}
|
|
122
|
+
if (latencyMs < 1_000)
|
|
123
|
+
return `${Math.round(latencyMs)}ms`;
|
|
124
|
+
if (latencyMs < 60_000)
|
|
125
|
+
return `${Math.round(latencyMs / 1_000)}s`;
|
|
126
|
+
if (latencyMs < 3_600_000)
|
|
127
|
+
return `${Math.round(latencyMs / 60_000)}m`;
|
|
128
|
+
return `${Math.round(latencyMs / 3_600_000)}h`;
|
|
129
|
+
}
|
|
130
|
+
/** HH:MM:SS, 24-hour, local time. */
|
|
131
|
+
function formatTimeOfDay(date = new Date()) {
|
|
132
|
+
const hh = String(date.getHours()).padStart(2, '0');
|
|
133
|
+
const mm = String(date.getMinutes()).padStart(2, '0');
|
|
134
|
+
const ss = String(date.getSeconds()).padStart(2, '0');
|
|
135
|
+
return `${hh}:${mm}:${ss}`;
|
|
136
|
+
}
|
|
137
|
+
/**
|
|
138
|
+
* Trailing context tag for the compact stream:
|
|
139
|
+
* deny → `policy:<ruleId>` when known
|
|
140
|
+
* await → `approval-required[:<approvalId>]`
|
|
141
|
+
* allow → `approved[:<approver>]` when the result came from an approval
|
|
142
|
+
*/
|
|
143
|
+
function formatTrailingTag(event) {
|
|
144
|
+
if (event.decision === 'deny' && event.ruleId) {
|
|
145
|
+
return `policy:${event.ruleId}`;
|
|
146
|
+
}
|
|
147
|
+
if (event.decision === 'await') {
|
|
148
|
+
return event.approvalId ? `approval-required:${event.approvalId}` : 'approval-required';
|
|
149
|
+
}
|
|
150
|
+
if (event.decision === 'allow' && event.approver) {
|
|
151
|
+
return `approved:${event.approver}`;
|
|
152
|
+
}
|
|
153
|
+
return null;
|
|
154
|
+
}
|
|
106
155
|
function supportsColor() {
|
|
107
156
|
return typeof process !== 'undefined' && Boolean(process.stderr?.isTTY);
|
|
108
157
|
}
|
|
@@ -124,14 +173,16 @@ function bold(value) {
|
|
|
124
173
|
}
|
|
125
174
|
return `${ANSI_BOLD}${value}${ANSI_RESET}`;
|
|
126
175
|
}
|
|
176
|
+
/** Lowercase decision keyword, padded right to 5 chars, then colorized. */
|
|
127
177
|
function getDecisionLabel(decision) {
|
|
178
|
+
const padded = decision.padEnd(5, ' ');
|
|
128
179
|
switch (decision) {
|
|
129
180
|
case 'allow':
|
|
130
|
-
return colorize(
|
|
181
|
+
return colorize(padded, ANSI_GREEN);
|
|
131
182
|
case 'deny':
|
|
132
|
-
return colorize(
|
|
183
|
+
return colorize(padded, ANSI_RED);
|
|
133
184
|
case 'await':
|
|
134
|
-
return colorize(
|
|
185
|
+
return colorize(padded, ANSI_YELLOW);
|
|
135
186
|
}
|
|
136
187
|
}
|
|
137
188
|
function formatDecisionReason(reason, maxLength) {
|
|
@@ -140,37 +191,29 @@ function formatDecisionReason(reason, maxLength) {
|
|
|
140
191
|
}
|
|
141
192
|
return truncate(reason.trim(), maxLength);
|
|
142
193
|
}
|
|
194
|
+
const COMPACT_CALL_MIN_WIDTH = 40;
|
|
195
|
+
const COMPACT_LATENCY_WIDTH = 5;
|
|
196
|
+
/**
|
|
197
|
+
* One-line decision row, formatted as:
|
|
198
|
+
* `HH:MM:SS <decision> <tool>(<args>) <latency> <tag?>`
|
|
199
|
+
*/
|
|
143
200
|
function formatCompactDecision(event) {
|
|
144
|
-
const
|
|
145
|
-
const
|
|
146
|
-
const
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
}
|
|
153
|
-
const duration = formatDuration(event.latencyMs);
|
|
154
|
-
if (duration) {
|
|
155
|
-
metaParts.push(duration);
|
|
156
|
-
}
|
|
157
|
-
if (event.ruleId) {
|
|
158
|
-
metaParts.push(`[rule: ${event.ruleId}]`);
|
|
159
|
-
}
|
|
160
|
-
if (event.approvalId && event.decision === 'await') {
|
|
161
|
-
metaParts.push(`[approval: ${event.approvalId}]`);
|
|
162
|
-
}
|
|
163
|
-
const reason = formatDecisionReason(event.reason, 140);
|
|
164
|
-
const meta = metaParts.length > 0 ? ` ${dim(metaParts.join(' '))}` : '';
|
|
165
|
-
const suffix = reason ? ` ${dim(`— ${reason}`)}` : '';
|
|
166
|
-
return `${getDecisionLabel(event.decision)} ${call}${meta}${suffix}`;
|
|
201
|
+
const time = dim(formatTimeOfDay(event.timestamp));
|
|
202
|
+
const label = getDecisionLabel(event.decision);
|
|
203
|
+
const call = `${event.toolName}(${formatJsArgs(event.arguments, 80)})`;
|
|
204
|
+
const callPadded = call.padEnd(COMPACT_CALL_MIN_WIDTH, ' ');
|
|
205
|
+
const latency = formatLatencyCell(event.latencyMs).padStart(COMPACT_LATENCY_WIDTH, ' ');
|
|
206
|
+
const tag = formatTrailingTag(event);
|
|
207
|
+
const tagSuffix = tag ? ` ${dim(tag)}` : '';
|
|
208
|
+
return `${time} ${label} ${callPadded} ${latency}${tagSuffix}`;
|
|
167
209
|
}
|
|
168
210
|
function formatVerboseDecision(event) {
|
|
169
211
|
const args = formatCallArguments(event.arguments, 320);
|
|
170
212
|
const duration = formatDuration(event.latencyMs);
|
|
171
213
|
const reason = formatDecisionReason(event.reason, 320) ?? 'n/a';
|
|
172
214
|
const lines = [
|
|
173
|
-
`${bold('VETO DECISION')} ${getDecisionLabel(event.decision)}`,
|
|
215
|
+
`${bold('VETO DECISION')} ${getDecisionLabel(event.decision).trimEnd()}`,
|
|
216
|
+
`time: ${formatTimeOfDay(event.timestamp)}`,
|
|
174
217
|
`tool: ${event.toolName}`,
|
|
175
218
|
`args: ${args.length > 0 ? args : '(none)'}`,
|
|
176
219
|
`reason: ${reason}`,
|
|
@@ -181,6 +224,9 @@ function formatVerboseDecision(event) {
|
|
|
181
224
|
if (event.approvalId) {
|
|
182
225
|
lines.push(`approval: ${event.approvalId}`);
|
|
183
226
|
}
|
|
227
|
+
if (event.approver) {
|
|
228
|
+
lines.push(`approver: ${event.approver}`);
|
|
229
|
+
}
|
|
184
230
|
if (duration) {
|
|
185
231
|
lines.push(`latency: ${duration}`);
|
|
186
232
|
}
|
