@agenshield/interceptor 0.1.0

package/index.js

@@ -0,0 +1,1270 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// libs/shield-interceptor/src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  AgenShieldError: () => AgenShieldError,
+  AsyncClient: () => AsyncClient,
+  ChildProcessInterceptor: () => ChildProcessInterceptor,
+  EventReporter: () => EventReporter,
+  FetchInterceptor: () => FetchInterceptor,
+  FsInterceptor: () => FsInterceptor,
+  HttpInterceptor: () => HttpInterceptor,
+  PolicyDeniedError: () => PolicyDeniedError,
+  PolicyEvaluator: () => PolicyEvaluator,
+  SyncClient: () => SyncClient,
+  WebSocketInterceptor: () => WebSocketInterceptor,
+  createConfig: () => createConfig,
+  installInterceptors: () => installInterceptors,
+  uninstallInterceptors: () => uninstallInterceptors
+});
+module.exports = __toCommonJS(index_exports);
+
+// libs/shield-interceptor/src/config.ts
+function createConfig(overrides) {
+  const env = process.env;
+  return {
+    socketPath: env["AGENSHIELD_SOCKET"] || "/var/run/agenshield/agenshield.sock",
+    httpHost: env["AGENSHIELD_HOST"] || "localhost",
+    httpPort: parseInt(env["AGENSHIELD_PORT"] || "5201", 10),
+    failOpen: env["AGENSHIELD_FAIL_OPEN"] === "true",
+    logLevel: env["AGENSHIELD_LOG_LEVEL"] || "warn",
+    interceptFetch: env["AGENSHIELD_INTERCEPT_FETCH"] !== "false",
+    interceptHttp: env["AGENSHIELD_INTERCEPT_HTTP"] !== "false",
+    interceptWs: env["AGENSHIELD_INTERCEPT_WS"] !== "false",
+    interceptFs: env["AGENSHIELD_INTERCEPT_FS"] !== "false",
+    interceptExec: env["AGENSHIELD_INTERCEPT_EXEC"] !== "false",
+    timeout: parseInt(env["AGENSHIELD_TIMEOUT"] || "30000", 10),
+    ...overrides
+  };
+}
+var defaultConfig = createConfig();
+
+// libs/shield-interceptor/src/errors.ts
+var AgenShieldError = class extends Error {
+  code;
+  operation;
+  target;
+  constructor(message, code, options) {
+    super(message);
+    this.name = "AgenShieldError";
+    this.code = code;
+    this.operation = options?.operation;
+    this.target = options?.target;
+    Error.captureStackTrace?.(this, this.constructor);
+  }
+};
+var PolicyDeniedError = class extends AgenShieldError {
+  policyId;
+  constructor(message, options) {
+    super(message, "POLICY_DENIED", options);
+    this.name = "PolicyDeniedError";
+    this.policyId = options?.policyId;
+  }
+};
+var BrokerUnavailableError = class extends AgenShieldError {
+  constructor(message = "AgenShield broker is unavailable") {
+    super(message, "BROKER_UNAVAILABLE");
+    this.name = "BrokerUnavailableError";
+  }
+};
+var TimeoutError = class extends AgenShieldError {
+  constructor(message = "Request timed out") {
+    super(message, "TIMEOUT");
+    this.name = "TimeoutError";
+  }
+};
+
+// libs/shield-interceptor/src/interceptors/base.ts
+var BaseInterceptor = class {
+  client;
+  policyEvaluator;
+  eventReporter;
+  failOpen;
+  installed = false;
+  constructor(options) {
+    this.client = options.client;
+    this.policyEvaluator = options.policyEvaluator;
+    this.eventReporter = options.eventReporter;
+    this.failOpen = options.failOpen;
+  }
+  /**
+   * Check if the interceptor is installed
+   */
+  isInstalled() {
+    return this.installed;
+  }
+  /**
+   * Check policy and handle the result
+   */
+  async checkPolicy(operation, target) {
+    const startTime = Date.now();
+    try {
+      this.eventReporter.intercept(operation, target);
+      const result = await this.policyEvaluator.check(operation, target);
+      if (!result.allowed) {
+        this.eventReporter.deny(operation, target, result.policyId, result.reason);
+        throw new PolicyDeniedError(result.reason || "Operation denied by policy", {
+          operation,
+          target,
+          policyId: result.policyId
+        });
+      }
+      this.eventReporter.allow(
+        operation,
+        target,
+        result.policyId,
+        Date.now() - startTime
+      );
+    } catch (error) {
+      if (error instanceof PolicyDeniedError) {
+        throw error;
+      }
+      if (this.failOpen) {
+        this.eventReporter.error(
