yuangs 2.28.0 → 2.30.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +290 -0
- package/dist/agent/contextManager.d.ts +30 -0
- package/dist/agent/contextManager.js +65 -0
- package/dist/agent/contextManager.js.map +1 -0
- package/dist/agent/executor.d.ts +11 -0
- package/dist/agent/executor.js +191 -0
- package/dist/agent/executor.js.map +1 -0
- package/dist/agent/fsm.d.ts +23 -0
- package/dist/agent/fsm.js +95 -0
- package/dist/agent/fsm.js.map +1 -0
- package/dist/agent/governance.d.ts +10 -0
- package/dist/agent/governance.js +154 -0
- package/dist/agent/governance.js.map +1 -0
- package/dist/agent/index.d.ts +9 -0
- package/dist/agent/index.js +16 -1
- package/dist/agent/index.js.map +1 -1
- package/dist/agent/llmAdapter.d.ts +6 -0
- package/dist/agent/llmAdapter.js +88 -0
- package/dist/agent/llmAdapter.js.map +1 -0
- package/dist/agent/loop.d.ts +21 -0
- package/dist/agent/loop.js +214 -0
- package/dist/agent/loop.js.map +1 -0
- package/dist/agent/policy/engine.d.ts +14 -0
- package/dist/agent/policy/engine.js +76 -0
- package/dist/agent/policy/engine.js.map +1 -0
- package/dist/agent/policy/index.d.ts +3 -0
- package/dist/agent/policy/index.js +20 -0
- package/dist/agent/policy/index.js.map +1 -0
- package/dist/agent/policy/policies/noDangerousShell.d.ts +7 -0
- package/dist/agent/policy/policies/noDangerousShell.js +45 -0
- package/dist/agent/policy/policies/noDangerousShell.js.map +1 -0
- package/dist/agent/policy/types.d.ts +23 -0
- package/dist/agent/policy/types.js +3 -0
- package/dist/agent/policy/types.js.map +1 -0
- package/dist/agent/replay/events.d.ts +21 -0
- package/dist/agent/replay/events.js +3 -0
- package/dist/agent/replay/events.js.map +1 -0
- package/dist/agent/replay/index.d.ts +3 -0
- package/dist/agent/replay/index.js +20 -0
- package/dist/agent/replay/index.js.map +1 -0
- package/dist/agent/replay/recorder.d.ts +11 -0
- package/dist/agent/replay/recorder.js +51 -0
- package/dist/agent/replay/recorder.js.map +1 -0
- package/dist/agent/replay/replayer.d.ts +21 -0
- package/dist/agent/replay/replayer.js +65 -0
- package/dist/agent/replay/replayer.js.map +1 -0
- package/dist/agent/selectModel.js +4 -11
- package/dist/agent/selectModel.js.map +1 -1
- package/dist/agent/skills.d.ts +5 -0
- package/dist/agent/skills.js +7 -3
- package/dist/agent/skills.js.map +1 -1
- package/dist/agent/state.d.ts +99 -0
- package/dist/agent/state.js +3 -0
- package/dist/agent/state.js.map +1 -0
- package/dist/api/index.d.ts +1 -0
- package/dist/api/index.js +18 -0
- package/dist/api/index.js.map +1 -0
- package/dist/api/registryAPI.d.ts +22 -0
- package/dist/api/registryAPI.js +66 -0
- package/dist/api/registryAPI.js.map +1 -0
- package/dist/audit/index.d.ts +1 -0
- package/dist/audit/index.js +18 -0
- package/dist/audit/index.js.map +1 -0
- package/dist/audit/timeline.d.ts +75 -0
- package/dist/audit/timeline.js +254 -0
- package/dist/audit/timeline.js.map +1 -0
- package/dist/cli.js +10 -1
- package/dist/cli.js.map +1 -1
- package/dist/commands/explainCommands.d.ts +2 -0
- package/dist/commands/explainCommands.js +36 -0
- package/dist/commands/explainCommands.js.map +1 -0
- package/dist/commands/registryCommands.d.ts +2 -0
- package/dist/commands/registryCommands.js +243 -0
- package/dist/commands/registryCommands.js.map +1 -0
- package/dist/commands/replayCommands.d.ts +2 -0
- package/dist/commands/replayCommands.js +75 -0
- package/dist/commands/replayCommands.js.map +1 -0
- package/dist/commands/skillsCommands.d.ts +2 -0
- package/dist/commands/skillsCommands.js +114 -0
- package/dist/commands/skillsCommands.js.map +1 -0
- package/dist/core/executionRecord.d.ts +8 -0
- package/dist/core/executionRecord.js +2 -0
- package/dist/core/executionRecord.js.map +1 -1
- package/dist/core/explain.d.ts +8 -0
- package/dist/core/explain.js +84 -0
- package/dist/core/explain.js.map +1 -0
- package/dist/core/replayDiff.d.ts +55 -0
- package/dist/core/replayDiff.js +205 -0
- package/dist/core/replayDiff.js.map +1 -0
- package/dist/core/replayEngine.d.ts +3 -0
- package/dist/core/replayEngine.js +23 -1
- package/dist/core/replayEngine.js.map +1 -1
- package/dist/core/validation.d.ts +1 -1
- package/dist/core/validation.js +1 -1
- package/dist/core/validation.js.map +1 -1
- package/dist/registry/errors.d.ts +21 -0
- package/dist/registry/errors.js +35 -0
- package/dist/registry/errors.js.map +1 -0
- package/dist/registry/index.d.ts +3 -0
- package/dist/registry/index.js +20 -0
- package/dist/registry/index.js.map +1 -0
- package/dist/registry/manifest.d.ts +43 -0
- package/dist/registry/manifest.js +32 -0
- package/dist/registry/manifest.js.map +1 -0
- package/dist/registry/registry.d.ts +20 -0
- package/dist/registry/registry.js +201 -0
- package/dist/registry/registry.js.map +1 -0
- package/dist/risk/explainer.d.ts +39 -0
- package/dist/risk/explainer.js +214 -0
- package/dist/risk/explainer.js.map +1 -0
- package/dist/risk/index.d.ts +1 -0
- package/dist/risk/index.js +18 -0
- package/dist/risk/index.js.map +1 -0
- package/package.json +1 -1
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
export type Capability = 'read:workspace' | 'write:workspace' | 'run:shell' | 'read:config' | 'write:config' | 'network:http' | 'secret:use' | 'secret:read' | string;
|
|
2
|
+
export type MacroState = 'draft' | 'approved' | 'deprecated';
|
|
3
|
+