package/dist/utils/logger.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"logger.js","sourceRoot":"","sources":["../../src/utils/logger.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAyDH;;GAEG;AACH,MAAM,kBAAkB,GAA6B;IACnD,KAAK,EAAE,CAAC;IACR,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,CAAC;IACT,IAAI,EAAE,CAAC;IACP,KAAK,EAAE,CAAC;IACR,MAAM,EAAE,CAAC;CACV,CAAC;AAEF,MAAM,UAAU,GAAG,WAAW,CAAC;AAC/B,MAAM,UAAU,GAAG,YAAY,CAAC;AAChC,MAAM,QAAQ,GAAG,YAAY,CAAC;AAC9B,MAAM,WAAW,GAAG,YAAY,CAAC;AACjC,MAAM,QAAQ,GAAG,WAAW,CAAC;AAC7B,MAAM,SAAS,GAAG,WAAW,CAAC;AAE9B;;GAEG;AACH,SAAS,SAAS,CAAC,YAAyC,EAAE,eAAyB;IACrF,OAAO,kBAAkB,CAAC,YAAY,CAAC,IAAI,kBAAkB,CAAC,eAAe,CAAC,CAAC;AACjF,CAAC;AAED,SAAS,aAAa,CAAC,KAAc;IACnC,OAAO,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;AAC9E,CAAC;AAED,SAAS,YAAY,CAAC,KAAa;IACjC,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;AAC3D,CAAC;AAED,SAAS,YAAY,CAAC,KAAc;IAClC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,IAAI,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC;IACpC,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,SAAS,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACzF,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;IACvB,CAAC;IAED,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,IAAI,KAAK,YAAY,IAAI,EAAE,CAAC;QAC1B,OAAO,IAAI,KAAK,CAAC,WAAW,EAAE,GAAG,CAAC;IACpC,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,WAAW,EAAE,CAAC;QACjC,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;AACvB,CAAC;AAED,SAAS,WAAW,CAAC,KAAc,EAAE,KAAK,GAAG,CAAC;IAC5C,IACE,KAAK,KAAK,IAAI;WACX,OAAO,KAAK,KAAK,QAAQ;WACzB,OAAO,KAAK,KAAK,QAAQ;WACzB,OAAO,KAAK,KAAK,SAAS;WAC1B,OAAO,KAAK,KAAK,QAAQ;WACzB,OAAO,KAAK,KAAK,WAAW;WAC5B,KAAK,YAAY,IAAI,EACxB,CAAC;QACD,OAAO,YAAY,CAAC,KAAK,CAAC,CAAC;IAC7B,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;YACf,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,WAAW,CAAC,IAAI,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;IAC7E,CAAC;IAED,IAAI,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;YACf,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC;aAC7B,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,KAAK,WAAW,CAAC,IAAI,EAAE,KAAK,GAAG,CAAC,CAAC,EAAE,CAAC;aAC/D,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;IACnB,CAAC;IAED,OAAO,YAAY,CAAC,KAAK,CAAC,CAAC;AAC7B,CAAC;AAED,SAAS,QAAQ,CAAC,KAAa,EAAE,SAAiB;IAChD,IAAI,KAAK,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC;QAC9B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;AAC1D,CAAC;AAED,SAAS,mBAAmB,CAAC,IAA8B,EAAE,SAAS,GAAG,GAAG;IAC1E,IAAI,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5C,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC;SACvC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;SACrD,IAAI,CAAC,IAAI,CAAC,CAAC;IAEd,IAAI,aAAa,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC;QACtC,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,OAAO,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,SAAS,CAAC,CAAC;AAChD,CAAC;AAED,SAAS,cAAc,CAAC,SAAkB;IACxC,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;QAClF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC;AACtC,CAAC;AAED,SAAS,aAAa;IACpB,OAAO,OAAO,OAAO,KAAK,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AAC1E,CAAC;AAED,SAAS,QAAQ,CAAC,KAAa,EAAE,KAAa;IAC5C,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC;QACrB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,GAAG,KAAK,GAAG,KAAK,GAAG,UAAU,EAAE,CAAC;AACzC,CAAC;AAED,SAAS,GAAG,CAAC,KAAa;IACxB,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC;QACrB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,GAAG,QAAQ,GAAG,KAAK,GAAG,UAAU,EAAE,CAAC;AAC5C,CAAC;AAED,SAAS,IAAI,CAAC,KAAa;IACzB,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC;QACrB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,GAAG,SAAS,GAAG,KAAK,GAAG,UAAU,EAAE,CAAC;AAC7C,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAyC;IACjE,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,OAAO;YACV,OAAO,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QACvC,KAAK,MAAM;YACT,OAAO,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACpC,KAAK,OAAO;YACV,OAAO,QAAQ,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IAC1C,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,MAA0B,EAAE,SAAiB;IACzE,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,SAAS,CAAC,CAAC;AAC5C,CAAC;AAED,SAAS,qBAAqB,CAAC,KAA0B;IACvD,MAAM,IAAI,GAAG,mBAAmB,CAAC,KAAK,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IACvD,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,QAAQ,IAAI,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,QAAQ,IAAI,CAAC;IACpF,MAAM,SAAS,GAAa,EAAE,CAAC;IAE/B,IAAI,KAAK,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QAC/B,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACzD,CAAC;SAAM,CAAC;QACN,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACtB,CAAC;IAED,MAAM,QAAQ,GAAG,cAAc,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,QAAQ,EAAE,CAAC;QACb,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC3B,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QACjB,SAAS,CAAC,IAAI,CAAC,UAAU,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC;IAC5C,CAAC;IAED,IAAI,KAAK,CAAC,UAAU,IAAI,KAAK,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACnD,SAAS,CAAC,IAAI,CAAC,cAAc,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC;IACpD,CAAC;IAED,MAAM,MAAM,GAAG,oBAAoB,CAAC,KAAK,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACvD,MAAM,IAAI,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IACxE,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,KAAK,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAEtD,OAAO,GAAG,gBAAgB,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,IAAI,GAAG,IAAI,GAAG,MAAM,EAAE,CAAC;AACvE,CAAC;AAED,SAAS,qBAAqB,CAAC,KAA0B;IACvD,MAAM,IAAI,GAAG,mBAAmB,CAAC,KAAK,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IACvD,MAAM,QAAQ,GAAG,cAAc,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,oBAAoB,CAAC,KAAK,CAAC,MAAM,EAAE,GAAG,CAAC,IAAI,KAAK,CAAC;IAChE,MAAM,KAAK,GAAG;QACZ,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,gBAAgB,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE;QAC9D,SAAS,KAAK,CAAC,QAAQ,EAAE;QACzB,SAAS,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,EAAE;QAC5C,WAAW,MAAM,EAAE;KACpB,CAAC;IAEF,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QACjB,KAAK,CAAC,IAAI,CAAC,SAAS,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IACtC,CAAC;IAED,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;QACrB,KAAK,CAAC,IAAI,CAAC,aAAa,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC;IAC9C,CAAC;IAED,IAAI,QAAQ,EAAE,CAAC;QACb,KAAK,CAAC,IAAI,CAAC,YAAY,QAAQ,EAAE,CAAC,CAAC;IACrC,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,aAAa,CAAC,OAAe;IACpC,IAAI