@agenshield/daemon 0.6.1 → 0.7.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agenshield/daemon",
-  "version": "0.6.1",
+  "version": "0.7.0",
   "type": "module",
   "description": "AgenShield HTTP daemon server with embedded UI",
   "main": "./index.js",
@@ -24,9 +24,10 @@
   ],
   "license": "MIT",
   "dependencies": {
-    "@agenshield/ipc": "0.6.1",
-    "@agenshield/broker": "0.6.1",
-    "@agenshield/sandbox": "0.6.1",
+    "@agenshield/integrations": "0.7.0",
+    "@agenshield/ipc": "0.7.0",
+    "@agenshield/broker": "0.7.0",
+    "@agenshield/sandbox": "0.7.0",
     "@modelcontextprotocol/sdk": "^1.26.0",
     "fastify": "^5.7.0",
     "zod": "^4.3.6",

package/policy/url-matcher.d.ts

@@ -0,0 +1,63 @@
+/**
+ * URL and pattern matching utilities shared between RPC handlers and proxy.
+ *
+ * Extracted from rpc.ts so the per-run proxy can reuse the same matching logic.
+ */
+import type { PolicyConfig, PolicyExecutionContext } from '@agenshield/ipc';
+/**
+ * Convert a glob pattern to a RegExp (same algorithm as broker's PolicyEnforcer.matchPattern)
+ */
+export declare function globToRegex(pattern: string): RegExp;
+/**
+ * Normalize a URL pattern base:
+ * - Strip trailing slashes
+ * - If pattern is a bare domain (no protocol), prefix with https://
+ */
+export declare function normalizeUrlBase(pattern: string): string;
+/**
+ * Normalize a URL target for matching:
+ * - Ensures there's always a path (at least '/') for matching against ** patterns
+ * - Strips trailing slashes from paths (but keeps root '/')
+ */
+export declare function normalizeUrlTarget(url: string): string;
+/**
+ * Match a URL target against a URL pattern.
+ * For patterns without wildcards, matches both the exact URL and any sub-paths.
+ * For patterns with wildcards, matches as-is.
+ * Bare domain patterns (e.g. "facebook.com") also match "www.facebook.com".
+ */
+export declare function matchUrlPattern(pattern: string, target: string): boolean;
+/**
+ * Check if a policy's scope matches the execution context.
+ */
+export declare function policyScopeMatches(policy: PolicyConfig, context?: PolicyExecutionContext): boolean;
+/**
+ * Extract the basename of a command target.
+ * "/usr/bin/curl -s https://x.com" → "curl"
+ * "fork:git push" → "git"
+ * "node script.js" → "node"
+ */
+export declare function extractCommandBasename(target: string): string;
+/**
+ * Check if a URL policy applies to a given command.
+ *
+ * - No scope → applies to all commands (universal)
+ * - scope 'command:<name>' → only applies when executing that command
+ * - Other scopes (agent, skill, skill:<slug>) → ignored for command filtering (treated as universal)
+ */
+export declare function urlPolicyScopeMatchesCommand(policy: PolicyConfig, commandBasename: string): boolean;
+/**
+ * Filter URL policies that apply to a specific command.
+ * Includes policies with no scope (universal) and those scoped to this command.
+ */
+export declare function filterUrlPoliciesForCommand(policies: PolicyConfig[], commandBasename: string): PolicyConfig[];
+/**
+ * Check whether a URL (or hostname) is allowed by a set of URL policies.
+ *
+ * Used by the per-run proxy to enforce URL policies on CONNECT/HTTP requests.
+ * Logic mirrors evaluatePolicyCheck but only for URL target type.
+ *
+ * Returns true if allowed (including default-allow when no policy matches).
+ */
+export declare function checkUrlPolicy(policies: PolicyConfig[], url: string): boolean;
+//# sourceMappingURL=url-matcher.d.ts.map

