yuangs 2.38.0 → 2.40.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/Capabilities.js +39 -0
- package/dist/Governance.d.ts +9 -0
- package/dist/Governance.js +25 -0
- package/dist/Kernel.d.ts +13 -0
- package/dist/Kernel.js +53 -0
- package/dist/agent/AgentRuntime.d.ts +6 -0
- package/dist/agent/AgentRuntime.js +78 -0
- package/dist/agent/AgentRuntime.js.map +1 -0
- package/dist/agent/governance/bridge.d.ts +5 -0
- package/dist/agent/governance/bridge.js +38 -0
- package/dist/agent/governance/bridge.js.map +1 -0
- package/dist/agent/governance/core.d.ts +19 -0
- package/dist/agent/governance/core.js +21 -0
- package/dist/agent/governance/core.js.map +1 -0
- package/dist/agent/governance/ledger.d.ts +7 -0
- package/dist/agent/governance/ledger.js +22 -0
- package/dist/agent/governance/ledger.js.map +1 -0
- package/dist/agent/governance/sandbox/core.as.d.ts +11 -0
- package/dist/agent/governance/sandbox/core.as.js +33 -0
- package/dist/agent/governance/sandbox/core.as.js.map +1 -0
- package/dist/agent/governance.d.ts +11 -8
- package/dist/agent/governance.js +48 -135
- package/dist/agent/governance.js.map +1 -1
- package/dist/agent/index.d.ts +2 -6
- package/dist/agent/index.js +4 -10
- package/dist/agent/index.js.map +1 -1
- package/dist/agent/llmAdapter.d.ts +1 -1
- package/dist/agent/llmAdapter.js +4 -5
- package/dist/agent/llmAdapter.js.map +1 -1
- package/dist/agent/skills.d.ts +2 -4
- package/dist/agent/skills.js.map +1 -1
- package/dist/agent/types.d.ts +1 -2
- package/dist/cli.js +10 -9
- package/dist/cli.js.map +1 -1
- package/dist/legacy/governance/GovernanceEngine.d.ts +20 -0
- package/dist/legacy/governance/GovernanceEngine.js +95 -0
- package/dist/legacy/governance/GovernanceEngine.js.map +1 -0
- package/dist/legacy/governance/GovernedAction.d.ts +107 -0
- package/dist/legacy/governance/GovernedAction.js +9 -0
- package/dist/legacy/governance/GovernedAction.js.map +1 -0
- package/dist/legacy/governance/actions/CodeChangeAction.d.ts +28 -0
- package/dist/legacy/governance/actions/CodeChangeAction.js +139 -0
- package/dist/legacy/governance/actions/CodeChangeAction.js.map +1 -0
- package/dist/legacy/governance/capability/token.d.ts +45 -0
- package/dist/legacy/governance/capability/token.js +103 -0
- package/dist/legacy/governance/capability/token.js.map +1 -0
- package/dist/legacy/governance/commands/diffEdit.d.ts +2 -0
- package/dist/legacy/governance/commands/diffEdit.js +245 -0
- package/dist/legacy/governance/commands/diffEdit.js.map +1 -0
- package/dist/legacy/governance/execution/sandbox.d.ts +12 -0
- package/dist/legacy/governance/execution/sandbox.js +76 -0
- package/dist/legacy/governance/execution/sandbox.js.map +1 -0
- package/dist/legacy/governance/fsm/stateMachine.d.ts +40 -0
- package/dist/legacy/governance/fsm/stateMachine.js +93 -0
- package/dist/legacy/governance/fsm/stateMachine.js.map +1 -0
- package/dist/legacy/governance/index.d.ts +9 -0
- package/dist/legacy/governance/index.js +26 -0
- package/dist/legacy/governance/index.js.map +1 -0
- package/dist/legacy/governance/review/diffParser.d.ts +12 -0
- package/dist/legacy/governance/review/diffParser.js +61 -0
- package/dist/legacy/governance/review/diffParser.js.map +1 -0
- package/dist/legacy/governance/review/render.d.ts +5 -0
- package/dist/legacy/governance/review/render.js +58 -0
- package/dist/legacy/governance/review/render.js.map +1 -0
- package/dist/legacy/governance/storage/store.d.ts +16 -0
- package/dist/legacy/governance/storage/store.js +110 -0
- package/dist/legacy/governance/storage/store.js.map +1 -0
- package/package.json +7 -5
- package/dist/agent/AgentPipeline.js.map +0 -1
- package/dist/agent/fsm.js.map +0 -1
- package/dist/agent/intent.js.map +0 -1
- package/dist/agent/interpret.js.map +0 -1
- package/dist/agent/loop.js.map +0 -1
- package/dist/agent/plan.js.map +0 -1
- package/dist/agent/planExecutor.js.map +0 -1
- package/dist/agent/record.js.map +0 -1
- package/dist/agent/replay.js.map +0 -1
- package/dist/governance/GovernanceEngine.js.map +0 -1
- package/dist/governance/GovernedAction.js.map +0 -1
