@agenshield/daemon 0.1.0

package/ui-assets/favicon.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" viewBox="0 0 24 24" fill="#171717" stroke="none"><path d="M20 13c0 5-3.5 7.5-7.66 8.95a1 1 0 0 1-.67-.01C7.5 20.5 4 18 4 13V6a1 1 0 0 1 .67-.95l7-2.5a1 1 0 0 1 .67 0l7 2.5A1 1 0 0 1 20 6z"/></svg>

package/ui-assets/index.html

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <link rel="icon" type="image/svg+xml" href="/favicon.svg" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>AgenShield Dashboard</title>
+    <script type="module" crossorigin src="/assets/index-Chp3YFDr.js"></script>
+    <link rel="stylesheet" crossorigin href="/assets/index-CC_zbvUx.css">
+  </head>
+  <body>
+    <div id="root"></div>
+  </body>
+</html>

package/ui-assets/package.json

@@ -0,0 +1,34 @@
+{
+  "name": "@agenshield/ui",
+  "version": "0.1.0",
+  "private": true,
+  "description": "AgenShield Web UI Dashboard",
+  "license": "MIT",
+  "dependencies": {
+    "@agenshield/ipc": "0.1.0",
+    "@emotion/react": "^11.14.0",
+    "@emotion/styled": "^11.14.0",
+    "@fontsource/ibm-plex-mono": "^5.2.7",
+    "@fontsource/manrope": "^5.2.8",
+    "@mui/material": "^6.4.0",
+    "@tanstack/react-query": "^5.60.0",
+    "@tanstack/react-virtual": "^3.0.0",
+    "@xyflow/react": "^12.0.0",
+    "date-fns": "^4.1.0",
+    "lucide-react": "^0.563.0",
+    "react": "^19.0.0",
+    "react-dom": "^19.0.0",
+    "react-markdown": "^10.1.0",
+    "react-router-dom": "^7.0.0",
+    "recharts": "^3.7.0",
+    "remark-gfm": "^4.0.1",
+    "valtio": "^2.3.0"
+  },
+  "devDependencies": {
+    "@types/react": "^19.0.0",
+    "@types/react-dom": "^19.0.0",
+    "@vitejs/plugin-react": "^4.3.0",
+    "typescript": "^5.9.3",
+    "vite": "^6.0.0"
+  }
+}

package/utils/logged-fetch.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Logged fetch utility — wraps fetch() with console logging and SSE event emission.
+ * Sanitizes sensitive parameters from URLs and bodies before logging.
+ */
+/**
+ * Logged fetch — wraps native fetch with request/response logging and SSE emission.
+ *
+ * @param url - The URL to fetch
+ * @param init - Standard RequestInit options
+ * @param context - A label for the call context (e.g. 'agenco:token-refresh')
+ */
+export declare function loggedFetch(url: string, init: RequestInit, context: string): Promise<Response>;
+//# sourceMappingURL=logged-fetch.d.ts.map

package/utils/logged-fetch.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"logged-fetch.d.ts","sourceRoot":"","sources":["../../src/utils/logged-fetch.ts"],"names":[],"mappings":"AAAA;;;GAGG;AA2DH;;;;;;GAMG;AACH,wBAAsB,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAkEpG"}

package/vault/crypto.d.ts

@@ -0,0 +1,28 @@
+/**
+ * Cryptographic utilities for vault encryption
+ */
+/**
+ * Get machine-specific identifier for key derivation
+ * Uses hardware UUID, hostname, and user info to create a unique identifier
+ */
+export declare function getMachineId(): string;
+/**
+ * Derive encryption key from machine ID using scrypt
+ */
+export declare function deriveKey(machineId: string): Buffer;
+/**
+ * Encrypt data using AES-256-GCM
+ * @param data - Plaintext data to encrypt
+ * @param key - 32-byte encryption key
+ * @returns Encrypted data in format: iv:authTag:ciphertext (base64 encoded)
+ */
+export declare function encrypt(data: string, key: Buffer): string;
+/**
+ * Decrypt data using AES-256-GCM
+ * @param encryptedData - Encrypted data in format: iv:authTag:ciphertext
+ * @param key - 32-byte encryption key
+ * @returns Decrypted plaintext
+ * @throws Error if decryption fails (wrong key, tampered data, etc.)
+ */
+export declare function decrypt(encryptedData: string, key: Buffer): string;
+//# sourceMappingURL=crypto.d.ts.map

