@agenshield/broker 0.4.4 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/handlers/events-batch.d.ts +13 -0
- package/handlers/events-batch.d.ts.map +1 -0
- package/handlers/index.d.ts +2 -0
- package/handlers/index.d.ts.map +1 -1
- package/handlers/policy-check.d.ts +17 -0
- package/handlers/policy-check.d.ts.map +1 -0
- package/http-fallback.d.ts.map +1 -1
- package/index.js +149 -8
- package/main.js +151 -10
- package/package.json +2 -2
- package/policies/builtin.d.ts +3 -1
- package/policies/builtin.d.ts.map +1 -1
- package/policies/enforcer.d.ts +5 -0
- package/policies/enforcer.d.ts.map +1 -1
- package/server.d.ts.map +1 -1
- package/types.d.ts +2 -0
- package/types.d.ts.map +1 -1
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Events Batch Handler
|
|
3
|
+
*
|
|
4
|
+
* Accepts batches of interceptor events for audit logging.
|
|
5
|
+
* The interceptor's EventReporter periodically flushes events
|
|
6
|
+
* to the broker via this RPC method.
|
|
7
|
+
*/
|
|
8
|
+
import type { HandlerContext, HandlerResult } from '../types.js';
|
|
9
|
+
import type { HandlerDependencies } from './types.js';
|
|
10
|
+
export declare function handleEventsBatch(params: Record<string, unknown>, context: HandlerContext, deps: HandlerDependencies): Promise<HandlerResult<{
|
|
11
|
+
received: number;
|
|
12
|
+
}>>;
|
|
13
|
+
//# sourceMappingURL=events-batch.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"events-batch.d.ts","sourceRoot":"","sources":["../../src/handlers/events-batch.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,aAAa,EAAc,MAAM,aAAa,CAAC;AAC7E,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAOtD,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,OAAO,EAAE,cAAc,EACvB,IAAI,EAAE,mBAAmB,GACxB,OAAO,CAAC,aAAa,CAAC;IAAE,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC,CAuB9C"}
|
package/handlers/index.d.ts
CHANGED
|
@@ -8,5 +8,7 @@ export { handleOpenUrl } from './open-url.js';
|
|
|
8
8
|
export { handleSecretInject } from './secret-inject.js';
|
|
9
9
|
export { handlePing } from './ping.js';
|
|
10
10
|
export { handleSkillInstall, handleSkillUninstall } from './skill-install.js';
|
|
11
|
+
export { handlePolicyCheck } from './policy-check.js';
|
|
12
|
+
export { handleEventsBatch } from './events-batch.js';
|
|
11
13
|
export type { HandlerDependencies } from './types.js';
|
|
12
14
|
//# sourceMappingURL=index.d.ts.map
|
package/handlers/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/handlers/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC5E,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC9C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AACvC,OAAO,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/handlers/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC5E,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC9C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AACvC,OAAO,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAC9E,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAEtD,YAAY,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Policy Check Handler
|
|
3
|
+
*
|
|
4
|
+
* Handles policy_check RPC calls from the interceptor.
|
|
5
|
+
* The interceptor sends { operation, target } and this handler
|
|
6
|
+
* evaluates the inner operation against the policy enforcer.
|
|
7
|
+
*/
|
|
8
|
+
import type { HandlerContext, HandlerResult } from '../types.js';
|
|
9
|
+
import type { HandlerDependencies } from './types.js';
|
|
10
|
+
interface PolicyCheckResultData {
|
|
11
|
+
allowed: boolean;
|
|
12
|
+
policyId?: string;
|
|
13
|
+
reason?: string;
|
|
14
|
+
}
|
|
15
|
+
export declare function handlePolicyCheck(params: Record<string, unknown>, context: HandlerContext, deps: HandlerDependencies): Promise<HandlerResult<PolicyCheckResultData>>;
|
|
16
|
+
export {};
|
|
17
|
+
//# sourceMappingURL=policy-check.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"policy-check.d.ts","sourceRoot":"","sources":["../../src/handlers/policy-check.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AACjE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAOtD,UAAU,qBAAqB;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,OAAO,EAAE,cAAc,EACvB,IAAI,EAAE,mBAAmB,GACxB,OAAO,CAAC,aAAa,CAAC,qBAAqB,CAAC,CAAC,CA6C/C"}
|