+          operation,
+          target,
+          `Broker unavailable, failing open: ${error.message}`
+        );
+        return;
+      }
+      throw new BrokerUnavailableError(error.message);
+    }
+  }
+  /**
+   * Log a debug message
+   */
+  debug(message) {
+    console.debug(`[AgenShield:${this.constructor.name}] ${message}`);
+  }
+};
+
+// libs/shield-interceptor/src/interceptors/fetch.ts
+var FetchInterceptor = class extends BaseInterceptor {
+  originalFetch = null;
+  constructor(options) {
+    super(options);
+  }
+  install() {
+    if (this.installed) return;
+    this.originalFetch = globalThis.fetch;
+    globalThis.fetch = this.interceptedFetch.bind(this);
+    this.installed = true;
+  }
+  uninstall() {
+    if (!this.installed || !this.originalFetch) return;
+    globalThis.fetch = this.originalFetch;
+    this.originalFetch = null;
+    this.installed = false;
+  }
+  async interceptedFetch(input, init) {
+    if (!this.originalFetch) {
+      throw new Error("Original fetch not available");
+    }
+    let url;
+    if (typeof input === "string") {
+      url = input;
+    } else if (input instanceof URL) {
+      url = input.toString();
+    } else {
+      url = input.url;
+    }
+    if (this.isBrokerUrl(url)) {
+      return this.originalFetch(input, init);
+    }
+    await this.checkPolicy("http_request", url);
+    try {
+      const method = init?.method || "GET";
+      const headers = {};
+      if (init?.headers) {
+        if (init.headers instanceof Headers) {
+          init.headers.forEach((value, key) => {
+            headers[key] = value;
+          });
+        } else if (Array.isArray(init.headers)) {
+          for (const [key, value] of init.headers) {
+            headers[key] = value;
+          }
+        } else {
+          Object.assign(headers, init.headers);
+        }
+      }
+      let body;
+      if (init?.body) {
+        if (typeof init.body === "string") {
+          body = init.body;
+        } else if (init.body instanceof ArrayBuffer) {
+          body = Buffer.from(init.body).toString("base64");
+        } else {
+          body = String(init.body);
+        }
+      }
+      const result = await this.client.request("http_request", {
+        url,
+        method,
+        headers,
+        body
+      });
+      const responseHeaders = new Headers(result.headers);
+      return new Response(result.body, {
+        status: result.status,
+        statusText: result.statusText,
+        headers: responseHeaders
+      });
+    } catch (error) {
+      if (error.name === "PolicyDeniedError") {
+        throw error;
+      }
+      if (this.failOpen) {
+        return this.originalFetch(input, init);
+      }
+      throw error;
+    }
+  }
+  isBrokerUrl(url) {
+    try {
+      const parsed = new URL(url);
+      return (parsed.hostname === "localhost" || parsed.hostname === "127.0.0.1") && parsed.port === "5200";
+    } catch {
+      return false;
+    }
+  }
+};
+
+// libs/shield-interceptor/src/interceptors/http.ts
+var httpModule = require("node:http");
+var httpsModule = require("node:https");
+var HttpInterceptor = class extends BaseInterceptor {
+  originalHttpRequest = null;
+  originalHttpGet = null;
+  originalHttpsRequest = null;
+  originalHttpsGet = null;
+  constructor(options) {
+    super(options);
+  }
+  install() {
+    if (this.installed) return;
+    this.originalHttpRequest = httpModule.request;
+    this.originalHttpGet = httpModule.get;
+    this.originalHttpsRequest = httpsModule.request;
+    this.originalHttpsGet = httpsModule.get;
+    httpModule.request = this.createInterceptedRequest("http", this.originalHttpRequest);
+    httpModule.get = this.createInterceptedGet("http", this.originalHttpGet);
+    httpsModule.request = this.createInterceptedRequest("https", this.originalHttpsRequest);
+    httpsModule.get = this.createInterceptedGet("https", this.originalHttpsGet);
+    this.installed = true;
+  }
+  uninstall() {
+    if (!this.installed) return;
+    if (this.originalHttpRequest) {
+      httpModule.request = this.originalHttpRequest;
+    }
+    if (this.originalHttpGet) {