export interface MacroDependency {
|
|
4
|
+
macro: string;
|
|
5
|
+
version: string;
|
|
6
|
+
mode: 'inline' | 'isolated';
|
|
7
|
+
}
|
|
8
|
+
export interface MacroManifest {
|
|
9
|
+
id: string;
|
|
10
|
+
version: string;
|
|
11
|
+
description: string;
|
|
12
|
+
author: string;
|
|
13
|
+
createdAt: number;
|
|
14
|
+
updatedAt?: number;
|
|
15
|
+
requires: Capability[];
|
|
16
|
+
inputs?: Record<string, any>;
|
|
17
|
+
checksum: string;
|
|
18
|
+
state: MacroState;
|
|
19
|
+
dependsOn?: MacroDependency[];
|
|
20
|
+
tags?: string[];
|
|
21
|
+
previousChecksum?: string;
|
|
22
|
+
}
|
|
23
|
+
export interface MacroPublishOptions {
|
|
24
|
+
autoApprove?: boolean;
|
|
25
|
+
skipCapabilityCheck?: boolean;
|
|
26
|
+
}
|
|
27
|
+
export interface MacroDiffResult {
|
|
28
|
+
hasChanges: boolean;
|
|
29
|
+
capabilityDiff: {
|
|
30
|
+
added: Capability[];
|
|
31
|
+
removed: Capability[];
|
|
32
|
+
unchanged: Capability[];
|
|
33
|
+
};
|
|
34
|
+
requiresApproval: boolean;
|
|
35
|
+
reason?: string;
|
|
36
|
+
}
|
|
37
|
+
export interface MacroRegistryConfig {
|
|
38
|
+
storagePath: string;
|
|
39
|
+
autoApproveSafe: boolean;
|
|
40
|
+
maxRiskLevel: 'low' | 'medium' | 'high';
|
|
41
|
+
}
|
|
42
|
+
export declare function calculateChecksum(manifest: Omit<MacroManifest, 'checksum'>): string;
|
|
43
|
+
export declare function validateManifest(manifest: any): manifest is MacroManifest;
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.calculateChecksum = calculateChecksum;
|
|
4
|
+
exports.validateManifest = validateManifest;
|
|
5
|
+
const crypto_1 = require("crypto");
|
|
6
|
+
function calculateChecksum(manifest) {
|
|
7
|
+
const data = JSON.stringify({
|
|
8
|
+
id: manifest.id,
|
|
9
|
+
version: manifest.version,
|
|
10
|
+
requires: manifest.requires.sort(),
|
|
11
|
+
dependsOn: manifest.dependsOn
|
|
12
|
+
});
|
|
13
|
+
return (0, crypto_1.createHash)('sha256').update(data).digest('hex');
|
|
14
|
+
}
|
|
15
|
+
function validateManifest(manifest) {
|
|
16
|
+
if (!manifest.id || typeof manifest.id !== 'string')
|
|
17
|
+
return false;
|
|
18
|
+
if (!manifest.version || typeof manifest.version !== 'string')
|
|
19
|
+
return false;
|
|
20
|
+
if (!manifest.state || !['draft', 'approved', 'deprecated'].includes(manifest.state))
|
|
21
|
+
return false;
|
|
22
|
+
if (!Array.isArray(manifest.requires))
|
|
23
|
+
return false;
|
|
24
|
+
if (!manifest.checksum || typeof manifest.checksum !== 'string')
|
|
25
|
+
return false;
|
|
26
|
+
if (!manifest.author || typeof manifest.author !== 'string')
|
|
27
|
+
return false;
|
|
28
|
+
if (!manifest.createdAt || typeof manifest.createdAt !== 'number')
|
|
29
|
+
return false;
|
|
30
|
+
return true;
|
|
31
|
+
}
|
|
32
|
+
//# sourceMappingURL=manifest.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"manifest.js","sourceRoot":"","sources":["../../src/registry/manifest.ts"],"names":[],"mappings":";;AAgEA,8CAQC;AAED,4CAUC;AAnFD,mCAAoC;AA+DpC,SAAgB,iBAAiB,CAAC,QAAyC;IACzE,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;QAC1B,EAAE,EAAE,QAAQ,CAAC,EAAE;QACf,OAAO,EAAE,QAAQ,CAAC,OAAO;QACzB,QAAQ,EAAE,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE;QAClC,SAAS,EAAE,QAAQ,CAAC,SAAS;KAC9B,CAAC,CAAC;IACH,OAAO,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACzD,CAAC;AAED,SAAgB,gBAAgB,CAAC,QAAa;IAC5C,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,OAAO,QAAQ,CAAC,EAAE,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAClE,IAAI,CAAC,QAAQ,CAAC,OAAO,IAAI,OAAO,QAAQ,CAAC,OAAO,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC5E,IAAI,CAAC,QAAQ,CAAC,KAAK,IAAI,CAAC,CAAC,OAAO,EAAE,UAAU,EAAE,YAAY,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACnG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAC;IACpD,IAAI,CAAC,QAAQ,CAAC,QAAQ,IAAI,OAAO,QAAQ,CAAC,QAAQ,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC9E,IAAI,CAAC,QAAQ,CAAC,MAAM,IAAI,OAAO,QAAQ,CAAC,MAAM,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC1E,IAAI,CAAC,QAAQ,CAAC,SAAS,IAAI,OAAO,QAAQ,CAAC,SAAS,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAEhF,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
import type { MacroManifest, MacroState, MacroPublishOptions, MacroDiffResult, MacroRegistryConfig } from './manifest';
|
|
2
|
+
export declare class MacroRegistry {
|
|
3
|
+
private config;
|
|
4
|
+
private manifests;
|
|
5
|
+
constructor(config?: Partial<MacroRegistryConfig>);
|
|
6
|
+
initialize(): Promise<void>;
|
|
7
|
+
publish(manifest: Omit<MacroManifest, 'checksum'>, options?: MacroPublishOptions): Promise<MacroManifest>;
|
|
8
|
+
get(macroId: string, version?: string): Promise<MacroManifest | null>;
|
|
9
|
+
list(filters?: {
|
|
10
|
+
state?: MacroState;
|
|
11
|
+
author?: string;
|
|
12
|
+
tags?: string[];
|
|
13
|
+
}): Promise<MacroManifest[]>;
|
|
14
|
+
approve(macroId: string, version: string, approvedBy: string): Promise<MacroManifest>;
|
|
15
|
+
deprecate(macroId: string, version?: string): Promise<MacroManifest>;
|
|
16
|
+
compareCapabilities(oldManifest: MacroManifest, newManifest: MacroManifest): MacroDiffResult;
|
|
17
|
+
getVersions(macroId: string): Promise<MacroManifest[]>;
|
|
18
|
+
private loadFromDisk;
|
|
19
|
+
private saveToDisk;
|
|
20
|
+
}
|
|
@@ -0,0 +1,201 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.MacroRegistry = void 0;