- package/dist/governance/actions/CodeChangeAction.js.map +0 -1
- package/dist/governance/capability/token.js.map +0 -1
- package/dist/governance/commands/diffEdit.js.map +0 -1
- package/dist/governance/execution/sandbox.js.map +0 -1
- package/dist/governance/fsm/stateMachine.js.map +0 -1
- package/dist/governance/index.js.map +0 -1
- package/dist/governance/review/diffParser.js.map +0 -1
- package/dist/governance/review/render.js.map +0 -1
- package/dist/governance/storage/store.js.map +0 -1
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.Capabilities = void 0;
|
|
7
|
+
const child_process_1 = require("child_process");
|
|
8
|
+
const util_1 = require("util");
|
|
9
|
+
const promises_1 = __importDefault(require("fs/promises"));
|
|
10
|
+
const execAsync = (0, util_1.promisify)(child_process_1.exec);
|
|
11
|
+
/**
|
|
12
|
+
* [Action 2] 硬限制:手指数得过来的 Capability
|
|
13
|
+
*/
|
|
14
|
+
class Capabilities {
|
|
15
|
+
static async execute(proposal) {
|
|
16
|
+
const { type, payload } = proposal;
|
|
17
|
+
switch (type) {
|
|
18
|
+
case 'SHELL':
|
|
19
|
+
const { stdout, stderr } = await execAsync(payload.cmd);
|
|
20
|
+
return stdout || stderr;
|
|
21
|
+
case 'FILESYSTEM':
|
|
22
|
+
if (payload.content) {
|
|
23
|
+
await promises_1.default.writeFile(payload.path, payload.content);
|
|
24
|
+
return `Saved ${payload.path}`;
|
|
25
|
+
}
|
|
26
|
+
return await promises_1.default.readFile(payload.path, 'utf-8');
|
|
27
|
+
case 'PROJECT':
|
|
28
|
+
// 专项支持 NPM 项目逻辑
|
|
29
|
+
const { stdout: npmOut } = await execAsync(payload.cmd);
|
|
30
|
+
return npmOut;
|
|
31
|
+
case 'KNOWLEDGE':
|
|
32
|
+
return `Simulation: Answer found for ${payload.query}`;
|
|
33
|
+
default:
|
|
34
|
+
throw new Error(`Unknown capability: ${type}`);
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
}
|
|
38
|
+
exports.Capabilities = Capabilities;
|
|
39
|
+
//# sourceMappingURL=Capabilities.js.map
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.Governance = void 0;
|
|
4
|
+
/**
|
|
5
|
+
* [Action 4] Governance 作为一个黑箱函数
|
|
6
|
+
*/
|
|
7
|
+
class Governance {
|
|
8
|
+
static async evaluate(proposal) {
|
|
9
|
+
const dangerousCommands = ['rm -rf /', ':(){ :|:& };:', 'mv / /dev/null'];
|
|
10
|
+
// 硬检查逻辑
|
|
11
|
+
if (proposal.type === 'SHELL') {
|
|
12
|
+
const cmd = proposal.payload.cmd.toLowerCase();
|
|
13
|
+
if (dangerousCommands.some(c => cmd.includes(c))) {
|
|
14
|
+
return { approved: false, reason: 'CRITICAL RISK: Dangerous command detected.' };
|
|
15
|
+
}
|
|
16
|
+
}
|
|
17
|
+
if (proposal.type === 'PROJECT' && proposal.payload.cmd.includes('publish')) {
|
|
18
|
+
// 示例:禁止在没有明确授权时发布
|
|
19
|
+
return { approved: false, reason: 'POLICY: Human approval required for npm publish.' };
|
|
20
|
+
}
|
|
21
|
+
return { approved: true };
|
|
22
|
+
}
|
|
23
|
+
}
|
|
24
|
+
exports.Governance = Governance;
|
|
25
|
+
//# sourceMappingURL=Governance.js.map
|
package/dist/Kernel.d.ts
ADDED
package/dist/Kernel.js
ADDED
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.Kernel = void 0;
|
|
7
|
+
const Governance_1 = require("./Governance");
|
|
8
|
+
const Capabilities_1 = require("./Capabilities");
|
|
9
|
+
const chalk_1 = __importDefault(require("chalk"));
|
|
10
|
+
/**
|
|
11
|
+
* [Action 1] 唯一的上帝视角 Loop
|
|
12
|
+
* 整合了原来的 Loop, Agent, Executor, Context
|
|
13
|
+
*/
|
|
14
|
+
class Kernel {
|
|
15
|
+
state = { turns: 0, lastResult: null };
|
|
16
|
+
/**
|
|
17
|
+
* 核心循环:想 -> 评 -> 行
|
|
18
|
+
*/
|
|
19
|
+
async step(intent) {
|
|
20
|
+
this.state.turns++;
|
|
21
|
+
// 1. 理性建议 (AI Thinking)
|
|
22
|
+
const proposal = await this.think(intent);
|
|
23
|
+
// 2. 硬核治理 (Action 4: Governance 黑箱)
|
|
24
|
+
const decision = await Governance_1.Governance.evaluate(proposal);
|
|
25
|
+
if (!decision.approved) {
|
|
26
|
+
console.log(chalk_1.default.red(`[REJECTED] ${decision.reason}`));
|
|
27
|
+
return;
|
|
28
|
+
}
|
|
29
|
+
// 3. 能力执行 (Action 2: 严格 Capability 限制)
|
|
30
|
+
try {
|
|
31
|
+
const result = await Capabilities_1.Capabilities.execute(proposal);
|
|
32
|
+
this.state.lastResult = result;
|
|
33
|
+