+      httpModule.get = this.originalHttpGet;
+    }
+    if (this.originalHttpsRequest) {
+      httpsModule.request = this.originalHttpsRequest;
+    }
+    if (this.originalHttpsGet) {
+      httpsModule.get = this.originalHttpsGet;
+    }
+    this.originalHttpRequest = null;
+    this.originalHttpGet = null;
+    this.originalHttpsRequest = null;
+    this.originalHttpsGet = null;
+    this.installed = false;
+  }
+  createInterceptedRequest(protocol, original) {
+    const self = this;
+    return function interceptedRequest(urlOrOptions, optionsOrCallback, callback) {
+      let url;
+      let options;
+      let cb;
+      if (typeof urlOrOptions === "string" || urlOrOptions instanceof URL) {
+        url = urlOrOptions.toString();
+        options = typeof optionsOrCallback === "object" ? optionsOrCallback : {};
+        cb = typeof optionsOrCallback === "function" ? optionsOrCallback : callback;
+      } else {
+        options = urlOrOptions;
+        url = `${protocol}://${options.hostname || options.host || "localhost"}:${options.port || (protocol === "https" ? 443 : 80)}${options.path || "/"}`;
+        cb = optionsOrCallback;
+      }
+      if (self.isBrokerUrl(url)) {
+        return original.call(
+          protocol === "http" ? httpModule : httpsModule,
+          urlOrOptions,
+          optionsOrCallback,
+          callback
+        );
+      }
+      const req = original.call(
+        protocol === "http" ? httpModule : httpsModule,
+        urlOrOptions,
+        optionsOrCallback,
+        callback
+      );
+      self.eventReporter.intercept("http_request", url);
+      self.checkPolicy("http_request", url).catch((error) => {
+        req.destroy(error);
+      });
+      return req;
+    };
+  }
+  createInterceptedGet(protocol, original) {
+    const interceptedRequest = this.createInterceptedRequest(
+      protocol,
+      protocol === "http" ? this.originalHttpRequest : this.originalHttpsRequest
+    );
+    return function interceptedGet(urlOrOptions, optionsOrCallback, callback) {
+      const req = interceptedRequest(urlOrOptions, optionsOrCallback, callback);
+      req.end();
+      return req;
+    };
+  }
+  isBrokerUrl(url) {
+    try {
+      const parsed = new URL(url);
+      return (parsed.hostname === "localhost" || parsed.hostname === "127.0.0.1") && parsed.port === "5200";
+    } catch {
+      return false;
+    }
+  }
+};
+
+// libs/shield-interceptor/src/interceptors/websocket.ts
+var WebSocketInterceptor = class extends BaseInterceptor {
+  originalWebSocket = null;
+  constructor(options) {
+    super(options);
+  }
+  install() {
+    if (this.installed) return;
+    if (typeof globalThis.WebSocket === "undefined") {
+      this.debug("WebSocket not available in this environment");
+      return;
+    }
+    this.originalWebSocket = globalThis.WebSocket;
+    const self = this;
+    const OriginalWebSocket = this.originalWebSocket;
+    class InterceptedWebSocket extends OriginalWebSocket {
+      constructor(url, protocols) {
+        const urlString = url.toString();
+        if (self.isBrokerUrl(urlString)) {
+          super(url, protocols);
+          return;
+        }
+        self.eventReporter.intercept("websocket", urlString);
+        super(url, protocols);
+        self.checkPolicy("websocket", urlString).catch((error) => {
+          this.close(1008, "Policy denied");
+          const errorEvent = new Event("error");
+          this.dispatchEvent(errorEvent);
+        });
+      }
+    }
+    globalThis.WebSocket = InterceptedWebSocket;
+    this.installed = true;
+  }
+  uninstall() {
+    if (!this.installed || !this.originalWebSocket) return;
+    globalThis.WebSocket = this.originalWebSocket;
+    this.originalWebSocket = null;
+    this.installed = false;
+  }
+  isBrokerUrl(url) {
+    try {
+      const parsed = new URL(url);
+      return (parsed.hostname === "localhost" || parsed.hostname === "127.0.0.1") && parsed.port === "5200";
+    } catch {
+      return false;
+    }
+  }
+};
+
+// libs/shield-interceptor/src/client/sync-client.ts
+var import_node_child_process = require("node:child_process");