,OAAO,OAAO,KAAK,WAAW,IAAI,OAAO,OAAO,CAAC,MAAM,EAAE,KAAK,KAAK,UAAU,EAAE,CAAC;QAClF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,OAAO,IAAI,CAAC,CAAC;QACrC,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;AACvB,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CACpB,KAAkC,EAClC,OAAe,EACf,OAAiC;IAEjC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,MAAM,QAAQ,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAG,IAAI,SAAS,YAAY,QAAQ,EAAE,CAAC;IAEnD,IAAI,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/C,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAC3C,OAAO,GAAG,MAAM,IAAI,OAAO,IAAI,UAAU,EAAE,CAAC;IAC9C,CAAC;IAED,OAAO,GAAG,MAAM,IAAI,OAAO,EAAE,CAAC;AAChC,CAAC;AAED,MAAM,aAAa;IACY;IAA7B,YAA6B,KAAkC;QAAlC,UAAK,GAAL,KAAK,CAA6B;IAAG,CAAC;IAEnE,KAAK,CAAC,OAAe,EAAE,OAAiC;QACtD,IAAI,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACnC,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IAED,IAAI,CAAC,OAAe,EAAE,OAAiC;QACrD,IAAI,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAClC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED,IAAI,CAAC,OAAe,EAAE,OAAiC;QACrD,IAAI,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAClC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAe,EAAE,OAAiC,EAAE,KAAa;QACrE,IAAI,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACnC,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;YACxD,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;IACH,CAAC;CACF;AAED,MAAM,OAAO,YAAY;IACM;IAA7B,YAA6B,OAAsB,SAAS;QAA/B,SAAI,GAAJ,IAAI,CAA2B;IAAG,CAAC;IAEhE,KAAK,KAAU,CAAC;IAEhB,IAAI,KAAU,CAAC;IAEf,IAAI,CAAC,OAAe,EAAE,OAAiC;QACrD,aAAa,CAAC,aAAa,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;IACzD,CAAC;IAED,KAAK,CAAC,OAAe,EAAE,OAAiC,EAAE,KAAa;QACrE,aAAa,CAAC,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;QACxD,IAAI,KAAK,EAAE,CAAC;YACV,aAAa,CAAC,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,cAAc,CAAC,KAA0B;QACvC,aAAa,CACX,IAAI,CAAC,IAAI,KAAK,SAAS;YACrB,CAAC,CAAC,qBAAqB,CAAC,KAAK,CAAC;YAC9B,CAAC,CAAC,qBAAqB,CAAC,KAAK,CAAC,CACjC,CAAC;IACJ,CAAC;CACF;AAED,MAAM,UAAU,sBAAsB,CAAC,MAAc;IACnD,OAAO,OAAQ,MAA+B,CAAC,cAAc,KAAK,UAAU,CAAC;AAC/E,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,YAAY,CAAC,KAAe,EAAE,aAA4B,SAAS;IACjF,IAAI,KAAK,KAAK,QAAQ,EAAE,CAAC;QACvB,OAAO,IAAI,YAAY,CAAC,UAAU,CAAC,CAAC;IACtC,CAAC;IAED,OAAO,IAAI,aAAa,CAAC,KAAK,CAAC,CAAC;AAClC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,YAAY,GAAW;IAClC,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC;IACf,IAAI,EAAE,GAAG,EAAE,GAAE,CAAC;IACd,IAAI,EAAE,GAAG,EAAE,GAAE,CAAC;IACd,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC;CAChB,CAAC;AAEF;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAAkB,OAAO;IAK1D,MAAM,OAAO,GAAe,EAAE,CAAC;IAE/B,MAAM,QAAQ,GAAG,CACf,YAAyC,EACzC,OAAe,EACf,OAAiC,EACjC,KAAa,EACP,EAAE;QACR,IAAI,SAAS,CAAC,YAAY,EAAE,KAAK,CAAC,EAAE,CAAC;YACnC,OAAO,CAAC,IAAI,CAAC;gBACX,KAAK,EAAE,YAAY;gBACnB,OAAO;gBACP,SAAS,EAAE,IAAI,IAAI,EAAE;gBACrB,OAAO;gBACP,KAAK;aACN,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC;IAEF,OAAO;QACL,OAAO;QACP,KAAK,EAAE,GAAG,EAAE;YACV,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC;QACrB,CAAC;QACD,MAAM,EAAE;YACN,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC;YAChE,IAAI,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC;YAC9D,IAAI,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC;YAC9D,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,CACjC,QAAQ,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC;SAC7C;KACF,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,iBAAiB,CAC/B,MAAc,EACd,cAAuC;IAEvC,MAAM,YAAY,GAAG,CACnB,OAAiC,EACR,EAAE;QAC3B,OAAO,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;IAC3C,CAAC,CAAC;IAEF,OAAO;QACL,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;QACzE,IAAI,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;QACvE,IAAI,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;QACvE,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,CACjC,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC,EAAE,KAAK,CAAC;KACtD,CAAC;AACJ,CAAC;AAED,OAAO,EACL,qBAAqB,EACrB,aAAa,EACb,qBAAqB,EACrB,SAAS,GACV,CAAC"}
|
|
1
|
+
{"version":3,"file":"logger.js","sourceRoot":"","sources":["../../src/utils/logger.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AA6DH;;GAEG;AACH,MAAM,kBAAkB,GAA6B;IACnD,KAAK,EAAE,CAAC;IACR,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,CAAC;IACT,IAAI,EAAE,CAAC;IACP,KAAK,EAAE,CAAC;IACR,MAAM,EAAE,CAAC;CACV,CAAC;AAEF,MAAM,UAAU,GAAG,WAAW,CAAC;AAC/B,MAAM,UAAU,GAAG,YAAY,CAAC;AAChC,MAAM,QAAQ,GAAG,YAAY,CAAC;AAC9B,MAAM,WAAW,GAAG,YAAY,CAAC;AACjC,MAAM,QAAQ,GAAG,WAAW,CAAC;AAC7B,MAAM,SAAS,GAAG,WAAW,CAAC;AAE9B;;GAEG;AACH,SAAS,SAAS,CAAC,YAAyC,EAAE,eAAyB;IACrF,OAAO,kBAAkB,CAAC,YAAY,CAAC,IAAI,kBAAkB,CAAC,eAAe,CAAC,CAAC;AACjF,CAAC;AAED,SAAS,aAAa,CAAC,KAAc;IACnC,OAAO,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;AAC9E,CAAC;AAED,SAAS,YAAY,CAAC,KAAa;IACjC,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;AAC3D,CAAC;AAED,SAAS,YAAY,CAAC,KAAc;IAClC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,IAAI,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC;IACpC,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,SAAS,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACzF,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;IACvB,CAAC;IAED,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,IAAI,KAAK,YAAY,IAAI,EAAE,CAAC;QAC1B,OAAO,IAAI,KAAK,CAAC,WAAW,EAAE,GAAG,CAAC;IACpC,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,WAAW,EAAE,CAAC;QACjC,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;AACvB,CAAC;AAED,SAAS,WAAW,CAAC,KAAc,EAAE,KAAK,GAAG,CAAC;IAC5C,IACE,KAAK,KAAK,IAAI;WACX,OAAO,KAAK,KAAK,QAAQ;WACzB,OAAO,KAAK,KAAK,QAAQ;WACzB,OAAO,KAAK,KAAK,SAAS;WAC1B,OAAO,KAAK,KAAK,QAAQ;WACzB,OAAO,KAAK,KAAK,WAAW;WAC5B,KAAK,YAAY,IAAI,EACxB,CAAC;QACD,OAAO,YAAY,CAAC,KAAK,CAAC,CAAC;IAC7B,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;YACf,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,WAAW,CAAC,IAAI,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