package/vault/crypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../src/vault/crypto.ts"],"names":[],"mappings":"AAAA;;GAEG;AAMH;;;GAGG;AACH,wBAAgB,YAAY,IAAI,MAAM,CA0BrC;AAED;;GAEG;AACH,wBAAgB,SAAS,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAKnD;AAED;;;;;GAKG;AACH,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAgBzD;AAED;;;;;;GAMG;AACH,wBAAgB,OAAO,CAAC,aAAa,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAqBlE"}

package/vault/index.d.ts

@@ -0,0 +1,64 @@
+/**
+ * Encrypted vault manager
+ *
+ * Provides secure storage for sensitive data like OAuth tokens
+ * using machine-specific encryption.
+ */
+import type { VaultContents } from '@agenshield/ipc';
+/**
+ * Vault manager class for encrypted storage
+ */
+export declare class Vault {
+    private key;
+    private vaultPath;
+    private cache;
+    constructor();
+    /**
+     * Load vault contents from disk
+     * Returns cached contents if available
+     */
+    load(): Promise<VaultContents>;
+    /**
+     * Save vault contents to disk
+     */
+    save(contents: VaultContents): Promise<void>;
+    /**
+     * Get a specific key from vault
+     */
+    get<K extends keyof VaultContents>(key: K): Promise<VaultContents[K]>;
+    /**
+     * Set a specific key in vault
+     */
+    set<K extends keyof VaultContents>(key: K, value: VaultContents[K]): Promise<void>;
+    /**
+     * Delete a specific key from vault
+     */
+    delete<K extends keyof VaultContents>(key: K): Promise<void>;
+    /**
+     * Check if vault file exists
+     */
+    exists(): boolean;
+    /**
+     * Clear the in-memory cache
+     * Useful for testing or when vault file is modified externally
+     */
+    clearCache(): void;
+    /**
+     * Delete the vault file entirely
+     */
+    destroy(): Promise<void>;
+    /**
+     * Get default empty vault contents
+     */
+    private getDefaultContents;
+}
+/**
+ * Get the singleton vault instance
+ */
+export declare function getVault(): Vault;
+/**
+ * Reset the vault singleton (for testing)
+ */
+export declare function resetVault(): void;
+export { getMachineId, deriveKey, encrypt, decrypt } from './crypto';
+//# sourceMappingURL=index.d.ts.map

package/vault/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/vault/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAKrD;;GAEG;AACH,qBAAa,KAAK;IAChB,OAAO,CAAC,GAAG,CAAS;IACpB,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,KAAK,CAA8B;;IAQ3C;;;OAGG;IACG,IAAI,IAAI,OAAO,CAAC,aAAa,CAAC;IAwBpC;;OAEG;IACG,IAAI,CAAC,QAAQ,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IAgBlD;;OAEG;IACG,GAAG,CAAC,CAAC,SAAS,MAAM,aAAa,EAAE,GAAG,EAAE,CAAC,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IAK3E;;OAEG;IACG,GAAG,CAAC,CAAC,SAAS,MAAM,aAAa,EAAE,GAAG,EAAE,CAAC,EAAE,KAAK,EAAE,aAAa,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IAMxF;;OAEG;IACG,MAAM,CAAC,CAAC,SAAS,MAAM,aAAa,EAAE,GAAG,EAAE,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IAMlE;;OAEG;IACH,MAAM,IAAI,OAAO;IAIjB;;;OAGG;IACH,UAAU,IAAI,IAAI;IAIlB;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAO9B;;OAEG;IACH,OAAO,CAAC,kBAAkB;CAM3B;AAKD;;GAEG;AACH,wBAAgB,QAAQ,IAAI,KAAK,CAKhC;AAED;;GAEG;AACH,wBAAgB,UAAU,IAAI,IAAI,CAEjC;AAGD,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,UAAU,CAAC"}

package/watchers/index.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Watchers module exports
+ */
+export * from './security';
+export * from './skills';
+//# sourceMappingURL=index.d.ts.map

package/watchers/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/watchers/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,cAAc,YAAY,CAAC;AAC3B,cAAc,UAAU,CAAC"}

package/watchers/security.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Security status watcher
+ *
+ * Periodically checks security status and emits events when it changes.
+ */
+/**
+ * Start the security watcher
+ *
+ * @param intervalMs - Check interval in milliseconds (default: 10 seconds)
+ */
+export declare function startSecurityWatcher(intervalMs?: number): void;
+/**
+ * Stop the security watcher
+ */
+export declare function stopSecurityWatcher(): void;
+/**
+ * Force an immediate security check
+ */
+export declare function triggerSecurityCheck(): void;
+//# sourceMappingURL=security.d.ts.map