+var fs = __toESM(require("node:fs"), 1);
+var import_node_crypto = require("node:crypto");
+var _existsSync = fs.existsSync.bind(fs);
+var _readFileSync = fs.readFileSync.bind(fs);
+var _unlinkSync = fs.unlinkSync.bind(fs);
+var _spawnSync = import_node_child_process.spawnSync;
+var _execSync = import_node_child_process.execSync;
+var SyncClient = class {
+  socketPath;
+  httpHost;
+  httpPort;
+  timeout;
+  constructor(options) {
+    this.socketPath = options.socketPath;
+    this.httpHost = options.httpHost;
+    this.httpPort = options.httpPort;
+    this.timeout = options.timeout;
+  }
+  /**
+   * Send a synchronous request to the broker
+   */
+  request(method, params) {
+    try {
+      return this.socketRequestSync(method, params);
+    } catch {
+      return this.httpRequestSync(method, params);
+    }
+  }
+  /**
+   * Synchronous socket request
+   *
+   * This uses a blocking approach with a temporary file for the response.
+   */
+  socketRequestSync(method, params) {
+    const id = (0, import_node_crypto.randomUUID)();
+    const request = JSON.stringify({
+      jsonrpc: "2.0",
+      id,
+      method,
+      params
+    }) + "\n";
+    const tmpFile = `/tmp/agenshield-sync-${id}.json`;
+    const script = `
+      const net = require('net');
+      const fs = require('fs');
+
+      const socket = net.createConnection('${this.socketPath}');
+      let data = '';
+
+      socket.on('connect', () => {
+        socket.write(${JSON.stringify(request)});
+      });
+
+      socket.on('data', (chunk) => {
+        data += chunk.toString();
+        if (data.includes('\\n')) {
+          socket.end();
+          fs.writeFileSync('${tmpFile}', data.split('\\n')[0]);
+        }
+      });
+
+      socket.on('error', (err) => {
+        fs.writeFileSync('${tmpFile}', JSON.stringify({ error: err.message }));
+      });
+
+      setTimeout(() => {
+        socket.destroy();
+        fs.writeFileSync('${tmpFile}', JSON.stringify({ error: 'timeout' }));
+      }, ${this.timeout});
+    `;
+    try {
+      _spawnSync("node", ["-e", script], {
+        timeout: this.timeout + 1e3,
+        stdio: "ignore"
+      });
+      if (_existsSync(tmpFile)) {
+        const response = JSON.parse(_readFileSync(tmpFile, "utf-8"));
+        _unlinkSync(tmpFile);
+        if (response.error) {
+          throw new Error(response.error);
+        }
+        return response.result;
+      }
+      throw new Error("No response from broker");
+    } finally {
+      try {
+        if (_existsSync(tmpFile)) {
+          _unlinkSync(tmpFile);
+        }
+      } catch {
+      }
+    }
+  }
+  /**
+   * Synchronous HTTP request using curl
+   */
+  httpRequestSync(method, params) {
+    const url = `http://${this.httpHost}:${this.httpPort}/rpc`;
+    const id = (0, import_node_crypto.randomUUID)();
+    const request = JSON.stringify({
+      jsonrpc: "2.0",
+      id,
+      method,
+      params
+    });
+    try {
+      const result = _execSync(
+        `curl -s -X POST -H "Content-Type: application/json" -d '${request.replace(/'/g, "\\'")}' "${url}"`,
+        {
+          timeout: this.timeout,
+          encoding: "utf-8"
+        }
+      );
+      const response = JSON.parse(result);
+      if (response.error) {
+        throw new Error(response.error.message);
+      }
+      return response.result;
+    } catch (error) {
+      throw new Error(`Sync request failed: ${error.message}`);
+    }
+  }
+  /**
+   * Check if broker is available
+   */
+  ping() {
+    try {
+      this.request("ping", {});
+      return true;
+    } catch {
+      return false;
+    }
+  }
+};
+
+// libs/shield-interceptor/src/interceptors/child-process.ts
+var childProcessModule = require("node:child_process");
+var ChildProcessInterceptor = class extends BaseInterceptor {
+  syncClient;
+  originalExec = null;
+  originalExecSync = null;
+  originalSpawn = null;
+  originalSpawnSync = null;
+  originalExecFile = null;
+  originalFork = null;
+  constructor(options) {
+    super(options);
+    this.syncClient = new SyncClient({
+      socketPath: "/var/run/agenshield/agenshield.sock",
+      httpHost: "localhost",