package/policy/url-matcher.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"url-matcher.d.ts","sourceRoot":"","sources":["../../src/policy/url-matcher.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC;AAE5E;;GAEG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CASnD;AAED;;;;GAIG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAOxD;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAYtD;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAuBxE;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,YAAY,EAAE,OAAO,CAAC,EAAE,sBAAsB,GAAG,OAAO,CAgBlG;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAI7D;AAED;;;;;;GAMG;AACH,wBAAgB,4BAA4B,CAAC,MAAM,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,GAAG,OAAO,CAWnG;AAED;;;GAGG;AACH,wBAAgB,2BAA2B,CAAC,QAAQ,EAAE,YAAY,EAAE,EAAE,eAAe,EAAE,MAAM,GAAG,YAAY,EAAE,CAI7G;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAAC,QAAQ,EAAE,YAAY,EAAE,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAoC7E"}

package/proxy/pool.d.ts

@@ -0,0 +1,42 @@
+/**
+ * ProxyPool — manages per-run proxy instances for seatbelt-wrapped commands.
+ *
+ * Each exec'd command that needs network access gets its own localhost proxy.
+ * The proxy enforces URL policies while the seatbelt profile restricts the child
+ * to only connect to localhost (preventing direct network bypass).
+ *
+ * Exported as a singleton so rpc.ts can acquire proxies during policy_check.
+ */
+import type { PolicyConfig } from '@agenshield/ipc';
+export interface ProxyPoolOptions {
+    maxConcurrent?: number;
+    idleTimeoutMs?: number;
+}
+export declare class ProxyPool {
+    private proxies;
+    private maxConcurrent;
+    private idleTimeoutMs;
+    constructor(options?: ProxyPoolOptions);
+    /**
+     * Acquire a per-run proxy for a command execution.
+     * Returns the localhost port the child should use as its proxy.
+     */
+    acquire(execId: string, command: string, urlPolicies: PolicyConfig[]): Promise<{
+        port: number;
+    }>;
+    /**
+     * Release a proxy by execution ID.
+     */
+    release(execId: string): void;
+    /**
+     * Shut down all active proxies. Called on daemon close.
+     */
+    shutdown(): void;
+    /**
+     * Number of active proxies.
+     */
+    get size(): number;
+}
+export declare function getProxyPool(): ProxyPool;
+export declare function shutdownProxyPool(): void;
+//# sourceMappingURL=pool.d.ts.map

package/proxy/pool.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pool.d.ts","sourceRoot":"","sources":["../../src/proxy/pool.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAapD,MAAM,WAAW,gBAAgB;IAC/B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,qBAAa,SAAS;IACpB,OAAO,CAAC,OAAO,CAAoC;IACnD,OAAO,CAAC,aAAa,CAAS;IAC9B,OAAO,CAAC,aAAa,CAAS;gBAElB,OAAO,GAAE,gBAAqB;IAK1C;;;OAGG;IACG,OAAO,CACX,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,WAAW,EAAE,YAAY,EAAE,GAC1B,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IAmE5B;;OAEG;IACH,OAAO,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAU7B;;OAEG;IACH,QAAQ,IAAI,IAAI;IAShB;;OAEG;IACH,IAAI,IAAI,IAAI,MAAM,CAEjB;CACF;AAKD,wBAAgB,YAAY,IAAI,SAAS,CAKxC;AAED,wBAAgB,iBAAiB,IAAI,IAAI,CAKxC"}

package/proxy/server.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Per-run HTTP/CONNECT proxy server factory.
+ *
+ * Each seatbelt-wrapped process gets its own localhost proxy that enforces
+ * URL policies on every outbound connection. The child process is configured
+ * with HTTPS_PROXY=http://127.0.0.1:${port} and the seatbelt profile only
+ * allows network-outbound to localhost, so all traffic must flow through here.
+ */
+import * as http from 'node:http';
+import type { PolicyConfig } from '@agenshield/ipc';
+/**
+ * Create an HTTP proxy server that enforces URL policies.
+ *
+ * Handles:
+ * - CONNECT method (HTTPS tunneling): checks hostname against URL policies
+ * - Plain HTTP requests: checks full URL against URL policies, forwards if allowed
+ */
+export declare function createPerRunProxy(urlPolicies: PolicyConfig[], onActivity: () => void, logger: (msg: string) => void): http.Server;
+//# sourceMappingURL=server.d.ts.map

