npm - @agenshield/broker - Versions diffs - 0.1.0 - Mend

@agenshield/broker 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (57) hide show

package/LICENSE +201 -0
package/README.md +141 -0
package/audit/logger.d.ts +69 -0
package/audit/logger.d.ts.map +1 -0
package/client/broker-client.d.ts +91 -0
package/client/broker-client.d.ts.map +1 -0
package/client/index.d.ts +8 -0
package/client/index.d.ts.map +1 -0
package/client/index.js +222 -0
package/client/shield-client.d.ts +8 -0
package/client/shield-client.d.ts.map +1 -0
package/client/shield-client.js +410 -0
package/handlers/exec.d.ts +13 -0
package/handlers/exec.d.ts.map +1 -0
package/handlers/file.d.ts +20 -0
package/handlers/file.d.ts.map +1 -0
package/handlers/http.d.ts +9 -0
package/handlers/http.d.ts.map +1 -0
package/handlers/index.d.ts +12 -0
package/handlers/index.d.ts.map +1 -0
package/handlers/open-url.d.ts +9 -0
package/handlers/open-url.d.ts.map +1 -0
package/handlers/ping.d.ts +9 -0
package/handlers/ping.d.ts.map +1 -0
package/handlers/secret-inject.d.ts +9 -0
package/handlers/secret-inject.d.ts.map +1 -0
package/handlers/skill-install.d.ts +17 -0
package/handlers/skill-install.d.ts.map +1 -0
package/handlers/types.d.ts +28 -0
package/handlers/types.d.ts.map +1 -0
package/http-fallback.d.ts +54 -0
package/http-fallback.d.ts.map +1 -0
package/index.d.ts +18 -0
package/index.d.ts.map +1 -0
package/index.js +2636 -0
package/main.d.ts +8 -0
package/main.d.ts.map +1 -0
package/main.js +2136 -0
package/package.json +34 -0
package/policies/builtin.d.ts +15 -0
package/policies/builtin.d.ts.map +1 -0
package/policies/command-allowlist.d.ts +62 -0
package/policies/command-allowlist.d.ts.map +1 -0
package/policies/enforcer.d.ts +98 -0
package/policies/enforcer.d.ts.map +1 -0
package/policies/index.d.ts +8 -0
package/policies/index.d.ts.map +1 -0
package/seatbelt/generator.d.ts +39 -0
package/seatbelt/generator.d.ts.map +1 -0
package/seatbelt/templates.d.ts +36 -0
package/seatbelt/templates.d.ts.map +1 -0
package/secrets/vault.d.ts +67 -0
package/secrets/vault.d.ts.map +1 -0
package/server.d.ts +54 -0
package/server.d.ts.map +1 -0
package/types.d.ts +285 -0
package/types.d.ts.map +1 -0

package/handlers/index.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+/**
+ * Operation handlers
+ */
+export { handleHttpRequest } from './http.js';
+export { handleFileRead, handleFileWrite, handleFileList } from './file.js';
+export { handleExec } from './exec.js';
+export { handleOpenUrl } from './open-url.js';
+export { handleSecretInject } from './secret-inject.js';
+export { handlePing } from './ping.js';
+export { handleSkillInstall, handleSkillUninstall } from './skill-install.js';
+export type { HandlerDependencies } from './types.js';
+//# sourceMappingURL=index.d.ts.map

package/handlers/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/handlers/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC5E,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC9C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AACvC,OAAO,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAE9E,YAAY,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC"}

package/handlers/open-url.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * Open URL Handler
+ *
+ * Opens URLs in the default browser.
+ */
+import type { HandlerContext, HandlerResult, OpenUrlResult } from '../types.js';
+import type { HandlerDependencies } from './types.js';
+export declare function handleOpenUrl(params: Record<string, unknown>, context: HandlerContext, deps: HandlerDependencies): Promise<HandlerResult<OpenUrlResult>>;
+//# sourceMappingURL=open-url.d.ts.map

package/handlers/open-url.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"open-url.d.ts","sourceRoot":"","sources":["../../src/handlers/open-url.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAAE,cAAc,EAAE,aAAa,EAAiB,aAAa,EAAE,MAAM,aAAa,CAAC;AAC/F,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAItD,wBAAsB,aAAa,CACjC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,OAAO,EAAE,cAAc,EACvB,IAAI,EAAE,mBAAmB,GACxB,OAAO,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC,CA8DvC"}

package/handlers/ping.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * Ping Handler
+ *
+ * Health check endpoint.
+ */
+import type { HandlerContext, HandlerResult, PingResult } from '../types.js';
+import type { HandlerDependencies } from './types.js';
+export declare function handlePing(params: Record<string, unknown>, context: HandlerContext, deps: HandlerDependencies): Promise<HandlerResult<PingResult>>;
+//# sourceMappingURL=ping.d.ts.map