console.log(chalk_1.default.green(`[SUCCESS] Turn ${this.state.turns} completed.`));
|
|
34
|
+
}
|
|
35
|
+
catch (e) {
|
|
36
|
+
// Action 5: 治理靠记录,不靠防御性代码
|
|
37
|
+
this.logAudit(proposal, e.message);
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
async think(intent) {
|
|
41
|
+
// 逻辑简化:根据意图路由到具体 Capability
|
|
42
|
+
if (intent.includes('npm'))
|
|
43
|
+
return { type: 'PROJECT', payload: { cmd: intent }, rationale: 'NPM management' };
|
|
44
|
+
if (intent.includes('git') || intent.includes('ls'))
|
|
45
|
+
return { type: 'SHELL', payload: { cmd: intent }, rationale: 'System operation' };
|
|
46
|
+
return { type: 'KNOWLEDGE', payload: { query: intent }, rationale: 'Information retrieval' };
|
|
47
|
+
}
|
|
48
|
+
logAudit(proposal, error) {
|
|
49
|
+
console.error(chalk_1.default.gray(`[AUDIT] Action ${proposal.type} failed: ${error}`));
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
exports.Kernel = Kernel;
|
|
53
|
+
//# sourceMappingURL=Kernel.js.map
|
|
@@ -0,0 +1,78 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.AgentRuntime = void 0;
|
|
7
|
+
const chalk_1 = __importDefault(require("chalk"));
|
|
8
|
+
const crypto_1 = require("crypto");
|
|
9
|
+
const llmAdapter_1 = require("./llmAdapter");
|
|
10
|
+
const governance_1 = require("./governance");
|
|
11
|
+
const executor_1 = require("./executor");
|
|
12
|
+
const contextManager_1 = require("./contextManager");
|
|
13
|
+
const core_1 = require("./governance/core");
|
|
14
|
+
class AgentRuntime {
|
|
15
|
+
context;
|
|
16
|
+
executionId;
|
|
17
|
+
constructor(initialContext) {
|
|
18
|
+
this.context = new contextManager_1.ContextManager(initialContext);
|
|
19
|
+
this.executionId = (0, crypto_1.randomUUID)();
|
|
20
|
+
}
|
|
21
|
+
async run(userInput, mode = 'chat') {
|
|
22
|
+
let turnCount = 0;
|
|
23
|
+
const maxTurns = 10;
|
|
24
|
+
console.log(chalk_1.default.cyan(`\n🚀 Agent Runtime v2.0 Starting (Execution ID: ${this.executionId})`));
|
|
25
|
+
this.context.addMessage('user', userInput);
|
|
26
|
+
while (turnCount < maxTurns) {
|
|
27
|
+
console.log(chalk_1.default.blue(`\n--- Turn ${++turnCount} ---`));
|
|
28
|
+
const model = 'Assistant';
|
|
29
|
+
// 处理类型不兼容:将 tool role 映射为 system
|
|
30
|
+
const messages = this.context.getMessages().map(msg => ({
|
|
31
|
+
role: (msg.role === 'tool' ? 'system' : msg.role),
|
|
32
|
+
content: msg.content
|
|
33
|
+
}));
|
|
34
|
+
const thought = await llmAdapter_1.LLMAdapter.think(messages, mode, undefined, governance_1.GovernanceService.getPolicyManual());
|
|
35
|
+
if (thought.isDone) {
|
|
36
|
+
console.log(chalk_1.default.green('\n✅ Goal satisfied.'));
|
|
37
|
+
break;
|
|
38
|
+
}
|
|
39
|
+
const action = {
|
|
40
|
+
id: (0, crypto_1.randomUUID)(),
|
|
41
|
+
type: thought.type || 'answer',
|
|
42
|
+
payload: thought.payload || { text: thought.raw },
|
|
43
|
+
riskLevel: 'low',
|
|
44
|
+
reasoning: thought.reasoning || ''
|
|
45
|
+
};
|
|
46
|
+
// === 预检 (Pre-flight) ===
|
|
47
|
+
const preCheck = (0, core_1.evaluateProposal)(action, governance_1.GovernanceService.getRules(), governance_1.GovernanceService.getLedgerSnapshot());
|
|
48
|
+
if (preCheck.effect === 'deny') {
|
|
49
|
+
console.log(chalk_1.default.red(`[PRE-FLIGHT] 🛡️ Policy Blocked: ${preCheck.reason}`));
|
|
50
|
+
this.context.addMessage('system', `POLICY DENIED: ${preCheck.reason}. Find a different way.`);
|
|
51
|
+
continue;
|
|
52
|
+
}
|
|
53
|
+
// === 正式治理 (WASM + 人工/自动) ===
|
|
54
|
+
const decision = await governance_1.GovernanceService.adjudicate(action);
|
|
55
|
+
if (decision.status === 'rejected') {
|
|
56
|
+
console.log(chalk_1.default.red(`[GOVERNANCE] ❌ Rejected: ${decision.reason}`));
|
|
57
|
+
this.context.addMessage('system', `Rejected by Governance: ${decision.reason}`);
|
|
58
|
+
continue;
|
|
59
|
+
}
|
|
60
|
+
// === 执行 ===
|
|
61
|
+
console.log(chalk_1.default.yellow(`[EXECUTING] ⚙️ ${action.type}...`));
|
|
62
|
+
const result = await executor_1.ToolExecutor.execute(action);
|
|
63
|
+
if (result.success) {
|
|
64
|
+
this.context.addToolResult(action.type, result.output);
|
|
65
|
+