|
|
7
|
+
const promises_1 = __importDefault(require("fs/promises"));
|
|
8
|
+
const path_1 = __importDefault(require("path"));
|
|
9
|
+
const manifest_1 = require("./manifest");
|
|
10
|
+
const errors_1 = require("./errors");
|
|
11
|
+
class MacroRegistry {
|
|
12
|
+
config;
|
|
13
|
+
manifests = new Map();
|
|
14
|
+
constructor(config = {}) {
|
|
15
|
+
this.config = {
|
|
16
|
+
storagePath: config.storagePath || path_1.default.join(process.cwd(), '.yuangs_registry'),
|
|
17
|
+
autoApproveSafe: config.autoApproveSafe ?? false,
|
|
18
|
+
maxRiskLevel: config.maxRiskLevel || 'medium'
|
|
19
|
+
};
|
|
20
|
+
}
|
|
21
|
+
async initialize() {
|
|
22
|
+
try {
|
|
23
|
+
await promises_1.default.mkdir(this.config.storagePath, { recursive: true });
|
|
24
|
+
await this.loadFromDisk();
|
|
25
|
+
}
|
|
26
|
+
catch (error) {
|
|
27
|
+
throw new errors_1.RegistryError(errors_1.RegistryErrorCode.INIT_FAILED, `Failed to initialize registry: ${error}`);
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
async publish(manifest, options = {}) {
|
|
31
|
+
const { autoApprove = this.config.autoApproveSafe, skipCapabilityCheck = false } = options;
|
|
32
|
+
const newManifest = {
|
|
33
|
+
...manifest,
|
|
34
|
+
createdAt: manifest.createdAt || Date.now(),
|
|
35
|
+
state: manifest.state || 'draft',
|
|
36
|
+
checksum: (0, manifest_1.calculateChecksum)(manifest)
|
|
37
|
+
};
|
|
38
|
+
if (!(0, manifest_1.validateManifest)(newManifest)) {
|
|
39
|
+
throw new errors_1.RegistryError(errors_1.RegistryErrorCode.INVALID_MANIFEST, 'Invalid manifest structure');
|
|
40
|
+
}
|
|
41
|
+
const existingVersions = this.manifests.get(manifest.id) || [];
|
|
42
|
+
const existing = existingVersions.find(v => v.version === manifest.version);
|
|
43
|
+
if (existing) {
|
|
44
|
+
if (existing.checksum !== newManifest.checksum) {
|
|
45
|
+
throw new errors_1.RegistryError(errors_1.RegistryErrorCode.CHECKSUM_MISMATCH, `Version ${manifest.version} already exists with different checksum`);
|
|
46
|
+
}
|
|
47
|
+
return existing;
|
|
48
|
+
}
|
|
49
|
+
if (existingVersions.length > 0) {
|
|
50
|
+
const diff = this.compareCapabilities(existingVersions[existingVersions.length - 1], newManifest);
|
|
51
|
+
if (!skipCapabilityCheck && diff.requiresApproval) {
|
|
52
|
+
newManifest.state = 'draft';
|
|
53
|
+
newManifest.previousChecksum = existingVersions[existingVersions.length - 1].checksum;
|
|
54
|
+
}
|
|
55
|
+
else if (autoApprove) {
|
|
56
|
+
newManifest.state = 'approved';
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
else if (autoApprove) {
|
|
60
|
+
newManifest.state = 'approved';
|
|
61
|
+
}
|
|
62
|
+
existingVersions.push(newManifest);
|
|
63
|
+
this.manifests.set(manifest.id, existingVersions);
|
|
64
|
+
await this.saveToDisk();
|
|
65
|
+
return newManifest;
|
|
66
|
+
}
|
|
67
|
+
async get(macroId, version) {
|
|
68
|
+
const versions = this.manifests.get(macroId);
|
|
69
|
+
if (!versions || versions.length === 0) {
|
|
70
|
+
return null;
|
|
71
|
+
}
|
|
72
|
+
if (version) {
|
|
73
|
+
return versions.find(v => v.version === version) || null;
|
|
74
|
+
}
|
|
75
|
+
return versions[versions.length - 1];
|
|
76
|
+
}
|
|
77
|
+
async list(filters) {
|
|
78
|
+
let results = [];
|
|
79
|
+
for (const versions of this.manifests.values()) {
|
|
80
|
+
const latest = versions[versions.length - 1];
|
|
81
|
+
results.push(latest);
|
|
82
|
+
}
|
|
83
|
+
if (filters) {
|
|
84
|
+
results = results.filter(m => {
|
|
85
|
+
if (filters.state && m.state !== filters.state)
|
|
86
|
+
return false;
|
|
87
|
+
if (filters.author && m.author !== filters.author)
|
|
88
|
+
return false;
|
|
89
|
+
if (filters.tags && filters.tags.length > 0) {
|
|
90
|
+
const hasAllTags = filters.tags.every(tag => m.tags?.includes(tag));
|
|
91
|
+
if (!hasAllTags)
|
|
92
|
+
return false;
|
|
93
|
+
}
|
|
94
|
+
return true;
|
|
95
|
+
});
|
|
96
|
+
}
|
|
97
|
+
return results.sort((a, b) => b.createdAt - a.createdAt);
|
|
98
|
+
}
|
|
99
|
+
async approve(macroId, version, approvedBy) {
|
|
100
|
+
const versions = this.manifests.get(macroId);
|
|
101
|
+
if (!versions) {
|
|
102
|
+
throw new errors_1.RegistryError(errors_1.RegistryErrorCode.NOT_FOUND, `Macro ${macroId} not found`);
|
|
103
|
+
}
|
|
104
|
+
const manifest = versions.find(v => v.version === version);
|
|
105
|
+
if (!manifest) {
|
|
106
|
+
throw new errors_1.RegistryError(errors_1.RegistryErrorCode.NOT_FOUND, `Version ${version} of macro ${macroId} not found`);
|
|
107
|
+
}
|
|
108
|
+
if (manifest.state !== 'draft') {
|
|
109
|
+
throw new errors_1.RegistryError(errors_1.RegistryErrorCode.INVALID_STATE, `Macro ${macroId}@${version} is not in draft state`);
|
|
110
|
+
}
|
|
111
|
+
manifest.state = 'approved';
|
|
112
|
+
manifest.updatedAt = Date.now();
|
|
113
|
+
await this.saveToDisk();
|
|
114
|
+
return manifest;
|
|
115
|
+
}
|
|
116
|
+
async deprecate(macroId, version) {
|
|
117
|
+
const versions = this.manifests.get(macroId);
|
|
118
|
+
if (!versions) {
|
|
119
|
+
throw new errors_1.RegistryError(errors_1.RegistryErrorCode.NOT_FOUND, `Macro ${macroId} not found`);
|
|
120
|
+
}
|
|
121
|
+
if (version) {
|
|
122
|
+
const manifest = versions.find(v => v.version === version);
|
|
123
|
+
if (!manifest) {
|
|
124
|
+