package/http-fallback.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"http-fallback.d.ts","sourceRoot":"","sources":["../src/http-fallback.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,KAAK,EACV,YAAY,EAIb,MAAM,YAAY,CAAC;AACpB,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"http-fallback.d.ts","sourceRoot":"","sources":["../src/http-fallback.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,KAAK,EACV,YAAY,EAIb,MAAM,YAAY,CAAC;AACpB,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAqBrD,MAAM,WAAW,yBAAyB;IACxC,MAAM,EAAE,YAAY,CAAC;IACrB,cAAc,EAAE,cAAc,CAAC;IAC/B,WAAW,EAAE,WAAW,CAAC;CAC1B;AAED,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAA4B;IAC1C,OAAO,CAAC,MAAM,CAAe;IAC7B,OAAO,CAAC,cAAc,CAAiB;IACvC,OAAO,CAAC,WAAW,CAAc;gBAErB,OAAO,EAAE,yBAAyB;IAM9C;;OAEG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAoB5B;;OAEG;IACG,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAY3B;;OAEG;YACW,aAAa;IA6C3B;;OAEG;IACH,OAAO,CAAC,WAAW;IAUnB;;OAEG;YACW,cAAc;IAyH5B;;OAEG;IACH,OAAO,CAAC,UAAU;IAsBlB;;OAEG;IACH,OAAO,CAAC,aAAa;IAWrB;;OAEG;IACH,OAAO,CAAC,aAAa;CAWtB"}
|
package/index.js
CHANGED
|
@@ -805,6 +805,70 @@ async function handleSkillUninstall(params, context, deps) {
|
|
|
805
805
|
}
|
|
806
806
|
}
|
|
807
807
|
|
|
808
|
+
// libs/shield-broker/src/handlers/policy-check.ts
|
|
809
|
+
async function handlePolicyCheck(params, context, deps) {
|
|
810
|
+
const { operation, target } = params;
|
|
811
|
+
if (!operation) {
|
|
812
|
+
return {
|
|
813
|
+
success: false,
|
|
814
|
+
error: { code: -32602, message: "Missing required parameter: operation" }
|
|
815
|
+
};
|
|
816
|
+
}
|
|
817
|
+
let checkParams;
|
|
818
|
+
switch (operation) {
|
|
819
|
+
case "http_request":
|
|
820
|
+
case "open_url":
|
|
821
|
+
checkParams = { url: target || "" };
|
|
822
|
+
break;
|
|
823
|
+
case "file_read":
|
|
824
|
+
case "file_write":
|
|
825
|
+
case "file_list":
|
|
826
|
+
checkParams = { path: target || "" };
|
|
827
|
+
break;
|
|
828
|
+
case "exec":
|
|
829
|
+
checkParams = { command: target || "" };
|
|
830
|
+
break;
|
|
831
|
+
case "secret_inject":
|
|
832
|
+
checkParams = { name: target || "" };
|
|
833
|
+
break;
|
|
834
|
+
default:
|
|
835
|
+
checkParams = { target: target || "" };
|
|
836
|
+
break;
|
|
837
|
+
}
|
|
838
|
+
const result = await deps.policyEnforcer.check(operation, checkParams, context);
|
|
839
|
+
return {
|
|
840
|
+
success: true,
|
|
841
|
+
data: {
|
|
842
|
+
allowed: result.allowed,
|
|
843
|
+
policyId: result.policyId,
|
|
844
|
+
reason: result.reason
|
|
845
|
+
}
|
|
846
|
+
};
|
|
847
|
+
}
|
|
848
|
+
|
|
849
|
+
// libs/shield-broker/src/handlers/events-batch.ts
|
|
850
|
+
async function handleEventsBatch(params, context, deps) {
|
|
851
|
+
const { events } = params;
|
|
852
|
+
const eventList = events || [];
|
|
853
|
+
for (const event of eventList) {
|
|
854
|
+
const entry = {
|
|
855
|
+
id: event.id || context.requestId,
|
|
856
|
+
timestamp: event.timestamp ? new Date(event.timestamp) : /* @__PURE__ */ new Date(),
|
|
857
|
+
operation: event.operation || "events_batch",
|
|
858
|
+
channel: "socket",
|
|
859
|
+
allowed: event.allowed ?? true,
|
|
860
|
+
target: event.target || "",
|
|
861
|
+
result: event.allowed === false ? "denied" : "success",
|
|
862
|
+
durationMs: 0
|
|
863
|
+
};
|
|
864
|
+
await deps.auditLogger.log(entry);
|
|
865
|
+
}
|
|
866
|
+
return {
|
|
867
|
+
success: true,
|
|
868
|
+
data: { received: eventList.length }
|
|
869
|
+
};
|
|
870
|
+
}
|
|
871
|
+
|
|
808
872
|
// libs/shield-broker/src/server.ts
|
|
809
873
|
var UnixSocketServer = class {
|
|
810
874
|
server = null;
|
|
@@ -990,7 +1054,9 @@ var UnixSocketServer = class {
|
|
|
990
1054
|
secret_inject: handleSecretInject,
|
|
991
1055
|
ping: handlePing,
|
|
992
1056
|
skill_install: handleSkillInstall,
|
|
993
|
-
skill_uninstall: handleSkillUninstall
|
|
1057
|
+
skill_uninstall: handleSkillUninstall,
|
|
1058
|
+
policy_check: handlePolicyCheck,
|
|
1059
|
+
events_batch: handleEventsBatch
|
|
994
1060
|
};
|
|
995
1061
|
return handlerMap[method];
|
|
996
1062
|
}
|
|
@@ -1021,7 +1087,9 @@ var HTTP_ALLOWED_OPERATIONS = /* @__PURE__ */ new Set([
|
|
|
1021
1087
|
"file_read",
|
|
1022
1088
|
"file_list",
|
|
1023
1089
|
"open_url",
|
|
1024
|
-
"ping"
|
|
1090
|
+
"ping",
|
|
1091
|
+
"policy_check",
|
|
1092
|
+
"events_batch"
|
|
1025
1093
|
]);
|
|
1026
1094
|
var HTTP_DENIED_OPERATIONS = /* @__PURE__ */ new Set([
|
|
1027
1095
|
"exec",
|
|
@@ -1222,7 +1290,9 @@ var HttpFallbackServer = class {
|
|
|
1222
1290
|
file_read: handleFileRead,
|
|
1223
1291
|
file_list: handleFileList,
|
|
1224
1292
|
open_url: handleOpenUrl,
|
|
1225
|
-
ping: handlePing
|
|
1293
|
+
ping: handlePing,
|
|
1294
|
+
policy_check: handlePolicyCheck,
|
|
1295
|
+
events_batch: handleEventsBatch
|
|
1226
1296
|
};
|
|
1227
1297
|
return handlerMap[method];
|
|
1228
1298
|
}
|
|
@@ -1261,6 +1331,34 @@ var PolicyEnforcer = class {
|
|
|
1261
1331
|
this.policies = options.defaultPolicies;
|
|
1262
1332
|
this.loadPolicies();
|
|
1263
1333
|
}
|
|
1334
|
+
/**
|
|
1335
|
+
* Normalize a policy rule — infer operations from target when missing,
|
|
1336
|
+
* default priority to 0.