;IAC7E,CAAC;IAED,IAAI,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;YACf,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC;aAC7B,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,KAAK,WAAW,CAAC,IAAI,EAAE,KAAK,GAAG,CAAC,CAAC,EAAE,CAAC;aAC/D,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;IACnB,CAAC;IAED,OAAO,YAAY,CAAC,KAAK,CAAC,CAAC;AAC7B,CAAC;AAED,SAAS,QAAQ,CAAC,KAAa,EAAE,SAAiB;IAChD,IAAI,KAAK,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC;QAC9B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;AAC1D,CAAC;AAED,SAAS,mBAAmB,CAAC,IAA8B,EAAE,SAAS,GAAG,GAAG;IAC1E,IAAI,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5C,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC;SACvC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;SACrD,IAAI,CAAC,IAAI,CAAC,CAAC;IAEd,IAAI,aAAa,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC;QACtC,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,OAAO,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,SAAS,CAAC,CAAC;AAChD,CAAC;AAED,0FAA0F;AAC1F,SAAS,YAAY,CAAC,IAA8B,EAAE,SAAS,GAAG,EAAE;IAClE,IAAI,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,SAAS,CAAC,CAAC;AAChD,CAAC;AAED,SAAS,cAAc,CAAC,SAAkB;IACxC,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;QAClF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC;AACtC,CAAC;AAED;;;;GAIG;AACH,SAAS,iBAAiB,CAAC,SAAkB;IAC3C,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;QAClF,OAAO,GAAG,CAAC;IACb,CAAC;IACD,IAAI,SAAS,GAAG,KAAK;QAAE,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC;IAC3D,IAAI,SAAS,GAAG,MAAM;QAAE,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC;IACnE,IAAI,SAAS,GAAG,SAAS;QAAE,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC;IACvE,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC;AACjD,CAAC;AAED,qCAAqC;AACrC,SAAS,eAAe,CAAC,OAAa,IAAI,IAAI,EAAE;IAC9C,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACpD,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACtD,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACtD,OAAO,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC;AAC7B,CAAC;AAED;;;;;GAKG;AACH,SAAS,iBAAiB,CAAC,KAA0B;IACnD,IAAI,KAAK,CAAC,QAAQ,KAAK,MAAM,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QAC9C,OAAO,UAAU,KAAK,CAAC,MAAM,EAAE,CAAC;IAClC,CAAC;IACD,IAAI,KAAK,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QAC/B,OAAO,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,qBAAqB,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,mBAAmB,CAAC;IAC1F,CAAC;IACD,IAAI,KAAK,CAAC,QAAQ,KAAK,OAAO,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QACjD,OAAO,YAAY,KAAK,CAAC,QAAQ,EAAE,CAAC;IACtC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,aAAa;IACpB,OAAO,OAAO,OAAO,KAAK,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AAC1E,CAAC;AAED,SAAS,QAAQ,CAAC,KAAa,EAAE,KAAa;IAC5C,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC;QACrB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,GAAG,KAAK,GAAG,KAAK,GAAG,UAAU,EAAE,CAAC;AACzC,CAAC;AAED,SAAS,GAAG,CAAC,KAAa;IACxB,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC;QACrB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,GAAG,QAAQ,GAAG,KAAK,GAAG,UAAU,EAAE,CAAC;AAC5C,CAAC;AAED,SAAS,IAAI,CAAC,KAAa;IACzB,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC;QACrB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,GAAG,SAAS,GAAG,KAAK,GAAG,UAAU,EAAE,CAAC;AAC7C,CAAC;AAED,2EAA2E;AAC3E,SAAS,gBAAgB,CAAC,QAAyC;IACjE,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACvC,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,OAAO;YACV,OAAO,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QACtC,KAAK,MAAM;YACT,OAAO,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACpC,KAAK,OAAO;YACV,OAAO,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IACzC,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,MAA0B,EAAE,SAAiB;IACzE,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,SAAS,CAAC,CAAC;AAC5C,CAAC;AAED,MAAM,sBAAsB,GAAG,EAAE,CAAC;AAClC,MAAM,qBAAqB,GAAG,CAAC,CAAC;AAEhC;;;GAGG;AACH,SAAS,qBAAqB,CAAC,KAA0B;IACvD,MAAM,IAAI,GAAG,GAAG,CAAC,eAAe,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;IACnD,MAAM,KAAK,GAAG,gBAAgB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IAC/C,MAAM,IAAI,GAAG,GAAG,KAAK,CAAC,QAAQ,IAAI,YAAY,CAAC,KAAK,CAAC,SAAS,EAAE,EAAE,CAAC,GAAG,CAAC;IACvE,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,sBAAsB,EAAE,GAAG,CAAC,CAAC;IAC5D,MAAM,OAAO,GAAG,iBAAiB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,qBAAqB,EAAE,GAAG,CAAC,CAAC;IACxF,MAAM,GAAG,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;IACrC,MAAM,SAAS,GAAG,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC7C,OAAO,GAAG,IAAI,IAAI,KAAK,KAAK,UAAU,KAAK,OAAO,GAAG,SAAS,EAAE,CAAC;AACnE,CAAC;AAED,SAAS,qBAAqB,CAAC,KAA0B;IACvD,MAAM,IAAI,GAAG,mBAAmB,CAAC,KAAK,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IACvD,MAAM,QAAQ,GAAG,cAAc,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,oBAAoB,CAAC,KAAK,CAAC,MAAM,EAAE,GAAG,CAAC,IAAI,KAAK,CAAC;IAChE,MAAM,KAAK,GAAG;QACZ,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,gBAAgB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,OAAO,EAAE,EAAE;QACxE,SAAS,eAAe,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE;QAC3C,SAAS,KAAK,CAAC,QAAQ,EAAE;QACzB,SAAS,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,EAAE;QAC5C,WAAW,MAAM,EAAE;KACpB,CAAC;IAEF,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QACjB,KAAK,CAAC,IAAI,CAAC,SAAS,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IACtC,CAAC;IAED,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;QACrB,KAAK,CAAC,IAAI,CAAC,aAAa,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC;IAC9C,CAAC;IAED,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QACnB,KAAK,CAAC,IAAI,CAAC,aAAa,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC5C,CAAC;IAED,IAAI,QAAQ,EAAE,CAAC;QACb,KAAK,CAAC,IAAI,CAAC,YAAY,QAAQ,EAAE,CAAC,CAAC;IACrC,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,aAAa,CAAC,OAAe;IACpC,IAAI,OAAO,OAAO,KAAK,WAAW,IAAI,OAAO,OAAO,CAAC,MAAM,EAAE