throw new errors_1.RegistryError(errors_1.RegistryErrorCode.NOT_FOUND, `Version ${version} of macro ${macroId} not found`);
|
|
125
|
+
}
|
|
126
|
+
if (manifest.state !== 'approved') {
|
|
127
|
+
throw new errors_1.RegistryError(errors_1.RegistryErrorCode.INVALID_STATE, `Cannot deprecate macro in ${manifest.state} state`);
|
|
128
|
+
}
|
|
129
|
+
manifest.state = 'deprecated';
|
|
130
|
+
manifest.updatedAt = Date.now();
|
|
131
|
+
}
|
|
132
|
+
else {
|
|
133
|
+
for (const manifest of versions) {
|
|
134
|
+
if (manifest.state === 'approved') {
|
|
135
|
+
manifest.state = 'deprecated';
|
|
136
|
+
manifest.updatedAt = Date.now();
|
|
137
|
+
}
|
|
138
|
+
}
|
|
139
|
+
}
|
|
140
|
+
await this.saveToDisk();
|
|
141
|
+
return version ? versions.find(v => v.version === version) : versions[versions.length - 1];
|
|
142
|
+
}
|
|
143
|
+
compareCapabilities(oldManifest, newManifest) {
|
|
144
|
+
const oldSet = new Set(oldManifest.requires);
|
|
145
|
+
const newSet = new Set(newManifest.requires);
|
|
146
|
+
const added = [];
|
|
147
|
+
const removed = [];
|
|
148
|
+
const unchanged = [];
|
|
149
|
+
for (const cap of newManifest.requires) {
|
|
150
|
+
if (!oldSet.has(cap)) {
|
|
151
|
+
added.push(cap);
|
|
152
|
+
}
|
|
153
|
+
else {
|
|
154
|
+
unchanged.push(cap);
|
|
155
|
+
}
|
|
156
|
+
}
|
|
157
|
+
for (const cap of oldManifest.requires) {
|
|
158
|
+
if (!newSet.has(cap)) {
|
|
159
|
+
removed.push(cap);
|
|
160
|
+
}
|
|
161
|
+
}
|
|
162
|
+
const highRiskAdded = added.some(cap => cap.includes('shell') || cap.includes('write') || cap.includes('delete'));
|
|
163
|
+
const hasNewCapabilities = added.length > 0;
|
|
164
|
+
const requiresApproval = highRiskAdded || (hasNewCapabilities && !this.config.autoApproveSafe);
|
|
165
|
+
return {
|
|
166
|
+
hasChanges: added.length > 0 || removed.length > 0,
|
|
167
|
+
capabilityDiff: {
|
|
168
|
+
added,
|
|
169
|
+
removed,
|
|
170
|
+
unchanged
|
|
171
|
+
},
|
|
172
|
+
requiresApproval,
|
|
173
|
+
reason: requiresApproval ? 'New capabilities require approval' : undefined
|
|
174
|
+
};
|
|
175
|
+
}
|
|
176
|
+
async getVersions(macroId) {
|
|
177
|
+
return this.manifests.get(macroId) || [];
|
|
178
|
+
}
|
|
179
|
+
async loadFromDisk() {
|
|
180
|
+
try {
|
|
181
|
+
const indexPath = path_1.default.join(this.config.storagePath, 'index.json');
|
|
182
|
+
const data = await promises_1.default.readFile(indexPath, 'utf-8');
|
|
183
|
+
const loaded = JSON.parse(data);
|
|
184
|
+
for (const [id, versions] of Object.entries(loaded)) {
|
|
185
|
+
this.manifests.set(id, versions);
|
|
186
|
+
}
|
|
187
|
+
}
|
|
188
|
+
catch (error) {
|
|
189
|
+
if (error.code !== 'ENOENT') {
|
|
190
|
+
console.warn(`Warning: Failed to load registry from disk: ${error}`);
|
|
191
|
+
}
|
|
192
|
+
}
|
|
193
|
+
}
|
|
194
|
+
async saveToDisk() {
|
|
195
|
+
const indexPath = path_1.default.join(this.config.storagePath, 'index.json');
|
|
196
|
+
const data = Object.fromEntries(this.manifests);
|
|
197
|
+
await promises_1.default.writeFile(indexPath, JSON.stringify(data, null, 2), 'utf-8');
|
|
198
|
+
}
|
|
199
|
+
}
|
|
200
|
+
exports.MacroRegistry = MacroRegistry;
|
|
201
|
+
//# sourceMappingURL=registry.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"registry.js","sourceRoot":"","sources":["../../src/registry/registry.ts"],"names":[],"mappings":";;;;;;AAAA,2DAA6B;AAC7B,gDAAwB;AASxB,yCAAiE;AACjE,qCAA4D;AAE5D,MAAa,aAAa;IAChB,MAAM,CAAsB;IAC5B,SAAS,GAAiC,IAAI,GAAG,EAAE,CAAC;IAE5D,YAAY,SAAuC,EAAE;QACnD,IAAI,CAAC,MAAM,GAAG;YACZ,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,cAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,kBAAkB,CAAC;YAC/E,eAAe,EAAE,MAAM,CAAC,eAAe,IAAI,KAAK;YAChD,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,QAAQ;SAC9C,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU;QACd,IAAI,CAAC;YACH,MAAM,kBAAE,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC7D,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAC5B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,sBAAa,CACrB,0BAAiB,CAAC,WAAW,EAC7B,kCAAkC,KAAK,EAAE,CAC1C,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO,CACX,QAAyC,EACzC,UAA+B,EAAE;QAEjC,MAAM,EAAE,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,mBAAmB,GAAG,KAAK,EAAE,GAAG,OAAO,CAAC;QAE3F,MAAM,WAAW,GAAkB;YACjC,GAAG,QAAQ;YACX,SAAS,EAAE,QAAQ,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE;YAC3C,KAAK,EAAE,QAAQ,CAAC,KAAK,IAAI,OAAO;YAChC,QAAQ,EAAE,IAAA,4BAAiB,EAAC,QAAQ,CAAC;SACtC,CAAC;QAEF,IAAI,CAAC,IAAA,2BAAgB,EAAC,WAAW,CAAC,EAAE,CAAC;YACnC,MAAM,IAAI,sBAAa,CACrB,0BAAiB,CAAC,gBAAgB,EAClC,4BAA4B,CAC7B,CAAC;QACJ,CAAC;QAED,MAAM,gBAAgB,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;QAC/D,MAAM,QAAQ,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,QAAQ,CAAC,OAAO,CAAC,CAAC;QAE5E,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,QAAQ,CAAC,QAAQ,KAAK,WAAW,CAAC,QAAQ,EAAE,CAAC;gBAC/C,MAAM,IAAI,sBAAa,CACrB,0BAAiB,CAAC,iBAAiB,EACnC,WAAW,QAAQ,CAAC,OAAO,yCAAyC,CACrE,CAAC;YACJ,CAAC;YACD,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,GAAG,IAAI,CAAC,mBAAmB,CAAC,gBAAgB,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC;YAElG,IAAI,CAAC,mBAAmB,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBAClD,WAAW,CAAC,KAAK,GAAG,OAAO,CAAC;gBAC5B,WAAW,CAAC,gBAAgB,GAAG,gBAAgB,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC;YACxF,CAAC;iBAAM,IAAI,WAAW,