package/proxy/server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/proxy/server.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAGpD;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAC/B,WAAW,EAAE,YAAY,EAAE,EAC3B,UAAU,EAAE,MAAM,IAAI,EACtB,MAAM,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,GAC5B,IAAI,CAAC,MAAM,CA+Fb"}

package/routes/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/routes/config.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,OAAO,KAAK,EAAE,eAAe,EAAgC,MAAM,SAAS,CAAC;AAc7E,wBAAsB,YAAY,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAwJtE"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/routes/config.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,OAAO,KAAK,EAAE,eAAe,EAAgC,MAAM,SAAS,CAAC;AA4B7E,wBAAsB,YAAY,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAuLtE"}

package/routes/exec.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"exec.d.ts","sourceRoot":"","sources":["../../src/routes/exec.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAyF/C,wBAAsB,UAAU,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAwHpE"}
+{"version":3,"file":"exec.d.ts","sourceRoot":"","sources":["../../src/routes/exec.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AA4F/C,wBAAsB,UAAU,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAwHpE"}

package/routes/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/routes/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAqB/C;;GAEG;AACH,wBAAsB,cAAc,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAuFxE"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/routes/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAsB/C;;GAEG;AACH,wBAAsB,cAAc,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAwFxE"}

package/routes/marketplace.d.ts

@@ -5,5 +5,7 @@
  * agen.co vulnerability analysis, and local skill installation.
  */
 import type { FastifyInstance } from 'fastify';
+/** Check if a skill is currently being installed (for GET /skills to report status) */
+export declare function isInstallInProgress(slug: string): boolean;
 export declare function marketplaceRoutes(app: FastifyInstance): Promise<void>;
 //# sourceMappingURL=marketplace.d.ts.map

package/routes/marketplace.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"marketplace.d.ts","sourceRoot":"","sources":["../../src/routes/marketplace.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EAAE,eAAe,EAAgC,MAAM,SAAS,CAAC;AAmC7E,wBAAsB,iBAAiB,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CA0X3E"}
+{"version":3,"file":"marketplace.d.ts","sourceRoot":"","sources":["../../src/routes/marketplace.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EAAE,eAAe,EAAgC,MAAM,SAAS,CAAC;AA0C7E,uFAAuF;AACvF,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAEzD;AAED,wBAAsB,iBAAiB,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAse3E"}

package/routes/openclaw.d.ts

@@ -0,0 +1,8 @@
+/**
+ * OpenClaw lifecycle management routes
+ *
+ * Dynamic import from @agenshield/sandbox — these exports may not be built yet.
+ */
+import type { FastifyInstance } from 'fastify';
+export declare function openclawRoutes(app: FastifyInstance): Promise<void>;
+//# sourceMappingURL=openclaw.d.ts.map

package/routes/openclaw.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"openclaw.d.ts","sourceRoot":"","sources":["../../src/routes/openclaw.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAY/C,wBAAsB,cAAc,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CA4FxE"}

package/routes/rpc.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"rpc.d.ts","sourceRoot":"","sources":["../../src/routes/rpc.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAgC,MAAM,SAAS,CAAC;AA2R7E,wBAAsB,SAAS,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CA0CnE"}
+{"version":3,"file":"rpc.d.ts","sourceRoot":"","sources":["../../src/routes/rpc.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,KAAK,EAAE,eAAe,EAAgC,MAAM,SAAS,CAAC;AAwY7E,wBAAsB,SAAS,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CA0CnE"}

package/routes/secrets.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"secrets.d.ts","sourceRoot":"","sources":["../../src/routes/secrets.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AA6B/C,wBAAsB,aAAa,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CA2FvE"}
+{"version":3,"file":"secrets.d.ts","sourceRoot":"","sources":["../../src/routes/secrets.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAwC/C,wBAAsB,aAAa,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CA6KvE"}

package/routes/skills.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"skills.d.ts","sourceRoot":"","sources":["../../src/routes/skills.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,OAAO,KAAK,EAAE,eAAe,EAAgC,MAAM,SAAS,CAAC;AA0F7E;;GAEG;AACH,wBAAsB,YAAY,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAmgBtE"}
+{"version":3,"file":"skills.d.ts","sourceRoot":"","sources":["../../src/routes/skills.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,OAAO,KAAK,EAAE,eAAe,EAAgC,MAAM,SAAS,CAAC;AAiL7E;;GAEG;AACH,wBAAsB,YAAY,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAi2BtE"}