,KAAK,KAAK,UAAU,EAAE,CAAC;QAClF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,OAAO,IAAI,CAAC,CAAC;QACrC,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;AACvB,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CACpB,KAAkC,EAClC,OAAe,EACf,OAAiC;IAEjC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,MAAM,QAAQ,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAG,IAAI,SAAS,YAAY,QAAQ,EAAE,CAAC;IAEnD,IAAI,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/C,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAC3C,OAAO,GAAG,MAAM,IAAI,OAAO,IAAI,UAAU,EAAE,CAAC;IAC9C,CAAC;IAED,OAAO,GAAG,MAAM,IAAI,OAAO,EAAE,CAAC;AAChC,CAAC;AAED,MAAM,aAAa;IACY;IAA7B,YAA6B,KAAkC;QAAlC,UAAK,GAAL,KAAK,CAA6B;IAAG,CAAC;IAEnE,KAAK,CAAC,OAAe,EAAE,OAAiC;QACtD,IAAI,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACnC,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IAED,IAAI,CAAC,OAAe,EAAE,OAAiC;QACrD,IAAI,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAClC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED,IAAI,CAAC,OAAe,EAAE,OAAiC;QACrD,IAAI,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAClC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAe,EAAE,OAAiC,EAAE,KAAa;QACrE,IAAI,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACnC,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;YACxD,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;IACH,CAAC;CACF;AAED,MAAM,OAAO,YAAY;IACM;IAA7B,YAA6B,OAAsB,SAAS;QAA/B,SAAI,GAAJ,IAAI,CAA2B;IAAG,CAAC;IAEhE,KAAK,KAAU,CAAC;IAEhB,IAAI,KAAU,CAAC;IAEf,IAAI,CAAC,OAAe,EAAE,OAAiC;QACrD,aAAa,CAAC,aAAa,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;IACzD,CAAC;IAED,KAAK,CAAC,OAAe,EAAE,OAAiC,EAAE,KAAa;QACrE,aAAa,CAAC,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;QACxD,IAAI,KAAK,EAAE,CAAC;YACV,aAAa,CAAC,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,cAAc,CAAC,KAA0B;QACvC,aAAa,CACX,IAAI,CAAC,IAAI,KAAK,SAAS;YACrB,CAAC,CAAC,qBAAqB,CAAC,KAAK,CAAC;YAC9B,CAAC,CAAC,qBAAqB,CAAC,KAAK,CAAC,CACjC,CAAC;IACJ,CAAC;CACF;AAED,MAAM,UAAU,sBAAsB,CAAC,MAAc;IACnD,OAAO,OAAQ,MAA+B,CAAC,cAAc,KAAK,UAAU,CAAC;AAC/E,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,YAAY,CAAC,KAAe,EAAE,aAA4B,SAAS;IACjF,IAAI,KAAK,KAAK,QAAQ,EAAE,CAAC;QACvB,OAAO,IAAI,YAAY,CAAC,UAAU,CAAC,CAAC;IACtC,CAAC;IAED,OAAO,IAAI,aAAa,CAAC,KAAK,CAAC,CAAC;AAClC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,YAAY,GAAW;IAClC,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC;IACf,IAAI,EAAE,GAAG,EAAE,GAAE,CAAC;IACd,IAAI,EAAE,GAAG,EAAE,GAAE,CAAC;IACd,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC;CAChB,CAAC;AAEF;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAAkB,OAAO;IAK1D,MAAM,OAAO,GAAe,EAAE,CAAC;IAE/B,MAAM,QAAQ,GAAG,CACf,YAAyC,EACzC,OAAe,EACf,OAAiC,EACjC,KAAa,EACP,EAAE;QACR,IAAI,SAAS,CAAC,YAAY,EAAE,KAAK,CAAC,EAAE,CAAC;YACnC,OAAO,CAAC,IAAI,CAAC;gBACX,KAAK,EAAE,YAAY;gBACnB,OAAO;gBACP,SAAS,EAAE,IAAI,IAAI,EAAE;gBACrB,OAAO;gBACP,KAAK;aACN,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC;IAEF,OAAO;QACL,OAAO;QACP,KAAK,EAAE,GAAG,EAAE;YACV,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC;QACrB,CAAC;QACD,MAAM,EAAE;YACN,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC;YAChE,IAAI,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC;YAC9D,IAAI,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC;YAC9D,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,CACjC,QAAQ,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC;SAC7C;KACF,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,iBAAiB,CAC/B,MAAc,EACd,cAAuC;IAEvC,MAAM,YAAY,GAAG,CACnB,OAAiC,EACR,EAAE;QAC3B,OAAO,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;IAC3C,CAAC,CAAC;IAEF,OAAO;QACL,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;QACzE,IAAI,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;QACvE,IAAI,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;QACvE,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,CACjC,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC,EAAE,KAAK,CAAC;KACtD,CAAC;AACJ,CAAC;AAED,OAAO,EACL,qBAAqB,EACrB,aAAa,EACb,qBAAqB,EACrB,SAAS,GACV,CAAC"}
|
package/package.json
CHANGED
|
@@ -0,0 +1,155 @@
|
|
|
1
|
+
# Starter guardrails inspired by EU AI Act operational themes.
|
|
2
|
+
# Operators must map these to their risk classification, documentation, and human-oversight process.
|
|
3
|
+
version: "1.0"
|
|
4
|
+
name: eu-ai-act-starter-pack
|
|
5
|
+
description: Starter guardrails for human oversight, audit preservation, consequential-action review, and transparency workflows. This pack is not a compliance certification.
|
|
6
|
+
|
|
7
|
+
rules:
|
|
8
|
+
- id: eu-ai-require-human-oversight-high-risk
|
|
9
|
+
name: Require human oversight for high-risk decisions
|
|
10
|
+
description: Require approval before tools finalize high-risk or consequential decisions.
|
|
11
|
+
enabled: true
|
|
12
|
+
severity: critical
|
|
13
|
+
action: require_approval
|
|
14
|
+
tools:
|
|
15
|
+
- update_record
|
|
16
|
+
- write_file
|
|
17
|
+
- execute_command
|
|
18
|
+
- run_shell
|
|
19
|
+
- bash
|
|
20
|
+
- shell
|
|
21
|
+
- deploy
|
|
22
|
+
- publish
|
|
23
|
+
- release
|
|
24
|
+
- send_email
|
|
25
|
+
- http_request
|
|
26
|
+
condition_groups:
|
|
27
|
+
# Tune high-risk categories to your product's risk classification inventory.
|
|
28
|
+
- - field: arguments.risk_level
|
|
29
|
+
operator: matches
|
|
30
|
+
value: '(?i)\b(high|high-risk|consequential)\b'
|
|
31
|
+
- - field: arguments.decision_type
|
|
32
|
+
operator: matches
|
|
33
|
+
value: '(?i)\b(credit|employment|education|housing|healthcare|insurance|law enforcement|migration)\b'
|
|
34
|
+
- - field: arguments.high_risk
|
|
35
|
+
operator: equals
|
|
36
|
+
value: true
|
|
37
|
+
- - field: custom.high_risk_ai_system
|
|
38
|
+
operator: equals
|
|
39
|
+
value: true
|
|
40
|
+
|
|
41
|
+
- id: eu-ai-block-audit-log-deletion
|
|
42
|
+
name: Block audit log deletion
|
|
43
|
+
description: Preserve logs and audit trails needed for review, incident response, and post-market monitoring.