EAAE,CAAC;gBACvB,WAAW,CAAC,KAAK,GAAG,UAAU,CAAC;YACjC,CAAC;QACH,CAAC;aAAM,IAAI,WAAW,EAAE,CAAC;YACvB,WAAW,CAAC,KAAK,GAAG,UAAU,CAAC;QACjC,CAAC;QAED,gBAAgB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACnC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,EAAE,gBAAgB,CAAC,CAAC;QAElD,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAExB,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,OAAe,EAAE,OAAgB;QACzC,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,OAAO,CAAC,IAAI,IAAI,CAAC;QAC3D,CAAC;QAED,OAAO,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,OAIV;QACC,IAAI,OAAO,GAAoB,EAAE,CAAC;QAElC,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,CAAC;YAC/C,MAAM,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YAC7C,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvB,CAAC;QAED,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;gBAC3B,IAAI,OAAO,CAAC,KAAK,IAAI,CAAC,CAAC,KAAK,KAAK,OAAO,CAAC,KAAK;oBAAE,OAAO,KAAK,CAAC;gBAC7D,IAAI,OAAO,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,KAAK,OAAO,CAAC,MAAM;oBAAE,OAAO,KAAK,CAAC;gBAChE,IAAI,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC5C,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;oBACpE,IAAI,CAAC,UAAU;wBAAE,OAAO,KAAK,CAAC;gBAChC,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC,CAAC,CAAC;QACL,CAAC;QAED,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC;IAC3D,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,OAAe,EAAE,OAAe,EAAE,UAAkB;QAChE,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,sBAAa,CACrB,0BAAiB,CAAC,SAAS,EAC3B,SAAS,OAAO,YAAY,CAC7B,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,OAAO,CAAC,CAAC;QAC3D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,sBAAa,CACrB,0BAAiB,CAAC,SAAS,EAC3B,WAAW,OAAO,aAAa,OAAO,YAAY,CACnD,CAAC;QACJ,CAAC;QAED,IAAI,QAAQ,CAAC,KAAK,KAAK,OAAO,EAAE,CAAC;YAC/B,MAAM,IAAI,sBAAa,CACrB,0BAAiB,CAAC,aAAa,EAC/B,SAAS,OAAO,IAAI,OAAO,wBAAwB,CACpD,CAAC;QACJ,CAAC;QAED,QAAQ,CAAC,KAAK,GAAG,UAAU,CAAC;QAC5B,QAAQ,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEhC,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAExB,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,OAAe,EAAE,OAAgB;QAC/C,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,sBAAa,CACrB,0BAAiB,CAAC,SAAS,EAC3B,SAAS,OAAO,YAAY,CAC7B,CAAC;QACJ,CAAC;QAED,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,OAAO,CAAC,CAAC;YAC3D,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,IAAI,sBAAa,CACrB,0BAAiB,CAAC,SAAS,EAC3B,WAAW,OAAO,aAAa,OAAO,YAAY,CACnD,CAAC;YACJ,CAAC;YAED,IAAI,QAAQ,CAAC,KAAK,KAAK,UAAU,EAAE,CAAC;gBAClC,MAAM,IAAI,sBAAa,CACrB,0BAAiB,CAAC,aAAa,EAC/B,6BAA6B,QAAQ,CAAC,KAAK,QAAQ,CACpD,CAAC;YACJ,CAAC;YAED,QAAQ,CAAC,KAAK,GAAG,YAAY,CAAC;YAC9B,QAAQ,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAClC,CAAC;aAAM,CAAC;YACN,KAAK,MAAM,QAAQ,IAAI,QAAQ,EAAE,CAAC;gBAChC,IAAI,QAAQ,CAAC,KAAK,KAAK,UAAU,EAAE,CAAC;oBAClC,QAAQ,CAAC,KAAK,GAAG,YAAY,CAAC;oBAC9B,QAAQ,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;gBAClC,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAExB,OAAO,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,OAAO,CAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC9F,CAAC;IAED,mBAAmB,CACjB,WAA0B,EAC1B,WAA0B;QAE1B,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAC7C,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAE7C,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAa,EAAE,CAAC;QAC7B,MAAM,SAAS,GAAa,EAAE,CAAC;QAE/B,KAAK,MAAM,GAAG,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;YACvC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBACrB,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAClB,CAAC;iBAAM,CAAC;gBACN,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACtB,CAAC;QACH,CAAC;QAED,KAAK,MAAM,GAAG,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;YACvC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBACrB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACpB,CAAC;QACH,CAAC;QAED,MAAM,aAAa,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;QAClH,MAAM,kBAAkB,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC;QAC5C,MAAM,gBAAgB,GAAG,aAAa,IAAI,CAAC,kBAAkB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QAE/F,OAAO;YACL,UAAU,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;YAClD,cAAc,EAAE;gBACd,KAAK;gBACL,OAAO;gBACP,SAAS;aACV;YACD,gBAAgB;YAChB,MAAM,EAAE,gBAAgB,CAAC,CAAC,CAAC,mCAAmC,CAAC,CAAC,CAAC,SAAS;SAC3E,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAe;QAC/B,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;IAC3C,CAAC;IAEO,KAAK,CAAC,YAAY;QACxB,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,cAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;YACnE,MAAM,IAAI,GAAG,MAAM,kBAAE,CAAC,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YACnD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAoC,CAAC;YAEnE,KAAK,MAAM,CAAC,EAAE,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBACpD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;YACnC,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAK,KAA+B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACvD,OAAO,CAAC,IAAI,CAAC,+CAA+C,KAAK,EAAE,CAAC,CAAC;YACvE,CAAC;QACH,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,UAAU;QACtB,MAAM,SAAS,GAAG,cAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;QACnE,MAAM,IAAI,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAChD,MAAM,kBAAE,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IACxE,CAAC;CACF;AAjQD,sCAiQC"}