package/routes/sse.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sse.d.ts","sourceRoot":"","sources":["../../src/routes/sse.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAgC,MAAM,SAAS,CAAC;AAsB7E;;GAEG;AACH,wBAAsB,SAAS,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAmInE"}
+{"version":3,"file":"sse.d.ts","sourceRoot":"","sources":["../../src/routes/sse.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAgC,MAAM,SAAS,CAAC;AAuB7E;;GAEG;AACH,wBAAsB,SAAS,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CA6InE"}

package/routes/status.d.ts

@@ -2,5 +2,8 @@
  * Status route
  */
 import type { FastifyInstance } from 'fastify';
+import type { DaemonStatus } from '@agenshield/ipc';
+export declare const startedAt: Date;
+export declare function buildDaemonStatus(): DaemonStatus;
 export declare function statusRoutes(app: FastifyInstance): Promise<void>;
 //# sourceMappingURL=status.d.ts.map

package/routes/status.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"status.d.ts","sourceRoot":"","sources":["../../src/routes/status.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAO/C,wBAAsB,YAAY,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAwBtE"}
+{"version":3,"file":"status.d.ts","sourceRoot":"","sources":["../../src/routes/status.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAC/C,OAAO,KAAK,EAAqB,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAavE,eAAO,MAAM,SAAS,MAAa,CAAC;AAEpC,wBAAgB,iBAAiB,IAAI,YAAY,CA8BhD;AAED,wBAAsB,YAAY,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAOtE"}

package/secret-sync.d.ts

@@ -0,0 +1,33 @@
+/**
+ * Secret Policy Sync
+ *
+ * Syncs vault secrets to the broker's synced-secrets.json file.
+ * The broker reads this file to automatically inject secrets as
+ * environment variables into spawned processes.
+ *
+ * Flow:
+ *   1. Read VaultSecret[] from the daemon vault
+ *   2. Separate global secrets (policyIds=[]) from policy-linked
+ *   3. For policy-linked: include the policy's target + patterns
+ *   4. Write synced-secrets.json for the broker to pick up
+ *
+ * Follows the same pattern as command-sync.ts.
+ */
+import type { PolicyConfig } from '@agenshield/ipc';
+interface Logger {
+    warn(msg: string, ...args: unknown[]): void;
+    info(msg: string, ...args: unknown[]): void;
+}
+/**
+ * Sync vault secrets to the broker's synced-secrets.json file.
+ *
+ * Groups secrets into:
+ * 1. Global secrets (policyIds=[]) — always injected into every exec
+ * 2. Policy-bound secrets — injected when the policy's patterns match
+ *
+ * For policy-bound secrets, the corresponding policy's target and patterns
+ * are included so the broker can do its own matching without an RPC call.
+ */
+export declare function syncSecrets(policies: PolicyConfig[], logger?: Logger): Promise<void>;
+export {};
+//# sourceMappingURL=secret-sync.d.ts.map

package/secret-sync.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-sync.d.ts","sourceRoot":"","sources":["../src/secret-sync.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAIH,OAAO,KAAK,EAAE,YAAY,EAAmD,MAAM,iBAAiB,CAAC;AAKrG,UAAU,MAAM;IACd,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IAC5C,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;CAC7C;AASD;;;;;;;;;GASG;AACH,wBAAsB,WAAW,CAC/B,QAAQ,EAAE,YAAY,EAAE,EACxB,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,IAAI,CAAC,CAgFf"}

package/server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAgB,EAAE,KAAK,eAAe,EAAE,MAAM,SAAS,CAAC;AAGxD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAUpD;;;;GAIG;AACH,wBAAsB,YAAY,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,eAAe,CAAC,CAgCjF;AAED;;;;GAIG;AACH,wBAAsB,WAAW,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,eAAe,CAAC,CAoEhF"}
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAgB,EAAE,KAAK,eAAe,EAAE,MAAM,SAAS,CAAC;AAGxD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAWpD;;;;GAIG;AACH,wBAAsB,YAAY,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,eAAe,CAAC,CAgCjF;AAED;;;;GAIG;AACH,wBAAsB,WAAW,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,eAAe,CAAC,CAyEhF"}

