mirror of
https://github.com/openclaw/openclaw.git
synced 2026-07-13 04:46:04 +00:00
refactor(policy): localize internal declarations (#101963)
This commit is contained in:
@@ -20,24 +20,24 @@ import {
|
||||
} from "./policy-conformance.js";
|
||||
import { createPolicyAttestation } from "./policy-state.js";
|
||||
|
||||
export type PolicyCommandRuntime = {
|
||||
type PolicyCommandRuntime = {
|
||||
writeStdout(value: string): void;
|
||||
error(value: string): void;
|
||||
sleep?(ms: number): Promise<void>;
|
||||
};
|
||||
|
||||
export interface PolicyCheckOptions {
|
||||
interface PolicyCheckOptions {
|
||||
readonly json?: boolean;
|
||||
readonly severityMin?: string;
|
||||
readonly cwd?: string;
|
||||
}
|
||||
|
||||
export interface PolicyWatchOptions extends PolicyCheckOptions {
|
||||
interface PolicyWatchOptions extends PolicyCheckOptions {
|
||||
readonly intervalMs?: string | number;
|
||||
readonly once?: boolean;
|
||||
}
|
||||
|
||||
export interface PolicyCompareOptions {
|
||||
interface PolicyCompareOptions {
|
||||
readonly baseline?: string;
|
||||
readonly policy?: string;
|
||||
readonly json?: boolean;
|
||||
|
||||
@@ -1,12 +1,7 @@
|
||||
// Policy doctor fix metadata classifies findings before patch builders exist.
|
||||
import { CHECK_IDS, POLICY_CHECK_IDS } from "./metadata.js";
|
||||
|
||||
export type PolicyFixClass =
|
||||
| "automatic"
|
||||
| "reviewRequired"
|
||||
| "manual"
|
||||
| "validateOnly"
|
||||
| "unsupported";
|
||||
type PolicyFixClass = "automatic" | "reviewRequired" | "manual" | "validateOnly" | "unsupported";
|
||||
|
||||
export type PolicyFixMetadata = {
|
||||
readonly checkId: (typeof POLICY_CHECK_IDS)[number];
|
||||
|
||||
@@ -119,7 +119,7 @@ const SUPPORTED_SANDBOX_MODES = ["off", "non-main", "all"] as const;
|
||||
let registered = false;
|
||||
const policyEvaluationCache = new WeakMap<HealthCheckContext, Promise<PolicyEvaluation>>();
|
||||
|
||||
export type PolicyDoctorRegistrationHost = {
|
||||
type PolicyDoctorRegistrationHost = {
|
||||
readonly registerHealthCheck: (check: HealthCheck) => void;
|
||||
};
|
||||
|
||||
|
||||
@@ -13,13 +13,13 @@ import {
|
||||
type PolicyScopeSelectorKind,
|
||||
} from "./doctor/register.js";
|
||||
|
||||
export const POLICY_CONFORMANCE_CHECK_IDS = {
|
||||
const POLICY_CONFORMANCE_CHECK_IDS = {
|
||||
missing: "policy/policy-conformance-missing",
|
||||
weaker: "policy/policy-conformance-weaker",
|
||||
invalid: "policy/policy-conformance-invalid",
|
||||
} as const;
|
||||
|
||||
export type PolicyConformanceFinding = {
|
||||
type PolicyConformanceFinding = {
|
||||
readonly checkId: (typeof POLICY_CONFORMANCE_CHECK_IDS)[keyof typeof POLICY_CONFORMANCE_CHECK_IDS];
|
||||
readonly severity: "error";
|
||||
readonly message: string;
|
||||
|
||||
@@ -25,7 +25,7 @@ const ALLOWLIST_DEFAULT_INGRESS_GROUP_POLICY_CHANNELS = new Set([
|
||||
]);
|
||||
const OPEN_GROUPS_DEFAULT_TO_NO_MENTION_CHANNELS = new Set(["feishu", "qa-channel"]);
|
||||
|
||||
export type PolicyAttestation = {
|
||||
type PolicyAttestation = {
|
||||
readonly checkedAt: string;
|
||||
readonly policy?: {
|
||||
readonly path: string;
|
||||
@@ -57,14 +57,14 @@ export type PolicyEvidence = {
|
||||
readonly execApprovals?: readonly PolicyExecApprovalEvidence[];
|
||||
};
|
||||
|
||||
export type PolicyChannelEvidence = {
|
||||
type PolicyChannelEvidence = {
|
||||
readonly id: string;
|
||||
readonly provider: string;
|
||||
readonly source: string;
|
||||
readonly enabled?: boolean;
|
||||
};
|
||||
|
||||
export type PolicyMcpServerEvidence = {
|
||||
type PolicyMcpServerEvidence = {
|
||||
readonly id: string;
|
||||
readonly transport: "stdio" | "sse" | "streamable-http" | "unknown";
|
||||
readonly source: string;
|
||||
@@ -72,7 +72,7 @@ export type PolicyMcpServerEvidence = {
|
||||
readonly url?: string;
|
||||
};
|
||||
|
||||
export type PolicyToolEvidence = {
|
||||
type PolicyToolEvidence = {
|
||||
readonly id: string;
|
||||
readonly source: string;
|
||||
readonly line: number;
|
||||
@@ -125,19 +125,19 @@ export type PolicySandboxPostureEvidence = {
|
||||
readonly explicit?: boolean;
|
||||
};
|
||||
|
||||
export type PolicyModelProviderEvidence = {
|
||||
type PolicyModelProviderEvidence = {
|
||||
readonly id: string;
|
||||
readonly source: string;
|
||||
};
|
||||
|
||||
export type PolicyModelRefEvidence = {
|
||||
type PolicyModelRefEvidence = {
|
||||
readonly ref: string;
|
||||
readonly provider: string;
|
||||
readonly model: string;
|
||||
readonly source: string;
|
||||
};
|
||||
|
||||
export type PolicyNetworkEvidence = {
|
||||
type PolicyNetworkEvidence = {
|
||||
readonly id: string;
|
||||
readonly source: string;
|
||||
readonly value: boolean;
|
||||
@@ -158,7 +158,7 @@ export type PolicyIngressEvidence = {
|
||||
readonly explicit?: boolean;
|
||||
};
|
||||
|
||||
export type PolicyGatewayExposureEvidence = {
|
||||
type PolicyGatewayExposureEvidence = {
|
||||
readonly id: string;
|
||||
readonly kind:
|
||||
| "auth"
|
||||
@@ -195,7 +195,7 @@ export type PolicyAgentWorkspaceEvidence = {
|
||||
readonly explicit?: boolean;
|
||||
};
|
||||
|
||||
export type PolicySecretEvidence = {
|
||||
type PolicySecretEvidence = {
|
||||
readonly id: string;
|
||||
readonly kind: "input" | "provider";
|
||||
readonly source: string;
|
||||
|
||||
Reference in New Issue
Block a user