package/handlers/ping.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"ping.d.ts","sourceRoot":"","sources":["../../src/handlers/ping.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,aAAa,EAAc,UAAU,EAAE,MAAM,aAAa,CAAC;AACzF,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAItD,wBAAsB,UAAU,CAC9B,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,OAAO,EAAE,cAAc,EACvB,IAAI,EAAE,mBAAmB,GACxB,OAAO,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,CAepC"}

package/handlers/secret-inject.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * Secret Inject Handler
+ *
+ * Retrieves secrets from the vault for injection.
+ */
+import type { HandlerContext, HandlerResult, SecretInjectResult } from '../types.js';
+import type { HandlerDependencies } from './types.js';
+export declare function handleSecretInject(params: Record<string, unknown>, context: HandlerContext, deps: HandlerDependencies): Promise<HandlerResult<SecretInjectResult>>;
+//# sourceMappingURL=secret-inject.d.ts.map

package/handlers/secret-inject.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"secret-inject.d.ts","sourceRoot":"","sources":["../../src/handlers/secret-inject.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EACV,cAAc,EACd,aAAa,EAEb,kBAAkB,EACnB,MAAM,aAAa,CAAC;AACrB,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAEtD,wBAAsB,kBAAkB,CACtC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,OAAO,EAAE,cAAc,EACvB,IAAI,EAAE,mBAAmB,GACxB,OAAO,CAAC,aAAa,CAAC,kBAAkB,CAAC,CAAC,CA+C5C"}

package/handlers/skill-install.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+/**
+ * Skill Installation Handler
+ *
+ * Handles skill installation and uninstallation operations.
+ * These operations are socket-only due to privileged file operations.
+ */
+import type { HandlerContext, HandlerResult, SkillInstallResult, SkillUninstallResult } from '../types.js';
+import type { HandlerDependencies } from './types.js';
+/**
+ * Handle skill installation
+ */
+export declare function handleSkillInstall(params: Record<string, unknown>, context: HandlerContext, deps: HandlerDependencies): Promise<HandlerResult<SkillInstallResult>>;
+/**
+ * Handle skill uninstallation
+ */
+export declare function handleSkillUninstall(params: Record<string, unknown>, context: HandlerContext, deps: HandlerDependencies): Promise<HandlerResult<SkillUninstallResult>>;
+//# sourceMappingURL=skill-install.d.ts.map

package/handlers/skill-install.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"skill-install.d.ts","sourceRoot":"","sources":["../../src/handlers/skill-install.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,OAAO,KAAK,EACV,cAAc,EACd,aAAa,EAEb,kBAAkB,EAElB,oBAAoB,EACrB,MAAM,aAAa,CAAC;AACrB,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AA4CtD;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,OAAO,EAAE,cAAc,EACvB,IAAI,EAAE,mBAAmB,GACxB,OAAO,CAAC,aAAa,CAAC,kBAAkB,CAAC,CAAC,CAwH5C;AAED;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,OAAO,EAAE,cAAc,EACvB,IAAI,EAAE,mBAAmB,GACxB,OAAO,CAAC,aAAa,CAAC,oBAAoB,CAAC,CAAC,CAkE9C"}

package/handlers/types.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+/**
+ * Handler types
+ */
+import type { PolicyEnforcer } from '../policies/enforcer.js';
+import type { AuditLogger } from '../audit/logger.js';
+import type { SecretVault } from '../secrets/vault.js';
+import type { CommandAllowlist } from '../policies/command-allowlist.js';
+/**
+ * Exec monitoring event emitted after each exec operation
+ */
+export interface ExecMonitorEvent {
+    command: string;
+    args: string[];
+    cwd?: string;
+    exitCode: number;
+    allowed: boolean;
+    duration: number;
+    timestamp: string;
+}
+export interface HandlerDependencies {
+    policyEnforcer: PolicyEnforcer;
+    auditLogger: AuditLogger;
+    secretVault: SecretVault;
+    commandAllowlist: CommandAllowlist;
+    onExecMonitor?: (event: ExecMonitorEvent) => void;
+    onExecDenied?: (command: string, reason: string) => void;
+}
+//# sourceMappingURL=types.d.ts.map

package/handlers/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/handlers/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,kCAAkC,CAAC;AAEzE;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAmB;IAClC,cAAc,EAAE,cAAc,CAAC;IAC/B,WAAW,EAAE,WAAW,CAAC;IACzB,WAAW,EAAE,WAAW,CAAC;IACzB,gBAAgB,EAAE,gBAAgB,CAAC;IACnC,aAAa,CAAC,EAAE,CAAC,KAAK,EAAE,gBAAgB,KAAK,IAAI,CAAC;IAClD,YAAY,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,KAAK,IAAI,CAAC;CAC1D"}