package/services/marketplace.d.ts

@@ -19,6 +19,8 @@ export interface DownloadedSkillMeta {
     description: string;
     tags: string[];
     downloadedAt: string;
+    /** Where this entry came from: 'marketplace' (preview/install) or 'watcher' (untrusted detection) */
+    source?: 'marketplace' | 'watcher';
     analysis?: AnalyzeSkillResponse['analysis'];
 }
 /**
@@ -36,7 +38,11 @@ export interface DownloadedSkillInfo {
     author: string;
     version: string;
     description: string;
+    tags: string[];
     hasAnalysis: boolean;
+    /** Where this entry came from: 'marketplace' (preview/install) or 'watcher' (untrusted detection) */
+    source?: 'marketplace' | 'watcher';
+    analysis?: AnalyzeSkillResponse['analysis'];
 }
 /**
  * List all downloaded marketplace skills from ~/.agenshield/marketplace/.
@@ -50,6 +56,10 @@ export declare function getDownloadedSkillFiles(slug: string): MarketplaceSkillF
  * Get the metadata for a downloaded skill, or null if not downloaded.
  */
 export declare function getDownloadedSkillMeta(slug: string): DownloadedSkillMeta | null;
+/**
+ * Delete a downloaded skill's marketplace cache folder.
+ */
+export declare function deleteDownloadedSkill(slug: string): void;
 /**
  * Inline relative image references in markdown with data URIs from extracted files.
  * Replaces ![alt](path/to/image.png) with ![alt](data:image/png;base64,...)
@@ -70,12 +80,16 @@ export declare function getMarketplaceSkill(slug: string): Promise<MarketplaceSk
  * Send skill files to the skills-analyzer edge function for AI-powered vulnerability analysis.
  * Consumes an NDJSON stream and returns the aggregated summary as AnalyzeSkillResponse.
  */
-export declare function analyzeSkillBundle(files: MarketplaceSkillFile[], skillName?: string, publisher?: string): Promise<AnalyzeSkillResponse>;
+export declare function analyzeSkillBundle(files: MarketplaceSkillFile[], skillName?: string, publisher?: string, options?: {
+    noCache?: boolean;
+}): Promise<AnalyzeSkillResponse>;
 /**
  * Forward a slug + source to the skills-analyzer for remote ZIP download and analysis.
  * Vercel handles the ZIP download directly — no local files needed.
  */
-export declare function analyzeSkillBySlug(slug: string, skillName?: string, publisher?: string): Promise<AnalyzeSkillResponse>;
+export declare function analyzeSkillBySlug(slug: string, skillName?: string, publisher?: string, options?: {
+    noCache?: boolean;
+}): Promise<AnalyzeSkillResponse>;
 /**
  * Retrieve a previously cached analysis for a skill by name and publisher.
  * Returns null if no cached result exists (upstream returns 404).