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
import type { Capability, MacroManifest } from '../registry/manifest';
|
|
2
|
+
export type RiskLevel = 'low' | 'medium' | 'high';
|
|
3
|
+
export interface RiskAssessment {
|
|
4
|
+
overallRisk: RiskLevel;
|
|
5
|
+
score: number;
|
|
6
|
+
factors: RiskFactor[];
|
|
7
|
+
requiresApproval: boolean;
|
|
8
|
+
explanation: string;
|
|
9
|
+
}
|
|
10
|
+
export interface RiskFactor {
|
|
11
|
+
type: 'capability' | 'destructive' | 'dependency' | 'network' | 'secret';
|
|
12
|
+
severity: RiskLevel;
|
|
13
|
+
description: string;
|
|
14
|
+
capability?: string;
|
|
15
|
+
suggestion?: string;
|
|
16
|
+
}
|
|
17
|
+
export interface CapabilityNode {
|
|
18
|
+
id: Capability;
|
|
19
|
+
risk: RiskLevel;
|
|
20
|
+
description: string;
|
|
21
|
+
implies?: Capability[];
|
|
22
|
+
}
|
|
23
|
+
export interface CapabilityGraph {
|
|
24
|
+
nodes: Map<Capability, CapabilityNode>;
|
|
25
|
+
version: string;
|
|
26
|
+
}
|
|
27
|
+
export declare function createCapabilityGraph(): CapabilityGraph;
|
|
28
|
+
export declare class RiskExplainer {
|
|
29
|
+
private graph;
|
|
30
|
+
private highRiskPatterns;
|
|
31
|
+
constructor(graph?: CapabilityGraph);
|
|
32
|
+
explainRisk(manifest: MacroManifest): RiskAssessment;
|
|
33
|
+
expandCapabilities(capabilities: Capability[]): Capability[];
|
|
34
|
+
explainCapability(capability: Capability): string;
|
|
35
|
+
private assessCapability;
|
|
36
|
+
private calculateOverallRisk;
|
|
37
|
+
private riskToScore;
|
|
38
|
+
private generateExplanation;
|
|
39
|
+
}
|
|
@@ -0,0 +1,214 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.RiskExplainer = void 0;
|
|
4
|
+
exports.createCapabilityGraph = createCapabilityGraph;
|
|
5
|
+
function createCapabilityGraph() {
|
|
6
|
+
const nodes = new Map();
|
|
7
|
+
nodes.set('read:workspace', {
|
|
8
|
+
id: 'read:workspace',
|
|
9
|
+
risk: 'low',
|
|
10
|
+
description: 'Read files from the workspace',
|
|
11
|
+
implies: ['read:config']
|
|
12
|
+
});
|
|
13
|
+
nodes.set('write:workspace', {
|
|
14
|
+
id: 'write:workspace',
|
|
15
|
+
risk: 'high',
|
|
16
|
+
description: 'Write files to the workspace',
|
|
17
|
+
implies: ['read:workspace', 'write:config']
|
|
18
|
+
});
|
|
19
|
+
nodes.set('run:shell', {
|
|
20
|
+
id: 'run:shell',
|
|
21
|
+
risk: 'high',
|
|
22
|
+
description: 'Execute shell commands',
|
|
23
|
+
implies: ['read:workspace', 'write:workspace']
|
|
24
|
+
});
|
|
25
|
+
nodes.set('read:config', {
|
|
26
|
+
id: 'read:config',
|
|
27
|
+
risk: 'low',
|
|
28
|
+
description: 'Read configuration files'
|
|
29
|
+
});
|
|
30
|
+
nodes.set('write:config', {
|
|
31
|
+
id: 'write:config',
|
|
32
|
+
risk: 'medium',
|
|
33
|
+
description: 'Write configuration files'
|
|
34
|
+
});
|
|
35
|
+
nodes.set('network:http', {
|
|
36
|
+
id: 'network:http',
|
|
37
|
+
risk: 'medium',
|
|
38
|
+
description: 'Make HTTP requests'
|
|
39
|
+
});
|
|
40
|
+
nodes.set('secret:use', {
|
|
41
|
+
id: 'secret:use',
|
|
42
|
+
risk: 'high',
|
|
43
|
+
description: 'Access secrets (without reading values)'
|
|
44
|
+
});
|
|
45
|
+
nodes.set('secret:read', {
|
|
46
|
+
id: 'secret:read',
|
|
47
|
+
risk: 'high',
|
|
48
|
+
description: 'Read secret values'
|
|
49
|
+
});
|
|
50
|
+
return {
|
|
51
|
+
nodes,
|
|
52
|
+
version: '1.0.0'
|
|
53
|
+
};
|
|
54
|
+
}
|
|
55
|
+
class RiskExplainer {
|
|
56
|
+
graph;
|
|
57
|
+
highRiskPatterns;
|
|
58
|
+
constructor(graph) {
|
|
59
|
+
this.graph = graph || createCapabilityGraph();
|
|
60
|
+
this.highRiskPatterns = [
|
|
61
|
+
/rm\s+-rf/i,
|
|
62
|
+
/>\s*\/dev\/null/,
|
|
63
|
+
/dd\s+if=/,
|
|
64
|
+
/sudo\s+rm/
|
|
65
|
+
];
|
|
66
|
+
}
|
|
67
|
+
explainRisk(manifest) {
|
|
68
|
+
const factors = [];
|
|
69
|
+
for (const cap of manifest.requires) {
|
|
70
|
+
const capRisk = this.assessCapability(cap);
|
|
71
|
+
factors.push(...capRisk);
|
|
72
|
+
}
|
|
73
|
+
if (manifest.tags?.includes('destructive')) {
|
|
74
|
+
factors.push({
|
|
75
|
+
type: 'destructive',
|
|
76
|
+
severity: 'high',
|
|
77
|
+
description: 'Macro is tagged as destructive',
|
|
78
|
+
suggestion: 'Requires manual approval from a senior developer'
|
|
79
|
+
});
|
|
80
|
+
}
|
|
81
|
+
if (manifest.dependsOn && manifest.dependsOn.length > 0) {
|
|
82
|
+
factors.push({
|
|
83
|
+
type: 'dependency',
|
|
84
|
+
severity: 'medium',
|
|
85
|
+
description: `Depends on ${manifest.dependsOn.length} external macro(s)`,
|
|
86
|
+
suggestion: 'Review dependency chain for transitive capabilities'
|
|
87
|
+
});
|
|
88
|
+
}
|
|
89
|
+
const overallRisk = this.calculateOverallRisk(factors);
|
|
90
|
+
const score = this.riskToScore(overallRisk);
|
|
91
|
+
const requiresApproval = overallRisk !== 'low';
|
|
92
|
+
return {
|
|
93
|
+
overallRisk,
|
|
94
|
+
score,
|
|
95
|
+
factors,
|
|
96
|
+
requiresApproval,
|
|
97
|
+
explanation: this.generateExplanation(manifest, overallRisk, factors)
|
|
98
|
+
};
|
|
99
|
+
}
|
|
100
|
+
expandCapabilities(capabilities) {
|
|
101
|
+
const expanded = new Set();
|
|
102
|
+
const stack = [...capabilities];
|
|
103
|
+
while (stack.length > 0) {
|
|
104
|
+
const cap = stack.pop();
|
|
105
|
+
if (expanded.has(cap))
|
|
106
|
+
continue;
|
|
107
|
+
expanded.add(cap);