|
|
1337
|
+
*/
|
|
1338
|
+
normalizeRule(rule) {
|
|
1339
|
+
const normalized = { ...rule };
|
|
1340
|
+
if (!normalized.priority && normalized.priority !== 0) {
|
|
1341
|
+
normalized.priority = 0;
|
|
1342
|
+
}
|
|
1343
|
+
if (normalized.operations && normalized.operations.length > 0) {
|
|
1344
|
+
return normalized;
|
|
1345
|
+
}
|
|
1346
|
+
switch (normalized.target) {
|
|
1347
|
+
case "url":
|
|
1348
|
+
normalized.operations = ["http_request", "open_url"];
|
|
1349
|
+
break;
|
|
1350
|
+
case "command":
|
|
1351
|
+
normalized.operations = ["exec"];
|
|
1352
|
+
break;
|
|
1353
|
+
case "skill":
|
|
1354
|
+
normalized.operations = ["skill_install", "skill_uninstall"];
|
|
1355
|
+
break;
|
|
1356
|
+
default:
|
|
1357
|
+
normalized.operations = ["*"];
|
|
1358
|
+
break;
|
|
1359
|
+
}
|
|
1360
|
+
return normalized;
|
|
1361
|
+
}
|
|
1264
1362
|
/**
|
|
1265
1363
|
* Load policies from disk
|
|
1266
1364
|
*/
|
|
@@ -1273,7 +1371,7 @@ var PolicyEnforcer = class {
|
|
|
1273
1371
|
this.policies = {
|
|
1274
1372
|
...this.policies,
|
|
1275
1373
|
...loaded,
|
|
1276
|
-
rules: [...this.policies.rules, ...loaded.rules || []]
|
|
1374
|
+
rules: [...this.policies.rules, ...(loaded.rules || []).map((r) => this.normalizeRule(r))]
|
|
1277
1375
|
};
|
|
1278
1376
|
this.lastLoad = Date.now();
|
|
1279
1377
|
} catch (error) {
|
|
@@ -1289,7 +1387,7 @@ var PolicyEnforcer = class {
|
|
|
1289
1387
|
const content = fs4.readFileSync(path4.join(customDir, file), "utf-8");
|
|
1290
1388
|
const custom = JSON.parse(content);
|
|
1291
1389
|
if (custom.rules) {
|
|
1292
|
-
this.policies.rules.push(...custom.rules);
|
|
1390
|
+
this.policies.rules.push(...custom.rules.map((r) => this.normalizeRule(r)));
|
|
1293
1391
|
}
|
|
1294
1392
|
}
|
|
1295
1393
|
}
|
|
@@ -1518,6 +1616,28 @@ var BuiltinPolicies = [
|
|
|
1518
1616
|
enabled: true,
|
|
1519
1617
|
priority: 1e3
|
|
1520
1618
|
},
|
|
1619
|
+
// Allow interceptor policy checks (internal RPC — must not be subject to policy gate)
|
|
1620
|
+
{
|
|
1621
|
+
id: "builtin-allow-policy-check",
|
|
1622
|
+
name: "Allow interceptor policy checks",
|
|
1623
|
+
action: "allow",
|
|
1624
|
+
target: "command",
|
|
1625
|
+
operations: ["policy_check"],
|
|
1626
|
+
patterns: ["*"],
|
|
1627
|
+
enabled: true,
|
|
1628
|
+
priority: 1e3
|
|
1629
|
+
},
|
|
1630
|
+
// Allow interceptor event reporting (internal RPC)
|
|
1631
|
+
{
|
|
1632
|
+
id: "builtin-allow-events-batch",
|
|
1633
|
+
name: "Allow interceptor event reporting",
|
|
1634
|
+
action: "allow",
|
|
1635
|
+
target: "command",
|
|
1636
|
+
operations: ["events_batch"],
|
|
1637
|
+
patterns: ["*"],
|
|
1638
|
+
enabled: true,
|
|
1639
|
+
priority: 1e3
|
|
1640
|
+
},
|
|
1521
1641
|
// Allow skill installation/uninstallation (daemon management operations)
|
|
1522
1642
|
{
|
|
1523
1643
|
id: "builtin-allow-skill-management",
|
|
@@ -1538,9 +1658,13 @@ var BuiltinPolicies = [
|
|
|
1538
1658
|
operations: ["http_request"],
|
|
1539
1659
|
patterns: [
|
|
1540
1660
|
"http://localhost:*",
|
|
1661
|
+
"http://localhost:*/**",
|
|
1541
1662
|
"http://127.0.0.1:*",
|
|
1663
|
+
"http://127.0.0.1:*/**",
|
|
1542
1664
|
"https://localhost:*",
|
|
1543
|
-
"https://
|
|
1665
|
+
"https://localhost:*/**",
|
|
1666
|
+
"https://127.0.0.1:*",
|
|
1667
|
+
"https://127.0.0.1:*/**"
|
|
1544
1668
|
],
|
|
1545
1669
|
enabled: true,
|
|
1546
1670
|
priority: 100
|
|
@@ -1640,10 +1764,15 @@ var BuiltinPolicies = [
|
|
|
1640
1764
|
target: "url",
|
|
1641
1765
|
operations: ["http_request"],
|
|
1642
1766
|
patterns: [
|
|
1767
|
+
"https://api.anthropic.com",
|
|
1643
1768
|
"https://api.anthropic.com/**",
|
|
1769
|
+
"https://api.openai.com",
|
|
1644
1770
|
"https://api.openai.com/**",
|
|
1771
|
+
"https://api.cohere.ai",
|
|
1645
1772
|
"https://api.cohere.ai/**",
|
|
1773
|
+
"https://generativelanguage.googleapis.com",
|
|
1646
1774
|
"https://generativelanguage.googleapis.com/**",
|
|
1775
|
+
"https://api.mistral.ai",
|
|
1647
1776
|
"https://api.mistral.ai/**"
|
|
1648
1777
|
],
|
|
1649
1778
|
enabled: true,
|
|
@@ -1657,10 +1786,15 @@ var BuiltinPolicies = [
|
|
|
1657
1786
|
target: "url",
|
|
1658
1787
|
operations: ["http_request"],
|
|
1659
1788
|
patterns: [
|
|
1789
|
+
"https://registry.npmjs.org",
|
|
1660
1790
|
"https://registry.npmjs.org/**",
|
|
1791
|
+
"https://pypi.org",
|
|
1661
1792
|
"https://pypi.org/**",
|
|
1793
|
+
"https://files.pythonhosted.org",
|
|
1662
1794
|
"https://files.pythonhosted.org/**",
|
|
1795
|
+
"https://crates.io",
|
|
1663
1796
|
"https://crates.io/**",
|
|
1797
|
+
"https://rubygems.org",
|
|
1664
1798
|
"https://rubygems.org/**"
|
|
1665
1799
|
],
|
|
1666
1800
|
enabled: true,
|
|
@@ -1674,23 +1808,28 @@ var BuiltinPolicies = [
|
|
|
1674
1808
|
target: "url",
|
|
1675
1809
|
operations: ["http_request"],
|
|
1676
1810
|
patterns: [
|
|
1811
|
+
"https://github.com",
|
|
1677
1812
|
"https://github.com/**",
|
|
1813
|
+
"https://api.github.com",
|
|
1678
1814
|
"https://api.github.com/**",
|
|
1815
|
+
"https://raw.githubusercontent.com",
|
|
1679
1816
|
"https://raw.githubusercontent.com/**",
|
|
1817
|
+
"https://gist.github.com",
|
|
1680
1818
|
"https://gist.github.com/**"
|
|
1681
1819
|
],
|
|
1682
1820
|