console.log(chalk_1.default.green(`[SUCCESS] Result: ${result.output.substring(0, 50)}...`));
|
|
66
|
+
}
|
|
67
|
+
else {
|
|
68
|
+
this.context.addToolResult(action.type, `Error: ${result.error}`);
|
|
69
|
+
console.log(chalk_1.default.red(`[ERROR] ${result.error}`));
|
|
70
|
+
}
|
|
71
|
+
}
|
|
72
|
+
if (turnCount >= maxTurns) {
|
|
73
|
+
console.log(chalk_1.default.red(`\n⚠️ Max turns (${maxTurns}) reached.`));
|
|
74
|
+
}
|
|
75
|
+
}
|
|
76
|
+
}
|
|
77
|
+
exports.AgentRuntime = AgentRuntime;
|
|
78
|
+
//# sourceMappingURL=AgentRuntime.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"AgentRuntime.js","sourceRoot":"","sources":["../../src/agent/AgentRuntime.ts"],"names":[],"mappings":";;;;;;AAAA,kDAA0B;AAC1B,mCAAoC;AACpC,6CAA0C;AAC1C,6CAAiD;AACjD,yCAA0C;AAC1C,qDAAkD;AAClD,4CAAqD;AAGrD,MAAa,YAAY;IACb,OAAO,CAAiB;IACxB,WAAW,CAAS;IAE5B,YAAY,cAAmB;QAC3B,IAAI,CAAC,OAAO,GAAG,IAAI,+BAAc,CAAC,cAAc,CAAC,CAAC;QAClD,IAAI,CAAC,WAAW,GAAG,IAAA,mBAAU,GAAE,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,SAAiB,EAAE,OAA2B,MAAM;QAC1D,IAAI,SAAS,GAAG,CAAC,CAAC;QAClB,MAAM,QAAQ,GAAG,EAAE,CAAC;QAEpB,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,mDAAmD,IAAI,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC;QAChG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAE3C,OAAO,SAAS,GAAG,QAAQ,EAAE,CAAC;YAC1B,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,cAAc,EAAE,SAAS,MAAM,CAAC,CAAC,CAAC;YAEzD,MAAM,KAAK,GAAG,WAAW,CAAC;YAE1B,iCAAiC;YACjC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBACpD,IAAI,EAAE,CAAC,GAAG,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAoC;gBACpF,OAAO,EAAE,GAAG,CAAC,OAAO;aACvB,CAAC,CAAC,CAAC;YAEJ,MAAM,OAAO,GAAG,MAAM,uBAAU,CAAC,KAAK,CAClC,QAAQ,EACR,IAAW,EACX,SAAS,EACT,8BAAiB,CAAC,eAAe,EAAE,CACtC,CAAC;YAEF,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;gBACjB,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC;gBAChD,MAAM;YACV,CAAC;YAED,MAAM,MAAM,GAAmB;gBAC3B,EAAE,EAAE,IAAA,mBAAU,GAAE;gBAChB,IAAI,EAAE,OAAO,CAAC,IAAW,IAAI,QAAQ;gBACrC,OAAO,EAAE,OAAO,CAAC,OAAO,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,GAAG,EAAE;gBACjD,SAAS,EAAE,KAAK;gBAChB,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,EAAE;aACrC,CAAC;YAEF,0BAA0B;YAC1B,MAAM,QAAQ,GAAG,IAAA,uBAAgB,EAAC,MAAM,EAAE,8BAAiB,CAAC,QAAQ,EAAE,EAAE,8BAAiB,CAAC,iBAAiB,EAAE,CAAC,CAAC;YAC/G,IAAI,QAAQ,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC7B,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,GAAG,CAAC,oCAAoC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;gBAC9E,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,EAAE,kBAAkB,QAAQ,CAAC,MAAM,yBAAyB,CAAC,CAAC;gBAC9F,SAAS;YACb,CAAC;YAED,8BAA8B;YAC9B,MAAM,QAAQ,GAAG,MAAM,8BAAiB,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YAC5D,IAAI,QAAQ,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;gBACjC,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,GAAG,CAAC,4BAA4B,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;gBACtE,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,EAAE,2BAA2B,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;gBAChF,SAAS;YACb,CAAC;YAED,aAAa;YACb,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,MAAM,CAAC,kBAAkB,MAAM,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC;YAC9D,MAAM,MAAM,GAAG,MAAM,uBAAY,CAAC,OAAO,CAAC,MAAa,CAAC,CAAC;YAEzD,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACjB,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;gBACvD,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,KAAK,CAAC,qBAAqB,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;YACvF,CAAC;iBAAM,CAAC;gBACJ,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,UAAU,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;gBAClE,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,GAAG,CAAC,WAAW,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YACtD,CAAC;QACL,CAAC;QAED,IAAI,SAAS,IAAI,QAAQ,EAAE,CAAC;YACxB,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,GAAG,CAAC,mBAAmB,QAAQ,YAAY,CAAC,CAAC,CAAC;QACpE,CAAC;IACL,CAAC;CACJ;AAhFD,oCAgFC"}
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.WasmGovernanceBridge = void 0;
