UNPKG

lynkr

Version:

Self-hosted LLM gateway and tier-routing proxy for Claude Code, Cursor, and Codex. Routes across Ollama, AWS Bedrock, OpenRouter, Databricks, Azure OpenAI, llama.cpp, and LM Studio with prompt caching, MCP tools, and 60-80% cost savings.

fast-editor.github.io/Lynkr/

Fast-Editor/Lynkr

70 lines (60 loc) 2.39 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
const config = require("../config"); const logger = require("../logger"); function normaliseValue(value) { if (typeof value !== "string") return ""; return value.trim().toLowerCase(); } function matchesPattern(pattern, target) { if (!pattern) return false; if (pattern === "*") return true; if (pattern.endsWith("*")) { const prefix = pattern.slice(0, -1); return target.startsWith(prefix); } return pattern === target; } function evaluateSandboxRequest({ sessionId, command }) { const permissions = config.mcp?.permissions ?? {}; const mode = typeof permissions.mode === "string" ? permissions.mode : "auto"; const allowList = Array.isArray(permissions.allow) ? permissions.allow.map(normaliseValue) : []; const denyList = Array.isArray(permissions.deny) ? permissions.deny.map(normaliseValue) : []; const target = normaliseValue(command); if (denyList.some((pattern) => matchesPattern(pattern, target))) { const reason = `Command "${command}" denied by sandbox deny list.`; logger.warn({ sessionId, command }, reason); return { allowed: false, reason, source: "deny_list" }; } if (mode === "deny") { const reason = "Sandbox execution disabled by configuration."; logger.warn({ sessionId, command }, reason); return { allowed: false, reason, source: "mode_deny" }; } if (mode === "require") { if (allowList.length === 0) { const reason = "Sandbox permission mode 'require' is set but no allow list entries are configured."; logger.warn({ sessionId, command }, reason); return { allowed: false, reason, source: "mode_require" }; } if (!allowList.some((pattern) => matchesPattern(pattern, target))) { const reason = `Command "${command}" is not permitted by sandbox allow list.`; logger.warn({ sessionId, command }, reason); return { allowed: false, reason, source: "mode_require" }; } return { allowed: true, reason: "Allow list match", source: "allow_list" }; } if (allowList.length > 0 && !allowList.some((pattern) => matchesPattern(pattern, target))) { logger.debug( { sessionId, command }, "Sandbox command not in allow list; proceeding because mode is not 'require'.", ); } return { allowed: true, source: mode === "auto" ? "auto" : "implicit_allow" }; } module.exports = { evaluateSandboxRequest, };