+      httpPort: 5201,
+      // Broker uses 5201
+      timeout: 3e4
+    });
+  }
+  install() {
+    if (this.installed) return;
+    this.originalExec = childProcessModule.exec;
+    this.originalExecSync = childProcessModule.execSync;
+    this.originalSpawn = childProcessModule.spawn;
+    this.originalSpawnSync = childProcessModule.spawnSync;
+    this.originalExecFile = childProcessModule.execFile;
+    this.originalFork = childProcessModule.fork;
+    childProcessModule.exec = this.createInterceptedExec();
+    childProcessModule.execSync = this.createInterceptedExecSync();
+    childProcessModule.spawn = this.createInterceptedSpawn();
+    childProcessModule.spawnSync = this.createInterceptedSpawnSync();
+    childProcessModule.execFile = this.createInterceptedExecFile();
+    childProcessModule.fork = this.createInterceptedFork();
+    this.installed = true;
+  }
+  uninstall() {
+    if (!this.installed) return;
+    if (this.originalExec) childProcessModule.exec = this.originalExec;
+    if (this.originalExecSync) childProcessModule.execSync = this.originalExecSync;
+    if (this.originalSpawn) childProcessModule.spawn = this.originalSpawn;
+    if (this.originalSpawnSync) childProcessModule.spawnSync = this.originalSpawnSync;
+    if (this.originalExecFile) childProcessModule.execFile = this.originalExecFile;
+    if (this.originalFork) childProcessModule.fork = this.originalFork;
+    this.originalExec = null;
+    this.originalExecSync = null;
+    this.originalSpawn = null;
+    this.originalSpawnSync = null;
+    this.originalExecFile = null;
+    this.originalFork = null;
+    this.installed = false;
+  }
+  createInterceptedExec() {
+    const self = this;
+    const original = this.originalExec;
+    return function interceptedExec(command, ...args) {
+      const callback = typeof args[args.length - 1] === "function" ? args.pop() : void 0;
+      self.eventReporter.intercept("exec", command);
+      self.checkPolicy("exec", command).then(() => {
+        original(command, ...args, callback);
+      }).catch((error) => {
+        if (callback) {
+          callback(error, "", "");
+        }
+      });
+      return original('echo ""');
+    };
+  }
+  createInterceptedExecSync() {
+    const self = this;
+    const original = this.originalExecSync;
+    const interceptedExecSync = function(command, options) {
+      self.eventReporter.intercept("exec", command);
+      try {
+        const result = self.syncClient.request(
+          "policy_check",
+          { operation: "exec", target: command }
+        );
+        if (!result.allowed) {
+          throw new PolicyDeniedError(result.reason || "Operation denied by policy", {
+            operation: "exec",
+            target: command
+          });
+        }
+      } catch (error) {
+        if (error instanceof PolicyDeniedError) {
+          throw error;
+        }
+        if (!self.failOpen) {
+          throw error;
+        }
+      }
+      return original(command, options);
+    };
+    return interceptedExecSync;
+  }
+  createInterceptedSpawn() {
+    const self = this;
+    const original = this.originalSpawn;
+    const interceptedSpawn = function(command, args, options) {
+      const fullCommand = args ? `${command} ${args.join(" ")}` : command;
+      self.eventReporter.intercept("exec", fullCommand);
+      self.checkPolicy("exec", fullCommand).catch((error) => {
+        self.eventReporter.error("exec", fullCommand, error.message);
+      });
+      return original(command, args, options || {});
+    };
+    return interceptedSpawn;
+  }
+  createInterceptedSpawnSync() {
+    const self = this;
+    const original = this.originalSpawnSync;
+    return function interceptedSpawnSync(command, args, options) {
+      const fullCommand = args ? `${command} ${args.join(" ")}` : command;
+      self.eventReporter.intercept("exec", fullCommand);
+      try {
+        const result = self.syncClient.request(
+          "policy_check",
+          { operation: "exec", target: fullCommand }
+        );
+        if (!result.allowed) {
+          return {
+            pid: -1,
+            output: [],