enabled: true,
|
|
1683
1821
|
priority: 50
|
|
1684
1822
|
}
|
|
1685
1823
|
];
|
|
1686
|
-
function getDefaultPolicies() {
|
|
1824
|
+
function getDefaultPolicies(options) {
|
|
1825
|
+
const agentHome = options?.agentHome || process.env["AGENSHIELD_AGENT_HOME"] || "/Users/clawagent";
|
|
1687
1826
|
return {
|
|
1688
1827
|
version: "1.0.0",
|
|
1689
1828
|
defaultAction: "deny",
|
|
1690
1829
|
rules: [...BuiltinPolicies],
|
|
1691
1830
|
fsConstraints: {
|
|
1692
1831
|
allowedPaths: [
|
|
1693
|
-
|
|
1832
|
+
agentHome,
|
|
1694
1833
|
"/tmp/agenshield"
|
|
1695
1834
|
],
|
|
1696
1835
|
deniedPatterns: [
|
|
@@ -2656,6 +2795,7 @@ export {
|
|
|
2656
2795
|
SecretVault,
|
|
2657
2796
|
UnixSocketServer,
|
|
2658
2797
|
getDefaultPolicies,
|
|
2798
|
+
handleEventsBatch,
|
|
2659
2799
|
handleExec,
|
|
2660
2800
|
handleFileList,
|
|
2661
2801
|
handleFileRead,
|
|
@@ -2663,6 +2803,7 @@ export {
|
|
|
2663
2803
|
handleHttpRequest,
|
|
2664
2804
|
handleOpenUrl,
|
|
2665
2805
|
handlePing,
|
|
2806
|
+
handlePolicyCheck,
|
|
2666
2807
|
handleSecretInject,
|
|
2667
2808
|
handleSkillInstall,
|
|
2668
2809
|
handleSkillUninstall
|
package/main.js
CHANGED
|
@@ -807,6 +807,70 @@ async function handleSkillUninstall(params, context, deps) {
|
|
|
807
807
|
}
|
|
808
808
|
}
|
|
809
809
|
|
|
810
|
+
// libs/shield-broker/src/handlers/policy-check.ts
|
|
811
|
+
async function handlePolicyCheck(params, context, deps) {
|
|
812
|
+
const { operation, target } = params;
|
|
813
|
+
if (!operation) {
|
|
814
|
+
return {
|
|
815
|
+
success: false,
|
|
816
|
+
error: { code: -32602, message: "Missing required parameter: operation" }
|
|
817
|
+
};
|
|
818
|
+
}
|
|
819
|
+
let checkParams;
|
|
820
|
+
switch (operation) {
|
|
821
|
+
case "http_request":
|
|
822
|
+
case "open_url":
|
|
823
|
+
checkParams = { url: target || "" };
|
|
824
|
+
break;
|
|
825
|
+
case "file_read":
|
|
826
|
+
case "file_write":
|
|
827
|
+
case "file_list":
|
|
828
|
+
checkParams = { path: target || "" };
|
|
829
|
+
break;
|
|
830
|
+
case "exec":
|
|
831
|
+
checkParams = { command: target || "" };
|
|
832
|
+
break;
|
|
833
|
+
case "secret_inject":
|
|
834
|
+
checkParams = { name: target || "" };
|
|
835
|
+
break;
|
|
836
|
+
default:
|
|
837
|
+
checkParams = { target: target || "" };
|
|
838
|
+
break;
|
|
839
|
+
}
|
|
840
|
+
const result = await deps.policyEnforcer.check(operation, checkParams, context);
|
|
841
|
+
return {
|
|
842
|
+
success: true,
|
|
843
|
+
data: {
|
|
844
|
+
allowed: result.allowed,
|
|
845
|
+
policyId: result.policyId,
|
|
846
|
+
reason: result.reason
|
|
847
|
+
}
|
|
848
|
+
};
|
|
849
|
+
}
|
|
850
|
+
|
|
851
|
+
// libs/shield-broker/src/handlers/events-batch.ts
|
|
852
|
+
async function handleEventsBatch(params, context, deps) {
|
|
853
|
+
const { events } = params;
|
|
854
|
+
const eventList = events || [];
|
|
855
|
+
for (const event of eventList) {
|
|
856
|
+
const entry = {
|
|
857
|
+
id: event.id || context.requestId,
|
|
858
|
+
timestamp: event.timestamp ? new Date(event.timestamp) : /* @__PURE__ */ new Date(),
|
|
859
|
+
operation: event.operation || "events_batch",
|
|
860
|
+
channel: "socket",
|
|
861
|
+
allowed: event.allowed ?? true,
|
|
862
|
+
target: event.target || "",
|
|
863
|
+
result: event.allowed === false ? "denied" : "success",
|
|
864
|
+
durationMs: 0
|
|
865
|
+
};
|
|
866
|
+
await deps.auditLogger.log(entry);
|
|
867
|
+
}
|
|
868
|
+
return {
|
|
869
|
+
success: true,
|
|
870
|
+
data: { received: eventList.length }
|
|
871
|
+
};
|
|
872
|
+
}
|
|
873
|
+
|
|
810
874
|
// libs/shield-broker/src/server.ts
|
|
811
875
|
var UnixSocketServer = class {
|
|
812
876
|
server = null;
|
|
@@ -992,7 +1056,9 @@ var UnixSocketServer = class {
|
|
|
992
1056
|
secret_inject: handleSecretInject,
|
|
993
1057
|
ping: handlePing,
|
|
994
1058
|
skill_install: handleSkillInstall,
|
|
995
|
-
skill_uninstall: handleSkillUninstall
|
|
1059
|
+
skill_uninstall: handleSkillUninstall,
|
|
1060
|
+
policy_check: handlePolicyCheck,
|
|
1061
|
+
events_batch: handleEventsBatch
|
|
996
1062
|
};
|
|
997
1063
|
return handlerMap[method];
|
|
998
1064
|
}
|
|
@@ -1023,7 +1089,9 @@ var HTTP_ALLOWED_OPERATIONS = /* @__PURE__ */ new Set([
|
|
|
1023
1089
|
"file_read",
|
|
1024
1090
|
"file_list",
|
|
1025
1091
|
"open_url",
|
|
1026
|
-
"ping"
|
|
1092
|
+
"ping",
|
|
1093
|
+
"policy_check",
|
|
1094
|
+
"events_batch"
|
|
1027
1095
|
]);
|
|
1028
1096
|
var HTTP_DENIED_OPERATIONS = /* @__PURE__ */ new Set([
|
|
1029
1097
|
"exec",
|
|
@@ -1224,7 +1292,9 @@ var HttpFallbackServer = class {
|
|
|
1224
1292
|
file_read: handleFileRead,
|
|
1225
1293
|
file_list: handleFileList,
|
|
1226
1294
|
open_url: handleOpenUrl,
|
|
1227
|
-
ping: handlePing
|
|
1295
|
+
ping: handlePing,
|
|
1296
|
+
policy_check: handlePolicyCheck,
|
|
1297
|
+
events_batch: handleEventsBatch
|
|
1228
1298
|
};
|
|
1229
1299
|
return handlerMap[method];
|
|
1230
1300
|
}
|
|
@@ -1263,6 +1333,34 @@ var PolicyEnforcer = class {
|
|
|
1263
1333
|
this.policies = options.defaultPolicies;
|
|
1264
1334
|
this.loadPolicies();
|
|
1265
1335
|
}
|
|
1336
|
+
/**
|
|
1337
|
+
* Normalize a policy rule — infer operations from target when missing,
|
|
1338
|
+
* default priority to 0.