package/services/marketplace.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"marketplace.d.ts","sourceRoot":"","sources":["../../src/services/marketplace.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,OAAO,KAAK,EACV,gBAAgB,EAChB,oBAAoB,EACpB,oBAAoB,EAOrB,MAAM,iBAAiB,CAAC;AA4NzB;;;GAGG;AACH,wBAAsB,qBAAqB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,EAAE,CAAC,CA+CzF;AAED,uDAAuD;AACvD,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,oBAAoB,CAAC,UAAU,CAAC,CAAC;CAC7C;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,IAAI,CAAC,mBAAmB,EAAE,cAAc,CAAC,EAC/C,KAAK,EAAE,oBAAoB,EAAE,GAC5B,IAAI,CAkBN;AAED;;GAEG;AACH,wBAAgB,wBAAwB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,oBAAoB,CAAC,UAAU,CAAC,GAAG,IAAI,CAUvG;AAED,0CAA0C;AAC1C,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,OAAO,CAAC;CACtB;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,mBAAmB,EAAE,CA4B5D;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,MAAM,GAAG,oBAAoB,EAAE,CAqB5E;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,MAAM,GAAG,mBAAmB,GAAG,IAAI,CAU/E;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CACpC,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,oBAAoB,EAAE,GAC5B,MAAM,CAoCR;AAMD;;;GAGG;AACH,wBAAsB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAclF;AAMD;;;;GAIG;AACH,wBAAsB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CA0GjF;AA4FD;;;GAGG;AACH,wBAAsB,kBAAkB,CACtC,KAAK,EAAE,oBAAoB,EAAE,EAC7B,SAAS,CAAC,EAAE,MAAM,EAClB,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC,oBAAoB,CAAC,CAgB/B;AAED;;;GAGG;AACH,wBAAsB,kBAAkB,CACtC,IAAI,EAAE,MAAM,EACZ,SAAS,CAAC,EAAE,MAAM,EAClB,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC,oBAAoB,CAAC,CAc/B;AAMD;;;GAGG;AACH,wBAAsB,iBAAiB,CACrC,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CAgDtC"}
+{"version":3,"file":"marketplace.d.ts","sourceRoot":"","sources":["../../src/services/marketplace.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,OAAO,KAAK,EACV,gBAAgB,EAChB,oBAAoB,EACpB,oBAAoB,EAOrB,MAAM,iBAAiB,CAAC;AA4NzB;;;GAGG;AACH,wBAAsB,qBAAqB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,EAAE,CAAC,CA+CzF;AAED,uDAAuD;AACvD,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,qGAAqG;IACrG,MAAM,CAAC,EAAE,aAAa,GAAG,SAAS,CAAC;IACnC,QAAQ,CAAC,EAAE,oBAAoB,CAAC,UAAU,CAAC,CAAC;CAC7C;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,IAAI,CAAC,mBAAmB,EAAE,cAAc,CAAC,EAC/C,KAAK,EAAE,oBAAoB,EAAE,GAC5B,IAAI,CA8BN;AAED;;GAEG;AACH,wBAAgB,wBAAwB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,oBAAoB,CAAC,UAAU,CAAC,GAAG,IAAI,CAUvG;AAED,0CAA0C;AAC1C,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,WAAW,EAAE,OAAO,CAAC;IACrB,qGAAqG;IACrG,MAAM,CAAC,EAAE,aAAa,GAAG,SAAS,CAAC;IACnC,QAAQ,CAAC,EAAE,oBAAoB,CAAC,UAAU,CAAC,CAAC;CAC7C;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,mBAAmB,EAAE,CA+B5D;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,MAAM,GAAG,oBAAoB,EAAE,CAqB5E;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,MAAM,GAAG,mBAAmB,GAAG,IAAI,CAU/E;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAKxD;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CACpC,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,oBAAoB,EAAE,GAC5B,MAAM,CAoCR;AAMD;;;GAGG;AACH,wBAAsB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAclF;AAMD;;;;GAIG;AACH,wBAAsB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CA0GjF;AA4FD;;;GAGG;AACH,wBAAsB,kBAAkB,CACtC,KAAK,EAAE,oBAAoB,EAAE,EAC7B,SAAS,CAAC,EAAE,MAAM,EAClB,SAAS,CAAC,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE;IAAE,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,GAC9B,OAAO,CAAC,oBAAoB,CAAC,CAoB/B;AAED;;;GAGG;AACH,wBAAsB,kBAAkB,CACtC,IAAI,EAAE,MAAM,EACZ,SAAS,CAAC,EAAE,MAAM,EAClB,SAAS,CAAC,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE;IAAE,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,GAC9B,OAAO,CAAC,oBAAoB,CAAC,CAkB/B;AAMD;;;GAGG;AACH,wBAAsB,iBAAiB,CACrC,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CAkDtC"}