|
|
7
|
+
const fs_1 = __importDefault(require("fs"));
|
|
8
|
+
const path_1 = __importDefault(require("path"));
|
|
9
|
+
class WasmGovernanceBridge {
|
|
10
|
+
static instance = null;
|
|
11
|
+
static async init() {
|
|
12
|
+
try {
|
|
13
|
+
const loader = require('@assemblyscript/loader');
|
|
14
|
+
const wasmPath = path_1.default.join(process.cwd(), 'build', 'release.wasm');
|
|
15
|
+
if (!fs_1.default.existsSync(wasmPath)) {
|
|
16
|
+
return false;
|
|
17
|
+
}
|
|
18
|
+
const wasmModule = await loader.instantiate(fs_1.default.readFileSync(wasmPath));
|
|
19
|
+
this.instance = wasmModule.exports;
|
|
20
|
+
return true;
|
|
21
|
+
}
|
|
22
|
+
catch (e) {
|
|
23
|
+
return false;
|
|
24
|
+
}
|
|
25
|
+
}
|
|
26
|
+
static evaluate(proposal, rules, ledger) {
|
|
27
|
+
if (!this.instance)
|
|
28
|
+
return { effect: 'error', reason: 'WASM not initialized' };
|
|
29
|
+
const { __newString, __getString, evaluate } = this.instance;
|
|
30
|
+
const pPtr = __newString(JSON.stringify(proposal));
|
|
31
|
+
const rPtr = __newString(JSON.stringify(rules));
|
|
32
|
+
const lPtr = __newString(JSON.stringify(ledger));
|
|
33
|
+
const resultPtr = evaluate(pPtr, rPtr, lPtr);
|
|
34
|
+
return JSON.parse(__getString(resultPtr));
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
exports.WasmGovernanceBridge = WasmGovernanceBridge;
|
|
38
|
+
//# sourceMappingURL=bridge.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"bridge.js","sourceRoot":"","sources":["../../../src/agent/governance/bridge.ts"],"names":[],"mappings":";;;;;;AAAA,4CAAoB;AACpB,gDAAwB;AAExB,MAAa,oBAAoB;IACrB,MAAM,CAAC,QAAQ,GAAQ,IAAI,CAAC;IAEpC,MAAM,CAAC,KAAK,CAAC,IAAI;QACb,IAAI,CAAC;YACD,MAAM,MAAM,GAAG,OAAO,CAAC,wBAAwB,CAAC,CAAC;YACjD,MAAM,QAAQ,GAAG,cAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,cAAc,CAAC,CAAC;YAEnE,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC3B,OAAO,KAAK,CAAC;YACjB,CAAC;YAED,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,YAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC;YACvE,IAAI,CAAC,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC;YACnC,OAAO,IAAI,CAAC;QAChB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,OAAO,KAAK,CAAC;QACjB,CAAC;IACL,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,QAAa,EAAE,KAAU,EAAE,MAAW;QAClD,IAAI,CAAC,IAAI,CAAC,QAAQ;YAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAC;QAE/E,MAAM,EAAE,WAAW,EAAE,WAAW,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC;QAE7D,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;QACnD,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;QAChD,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;QAEjD,MAAM,SAAS,GAAG,QAAQ,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QAC7C,OAAO,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,CAAC;IAC9C,CAAC;;AA/BL,oDAgCC"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import { ProposedAction } from '../state';
|
|
2
|
+
export interface PolicyRule {
|
|
3
|
+
id: string;
|
|
4
|
+
when: {
|
|
5
|
+
type?: string;
|
|
6
|
+
pattern?: string;
|
|
7
|
+
max_per_minute?: number;
|
|
8
|
+
};
|
|
9
|
+
effect: 'allow' | 'deny' | 'require_approval';
|
|
10
|
+
reason?: string;
|
|
11
|
+
}
|
|
12
|
+
export interface RiskEntry {
|
|
13
|
+
ts: number;
|
|
14
|
+
actionType: string;
|
|
15
|
+
}
|
|
16
|
+
export declare function evaluateProposal(action: ProposedAction, rules: PolicyRule[], ledger: RiskEntry[]): {
|
|
17
|
+
effect: string;
|
|
18
|
+
reason?: string;
|
|
19
|
+
};
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.evaluateProposal = evaluateProposal;
|
|
4
|
+
function evaluateProposal(action, rules, ledger) {
|
|
5
|
+
const now = Date.now();
|
|
6
|
+
for (const rule of rules) {
|
|
7
|
+
const typeMatch = !rule.when.type || rule.when.type === action.type;
|
|
8
|
+
const payloadStr = JSON.stringify(action.payload);
|
|
9
|
+
const patternMatch = !rule.when.pattern || new RegExp(rule.when.pattern, 'i').test(payloadStr);
|
|
10
|
+
if (typeMatch && patternMatch) {
|
|
11
|
+
if (rule.when.max_per_minute) {
|
|
12
|
+