+            stdout: Buffer.alloc(0),
+            stderr: Buffer.from(result.reason || "Policy denied"),
+            status: 1,
+            signal: null,
+            error: new PolicyDeniedError(result.reason || "Policy denied")
+          };
+        }
+      } catch (error) {
+        if (!self.failOpen) {
+          return {
+            pid: -1,
+            output: [],
+            stdout: Buffer.alloc(0),
+            stderr: Buffer.from(error.message),
+            status: 1,
+            signal: null,
+            error
+          };
+        }
+      }
+      return original(command, args, options);
+    };
+  }
+  createInterceptedExecFile() {
+    const self = this;
+    const original = this.originalExecFile;
+    return function interceptedExecFile(file, ...args) {
+      self.eventReporter.intercept("exec", file);
+      self.checkPolicy("exec", file).catch((error) => {
+        self.eventReporter.error("exec", file, error.message);
+      });
+      return original(file, ...args);
+    };
+  }
+  createInterceptedFork() {
+    const self = this;
+    const original = this.originalFork;
+    const interceptedFork = function(modulePath, args, options) {
+      const pathStr = modulePath.toString();
+      self.eventReporter.intercept("exec", `fork:${pathStr}`);
+      self.checkPolicy("exec", `fork:${pathStr}`).catch((error) => {
+        self.eventReporter.error("exec", pathStr, error.message);
+      });
+      return original(modulePath, args, options);
+    };
+    return interceptedFork;
+  }
+};
+
+// libs/shield-interceptor/src/interceptors/fs.ts
+var fsModule = require("node:fs");
+var fsPromisesModule = require("node:fs/promises");
+function safeOverride(target, prop, value) {
+  try {
+    target[prop] = value;
+  } catch {
+    Object.defineProperty(target, prop, {
+      value,
+      writable: true,
+      configurable: true,
+      enumerable: true
+    });
+  }
+}
+var FsInterceptor = class extends BaseInterceptor {
+  syncClient;
+  originals = /* @__PURE__ */ new Map();
+  constructor(options) {
+    super(options);
+    this.syncClient = new SyncClient({
+      socketPath: "/var/run/agenshield/agenshield.sock",
+      httpHost: "localhost",
+      httpPort: 5201,
+      // Broker uses 5201
+      timeout: 3e4
+    });
+  }
+  install() {
+    if (this.installed) return;
+    this.interceptMethod(fsModule, "readFile", "file_read");
+    this.interceptMethod(fsModule, "writeFile", "file_write");
+    this.interceptMethod(fsModule, "appendFile", "file_write");
+    this.interceptMethod(fsModule, "unlink", "file_write");
+    this.interceptMethod(fsModule, "mkdir", "file_write");
+    this.interceptMethod(fsModule, "rmdir", "file_write");
+    this.interceptMethod(fsModule, "rm", "file_write");
+    this.interceptMethod(fsModule, "readdir", "file_list");
+    this.interceptSyncMethod(fsModule, "readFileSync", "file_read");
+    this.interceptSyncMethod(fsModule, "writeFileSync", "file_write");
+    this.interceptSyncMethod(fsModule, "appendFileSync", "file_write");
+    this.interceptSyncMethod(fsModule, "unlinkSync", "file_write");
+    this.interceptSyncMethod(fsModule, "mkdirSync", "file_write");
+    this.interceptSyncMethod(fsModule, "rmdirSync", "file_write");
+    this.interceptSyncMethod(fsModule, "rmSync", "file_write");
+    this.interceptSyncMethod(fsModule, "readdirSync", "file_list");
+    this.interceptPromiseMethod(fsPromisesModule, "readFile", "file_read");
+    this.interceptPromiseMethod(fsPromisesModule, "writeFile", "file_write");
+    this.interceptPromiseMethod(fsPromisesModule, "appendFile", "file_write");
+    this.interceptPromiseMethod(fsPromisesModule, "unlink", "file_write");
+    this.interceptPromiseMethod(fsPromisesModule, "mkdir", "file_write");
+    this.interceptPromiseMethod(fsPromisesModule, "rmdir", "file_write");
+    this.interceptPromiseMethod(fsPromisesModule, "rm", "file_write");
+    this.interceptPromiseMethod(fsPromisesModule, "readdir", "file_list");
+    this.installed = true;
+  }
+  uninstall() {
+    if (!this.installed) return;
+    for (const [key, original] of this.originals) {