package/watchers/security.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../src/watchers/security.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAmEH;;;;GAIG;AACH,wBAAgB,oBAAoB,CAAC,UAAU,SAAQ,GAAG,IAAI,CAY7D;AAED;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,IAAI,CAM1C;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,IAAI,CAE3C"}

package/watchers/skills.d.ts

@@ -0,0 +1,85 @@
+/**
+ * Skills Watcher
+ *
+ * Monitors the agent's skills directory for unapproved skills.
+ * Unapproved skills are moved to a quarantine directory.
+ * Follows the pattern of the existing security watcher.
+ */
+export interface ApprovedSkillEntry {
+    name: string;
+    approvedAt: string;
+    hash?: string;
+    publisher?: string;
+}
+export interface QuarantinedSkillInfo {
+    name: string;
+    quarantinedAt: string;
+    originalPath: string;
+    reason: string;
+}
+interface SkillsWatcherCallbacks {
+    onQuarantined?: (info: QuarantinedSkillInfo) => void;
+    onApproved?: (name: string) => void;
+}
+/**
+ * Start the skills watcher
+ *
+ * @param watchDir - The skills directory to watch (e.g., $HOME/.openclaw/skills)
+ * @param cbs - Callbacks for quarantine/approve events
+ * @param pollIntervalMs - Polling fallback interval (default: 30 seconds)
+ */
+export declare function startSkillsWatcher(watchDir: string, cbs?: SkillsWatcherCallbacks, pollIntervalMs?: number): void;
+/**
+ * Stop the skills watcher
+ */
+export declare function stopSkillsWatcher(): void;
+/**
+ * Approve a skill (move from quarantine back to skills directory)
+ */
+export declare function approveSkill(skillName: string): {
+    success: boolean;
+    error?: string;
+};
+/**
+ * Reject a quarantined skill (permanently delete)
+ */
+export declare function rejectSkill(skillName: string): {
+    success: boolean;
+    error?: string;
+};
+/**
+ * Revoke an approved skill (remove from approved list and quarantine)
+ */
+export declare function revokeSkill(skillName: string): {
+    success: boolean;
+    error?: string;
+};
+/**
+ * List quarantined skills
+ */
+export declare function listQuarantined(): QuarantinedSkillInfo[];
+/**
+ * List approved skills
+ */
+export declare function listApproved(): ApprovedSkillEntry[];
+/**
+ * Force an immediate skill scan
+ */
+export declare function triggerSkillsScan(): void;
+/**
+ * Get the configured skills directory path
+ */
+export declare function getSkillsDir(): string;
+/**
+ * Add a skill to the approved list without requiring quarantine.
+ * Used by marketplace install to pre-approve before writing files,
+ * preventing a race condition with the watcher quarantining new skills.
+ */
+export declare function addToApprovedList(skillName: string, publisher?: string): void;
+/**
+ * Remove a skill from the approved list (without quarantining).
+ * Used for cleanup when marketplace install fails after pre-approval.
+ */
+export declare function removeFromApprovedList(skillName: string): void;
+export {};
+//# sourceMappingURL=skills.d.ts.map

package/watchers/skills.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"skills.d.ts","sourceRoot":"","sources":["../../src/watchers/skills.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAeH,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,UAAU,sBAAsB;IAC9B,aAAa,CAAC,EAAE,CAAC,IAAI,EAAE,oBAAoB,KAAK,IAAI,CAAC;IACrD,UAAU,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;CACrC;AAkID;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAChC,QAAQ,EAAE,MAAM,EAChB,GAAG,GAAE,sBAA2B,EAChC,cAAc,SAAQ,GACrB,IAAI,CAiCN;AAED;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,IAAI,CAiBxC;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAmCpF;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,SAAS,EAAE,MAAM,GAAG;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAenF;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,SAAS,EAAE,MAAM,GAAG;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAkBnF;AAED;;GAEG;AACH,wBAAgB,eAAe,IAAI,oBAAoB,EAAE,CAyBxD;AAED;;GAEG;AACH,wBAAgB,YAAY,IAAI,kBAAkB,EAAE,CAEnD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,IAAI,CAExC;AAED;;GAEG;AACH,wBAAgB,YAAY,IAAI,MAAM,CAErC;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAU7E;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAM9D"}