|
|
1339
|
+
*/
|
|
1340
|
+
normalizeRule(rule) {
|
|
1341
|
+
const normalized = { ...rule };
|
|
1342
|
+
if (!normalized.priority && normalized.priority !== 0) {
|
|
1343
|
+
normalized.priority = 0;
|
|
1344
|
+
}
|
|
1345
|
+
if (normalized.operations && normalized.operations.length > 0) {
|
|
1346
|
+
return normalized;
|
|
1347
|
+
}
|
|
1348
|
+
switch (normalized.target) {
|
|
1349
|
+
case "url":
|
|
1350
|
+
normalized.operations = ["http_request", "open_url"];
|
|
1351
|
+
break;
|
|
1352
|
+
case "command":
|
|
1353
|
+
normalized.operations = ["exec"];
|
|
1354
|
+
break;
|
|
1355
|
+
case "skill":
|
|
1356
|
+
normalized.operations = ["skill_install", "skill_uninstall"];
|
|
1357
|
+
break;
|
|
1358
|
+
default:
|
|
1359
|
+
normalized.operations = ["*"];
|
|
1360
|
+
break;
|
|
1361
|
+
}
|
|
1362
|
+
return normalized;
|
|
1363
|
+
}
|
|
1266
1364
|
/**
|
|
1267
1365
|
* Load policies from disk
|
|
1268
1366
|
*/
|
|
@@ -1275,7 +1373,7 @@ var PolicyEnforcer = class {
|
|
|
1275
1373
|
this.policies = {
|
|
1276
1374
|
...this.policies,
|
|
1277
1375
|
...loaded,
|
|
1278
|
-
rules: [...this.policies.rules, ...loaded.rules || []]
|
|
1376
|
+
rules: [...this.policies.rules, ...(loaded.rules || []).map((r) => this.normalizeRule(r))]
|
|
1279
1377
|
};
|
|
1280
1378
|
this.lastLoad = Date.now();
|
|
1281
1379
|
} catch (error) {
|
|
@@ -1291,7 +1389,7 @@ var PolicyEnforcer = class {
|
|
|
1291
1389
|
const content = fs4.readFileSync(path4.join(customDir, file), "utf-8");
|
|
1292
1390
|
const custom = JSON.parse(content);
|
|
1293
1391
|
if (custom.rules) {
|
|
1294
|
-
this.policies.rules.push(...custom.rules);
|
|
1392
|
+
this.policies.rules.push(...custom.rules.map((r) => this.normalizeRule(r)));
|
|
1295
1393
|
}
|
|
1296
1394
|
}
|
|
1297
1395
|
}
|
|
@@ -1520,6 +1618,28 @@ var BuiltinPolicies = [
|
|
|
1520
1618
|
enabled: true,
|
|
1521
1619
|
priority: 1e3
|
|
1522
1620
|
},
|
|
1621
|
+
// Allow interceptor policy checks (internal RPC — must not be subject to policy gate)
|
|
1622
|
+
{
|
|
1623
|
+
id: "builtin-allow-policy-check",
|
|
1624
|
+
name: "Allow interceptor policy checks",
|
|
1625
|
+
action: "allow",
|
|
1626
|
+
target: "command",
|
|
1627
|
+
operations: ["policy_check"],
|
|
1628
|
+
patterns: ["*"],
|
|
1629
|
+
enabled: true,
|
|
1630
|
+
priority: 1e3
|
|
1631
|
+
},
|
|
1632
|
+
// Allow interceptor event reporting (internal RPC)
|
|
1633
|
+
{
|
|
1634
|
+
id: "builtin-allow-events-batch",
|
|
1635
|
+
name: "Allow interceptor event reporting",
|
|
1636
|
+
action: "allow",
|
|
1637
|
+
target: "command",
|
|
1638
|
+
operations: ["events_batch"],
|
|
1639
|
+
patterns: ["*"],
|
|
1640
|
+
enabled: true,
|
|
1641
|
+
priority: 1e3
|
|
1642
|
+
},
|
|
1523
1643
|
// Allow skill installation/uninstallation (daemon management operations)
|
|
1524
1644
|
{
|
|
1525
1645
|
id: "builtin-allow-skill-management",
|
|
@@ -1540,9 +1660,13 @@ var BuiltinPolicies = [
|
|
|
1540
1660
|
operations: ["http_request"],
|
|
1541
1661
|
patterns: [
|
|
1542
1662
|
"http://localhost:*",
|
|
1663
|
+
"http://localhost:*/**",
|
|
1543
1664
|
"http://127.0.0.1:*",
|
|
1665
|
+
"http://127.0.0.1:*/**",
|
|
1544
1666
|
"https://localhost:*",
|
|
1545
|
-
"https://
|
|
1667
|
+
"https://localhost:*/**",
|
|
1668
|
+
"https://127.0.0.1:*",
|
|
1669
|
+
"https://127.0.0.1:*/**"
|
|
1546
1670
|
],
|
|
1547
1671
|
enabled: true,
|
|
1548
1672
|
priority: 100
|
|
@@ -1642,10 +1766,15 @@ var BuiltinPolicies = [
|
|
|
1642
1766
|
target: "url",
|
|
1643
1767
|
operations: ["http_request"],
|
|
1644
1768
|
patterns: [
|
|
1769
|
+
"https://api.anthropic.com",
|
|
1645
1770
|
"https://api.anthropic.com/**",
|
|
1771
|
+
"https://api.openai.com",
|
|
1646
1772
|
"https://api.openai.com/**",
|
|
1773
|
+
"https://api.cohere.ai",
|
|
1647
1774
|
"https://api.cohere.ai/**",
|
|
1775
|
+
"https://generativelanguage.googleapis.com",
|
|
1648
1776
|
"https://generativelanguage.googleapis.com/**",
|
|
1777
|
+
"https://api.mistral.ai",
|
|
1649
1778
|
"https://api.mistral.ai/**"
|
|
1650
1779
|
],
|
|
1651
1780
|
enabled: true,
|
|
@@ -1659,10 +1788,15 @@ var BuiltinPolicies = [
|
|
|
1659
1788
|
target: "url",
|
|
1660
1789
|
operations: ["http_request"],
|
|
1661
1790
|
patterns: [
|
|
1791
|
+
"https://registry.npmjs.org",
|
|
1662
1792
|
"https://registry.npmjs.org/**",
|
|
1793
|
+
"https://pypi.org",
|
|
1663
1794
|
"https://pypi.org/**",
|
|
1795
|
+
"https://files.pythonhosted.org",
|
|
1664
1796
|
"https://files.pythonhosted.org/**",
|
|
1797
|
+
"https://crates.io",
|
|
1665
1798
|
"https://crates.io/**",
|
|
1799
|
+
"https://rubygems.org",
|
|
1666
1800
|
"https://rubygems.org/**"