package/http-fallback.d.ts ADDED Viewed

@@ -0,0 +1,54 @@
+/**
+ * HTTP Fallback Server
+ *
+ * Restricted HTTP server for operations that can't use Unix sockets.
+ * Only allows a subset of operations for security.
+ */
+import type { BrokerConfig } from './types.js';
+import type { PolicyEnforcer } from './policies/enforcer.js';
+import type { AuditLogger } from './audit/logger.js';
+export interface HttpFallbackServerOptions {
+    config: BrokerConfig;
+    policyEnforcer: PolicyEnforcer;
+    auditLogger: AuditLogger;
+}
+export declare class HttpFallbackServer {
+    private server;
+    private config;
+    private policyEnforcer;
+    private auditLogger;
+    constructor(options: HttpFallbackServerOptions);
+    /**
+     * Start the HTTP fallback server
+     */
+    start(): Promise<void>;
+    /**
+     * Stop the HTTP fallback server
+     */
+    stop(): Promise<void>;
+    /**
+     * Handle an HTTP request
+     */
+    private handleRequest;
+    /**
+     * Check if address is localhost
+     */
+    private isLocalhost;
+    /**
+     * Process a JSON-RPC request
+     */
+    private processRequest;
+    /**
+     * Get the handler for an operation type
+     */
+    private getHandler;
+    /**
+     * Extract target from request for audit logging
+     */
+    private extractTarget;
+    /**
+     * Create an error response
+     */
+    private errorResponse;
+}
+//# sourceMappingURL=http-fallback.d.ts.map

package/http-fallback.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"http-fallback.d.ts","sourceRoot":"","sources":["../src/http-fallback.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,KAAK,EACV,YAAY,EAIb,MAAM,YAAY,CAAC;AACpB,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAmBrD,MAAM,WAAW,yBAAyB;IACxC,MAAM,EAAE,YAAY,CAAC;IACrB,cAAc,EAAE,cAAc,CAAC;IAC/B,WAAW,EAAE,WAAW,CAAC;CAC1B;AAED,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAA4B;IAC1C,OAAO,CAAC,MAAM,CAAe;IAC7B,OAAO,CAAC,cAAc,CAAiB;IACvC,OAAO,CAAC,WAAW,CAAc;gBAErB,OAAO,EAAE,yBAAyB;IAM9C;;OAEG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAoB5B;;OAEG;IACG,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAY3B;;OAEG;YACW,aAAa;IA6C3B;;OAEG;IACH,OAAO,CAAC,WAAW;IAUnB;;OAEG;YACW,cAAc;IAyH5B;;OAEG;IACH,OAAO,CAAC,UAAU;IAoBlB;;OAEG;IACH,OAAO,CAAC,aAAa;IAWrB;;OAEG;IACH,OAAO,CAAC,aAAa;CAWtB"}

package/index.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+/**
+ * @agenshield/broker
+ *
+ * Standalone broker daemon with Unix socket server for AgenShield.
+ * Provides policy enforcement, operation proxying, and audit logging.
+ */
+export { UnixSocketServer } from './server.js';
+export { HttpFallbackServer } from './http-fallback.js';
+export { PolicyEnforcer } from './policies/enforcer.js';
+export { BuiltinPolicies, getDefaultPolicies } from './policies/builtin.js';
+export * from './handlers/index.js';
+export { SeatbeltGenerator } from './seatbelt/generator.js';
+export { SeatbeltTemplates } from './seatbelt/templates.js';
+export { SecretVault } from './secrets/vault.js';
+export { AuditLogger } from './audit/logger.js';
+export { BrokerClient } from './client/index.js';
+export type { BrokerConfig, HandlerContext, HandlerResult, AuditEntry, VaultEntry, SkillInstallParams, SkillInstallResult, SkillInstallFile, SkillUninstallParams, SkillUninstallResult, } from './types.js';
+//# sourceMappingURL=index.d.ts.map

package/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAGxD,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAG5E,cAAc,qBAAqB,CAAC;AAGpC,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAG5D,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAGjD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAGhD,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAGjD,YAAY,EACV,YAAY,EACZ,cAAc,EACd,aAAa,EACb,UAAU,EACV,UAAU,EACV,kBAAkB,EAClB,kBAAkB,EAClB,gBAAgB,EAChB,oBAAoB,EACpB,oBAAoB,GACrB,MAAM,YAAY,CAAC"}