watchmyagents 1.4.8 → 1.4.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "watchmyagents",
|
|
3
|
-
"version": "1.4.
|
|
3
|
+
"version": "1.4.9",
|
|
4
4
|
"description": "Security observability + real-time policy enforcement for AI agents. Local-first NDJSON capture with a continuous Watch daemon that auto-uploads anonymized signals, Shield CLI that blocks policy violations live (with policies pulled from Fortress cloud), anonymizer producing signals-only payloads, bidirectional sync with WatchMyAgents Fortress, and one-command install as an always-on launchd/systemd service — closing the recursive Watch→Guardian→Shield security loop.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"files": [
|
package/src/openai-agents.js
CHANGED
|
@@ -130,6 +130,7 @@ export function openaiAgents(options = {}) {
|
|
|
130
130
|
apiKey,
|
|
131
131
|
base,
|
|
132
132
|
anthropicAgentId: options.agentId, // scopes get-policies by native agent id
|
|
133
|
+
provider: adapterMeta.provider, // v1.4.9: 'openai-agents' → Fortress scopes by (provider, native_agent_id)
|
|
133
134
|
requireSignedPolicies: options.policies.requireSignedPolicies,
|
|
134
135
|
failMode: options.policies.failMode,
|
|
135
136
|
});
|
|
@@ -83,15 +83,25 @@ function httpsJson(method, url, headers, body, timeoutMs = DEFAULT_TIMEOUT_MS) {
|
|
|
83
83
|
* @param {object} opts
|
|
84
84
|
* @param {string} opts.apiKey - wma_xxx
|
|
85
85
|
* @param {string} opts.base - Fortress base URL (https://x.supabase.co/functions/v1)
|
|
86
|
-
* @param {string} [opts.anthropicAgentId] - optional filter
|
|
86
|
+
* @param {string} [opts.anthropicAgentId] - optional native agent id filter
|
|
87
|
+
* @param {string} [opts.provider] - runtime provider (default 'anthropic-managed')
|
|
87
88
|
* @returns {Promise<{ ok: true, policies: array, signing_keys: array, fetched_at: string }>}
|
|
88
89
|
*/
|
|
89
|
-
|
|
90
|
+
// v1.4.9: pure, testable get-policies URL builder. Always carries `provider`
|
|
91
|
+
// so a provider-aware Fortress can scope by (provider, native_agent_id) — an
|
|
92
|
+
// OpenAI agent id is NOT in the `agent_…` shape. Harmless on the older Fortress
|
|
93
|
+
// that ignores unknown query params.
|
|
94
|
+
export function buildGetPoliciesUrl(base, { anthropicAgentId, provider = 'anthropic-managed' } = {}) {
|
|
90
95
|
let url = fortressEndpoint(base, 'get-policies');
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
96
|
+
const params = [];
|
|
97
|
+
if (anthropicAgentId) params.push(`agent_id=${encodeURIComponent(anthropicAgentId)}`);
|
|
98
|
+
params.push(`provider=${encodeURIComponent(provider)}`);
|
|
99
|
+
url += (url.includes('?') ? '&' : '?') + params.join('&');
|
|
100
|
+
return url;
|
|
101
|
+
}
|
|
102
|
+
|
|
103
|
+
export async function fetchPolicies({ apiKey, base, anthropicAgentId, provider = 'anthropic-managed' }) {
|
|
104
|
+
const url = buildGetPoliciesUrl(base, { anthropicAgentId, provider });
|
|
95
105
|
const { status, body } = await httpsJson('GET', url, {
|
|
96
106
|
authorization: `Bearer ${apiKey}`,
|
|
97
107
|
accept: 'application/json',
|
|
@@ -195,12 +205,16 @@ const ROOT_PUBLIC_KEY = (() => {
|
|
|
195
205
|
})();
|
|
196
206
|
|
|
197
207
|
export class FortressPolicySource {
|
|
198
|
-
constructor({ apiKey, base, anthropicAgentId, refreshIntervalMs = 5 * 60_000, onError, onRefresh, requireSignedPolicies, failMode }) {
|
|
208
|
+
constructor({ apiKey, base, anthropicAgentId, provider = 'anthropic-managed', refreshIntervalMs = 5 * 60_000, onError, onRefresh, requireSignedPolicies, failMode }) {
|
|
199
209
|
if (!apiKey) throw new Error('FortressPolicySource: apiKey required');
|
|
200
210
|
if (!base) throw new Error('FortressPolicySource: base URL required');
|
|
201
211
|
this.apiKey = apiKey;
|
|
202
212
|
this.base = base;
|
|
203
213
|
this.anthropicAgentId = anthropicAgentId;
|
|
214
|
+
// v1.4.9: runtime provider, sent to get-policies so Fortress scopes by
|
|
215
|
+
// (provider, native_agent_id). Defaults to anthropic-managed (the Anthropic
|
|
216
|
+
// shield path doesn't pass it); the OpenAI factory passes 'openai-agents'.
|
|
217
|
+
this.provider = provider;
|
|
204
218
|
this.refreshIntervalMs = refreshIntervalMs;
|
|
205
219
|
this.onError = onError || (() => {});
|
|
206
220
|
this.onRefresh = onRefresh || (() => {});
|
|
@@ -257,6 +271,7 @@ export class FortressPolicySource {
|
|
|
257
271
|
apiKey: this.apiKey,
|
|
258
272
|
base: this.base,
|
|
259
273
|
anthropicAgentId: this.anthropicAgentId,
|
|
274
|
+
provider: this.provider,
|
|
260
275
|
});
|
|
261
276
|
}
|
|
262
277
|
|