const count = ledger.filter(e => e.ts > now - 60000 && e.actionType === action.type).length;
|
|
13
|
+
if (count >= rule.when.max_per_minute)
|
|
14
|
+
return { effect: 'deny', reason: `Rate limit: ${rule.id}` };
|
|
15
|
+
}
|
|
16
|
+
return { effect: rule.effect, reason: rule.reason };
|
|
17
|
+
}
|
|
18
|
+
}
|
|
19
|
+
return { effect: 'require_approval', reason: 'Default human review required' };
|
|
20
|
+
}
|
|
21
|
+
//# sourceMappingURL=core.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"core.js","sourceRoot":"","sources":["../../../src/agent/governance/core.ts"],"names":[],"mappings":";;AAcA,4CAoBC;AApBD,SAAgB,gBAAgB,CAC5B,MAAsB,EACtB,KAAmB,EACnB,MAAmB;IAEnB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACvB,MAAM,SAAS,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,MAAM,CAAC,IAAI,CAAC;QACpE,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAClD,MAAM,YAAY,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAE/F,IAAI,SAAS,IAAI,YAAY,EAAE,CAAC;YAC5B,IAAI,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;gBAC3B,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,GAAG,KAAK,IAAI,CAAC,CAAC,UAAU,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;gBAC5F,IAAI,KAAK,IAAI,IAAI,CAAC,IAAI,CAAC,cAAc;oBAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC;YACvG,CAAC;YACD,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC;QACxD,CAAC;IACL,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,kBAAkB,EAAE,MAAM,EAAE,+BAA+B,EAAE,CAAC;AACnF,CAAC"}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.RiskLedger = void 0;
|
|
4
|
+
class RiskLedger {
|
|
5
|
+
entries = [];
|
|
6
|
+
record(actionType) {
|
|
7
|
+
this.entries.push({
|
|
8
|
+
ts: Date.now(),
|
|
9
|
+
actionType
|
|
10
|
+
});
|
|
11
|
+
this.cleanup();
|
|
12
|
+
}
|
|
13
|
+
getSnapshot() {
|
|
14
|
+
return [...this.entries];
|
|
15
|
+
}
|
|
16
|
+
cleanup() {
|
|
17
|
+
const oneHourAgo = Date.now() - 3600000;
|
|
18
|
+
this.entries = this.entries.filter(e => e.ts > oneHourAgo);
|
|
19
|
+
}
|
|
20
|
+
}
|
|
21
|
+
exports.RiskLedger = RiskLedger;
|
|
22
|
+
//# sourceMappingURL=ledger.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ledger.js","sourceRoot":"","sources":["../../../src/agent/governance/ledger.ts"],"names":[],"mappings":";;;AAEA,MAAa,UAAU;IACX,OAAO,GAAgB,EAAE,CAAC;IAElC,MAAM,CAAC,UAAkB;QACrB,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;YACd,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE;YACd,UAAU;SACb,CAAC,CAAC;QACH,IAAI,CAAC,OAAO,EAAE,CAAC;IACnB,CAAC;IAED,WAAW;QACP,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAEO,OAAO;QACX,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC;QACxC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,UAAU,CAAC,CAAC;IAC/D,CAAC;CACJ;AAnBD,gCAmBC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* yuangs Governance WASM Sandbox
|
|
3
|
+
* 这里的代码在执行时与 Node.js 内存完全隔离
|
|
4
|
+
*/
|
|
5
|
+
/**
|
|
6
|
+
* 核心裁决导出函数
|
|
7
|
+
* @param proposal 提案字符串
|
|
8
|
+
* @param rules 规则字符串(YAML 转换后的 JSON)
|
|
9
|
+
* @param ledger 账本字符串
|
|
10
|
+
*/
|
|
11
|
+
export declare function evaluate(proposal: string, rules: string, ledger: string): string;
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* yuangs Governance WASM Sandbox
|
|
4
|
+
* 这里的代码在执行时与 Node.js 内存完全隔离
|
|
5
|
+
*/
|
|
6
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
7
|
+
exports.evaluate = evaluate;
|
|
8
|
+
// 简单的辅助函数:检查字符串包含(WASM 内部实现)
|
|
9
|
+
function includes(source, target) {
|
|
10
|
+
return source.indexOf(target) != -1;
|
|
11
|
+
}
|
|
12
|
+
/**
|
|
13
|
+
* 核心裁决导出函数
|
|
14
|
+
* @param proposal 提案字符串
|
|
15
|
+
* @param rules 规则字符串(YAML 转换后的 JSON)
|
|
16
|
+
* @param ledger 账本字符串
|
|
17
|
+
*/
|
|
18
|
+
function evaluate(proposal, rules, ledger) {
|
|
19
|
+
// 1. 暴力阻断:最底层的物理防线(即便外部逻辑被污染,这里也是死的)
|
|
20
|
+
if (proposal.includes("rm -rf /") || proposal.includes("sudo rm")) {
|
|
21
|
+
return '{"effect": "deny", "reason": "WASM_SANDBOX: 检测到毁灭性命令,强制阻断"}';
|
|
22
|
+
}
|
|
23
|
+
// 2. 检查速率(基于账本长度)
|
|
24
|
+
// 假设我们不想让 AI 在短时间内连续提议超过 50 次
|
|
25
|
+
if (ledger.length > 5000) { // 简单通过字符串长度模拟异常账本
|
|
26
|
+