|
|
44
|
+
enabled: true
|
|
45
|
+
severity: critical
|
|
46
|
+
action: block
|
|
47
|
+
tools:
|
|
48
|
+
- delete_file
|
|
49
|
+
- write_file
|
|
50
|
+
- edit_file
|
|
51
|
+
- execute_command
|
|
52
|
+
- run_shell
|
|
53
|
+
- bash
|
|
54
|
+
- shell
|
|
55
|
+
condition_groups:
|
|
56
|
+
- - field: arguments.path
|
|
57
|
+
operator: matches
|
|
58
|
+
value: "(?i)(audit|decision|model|risk|incident)[-_ ]?(log|trail|record)s?"
|
|
59
|
+
- - field: arguments.command
|
|
60
|
+
operator: matches
|
|
61
|
+
value: '(?i)\b(rm|truncate|shred)\b.*\b(audit|decision|model|risk|incident)[-_ ]?(log|trail|record)s?\b'
|
|
62
|
+
|
|
63
|
+
- id: eu-ai-require-approval-autonomous-consequential-action
|
|
64
|
+
name: Require approval for autonomous consequential actions
|
|
65
|
+
description: Require human approval before autonomous actions that affect users, records, access, or production systems.
|
|
66
|
+
enabled: true
|
|
67
|
+
severity: critical
|
|
68
|
+
action: require_approval
|
|
69
|
+
tools:
|
|
70
|
+
- update_record
|
|
71
|
+
- execute_sql
|
|
72
|
+
- run_query
|
|
73
|
+
- query_database
|
|
74
|
+
- deploy
|
|
75
|
+
- publish
|
|
76
|
+
- release
|
|
77
|
+
- push_to_production
|
|
78
|
+
- send_email
|
|
79
|
+
- http_request
|
|
80
|
+
- export_data
|
|
81
|
+
- export_records
|
|
82
|
+
condition_groups:
|
|
83
|
+
- - field: arguments.autonomous
|
|
84
|
+
operator: equals
|
|
85
|
+
value: true
|
|
86
|
+
- field: arguments.consequential
|
|
87
|
+
operator: equals
|
|
88
|
+
value: true
|
|
89
|
+
- - field: custom.autonomous_action
|
|
90
|
+
operator: equals
|
|
91
|
+
value: true
|
|
92
|
+
- field: custom.human_approved
|
|
93
|
+
operator: not_equals
|
|
94
|
+
value: true
|
|
95
|
+
- - field: arguments.impact
|
|
96
|
+
operator: matches
|
|
97
|
+
value: '(?i)\b(eligibility|access|benefit|price|rank|score|account|employment)\b'
|
|
98
|
+
|
|
99
|
+
- id: eu-ai-require-transparency-review-before-notification
|
|
100
|
+
name: Require transparency review before user notification
|
|
101
|
+
description: Require review before sending user-facing notices or finalizing decisions without transparency approval.
|
|
102
|
+
enabled: true
|
|
103
|
+
severity: high
|
|
104
|
+
action: require_approval
|
|
105
|
+
tools:
|
|
106
|
+
- send_email
|
|
107
|
+
- send_message
|
|
108
|
+
- send_notification
|
|
109
|
+
- http_request
|
|
110
|
+
- update_record
|
|
111
|
+
- publish
|
|
112
|
+
condition_groups:
|
|
113
|
+
# Override custom.transparency_reviewed from your app once required notice text is checked.
|
|
114
|
+
- - field: arguments.user_notification
|
|
115
|
+
operator: equals
|
|
116
|
+
value: true
|
|
117
|
+
- field: custom.transparency_reviewed
|
|
118
|
+
operator: not_equals
|
|
119
|
+
value: true
|
|
120
|
+
- - field: arguments.finalize_decision
|
|
121
|
+
operator: equals
|
|
122
|
+
value: true
|
|
123
|
+
- field: custom.transparency_reviewed
|
|
124
|
+
operator: not_equals
|
|
125
|
+
value: true
|
|
126
|
+
- - field: arguments.message
|
|
127
|
+
operator: matches
|
|
128
|
+
value: '(?i)\b(final decision|automated decision|AI-generated decision)\b'
|
|
129
|
+
- field: custom.transparency_reviewed
|
|
130
|
+
operator: not_equals
|
|
131
|
+
value: true
|
|
132
|
+
|
|
133
|
+
output_rules:
|
|
134
|
+
- id: eu-ai-log-high-risk-output
|
|
135
|
+
name: Log high-risk decision outputs
|
|
136
|
+
description: Log outputs that appear to contain final high-risk decisions for audit review.
|
|
137
|
+
enabled: true
|
|
138
|
+
severity: high
|
|
139
|
+
action: log
|
|
140
|
+
output_conditions:
|
|
141
|
+
- field: output
|
|
142
|
+
operator: matches
|
|
143
|
+
value: '(?i)\b(final decision|automated decision|eligibility denied|application rejected|risk score)\b'
|
|
144
|
+
|
|
145
|
+
- id: eu-ai-redact-unsupported-compliance-claims
|
|
146
|
+
name: Redact unsupported compliance claims
|
|
147
|
+
description: Redact generated claims that imply a system is legally compliant without review.
|
|
148
|
+
enabled: true
|
|
149
|
+
severity: medium
|
|
150
|
+
action: redact
|
|
151
|
+
output_conditions:
|
|
152
|
+
- field: output
|
|
153
|
+
operator: matches
|
|
154
|
+
value: '(?i)\b(EU AI Act compliant|guaranteed compliant|certified compliant)\b'
|
|
155
|
+
redact_with: "[REVIEW_REQUIRED]"
|
|
@@ -0,0 +1,154 @@
|
|
|
1
|
+
# Starter guardrails inspired by HIPAA privacy/security themes.
|
|
2
|
+
# Operators must review, tune detectors, and validate workflows with qualified counsel/compliance owners.
|
|
3
|
+
version: "1.0"
|
|
4
|
+
name: hipaa-lite-pack
|
|
5
|
+
description: Starter guardrails for PHI handling, patient-data export review, and medical-record access context. This pack is not a compliance certification.
|
|
6
|
+
|
|
7
|
+
rules:
|
|
8
|
+
- id: hipaa-require-approval-external-phi-transfer
|
|
9
|
+
name: Require approval for external PHI transfer
|
|
10
|
+
description: Require review before patient or PHI-related data is emailed, uploaded, exported, or sent over HTTP.