+      const [moduleName, methodName] = key.split(":");
+      const module2 = moduleName === "fs" ? fsModule : fsPromisesModule;
+      safeOverride(module2, methodName, original);
+    }
+    this.originals.clear();
+    this.installed = false;
+  }
+  interceptMethod(module2, methodName, operation) {
+    const original = module2[methodName];
+    if (!original) return;
+    const key = `fs:${methodName}`;
+    this.originals.set(key, original);
+    const self = this;
+    safeOverride(module2, methodName, function intercepted(path, ...args) {
+      const pathString = path.toString();
+      const callback = typeof args[args.length - 1] === "function" ? args.pop() : void 0;
+      self.eventReporter.intercept(operation, pathString);
+      self.checkPolicy(operation, pathString).then(() => {
+        original.call(module2, path, ...args, callback);
+      }).catch((error) => {
+        if (callback) {
+          callback(error);
+        }
+      });
+    });
+  }
+  interceptSyncMethod(module2, methodName, operation) {
+    const original = module2[methodName];
+    if (!original) return;
+    const key = `fs:${methodName}`;
+    this.originals.set(key, original);
+    const self = this;
+    safeOverride(module2, methodName, function interceptedSync(path, ...args) {
+      const pathString = path.toString();
+      self.eventReporter.intercept(operation, pathString);
+      try {
+        const result = self.syncClient.request(
+          "policy_check",
+          { operation, target: pathString }
+        );
+        if (!result.allowed) {
+          throw new PolicyDeniedError(result.reason || "Operation denied by policy", {
+            operation,
+            target: pathString
+          });
+        }
+      } catch (error) {
+        if (error instanceof PolicyDeniedError) {
+          throw error;
+        }
+        if (!self.failOpen) {
+          throw error;
+        }
+      }
+      return original.call(module2, path, ...args);
+    });
+  }
+  interceptPromiseMethod(module2, methodName, operation) {
+    const original = module2[methodName];
+    if (!original) return;
+    const key = `fsPromises:${methodName}`;
+    this.originals.set(key, original);
+    const self = this;
+    safeOverride(module2, methodName, async function interceptedPromise(path, ...args) {
+      const pathString = path.toString();
+      self.eventReporter.intercept(operation, pathString);
+      await self.checkPolicy(operation, pathString);
+      return original.call(module2, path, ...args);
+    });
+  }
+};
+
+// libs/shield-interceptor/src/client/http-client.ts
+var net = __toESM(require("node:net"), 1);
+var import_node_crypto2 = require("node:crypto");
+var AsyncClient = class {
+  socketPath;
+  httpHost;
+  httpPort;
+  timeout;
+  constructor(options) {
+    this.socketPath = options.socketPath;
+    this.httpHost = options.httpHost;
+    this.httpPort = options.httpPort;
+    this.timeout = options.timeout;
+  }
+  /**
+   * Send a request to the broker
+   */
+  async request(method, params) {
+    try {
+      return await this.socketRequest(method, params);
+    } catch (socketError) {
+      try {
+        return await this.httpRequest(method, params);
+      } catch (httpError) {
+        throw new BrokerUnavailableError(
+          `Failed to connect to broker: ${socketError.message}`
+        );
+      }
+    }
+  }
+  /**
+   * Send request via Unix socket
+   */
+  async socketRequest(method, params) {
+    return new Promise((resolve, reject) => {
+      const socket = net.createConnection(this.socketPath);
+      const id = (0, import_node_crypto2.randomUUID)();
+      let responseData = "";
+      let timeoutId;
+      socket.on("connect", () => {
+        const request = {
+          jsonrpc: "2.0",
+          id,
+          method,
+          params
+        };
+        socket.write(JSON.stringify(request) + "\n");
+        timeoutId = setTimeout(() => {
+          socket.destroy();
+          reject(new TimeoutError());
+        }, this.timeout);
+      });
+      socket.on("data", (data) => {
+        responseData += data.toString();