package/services/openclaw-config.d.ts

@@ -3,13 +3,27 @@
  *
  * Helpers to manage per-skill entries in $AGENT_HOME/.openclaw/openclaw.json.
  * Skills are configured under skills.entries.<skillKey> with { enabled: boolean }.
+ *
+ * AgenShield owns installation and secrets — openclaw.json must NOT contain
+ * env variables or install preferences (preferBrew, nodeManager).
  */
+import type { PolicyConfig } from '@agenshield/ipc';
 /**
  * Add a skill entry to openclaw.json with enabled: true.
+ * Never writes env — AgenShield handles secrets via vault/broker.
  */
-export declare function addSkillEntry(slug: string, env?: Record<string, string>): void;
+export declare function addSkillEntry(slug: string): void;
 /**
  * Remove a skill entry from openclaw.json.
  */
 export declare function removeSkillEntry(slug: string): void;
+/**
+ * Sync openclaw.json with the current AgenShield policy state.
+ *
+ * - Sets `skills.allowBundled` from enabled skill policies
+ * - Ensures `skills.load.watch = true`
+ * - Removes `skills.install` section (AgenShield handles installation)
+ * - Strips `env` from all entries (AgenShield handles secrets)
+ */
+export declare function syncOpenClawFromPolicies(policies: PolicyConfig[]): void;
 //# sourceMappingURL=openclaw-config.d.ts.map

package/services/openclaw-config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"openclaw-config.d.ts","sourceRoot":"","sources":["../../src/services/openclaw-config.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAiDH;;GAEG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,IAAI,CAiB9E;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAQnD"}
+{"version":3,"file":"openclaw-config.d.ts","sourceRoot":"","sources":["../../src/services/openclaw-config.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAmDpD;;;GAGG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAchD;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAQnD;AAED;;;;;;;GAOG;AACH,wBAAgB,wBAAwB,CAAC,QAAQ,EAAE,YAAY,EAAE,GAAG,IAAI,CAgCvE"}

package/services/policy-markdown.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Policy Markdown Generator
+ *
+ * Generates a semantic Markdown document from the active policy configuration.
+ * The document describes what the agent is allowed and denied to do, written
+ * as natural-language instructions that OpenClaw can use to be more effective.
+ */
+import type { PolicyConfig } from '@agenshield/ipc';
+/**
+ * Generate a semantic Markdown document from the active policy configuration.
+ * Meant to be injected into OpenClaw as instructions so it knows what it can do.
+ *
+ * @param knownSkills — If provided, skill policy patterns that don't match
+ *   any known skill name are filtered out. Policies with no remaining patterns
+ *   are omitted entirely.
+ */
+export declare function generatePolicyMarkdown(policies: PolicyConfig[], knownSkills?: Set<string>): string;
+//# sourceMappingURL=policy-markdown.d.ts.map

package/services/policy-markdown.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-markdown.d.ts","sourceRoot":"","sources":["../../src/services/policy-markdown.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAkFpD;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,YAAY,EAAE,EAAE,WAAW,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,MAAM,CAoKlG"}

package/services/skill-analyzer.d.ts

@@ -14,6 +14,10 @@ export declare function analyzeSkill(skillName: string, content: string, metadat
  * Get cached analysis for a skill
  */
 export declare function getCachedAnalysis(skillName: string): SkillAnalysis | undefined;
+/**
+ * Store / overwrite cached analysis for a skill (e.g. from external analyzer).
+ */
+export declare function setCachedAnalysis(skillName: string, analysis: SkillAnalysis): void;
 /**
  * Clear cached analysis for a skill
  */

package/services/skill-analyzer.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"skill-analyzer.d.ts","sourceRoot":"","sources":["../../src/services/skill-analyzer.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EAAE,aAAa,EAAoB,MAAM,iBAAiB,CAAC;AAgJvE;;;GAGG;AACH,wBAAgB,YAAY,CAC1B,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GACjC,aAAa,CAqEf;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,aAAa,GAAG,SAAS,CAG9E;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAI3D"}
+{"version":3,"file":"skill-analyzer.d.ts","sourceRoot":"","sources":["../../src/services/skill-analyzer.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EAAE,aAAa,EAAoB,MAAM,iBAAiB,CAAC;AAmJvE;;;GAGG;AACH,wBAAgB,YAAY,CAC1B,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GACjC,aAAa,CA0Ef;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,aAAa,GAAG,SAAS,CAG9E;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,GAAG,IAAI,CAIlF;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAI3D"}