|
|
11
|
+
enabled: true
|
|
12
|
+
severity: critical
|
|
13
|
+
action: require_approval
|
|
14
|
+
tools:
|
|
15
|
+
- send_email
|
|
16
|
+
- http_request
|
|
17
|
+
- upload_file
|
|
18
|
+
- export_data
|
|
19
|
+
- export_records
|
|
20
|
+
condition_groups:
|
|
21
|
+
# Expand these field names to match your application payloads.
|
|
22
|
+
- - field: arguments.data_type
|
|
23
|
+
operator: matches
|
|
24
|
+
value: '(?i)\b(phi|patient|medical|clinical|health)\b'
|
|
25
|
+
- - field: arguments.dataset
|
|
26
|
+
operator: matches
|
|
27
|
+
value: '(?i)\b(phi|patient|medical|clinical|health)\b'
|
|
28
|
+
- - field: arguments.body
|
|
29
|
+
operator: matches
|
|
30
|
+
value: '(?i)\b(patient|diagnosis|medication|medical record|mrn)\b'
|
|
31
|
+
- - field: arguments.file
|
|
32
|
+
operator: matches
|
|
33
|
+
value: '(?i)\b(patient|medical|clinical|phi)\b'
|
|
34
|
+
|
|
35
|
+
- id: hipaa-block-unapproved-phi-network-send
|
|
36
|
+
name: Block unapproved PHI network sends
|
|
37
|
+
description: Block network transfer of PHI when explicit PHI transfer approval is absent from context.
|
|
38
|
+
enabled: true
|
|
39
|
+
severity: critical
|
|
40
|
+
action: block
|
|
41
|
+
tools:
|
|
42
|
+
- http_request
|
|
43
|
+
- upload_file
|
|
44
|
+
- send_email
|
|
45
|
+
condition_groups:
|
|
46
|
+
- - field: custom.phi_transfer_approved
|
|
47
|
+
operator: not_equals
|
|
48
|
+
value: true
|
|
49
|
+
- field: arguments.contains_phi
|
|
50
|
+
operator: equals
|
|
51
|
+
value: true
|
|
52
|
+
- - field: custom.phi_transfer_approved
|
|
53
|
+
operator: not_equals
|
|
54
|
+
value: true
|
|
55
|
+
- field: arguments.data_classification
|
|
56
|
+
operator: matches
|
|
57
|
+
value: '(?i)\b(phi|patient|medical)\b'
|
|
58
|
+
|
|
59
|
+
- id: hipaa-require-context-for-medical-record-access
|
|
60
|
+
name: Require context for medical record access
|
|
61
|
+
description: Restrict patient record reads and writes unless the caller provides approved PHI access context.
|
|
62
|
+
enabled: true
|
|
63
|
+
severity: high
|
|
64
|
+
action: require_approval
|
|
65
|
+
tools:
|
|
66
|
+
- read_record
|
|
67
|
+
- update_record
|
|
68
|
+
- query_database
|
|
69
|
+
- execute_sql
|
|
70
|
+
- run_query
|
|
71
|
+
condition_groups:
|
|
72
|
+
# Add role, purpose-of-use, and break-glass checks in project overrides.
|
|
73
|
+
- - field: custom.phi_access_approved
|
|
74
|
+
operator: not_equals
|
|
75
|
+
value: true
|
|
76
|
+
- field: arguments.record_type
|
|
77
|
+
operator: matches
|
|
78
|
+
value: '(?i)\b(patient|medical|clinical|encounter|claim)\b'
|
|
79
|
+
- - field: custom.phi_access_approved
|
|
80
|
+
operator: not_equals
|
|
81
|
+
value: true
|
|
82
|
+
- field: arguments.table
|
|
83
|
+
operator: matches
|
|
84
|
+
value: '(?i)\b(patient|medical|clinical|encounter|claim)s?\b'
|
|
85
|
+
- - field: custom.phi_access_approved
|
|
86
|
+
operator: not_equals
|
|
87
|
+
value: true
|
|
88
|
+
- field: arguments.query
|
|
89
|
+
operator: matches
|
|
90
|
+
value: '(?i)\b(patient|medical_record|diagnosis|medication|mrn)\b'
|
|
91
|
+
|
|
92
|
+
- id: hipaa-require-approval-bulk-record-export
|
|
93
|
+
name: Require approval for bulk patient record export
|
|
94
|
+
description: Require human review before exporting large patient or clinical record sets.
|
|
95
|
+
enabled: true
|
|
96
|
+
severity: high
|
|
97
|
+
action: require_approval
|
|
98
|
+
tools:
|
|
99
|
+
- export_data
|
|
100
|
+
- export_records
|
|
101
|
+
- query_database
|
|
102
|
+
- execute_sql
|
|
103
|
+
- run_query
|
|
104
|
+
condition_groups:
|
|
105
|
+
# Tune this threshold to your minimum necessary access policy.
|
|
106
|
+
- - field: arguments.limit
|
|
107
|
+
operator: greater_than
|
|
108
|
+
value: 100
|
|
109
|
+
- field: arguments.dataset
|
|
110
|
+
operator: matches
|
|
111
|
+
value: '(?i)\b(patient|medical|clinical|phi)\b'
|
|
112
|
+
- - field: arguments.limit
|
|
113
|
+
operator: greater_than
|
|
114
|
+
value: 100
|
|
115
|
+
- field: arguments.query
|
|
116
|
+
operator: matches
|
|
117
|
+
value: '(?i)\b(patient|medical_record|diagnosis|medication|mrn)\b'
|
|
118
|
+
|
|
119
|
+
output_rules:
|
|
120
|
+
- id: hipaa-redact-patient-identifiers
|
|
121
|
+
name: Redact patient identifiers
|
|
122
|
+
description: Redact common patient identifiers when they appear in tool output.
|
|
123
|
+
enabled: true
|
|
124
|
+
severity: critical
|
|
125
|
+
action: redact
|
|
126
|
+
output_conditions:
|
|
127
|
+
- field: output
|
|
128
|
+
operator: matches
|
|
129
|
+
value: '(?i)\b(MRN|medical record number|patient id)\b\s*[:#]?\s*[A-Za-z0-9-]{4,}'
|
|
130
|
+
redact_with: "[REDACTED_PATIENT_ID]"
|
|
131
|
+
|
|
132
|
+
- id: hipaa-redact-ssn
|
|
133
|
+
name: Redact SSNs
|
|
134
|
+
description: Redact US Social Security numbers from patient data output.
|
|
135
|
+
enabled: true
|
|
136
|
+
severity: critical
|
|
137
|
+
action: redact
|
|
138
|
+
output_conditions:
|
|
139
|
+
- field: output
|
|
140
|
+
operator: matches
|
|
141
|
+
value: '\b\d{3}-\d{2}-\d{4}\b'
|
|
142
|
+
redact_with: "[REDACTED_SSN]"
|
|
143
|
+
|
|
144
|
+
- id: hipaa-redact-dob
|
|
145
|
+
name: Redact dates of birth
|
|
146
|
+
description: Redact common DOB labels and date values from outputs.
|
|
147
|
+
enabled: true
|
|
148
|
+
severity: high
|
|
149
|
+
action: redact
|
|
150
|
+
output_conditions:
|
|
151
|
+
- field: output
|
|
152
|
+
operator: matches
|
|
153
|
+
value: '(?i)\b(DOB|date of birth)\b\s*[:#]?\s*\d{1,2}[/-]\d{1,2}[/-]\d{2,4}'
|
|
154
|
+
redact_with: "[REDACTED_DOB]"
|
|
@@ -0,0 +1,136 @@
|
|
|
1
|
+
# Starter guardrails inspired by SOC 2 control themes.
|
|
2
|
+
# Operators must review, tune thresholds, and map rules to their own controls.
|
|
3
|
+
version: "1.0"
|
|
4
|
+
name: soc2-lite-pack
|
|
5
|
+
description: Starter guardrails for change management, least-privilege operations, audit integrity, and secret handling. This pack is not a compliance certification.