|
|
1667
1801
|
],
|
|
1668
1802
|
enabled: true,
|
|
@@ -1676,23 +1810,28 @@ var BuiltinPolicies = [
|
|
|
1676
1810
|
target: "url",
|
|
1677
1811
|
operations: ["http_request"],
|
|
1678
1812
|
patterns: [
|
|
1813
|
+
"https://github.com",
|
|
1679
1814
|
"https://github.com/**",
|
|
1815
|
+
"https://api.github.com",
|
|
1680
1816
|
"https://api.github.com/**",
|
|
1817
|
+
"https://raw.githubusercontent.com",
|
|
1681
1818
|
"https://raw.githubusercontent.com/**",
|
|
1819
|
+
"https://gist.github.com",
|
|
1682
1820
|
"https://gist.github.com/**"
|
|
1683
1821
|
],
|
|
1684
1822
|
enabled: true,
|
|
1685
1823
|
priority: 50
|
|
1686
1824
|
}
|
|
1687
1825
|
];
|
|
1688
|
-
function getDefaultPolicies() {
|
|
1826
|
+
function getDefaultPolicies(options) {
|
|
1827
|
+
const agentHome = options?.agentHome || process.env["AGENSHIELD_AGENT_HOME"] || "/Users/clawagent";
|
|
1689
1828
|
return {
|
|
1690
1829
|
version: "1.0.0",
|
|
1691
1830
|
defaultAction: "deny",
|
|
1692
1831
|
rules: [...BuiltinPolicies],
|
|
1693
1832
|
fsConstraints: {
|
|
1694
1833
|
allowedPaths: [
|
|
1695
|
-
|
|
1834
|
+
agentHome,
|
|
1696
1835
|
"/tmp/agenshield"
|
|
1697
1836
|
],
|
|
1698
1837
|
deniedPatterns: [
|
|
@@ -2091,7 +2230,8 @@ function loadConfig() {
|
|
|
2091
2230
|
failOpen: process.env["AGENSHIELD_FAIL_OPEN"] === "true" || (fileConfig.failOpen ?? false),
|
|
2092
2231
|
socketMode: fileConfig.socketMode || 438,
|
|
2093
2232
|
socketOwner: fileConfig.socketOwner || "clawbroker",
|
|
2094
|
-
socketGroup: fileConfig.socketGroup || "clawshield"
|
|
2233
|
+
socketGroup: fileConfig.socketGroup || "clawshield",
|
|
2234
|
+
agentHome: process.env["AGENSHIELD_AGENT_HOME"] || fileConfig.agentHome
|
|
2095
2235
|
};
|
|
2096
2236
|
}
|
|
2097
2237
|
function ensureDirectories(config) {
|
|
@@ -2126,6 +2266,7 @@ async function main() {
|
|
|
2126
2266
|
console.log(`Socket owner: ${config.socketOwner}, group: ${config.socketGroup}`);
|
|
2127
2267
|
console.log(`HTTP Fallback: ${config.httpEnabled ? `${config.httpHost}:${config.httpPort}` : "disabled"}`);
|
|
2128
2268
|
console.log(`Policies: ${config.policiesPath}`);
|
|
2269
|
+
console.log(`Agent Home: ${config.agentHome || "(env fallback)"}`);
|
|
2129
2270
|
console.log(`Log Level: ${config.logLevel}`);
|
|
2130
2271
|
try {
|
|
2131
2272
|
ensureDirectories(config);
|
|
@@ -2139,7 +2280,7 @@ async function main() {
|
|
|
2139
2280
|
});
|
|
2140
2281
|
const policyEnforcer = new PolicyEnforcer({
|
|
2141
2282
|
policiesPath: config.policiesPath,
|
|
2142
|
-
defaultPolicies: getDefaultPolicies(),
|
|
2283
|
+
defaultPolicies: getDefaultPolicies({ agentHome: config.agentHome }),
|
|
2143
2284
|
failOpen: config.failOpen
|
|
2144
2285
|
});
|
|
2145
2286
|
const secretVault = new SecretVault({
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@agenshield/broker",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.6.0",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"description": "AgenShield broker daemon with Unix socket and HTTP fallback",
|
|
6
6
|
"main": "./index.js",
|
|
@@ -24,7 +24,7 @@
|
|
|
24
24
|
},
|
|
25
25
|
"license": "MIT",
|
|
26
26
|
"dependencies": {
|
|
27
|
-
"@agenshield/ipc": "0.
|
|
27
|
+
"@agenshield/ipc": "0.6.0"
|
|
28
28
|
},
|
|
29
29
|
"devDependencies": {
|
|
30
30
|
"@types/node": "^24.0.0",
|
package/policies/builtin.d.ts
CHANGED
|
@@ -11,5 +11,7 @@ export declare const BuiltinPolicies: PolicyRule[];
|
|
|
11
11
|
/**
|
|
12
12
|
* Get default policy configuration
|
|
13
13
|
*/
|
|
14
|
-
export declare function getDefaultPolicies(
|
|
14
|
+
export declare function getDefaultPolicies(options?: {
|
|
15
|
+
agentHome?: string;
|
|
16
|
+
}): PolicyConfig;
|
|
15
17
|
//# sourceMappingURL=builtin.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"builtin.d.ts","sourceRoot":"","sources":["../../src/policies/builtin.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAE9D;;GAEG;AACH,eAAO,MAAM,eAAe,EAAE,UAAU,
|
|
1
|
+
{"version":3,"file":"builtin.d.ts","sourceRoot":"","sources":["../../src/policies/builtin.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAE9D;;GAEG;AACH,eAAO,MAAM,eAAe,EAAE,UAAU,EAmOvC,CAAC;AAEF;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,CAAC,EAAE;IAAE,SAAS,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,YAAY,CAoCjF"}
|
package/policies/enforcer.d.ts
CHANGED
|
@@ -54,6 +54,11 @@ export declare class PolicyEnforcer {
|
|
|
54
54
|
private lastLoad;
|
|
55
55
|
private reloadInterval;
|
|
56
56
|
constructor(options: PolicyEnforcerOptions);
|
|
57
|
+
/**
|
|
58
|
+
* Normalize a policy rule — infer operations from target when missing,
|
|
59
|
+
* default priority to 0.