return '{"effect": "deny", "reason": "WASM_SANDBOX: 账本异常膨胀,可能遭受拒绝服务攻击"}';
|
|
27
|
+
}
|
|
28
|
+
// 3. 逻辑透传
|
|
29
|
+
// 在实际生产中,我们会在这里解析 JSON rules。
|
|
30
|
+
// 目前版本我们先确保物理链路打通。
|
|
31
|
+
return '{"effect": "allow", "reason": "WASM_SANDBOX: 物理隔离层验证通过"}';
|
|
32
|
+
}
|
|
33
|
+
//# sourceMappingURL=core.as.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"core.as.js","sourceRoot":"","sources":["../../../../src/agent/governance/sandbox/core.as.ts"],"names":[],"mappings":";AAAA;;;GAGG;;AAaH,4BAgBC;AA3BD,6BAA6B;AAC7B,SAAS,QAAQ,CAAC,MAAc,EAAE,MAAc;IAC5C,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AACxC,CAAC;AAED;;;;;GAKG;AACH,SAAgB,QAAQ,CAAC,QAAgB,EAAE,KAAa,EAAE,MAAc;IACpE,qCAAqC;IACrC,IAAI,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QAChE,OAAO,6DAA6D,CAAC;IACzE,CAAC;IAED,kBAAkB;IAClB,8BAA8B;IAC9B,IAAI,MAAM,CAAC,MAAM,GAAG,IAAI,EAAE,CAAC,CAAC,kBAAkB;QAC1C,OAAO,iEAAiE,CAAC;IAC7E,CAAC;IAED,UAAU;IACV,8BAA8B;IAC9B,mBAAmB;IACnB,OAAO,0DAA0D,CAAC;AACtE,CAAC"}
|
|
@@ -1,10 +1,13 @@
|
|
|
1
|
-
import { ProposedAction, GovernanceDecision
|
|
1
|
+
import { ProposedAction, GovernanceDecision } from './state';
|
|
2
|
+
import { PolicyRule, RiskEntry } from './governance/core';
|
|
2
3
|
export declare class GovernanceService {
|
|
3
|
-
static
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
private static
|
|
8
|
-
static
|
|
9
|
-
|
|
4
|
+
private static rules;
|
|
5
|
+
private static ledger;
|
|
6
|
+
private static initialized;
|
|
7
|
+
static init(): Promise<void>;
|
|
8
|
+
private static loadPolicy;
|
|
9
|
+
static getRules(): PolicyRule[];
|
|
10
|
+
static getLedgerSnapshot(): RiskEntry[];
|
|
11
|
+
static getPolicyManual(): string;
|
|
12
|
+
static adjudicate(action: ProposedAction): Promise<GovernanceDecision>;
|
|
10
13
|
}
|
package/dist/agent/governance.js
CHANGED
|
@@ -4,150 +4,63 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
6
|
exports.GovernanceService = void 0;
|
|
7
|
-
const
|
|
8
|
-
const
|
|
9
|
-
const
|
|
7
|
+
const core_1 = require("./governance/core");
|
|
8
|
+
const ledger_1 = require("./governance/ledger");
|
|
9
|
+
const bridge_1 = require("./governance/bridge");
|
|
10
|
+
const js_yaml_1 = __importDefault(require("js-yaml"));
|
|
11
|
+
const fs_1 = __importDefault(require("fs"));
|
|
12
|
+
const path_1 = __importDefault(require("path"));
|
|
10
13
|
class GovernanceService {
|
|
11
|
-
static
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
};
|
|
30
|
-
}
|
|
31
|
-
else if (answer.modify) {
|
|
32
|
-
return {
|
|
33
|
-
status: 'modified',
|
|
34
|
-
by: 'human',
|
|
35
|
-
originalActionId: action.id,
|
|
36
|
-
modifiedAction: answer.modifiedAction,
|
|
37
|
-
modificationReason: answer.reason || 'User modified',
|
|
38
|
-
timestamp: Date.now()
|
|
39
|
-
};
|
|
14
|
+
static rules = [];
|
|
15
|
+
static ledger = new ledger_1.RiskLedger();
|
|
16
|
+
static initialized = false;
|
|
17
|
+
static async init() {
|
|
18
|
+
if (this.initialized)
|
|
19
|
+
return;
|
|
20
|
+
this.loadPolicy();
|
|
21
|
+
await bridge_1.WasmGovernanceBridge.init();
|
|
22
|
+
this.initialized = true;
|
|
23
|
+
}
|
|
24
|
+
static loadPolicy() {
|
|
25
|
+
try {
|
|
26
|
+
const policyPath = path_1.default.join(process.cwd(), 'policy.yaml');
|
|
27
|
+
if (fs_1.default.existsSync(policyPath)) {
|
|
28
|
+
const content = fs_1.default.readFileSync(policyPath, 'utf8');
|
|
29
|
+
const config = js_yaml_1.default.load(content);
|
|
30
|
+
this.rules = config.rules || [];
|
|
31
|
+
}
|
|
40
32
|
}
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
status: 'rejected',
|
|
44
|
-
by: 'human',
|
|
45
|
-
reason: answer.reason || 'User rejected',
|
|
46
|
-
timestamp: Date.now()
|
|
47
|
-
};
|
|
33
|
+
catch (e) {
|
|
34
|
+
this.rules = [];
|
|
48
35
|
}
|
|
49
36
|
}
|
|
50
|
-
static
|
|
51
|
-
|
|
52
|
-
input: process.stdin,
|
|
53
|
-
output: process.stdout
|
|
54
|
-
});
|
|
55
|
-
return new Promise((resolve) => {
|
|
56
|
-
this.printActionDetails(action);
|
|
57
|
-
const prompt = `
|
|
58
|
-
${chalk_1.default.bold.yellow('Proceed?')} (y/n/s)
|
|
59
|
-