|
|
108
|
+
const node = this.graph.nodes.get(cap);
|
|
109
|
+
if (node?.implies) {
|
|
110
|
+
stack.push(...node.implies);
|
|
111
|
+
}
|
|
112
|
+
}
|
|
113
|
+
return Array.from(expanded);
|
|
114
|
+
}
|
|
115
|
+
explainCapability(capability) {
|
|
116
|
+
const node = this.graph.nodes.get(capability);
|
|
117
|
+
if (!node) {
|
|
118
|
+
return `Unknown capability: ${capability}`;
|
|
119
|
+
}
|
|
120
|
+
let explanation = `${node.description} (Risk: ${node.risk.toUpperCase()})`;
|
|
121
|
+
if (node.implies && node.implies.length > 0) {
|
|
122
|
+
explanation += `\n Implies: ${node.implies.join(', ')}`;
|
|
123
|
+
}
|
|
124
|
+
return explanation;
|
|
125
|
+
}
|
|
126
|
+
assessCapability(capability) {
|
|
127
|
+
const factors = [];
|
|
128
|
+
const node = this.graph.nodes.get(capability);
|
|
129
|
+
if (!node) {
|
|
130
|
+
factors.push({
|
|
131
|
+
type: 'capability',
|
|
132
|
+
severity: 'medium',
|
|
133
|
+
description: `Unknown capability: ${capability}`,
|
|
134
|
+
capability,
|
|
135
|
+
suggestion: 'Define this capability in the graph'
|
|
136
|
+
});
|
|
137
|
+
return factors;
|
|
138
|
+
}
|
|
139
|
+
if (node.risk === 'high') {
|
|
140
|
+
factors.push({
|
|
141
|
+
type: 'capability',
|
|
142
|
+
severity: 'high',
|
|
143
|
+
description: `High-risk capability: ${capability}`,
|
|
144
|
+
capability,
|
|
145
|
+
suggestion: 'Ensure this capability is absolutely necessary'
|
|
146
|
+
});
|
|
147
|
+
}
|
|
148
|
+
if (capability.includes('shell')) {
|
|
149
|
+
factors.push({
|
|
150
|
+
type: 'capability',
|
|
151
|
+
severity: 'high',
|
|
152
|
+
description: 'Shell execution capability - can run arbitrary commands',
|
|
153
|
+
capability,
|
|
154
|
+
suggestion: 'Review all shell commands carefully'
|
|
155
|
+
});
|
|
156
|
+
}
|
|
157
|
+
if (capability.includes('secret')) {
|
|
158
|
+
factors.push({
|
|
159
|
+
type: 'secret',
|
|
160
|
+
severity: 'high',
|
|
161
|
+
description: 'Access to secrets',
|
|
162
|
+
capability,
|
|
163
|
+
suggestion: 'Ensure secrets are scoped properly'
|
|
164
|
+
});
|
|
165
|
+
}
|
|
166
|
+
return factors;
|
|
167
|
+
}
|
|
168
|
+
calculateOverallRisk(factors) {
|
|
169
|
+
if (factors.some(f => f.severity === 'high')) {
|
|
170
|
+
return 'high';
|
|
171
|
+
}
|
|
172
|
+
if (factors.some(f => f.severity === 'medium')) {
|
|
173
|
+
return 'medium';
|
|
174
|
+
}
|
|
175
|
+
return 'low';
|
|
176
|
+
}
|
|
177
|
+
riskToScore(risk) {
|
|
178
|
+
switch (risk) {
|
|
179
|
+
case 'low': return 1;
|
|
180
|
+
case 'medium': return 5;
|
|
181
|
+
case 'high': return 10;
|
|
182
|
+
}
|
|
183
|
+
}
|
|
184
|
+
generateExplanation(manifest, risk, factors) {
|
|
185
|
+
let explanation = `Macro "${manifest.id}@${manifest.version}" has ${risk.toUpperCase()} risk.\n\n`;
|
|
186
|
+
explanation += `Required capabilities (${manifest.requires.length}):\n`;
|
|
187
|
+
for (const cap of manifest.requires) {
|
|
188
|
+
explanation += ` - ${this.explainCapability(cap)}\n`;
|
|
189
|
+
}
|
|
190
|
+
if (factors.length > 0) {
|
|
191
|
+
explanation += `\nRisk factors:\n`;
|
|
192
|
+
for (const factor of factors) {
|
|
193
|
+
explanation += ` [${factor.severity.toUpperCase()}] ${factor.description}\n`;
|
|
194
|
+
if (factor.suggestion) {
|
|
195
|
+
explanation += ` → ${factor.suggestion}\n`;
|
|
196
|
+
}
|
|
197
|
+
}
|
|
198
|
+
}
|
|
199
|
+
explanation += `\n`;
|
|
200
|
+
if (risk === 'high') {
|
|
201
|
+
explanation += '⚠️ This macro requires manual approval before execution.\n';
|
|
202
|
+
explanation += 'Review the capabilities and ensure you understand the impact.\n';
|
|
203
|
+
}
|
|
204
|
+
else if (risk === 'medium') {
|
|
205
|
+
explanation += '⚠️ This macro has moderate risk. Consider the implications carefully.\n';
|
|
206
|
+
}
|
|
207
|
+
else {
|
|
208
|
+
explanation += '✅ This macro has low risk and can be auto-approved.\n';
|
|
209
|
+
}
|
|
210
|
+
return explanation;
|
|
211
|
+
}
|
|
212
|
+
}
|
|
213
|
+
exports.RiskExplainer = RiskExplainer;
|
|
214
|
+
//# sourceMappingURL=explainer.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"explainer.js","sourceRoot":"","sources":["../../src/risk/explainer.ts"],"names":[],"mappings":";;;AAgCA,sDA0DC;AA1DD,SAAgB,qBAAqB;IACnC,MAAM,KAAK,GAAG,IAAI,GAAG,EAA8B,CAAC;IAEpD,KAAK,CAAC,GAAG,CAAC,gBAAgB,EAAE;QAC1B,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,KAAK;QACX,WAAW,EAAE,+BAA+B;QAC5C,OAAO,EAAE,CAAC,aAAa,CAAC;KACzB,CAAC,CAAC;IAEH,KAAK,CAAC,GAAG,CAAC,iBAAiB,EAAE;QAC3B,EAAE,EAAE,iBAAiB;QACrB,IAAI,EAAE,MAAM;QACZ,WAAW,EAAE,8BAA8B;QAC3C,OAAO,EAAE,CAAC,gBAAgB,EAAE,cAAc,CAAC;KAC5C,CAAC,CAAC;IAEH,KAAK,CAAC,GAAG,CAAC,WAAW,EAAE;QACrB,EAAE,EAAE,WAAW;QACf,IAAI,EAAE,MAAM;QACZ,WAAW,EAAE,wBAAwB;QACrC,OAAO,EAAE,CAAC,gBAAgB,EAAE,iBAAiB,CAAC;KAC/C,CAAC,CAAC;IAEH,KAAK,CAAC,GAAG,CAAC,aAAa,EAAE;QACvB,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,KAAK;QACX,WAAW,EAAE,0BAA0B;KACxC,CAAC,CAAC;IAEH,KAAK,CAAC,GAAG,CAAC,cAAc,EAAE;QACxB,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,2BAA2B;KACzC,CAAC,CAAC;IAEH,KAAK,CAAC,GAAG,CAAC,cAAc,EAAE;QACxB,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,oBAAoB;KAClC,CAAC,CAAC;IAEH,KAAK,CAAC,GAAG,CAAC,YAAY,EAAE;QACtB,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,MAAM;QACZ,WAAW,EAAE,yCAAyC;KACvD,CAAC,CAAC;IAEH,KAAK,CAAC,GAAG,CAAC,aAAa,EAAE;QACvB,