|
|
60
|
+
*/
|
|
61
|
+
private normalizeRule;
|
|
57
62
|
/**
|
|
58
63
|
* Load policies from disk
|
|
59
64
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"enforcer.d.ts","sourceRoot":"","sources":["../../src/policies/enforcer.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAElD;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,OAAO,GAAG,MAAM,GAAG,UAAU,CAAC;IACtC,MAAM,EAAE,OAAO,GAAG,SAAS,GAAG,KAAK,CAAC;IACpC,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,OAAO,GAAG,MAAM,CAAC;IAChC,KAAK,EAAE,UAAU,EAAE,CAAC;IACpB,aAAa,CAAC,EAAE;QACd,YAAY,EAAE,MAAM,EAAE,CAAC;QACvB,cAAc,EAAE,MAAM,EAAE,CAAC;KAC1B,CAAC;IACF,kBAAkB,CAAC,EAAE;QACnB,YAAY,EAAE,MAAM,EAAE,CAAC;QACvB,WAAW,EAAE,MAAM,EAAE,CAAC;QACtB,YAAY,EAAE,MAAM,EAAE,CAAC;KACxB,CAAC;CACH;AAED,MAAM,WAAW,qBAAqB;IACpC,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,YAAY,CAAC;IAC9B,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAe;IAC/B,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,QAAQ,CAAU;IAC1B,OAAO,CAAC,QAAQ,CAAa;IAC7B,OAAO,CAAC,cAAc,CAAiB;gBAE3B,OAAO,EAAE,qBAAqB;IAQ1C;;OAEG;IACH,OAAO,CAAC,YAAY;IA4CpB;;OAEG;IACH,OAAO,CAAC,WAAW;IAMnB;;OAEG;IACG,KAAK,CACT,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,iBAAiB,CAAC;IAuD7B;;OAEG;IACH,OAAO,CAAC,aAAa;IAmBrB;;OAEG;IACH,OAAO,CAAC,eAAe;IASvB;;OAEG;IACH,OAAO,CAAC,YAAY;IAapB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IA8GxB;;OAEG;IACH,WAAW,IAAI,YAAY;IAK3B;;OAEG;IACH,OAAO,CAAC,IAAI,EAAE,UAAU,GAAG,IAAI;IAK/B;;OAEG;IACH,UAAU,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO;CAQhC"}
|
|
1
|
+
{"version":3,"file":"enforcer.d.ts","sourceRoot":"","sources":["../../src/policies/enforcer.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAElD;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,OAAO,GAAG,MAAM,GAAG,UAAU,CAAC;IACtC,MAAM,EAAE,OAAO,GAAG,SAAS,GAAG,KAAK,CAAC;IACpC,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,OAAO,GAAG,MAAM,CAAC;IAChC,KAAK,EAAE,UAAU,EAAE,CAAC;IACpB,aAAa,CAAC,EAAE;QACd,YAAY,EAAE,MAAM,EAAE,CAAC;QACvB,cAAc,EAAE,MAAM,EAAE,CAAC;KAC1B,CAAC;IACF,kBAAkB,CAAC,EAAE;QACnB,YAAY,EAAE,MAAM,EAAE,CAAC;QACvB,WAAW,EAAE,MAAM,EAAE,CAAC;QACtB,YAAY,EAAE,MAAM,EAAE,CAAC;KACxB,CAAC;CACH;AAED,MAAM,WAAW,qBAAqB;IACpC,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,YAAY,CAAC;IAC9B,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAe;IAC/B,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,QAAQ,CAAU;IAC1B,OAAO,CAAC,QAAQ,CAAa;IAC7B,OAAO,CAAC,cAAc,CAAiB;gBAE3B,OAAO,EAAE,qBAAqB;IAQ1C;;;OAGG;IACH,OAAO,CAAC,aAAa;IAyBrB;;OAEG;IACH,OAAO,CAAC,YAAY;IA4CpB;;OAEG;IACH,OAAO,CAAC,WAAW;IAMnB;;OAEG;IACG,KAAK,CACT,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,iBAAiB,CAAC;IAuD7B;;OAEG;IACH,OAAO,CAAC,aAAa;IAmBrB;;OAEG;IACH,OAAO,CAAC,eAAe;IASvB;;OAEG;IACH,OAAO,CAAC,YAAY;IAapB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IA8GxB;;OAEG;IACH,WAAW,IAAI,YAAY;IAK3B;;OAEG;IACH,OAAO,CAAC,IAAI,EAAE,UAAU,GAAG,IAAI;IAK/B;;OAEG;IACH,UAAU,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO;CAQhC"}
|
package/server.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EACV,YAAY,EAIb,MAAM,YAAY,CAAC;AACpB,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAGtD,MAAM,WAAW,uBAAuB;IACtC,MAAM,EAAE,YAAY,CAAC;IACrB,cAAc,EAAE,cAAc,CAAC;IAC/B,WAAW,EAAE,WAAW,CAAC;IACzB,WAAW,EAAE,WAAW,CAAC;CAC1B;AAED,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,MAAM,CAA2B;IACzC,OAAO,CAAC,MAAM,CAAe;IAC7B,OAAO,CAAC,cAAc,CAAiB;IACvC,OAAO,CAAC,WAAW,CAAc;IACjC,OAAO,CAAC,WAAW,CAAc;IACjC,OAAO,CAAC,WAAW,CAA8B;gBAErC,OAAO,EAAE,uBAAuB;IAO5C;;OAEG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IA4B5B;;OAEG;IACG,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IA0B3B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IA+BxB;;OAEG;YACW,cAAc;IAoG5B;;OAEG;IACH,OAAO,CAAC,UAAU;
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EACV,YAAY,EAIb,MAAM,YAAY,CAAC;AACpB,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAGtD,MAAM,WAAW,uBAAuB;IACtC,MAAM,EAAE,YAAY,CAAC;IACrB,cAAc,EAAE,cAAc,CAAC;IAC/B,WAAW,EAAE,WAAW,CAAC;IACzB,WAAW,EAAE,WAAW,CAAC;CAC1B;AAED,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,MAAM,CAA2B;IACzC,OAAO,CAAC,MAAM,CAAe;IAC7B,OAAO,CAAC,cAAc,CAAiB;IACvC,OAAO,CAAC,WAAW,CAAc;IACjC,OAAO,CAAC,WAAW,CAAc;IACjC,OAAO,CAAC,WAAW,CAA8B;gBAErC,OAAO,EAAE,uBAAuB;IAO5C;;OAEG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IA4B5B;;OAEG;IACG,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IA0B3B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IA+BxB;;OAEG;YACW,cAAc;IAoG5B;;OAEG;IACH,OAAO,CAAC,UAAU;IA2BlB;;OAEG;IACH,OAAO,CAAC,aAAa;IAWrB;;OAEG;IACH,OAAO,CAAC,aAAa;CAWtB"}
|
package/types.d.ts
CHANGED