|
|
6
|
+
|
|
7
|
+
rules:
|
|
8
|
+
- id: soc2-require-approval-destructive-operations
|
|
9
|
+
name: Require approval for destructive operations
|
|
10
|
+
description: Route destructive shell, file, and database operations to human approval before execution.
|
|
11
|
+
enabled: true
|
|
12
|
+
severity: critical
|
|
13
|
+
action: require_approval
|
|
14
|
+
tools:
|
|
15
|
+
- execute_command
|
|
16
|
+
- run_shell
|
|
17
|
+
- bash
|
|
18
|
+
- shell
|
|
19
|
+
- delete_file
|
|
20
|
+
- write_file
|
|
21
|
+
- edit_file
|
|
22
|
+
- query_database
|
|
23
|
+
- execute_sql
|
|
24
|
+
- run_query
|
|
25
|
+
condition_groups:
|
|
26
|
+
# Tune these command/data patterns for your runtime and database dialect.
|
|
27
|
+
- - field: arguments.command
|
|
28
|
+
operator: matches
|
|
29
|
+
value: '(?i)\b(rm\s+-rf|mkfs|shutdown|reboot|terraform\s+destroy|kubectl\s+delete)\b'
|
|
30
|
+
- - field: arguments.path
|
|
31
|
+
operator: matches
|
|
32
|
+
value: "(^|/)(prod|production|backups|audit|logs)(/|$)"
|
|
33
|
+
- - field: arguments.query
|
|
34
|
+
operator: matches
|
|
35
|
+
value: '(?i)\b(drop|truncate|delete\s+from|alter\s+table)\b'
|
|
36
|
+
|
|
37
|
+
- id: soc2-require-approval-production-release
|
|
38
|
+
name: Require approval for production release actions
|
|
39
|
+
description: Require human approval before production deploy, publish, release, or delete operations.
|
|
40
|
+
enabled: true
|
|
41
|
+
severity: critical
|
|
42
|
+
action: require_approval
|
|
43
|
+
tools:
|
|
44
|
+
- deploy
|
|
45
|
+
- publish
|
|
46
|
+
- release
|
|
47
|
+
- push_to_production
|
|
48
|
+
- delete_file
|
|
49
|
+
- execute_command
|
|
50
|
+
- run_shell
|
|
51
|
+
- bash
|
|
52
|
+
- shell
|
|
53
|
+
condition_groups:
|
|
54
|
+
- - field: arguments.environment
|
|
55
|
+
operator: matches
|
|
56
|
+
value: "(?i)^(prod|production)$"
|
|
57
|
+
- - field: arguments.env
|
|
58
|
+
operator: matches
|
|
59
|
+
value: "(?i)^(prod|production)$"
|
|
60
|
+
- - field: arguments.target
|
|
61
|
+
operator: matches
|
|
62
|
+
value: '(?i)\b(prod|production)\b'
|
|
63
|
+
- - field: arguments.command
|
|
64
|
+
operator: matches
|
|
65
|
+
value: '(?i)\b(prod|production)\b.*\b(deploy|release|delete|destroy)\b'
|
|
66
|
+
|
|
67
|
+
- id: soc2-block-audit-log-tampering
|
|
68
|
+
name: Block audit log tampering
|
|
69
|
+
description: Prevent agents from deleting or mutating audit logs and evidence exports.
|
|
70
|
+
enabled: true
|
|
71
|
+
severity: critical
|
|
72
|
+
action: block
|
|
73
|
+
tools:
|
|
74
|
+
- delete_file
|
|
75
|
+
- write_file
|
|
76
|
+
- edit_file
|
|
77
|
+
- execute_command
|
|
78
|
+
- run_shell
|
|
79
|
+
- bash
|
|
80
|
+
- shell
|
|
81
|
+
condition_groups:
|
|
82
|
+
- - field: arguments.path
|
|
83
|
+
operator: matches
|
|
84
|
+
value: "(?i)(audit|evidence|security)[-_]?(log|trail|export)"
|
|
85
|
+
- - field: arguments.command
|
|
86
|
+
operator: matches
|
|
87
|
+
value: '(?i)\b(rm|truncate|shred)\b.*\b(audit|evidence|security)[-_]?(log|trail|export)\b'
|
|
88
|
+
|
|
89
|
+
- id: soc2-require-approval-audit-export
|
|
90
|
+
name: Require approval for audit exports
|
|
91
|
+
description: Require review before exporting audit logs or control evidence outside the system.
|
|
92
|
+
enabled: true
|
|
93
|
+
severity: high
|
|
94
|
+
action: require_approval
|
|
95
|
+
tools:
|
|
96
|
+
- export_data
|
|
97
|
+
- export_records
|
|
98
|
+
- upload_file
|
|
99
|
+
- http_request
|
|
100
|
+
- send_email
|
|
101
|
+
condition_groups:
|
|
102
|
+
# Add your internal-only domains or approved sinks in project-specific overrides.
|
|
103
|
+
- - field: arguments.dataset
|
|
104
|
+
operator: matches
|
|
105
|
+
value: '(?i)\b(audit|evidence|security|access)[-_ ]?(log|trail|export|review)\b'
|
|
106
|
+
- - field: arguments.path
|
|
107
|
+
operator: matches
|
|
108
|
+
value: '(?i)\b(audit|evidence|security)[-_ ]?(log|trail|export)\b'
|
|
109
|
+
- - field: arguments.body
|
|
110
|
+
operator: matches
|
|
111
|
+
value: '(?i)\b(audit|evidence|control|soc\s*2)\b'
|
|
112
|
+
|
|
113
|
+
output_rules:
|
|
114
|
+
- id: soc2-redact-api-keys
|
|
115
|
+
name: Redact API keys and tokens
|
|
116
|
+
description: Redact common credential patterns from tool outputs.
|
|
117
|
+
enabled: true
|
|
118
|
+
severity: critical
|
|
119
|
+
action: redact
|
|
120
|
+
output_conditions:
|
|
121
|
+
- field: output
|
|
122
|
+
operator: matches
|
|
123
|
+
value: '(?i)\b(api[_-]?key|secret|token|password)\b\s*[:=]\s*[A-Za-z0-9_./+=-]{8,}'
|
|
124
|
+
redact_with: "[REDACTED_SECRET]"
|
|
125
|
+
|
|
126
|
+
- id: soc2-redact-private-keys
|
|
127
|
+
name: Redact private key material
|
|
128
|
+
description: Redact PEM private keys from tool outputs.
|
|
129
|
+
enabled: true
|
|
130
|
+
severity: critical
|
|
131
|
+
action: redact
|
|
132
|
+
output_conditions:
|
|
133
|
+
- field: output
|
|
134
|
+
operator: matches
|
|
135
|
+
value: "-----BEGIN [A-Z ]*PRIVATE KEY-----"
|
|
136
|
+
redact_with: "[REDACTED_PRIVATE_KEY]"
|