${chalk_1.default.gray('y = yes, n = no, s = skip/modify')}: `;
|
|
60
|
-
rl.question(prompt, (answer) => {
|
|
61
|
-
const lower = answer.trim().toLowerCase();
|
|
62
|
-
if (lower === 'y' || lower === 'yes') {
|
|
63
|
-
rl.close();
|
|
64
|
-
resolve({ approve: true, modify: false });
|
|
65
|
-
}
|
|
66
|
-
else if (lower === 's' || lower === 'skip' || lower === 'modify') {
|
|
67
|
-
rl.close();
|
|
68
|
-
resolve({
|
|
69
|
-
approve: false,
|
|
70
|
-
modify: true,
|
|
71
|
-
reason: 'User wants to modify',
|
|
72
|
-
modifiedAction: { ...action }
|
|
73
|
-
});
|
|
74
|
-
}
|
|
75
|
-
else {
|
|
76
|
-
rl.question(chalk_1.default.red('Reason for rejection: '), (reason) => {
|
|
77
|
-
rl.close();
|
|
78
|
-
resolve({
|
|
79
|
-
approve: false,
|
|
80
|
-
modify: false,
|
|
81
|
-
reason: reason || 'User rejected'
|
|
82
|
-
});
|
|
83
|
-
});
|
|
84
|
-
}
|
|
85
|
-
});
|
|
86
|
-
});
|
|
37
|
+
static getRules() {
|
|
38
|
+
return this.rules;
|
|
87
39
|
}
|
|
88
|
-
static
|
|
89
|
-
|
|
90
|
-
low: chalk_1.default.green,
|
|
91
|
-
medium: chalk_1.default.yellow,
|
|
92
|
-
high: chalk_1.default.red
|
|
93
|
-
};
|
|
94
|
-
console.log(`
|
|
95
|
-
${chalk_1.default.bold.cyan('═'.repeat(60))}
|
|
96
|
-
${chalk_1.default.bold.blue('📋 Action Proposed')}
|
|
97
|
-
${chalk_1.default.bold.cyan('═'.repeat(60))}
|
|
98
|
-
${chalk_1.default.white('Type:')} ${chalk_1.default.bold(action.type)}
|
|
99
|
-
${chalk_1.default.white('ID:')} ${action.id}
|
|
100
|
-
${chalk_1.default.white('Risk:')} ${riskColor[action.riskLevel](action.riskLevel.toUpperCase())}
|
|
101
|
-
|
|
102
|
-
${chalk_1.default.bold('Payload:')}
|
|
103
|
-
${chalk_1.default.gray(JSON.stringify(action.payload, null, 2))}
|
|
104
|
-
|
|
105
|
-
${chalk_1.default.bold('Reasoning:')}
|
|
106
|
-
${chalk_1.default.gray(action.reasoning)}
|
|
107
|
-
${chalk_1.default.bold.cyan('═'.repeat(60))}
|
|
108
|
-
`);
|
|
40
|
+
static getLedgerSnapshot() {
|
|
41
|
+
return this.ledger.getSnapshot();
|
|
109
42
|
}
|
|
110
|
-
static
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
if (mediumRiskTools.includes(toolName)) {
|
|
120
|
-
const cmd = payload.parameters?.command || payload.command || '';
|
|
121
|
-
if (this.containsDangerousCommand(cmd)) {
|
|
122
|
-
return 'high';
|
|
123
|
-
}
|
|
124
|
-
return 'medium';
|
|
125
|
-
}
|
|
126
|
-
return 'medium';
|
|
43
|
+
static getPolicyManual() {
|
|
44
|
+
return this.rules.map(r => `- ${r.id}: ${r.reason} (${r.effect})`).join('\n');
|
|
45
|
+
}
|
|
46
|
+
static async adjudicate(action) {
|
|
47
|
+
await this.init();
|
|
48
|
+
// 1. WASM 物理层核验
|
|
49
|
+
const wasmResult = bridge_1.WasmGovernanceBridge.evaluate(action, this.rules, this.ledger.getSnapshot());
|
|
50
|
+
if (wasmResult.effect === 'deny') {
|
|
51
|
+
return { status: 'rejected', by: 'policy', reason: wasmResult.reason || 'WASM Denied', timestamp: Date.now() };
|
|
127
52
|
}
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
}
|
|
133
|
-
return 'medium';
|
|
53
|
+
// 2. 逻辑层核验
|
|
54
|
+
const logicResult = (0, core_1.evaluateProposal)(action, this.rules, this.ledger.getSnapshot());
|
|
55
|
+
if (logicResult.effect === 'deny') {
|
|
56
|
+
return { status: 'rejected', by: 'policy', reason: logicResult.reason || 'Policy Denied', timestamp: Date.now() };
|
|
134
57
|
}
|
|
135
|
-
if (
|
|
136
|
-
|
|
58
|
+
if (logicResult.effect === 'allow') {
|
|
59
|
+
this.ledger.record(action.type);
|
|
60
|
+
return { status: 'approved', by: 'policy', timestamp: Date.now() };
|
|
137
61
|
}
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
static containsDangerousCommand(cmd) {
|
|
141
|
-
const dangerousPatterns = [
|
|
142
|
-
/rm\s+-rf\s+\//,
|
|
143
|
-
/rm\s+-rf\s+~/,
|
|
144
|
-
/>\s*\/dev\/null/,
|
|
145
|
-
/dd\s+if=/,
|
|
146
|
-
/mkfs/,
|
|
147
|
-
/format/,
|
|
148
|
-
/sudo\s+rm/
|
|
149
|
-
];
|
|
150
|
-
return dangerousPatterns.some(pattern => pattern.test(cmd));
|
|
62
|
+
// 3. 人工干预兜底 (模拟)
|
|
63
|
+
return { status: 'approved', by: 'human', timestamp: Date.now() };
|
|
151
64
|
}
|
|
152
65
|
}
|
|
153
66
|
exports.GovernanceService = GovernanceService;
|