package/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAc,aAAa,EAAqC,MAAM,iBAAiB,CAAC;AAEpG;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,uBAAuB;IACvB,UAAU,EAAE,MAAM,CAAC;IAEnB,uCAAuC;IACvC,WAAW,EAAE,OAAO,CAAC;IAErB,yBAAyB;IACzB,QAAQ,EAAE,MAAM,CAAC;IAEjB,+CAA+C;IAC/C,QAAQ,EAAE,MAAM,CAAC;IAEjB,iCAAiC;IACjC,UAAU,EAAE,MAAM,CAAC;IAEnB,iCAAiC;IACjC,YAAY,EAAE,MAAM,CAAC;IAErB,wBAAwB;IACxB,YAAY,EAAE,MAAM,CAAC;IAErB,gBAAgB;IAChB,QAAQ,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IAE9C,iDAAiD;IACjD,QAAQ,EAAE,OAAO,CAAC;IAElB,sCAAsC;IACtC,UAAU,EAAE,MAAM,CAAC;IAEnB,wBAAwB;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,yBAAyB;IACzB,WAAW,CAAC,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAc,aAAa,EAAqC,MAAM,iBAAiB,CAAC;AAEpG;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,uBAAuB;IACvB,UAAU,EAAE,MAAM,CAAC;IAEnB,uCAAuC;IACvC,WAAW,EAAE,OAAO,CAAC;IAErB,yBAAyB;IACzB,QAAQ,EAAE,MAAM,CAAC;IAEjB,+CAA+C;IAC/C,QAAQ,EAAE,MAAM,CAAC;IAEjB,iCAAiC;IACjC,UAAU,EAAE,MAAM,CAAC;IAEnB,iCAAiC;IACjC,YAAY,EAAE,MAAM,CAAC;IAErB,wBAAwB;IACxB,YAAY,EAAE,MAAM,CAAC;IAErB,gBAAgB;IAChB,QAAQ,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IAE9C,iDAAiD;IACjD,QAAQ,EAAE,OAAO,CAAC;IAElB,sCAAsC;IACtC,UAAU,EAAE,MAAM,CAAC;IAEnB,wBAAwB;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,yBAAyB;IACzB,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,iDAAiD;IACjD,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,6BAA6B;IAC7B,SAAS,EAAE,MAAM,CAAC;IAElB,oCAAoC;IACpC,OAAO,EAAE,QAAQ,GAAG,MAAM,CAAC;IAE3B,+CAA+C;IAC/C,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,gDAAgD;IAChD,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,wBAAwB;IACxB,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,2BAA2B;IAC3B,SAAS,EAAE,IAAI,CAAC;IAEhB,2BAA2B;IAC3B,MAAM,EAAE,YAAY,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa,CAAC,CAAC,GAAG,OAAO;IACxC,sCAAsC;IACtC,OAAO,EAAE,OAAO,CAAC;IAEjB,kCAAkC;IAClC,IAAI,CAAC,EAAE,CAAC,CAAC;IAET,oCAAoC;IACpC,KAAK,CAAC,EAAE;QACN,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,OAAO,CAAC,EAAE,OAAO,CAAC;KACnB,CAAC;IAEF,qBAAqB;IACrB,KAAK,CAAC,EAAE;QACN,QAAQ,EAAE,MAAM,CAAC;QACjB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,gBAAgB,CAAC,EAAE,MAAM,CAAC;KAC3B,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,sBAAsB;IACtB,EAAE,EAAE,MAAM,CAAC;IAEX,gBAAgB;IAChB,SAAS,EAAE,IAAI,CAAC;IAEhB,qBAAqB;IACrB,SAAS,EAAE,aAAa,CAAC;IAEzB,sBAAsB;IACtB,OAAO,EAAE,QAAQ,GAAG,MAAM,CAAC;IAE3B,qBAAqB;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,oCAAoC;IACpC,OAAO,EAAE,OAAO,CAAC;IAEjB,mCAAmC;IACnC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,4CAA4C;IAC5C,MAAM,EAAE,MAAM,CAAC;IAEf,uBAAuB;IACvB,MAAM,EAAE,SAAS,GAAG,QAAQ,GAAG,OAAO,CAAC;IAEvC,8BAA8B;IAC9B,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB,+BAA+B;IAC/B,UAAU,EAAE,MAAM,CAAC;IAEnB,0BAA0B;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,kBAAkB;IAClB,IAAI,EAAE,MAAM,CAAC;IAEb,sBAAsB;IACtB,cAAc,EAAE,MAAM,CAAC;IAEvB,6CAA6C;IAC7C,iBAAiB,EAAE,aAAa,EAAE,CAAC;IAEnC,wBAAwB;IACxB,SAAS,EAAE,IAAI,CAAC;IAEhB,8BAA8B;IAC9B,cAAc,CAAC,EAAE,IAAI,CAAC;IAEtB,mBAAmB;IACnB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,KAAK,CAAC;IACf,EAAE,EAAE,MAAM,GAAG,MAAM,CAAC;IACpB,MAAM,EAAE,aAAa,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,KAAK,CAAC;IACf,EAAE,EAAE,MAAM,GAAG,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,YAAY,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,CAAC,EAAE,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,OAAO,GAAG,MAAM,GAAG,SAAS,CAAC;IAC1E,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACvB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,cAAc,CAAC;CAC3B;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,eAAe;IAC9B,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,KAAK,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,GAAG,WAAW,GAAG,SAAS,CAAC;QACvC,IAAI,EAAE,MAAM,CAAC;QACb,KAAK,EAAE,MAAM,CAAC;KACf,CAAC,CAAC;CACJ;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,OAAO,CAAC;CACjB;AAED,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,IAAI,CAAC;IACX,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,4DAA4D;IAC5D,IAAI,EAAE,MAAM,CAAC;IACb,oEAAoE;IACpE,OAAO,EAAE,MAAM,CAAC;IAChB,sDAAsD;IACtD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,wCAAwC;IACxC,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,kBAAkB;IACjC,0CAA0C;IAC1C,IAAI,EAAE,MAAM,CAAC;IACb,uBAAuB;IACvB,KAAK,EAAE,gBAAgB,EAAE,CAAC;IAC1B,0DAA0D;IAC1D,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,mEAAmE;IACnE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,kEAAkE;IAClE,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,kBAAkB;IACjC,qCAAqC;IACrC,SAAS,EAAE,OAAO,CAAC;IACnB,wCAAwC;IACxC,QAAQ,EAAE,MAAM,CAAC;IACjB,0CAA0C;IAC1C,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,8BAA8B;IAC9B,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,oBAAoB;IACnC,8BAA8B;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,mEAAmE;IACnE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,uCAAuC;IACvC,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED,MAAM,WAAW,oBAAoB;IACnC,uCAAuC;IACvC,WAAW,EAAE,OAAO,CAAC;IACrB,sCAAsC;IACtC,QAAQ,EAAE,MAAM,CAAC;IACjB,kCAAkC;IAClC,cAAc,EAAE,OAAO,CAAC;CACzB"}
|