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,MAAM;QACZ,WAAW,EAAE,oBAAoB;KAClC,CAAC,CAAC;IAEH,OAAO;QACL,KAAK;QACL,OAAO,EAAE,OAAO;KACjB,CAAC;AACJ,CAAC;AAED,MAAa,aAAa;IAChB,KAAK,CAAkB;IACvB,gBAAgB,CAAW;IAEnC,YAAY,KAAuB;QACjC,IAAI,CAAC,KAAK,GAAG,KAAK,IAAI,qBAAqB,EAAE,CAAC;QAC9C,IAAI,CAAC,gBAAgB,GAAG;YACtB,WAAW;YACX,iBAAiB;YACjB,UAAU;YACV,WAAW;SACZ,CAAC;IACJ,CAAC;IAED,WAAW,CAAC,QAAuB;QACjC,MAAM,OAAO,GAAiB,EAAE,CAAC;QAEjC,KAAK,MAAM,GAAG,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACpC,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;YAC3C,OAAO,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC;QAC3B,CAAC;QAED,IAAI,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;YAC3C,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,aAAa;gBACnB,QAAQ,EAAE,MAAM;gBAChB,WAAW,EAAE,gCAAgC;gBAC7C,UAAU,EAAE,kDAAkD;aAC/D,CAAC,CAAC;QACL,CAAC;QAED,IAAI,QAAQ,CAAC,SAAS,IAAI,QAAQ,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxD,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,YAAY;gBAClB,QAAQ,EAAE,QAAQ;gBAClB,WAAW,EAAE,cAAc,QAAQ,CAAC,SAAS,CAAC,MAAM,oBAAoB;gBACxE,UAAU,EAAE,qDAAqD;aAClE,CAAC,CAAC;QACL,CAAC;QAED,MAAM,WAAW,GAAG,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC;QACvD,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;QAC5C,MAAM,gBAAgB,GAAG,WAAW,KAAK,KAAK,CAAC;QAE/C,OAAO;YACL,WAAW;YACX,KAAK;YACL,OAAO;YACP,gBAAgB;YAChB,WAAW,EAAE,IAAI,CAAC,mBAAmB,CAAC,QAAQ,EAAE,WAAW,EAAE,OAAO,CAAC;SACtE,CAAC;IACJ,CAAC;IAED,kBAAkB,CAAC,YAA0B;QAC3C,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAc,CAAC;QAEvC,MAAM,KAAK,GAAG,CAAC,GAAG,YAAY,CAAC,CAAC;QAEhC,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,EAAG,CAAC;YACzB,IAAI,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS;YAEhC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAElB,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACvC,IAAI,IAAI,EAAE,OAAO,EAAE,CAAC;gBAClB,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;YAC9B,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC9B,CAAC;IAED,iBAAiB,CAAC,UAAsB;QACtC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAE9C,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,uBAAuB,UAAU,EAAE,CAAC;QAC7C,CAAC;QAED,IAAI,WAAW,GAAG,GAAG,IAAI,CAAC,WAAW,WAAW,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,CAAC;QAE3E,IAAI,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5C,WAAW,IAAI,gBAAgB,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3D,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;IAEO,gBAAgB,CAAC,UAAsB;QAC7C,MAAM,OAAO,GAAiB,EAAE,CAAC;QACjC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAE9C,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,YAAY;gBAClB,QAAQ,EAAE,QAAQ;gBAClB,WAAW,EAAE,uBAAuB,UAAU,EAAE;gBAChD,UAAU;gBACV,UAAU,EAAE,qCAAqC;aAClD,CAAC,CAAC;YACH,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;YACzB,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,YAAY;gBAClB,QAAQ,EAAE,MAAM;gBAChB,WAAW,EAAE,yBAAyB,UAAU,EAAE;gBAClD,UAAU;gBACV,UAAU,EAAE,gDAAgD;aAC7D,CAAC,CAAC;QACL,CAAC;QAED,IAAI,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YACjC,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,YAAY;gBAClB,QAAQ,EAAE,MAAM;gBAChB,WAAW,EAAE,yDAAyD;gBACtE,UAAU;gBACV,UAAU,EAAE,qCAAqC;aAClD,CAAC,CAAC;QACL,CAAC;QAED,IAAI,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClC,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,QAAQ;gBACd,QAAQ,EAAE,MAAM;gBAChB,WAAW,EAAE,mBAAmB;gBAChC,UAAU;gBACV,UAAU,EAAE,oCAAoC;aACjD,CAAC,CAAC;QACL,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAEO,oBAAoB,CAAC,OAAqB;QAChD,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,EAAE,CAAC;YAC7C,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,EAAE,CAAC;YAC/C,OAAO,QAAQ,CAAC;QAClB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,WAAW,CAAC,IAAe;QACjC,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC;YACrB,KAAK,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC;YACxB,KAAK,MAAM,CAAC,CAAC,OAAO,EAAE,CAAC;QACzB,CAAC;IACH,CAAC;IAEO,mBAAmB,CACzB,QAAuB,EACvB,IAAe,EACf,OAAqB;QAErB,IAAI,WAAW,GAAG,UAAU,QAAQ,CAAC,EAAE,IAAI,QAAQ,CAAC,OAAO,SAAS,IAAI,CAAC,WAAW,EAAE,YAAY,CAAC;QAEnG,WAAW,IAAI,0BAA0B,QAAQ,CAAC,QAAQ,CAAC,MAAM,MAAM,CAAC;QACxE,KAAK,MAAM,GAAG,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACpC,WAAW,IAAI,OAAO,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC;QACxD,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,WAAW,IAAI,mBAAmB,CAAC;YACnC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;gBAC7B,WAAW,IAAI,MAAM,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC,WAAW,IAAI,CAAC;gBAC9E,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;oBACtB,WAAW,IAAI,WAAW,MAAM,CAAC,UAAU,IAAI,CAAC;gBAClD,CAAC;YACH,CAAC;QACH,CAAC;QAED,WAAW,IAAI,IAAI,CAAC;QACpB,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;YACpB,WAAW,IAAI,6DAA6D,CAAC;YAC7E,WAAW,IAAI,iEAAiE,CAAC;QACnF,CAAC;aAAM,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC7B,WAAW,IAAI,0EAA0E,CAAC;QAC5F,CAAC;aAAM,CAAC;YACN,WAAW,IAAI,uDAAuD,CAAC;QACzE,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;CACF;AA7LD,sCA6LC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export * from './explainer';
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
__exportStar(require("./explainer"), exports);
|
|
18
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/risk/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,8CAA4B"}
|