+        const newlineIndex = responseData.indexOf("\n");
+        if (newlineIndex !== -1) {
+          clearTimeout(timeoutId);
+          socket.end();
+          try {
+            const response = JSON.parse(
+              responseData.slice(0, newlineIndex)
+            );
+            if (response.error) {
+              reject(new Error(response.error.message));
+            } else {
+              resolve(response.result);
+            }
+          } catch {
+            reject(new Error("Invalid response from broker"));
+          }
+        }
+      });
+      socket.on("error", (error) => {
+        clearTimeout(timeoutId);
+        reject(error);
+      });
+    });
+  }
+  /**
+   * Send request via HTTP
+   */
+  async httpRequest(method, params) {
+    const url = `http://${this.httpHost}:${this.httpPort}/rpc`;
+    const id = (0, import_node_crypto2.randomUUID)();
+    const request = {
+      jsonrpc: "2.0",
+      id,
+      method,
+      params
+    };
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), this.timeout);
+    try {
+      const response = await fetch(url, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify(request),
+        signal: controller.signal
+      });
+      clearTimeout(timeoutId);
+      if (!response.ok) {
+        throw new Error(`HTTP error: ${response.status}`);
+      }
+      const jsonResponse = await response.json();
+      if (jsonResponse.error) {
+        throw new Error(jsonResponse.error.message);
+      }
+      return jsonResponse.result;
+    } catch (error) {
+      clearTimeout(timeoutId);
+      if (error.name === "AbortError") {
+        throw new TimeoutError();
+      }
+      throw error;
+    }
+  }
+  /**
+   * Check if broker is available
+   */
+  async ping() {
+    try {
+      await this.request("ping", {});
+      return true;
+    } catch {
+      return false;
+    }
+  }
+};
+
+// libs/shield-interceptor/src/policy/evaluator.ts
+var PolicyEvaluator = class {
+  client;
+  constructor(options) {
+    this.client = options.client;
+  }
+  /**
+   * Check if an operation is allowed
+   * Always queries the daemon for fresh policy decisions
+   */
+  async check(operation, target) {
+    try {
+      const result = await this.client.request(
+        "policy_check",
+        { operation, target }
+      );
+      return result;
+    } catch (error) {
+      return {
+        allowed: false,
+        reason: `Policy check failed: ${error.message}`
+      };
+    }
+  }
+};
+
+// libs/shield-interceptor/src/events/reporter.ts
+var EventReporter = class _EventReporter {
+  client;
+  logLevel;
+  queue = [];
+  flushInterval = null;
+  failedFlushCount = 0;
+  static MAX_QUEUE_SIZE = 500;
+  static MAX_RETRIES = 3;
+  levelPriority = {
+    debug: 0,
+    info: 1,
+    warn: 2,
+    error: 3
+  };
+  constructor(options) {
+    this.client = options.client;
+    this.logLevel = options.logLevel;
+    this.flushInterval = setInterval(() => this.flush(), 5e3);
+  }
+  /**
+   * Report an event
+   */
+  report(event) {
+    this.queue.push(event);
+    if (this.queue.length > _EventReporter.MAX_QUEUE_SIZE) {
+      this.queue.splice(0, this.queue.length - _EventReporter.MAX_QUEUE_SIZE);
+    }
+    const level = this.getLogLevel(event);
+    if (this.shouldLog(level)) {
+      const prefix = event.type === "allow" ? "\u2713" : event.type === "deny" ? "\u2717" : "\u2022";
+      console[level](`[AgenShield] ${prefix} ${event.operation}: ${event.target}`);
+    }
+    if (this.queue.length >= 100) {
+      this.flush();
+    }
+  }
+  /**
+   * Report an interception
+   */
+  intercept(operation, target) {
+    this.report({
+      type: "intercept",
+      operation,
+      target,
+      timestamp: /* @__PURE__ */ new Date()
+    });
+  }
+  /**
+   * Report an allowed operation
+   */
+  allow(operation, target, policyId, duration) {
+    this.report({
+      type: "allow",
+      operation,
+      target,
+      timestamp: /* @__PURE__ */ new Date(),
+      policyId,
+      duration
+    });
+  }
+  /**
+   * Report a denied operation
+   */
+  deny(operation, target, policyId, reason) {
+    this.report({
+      type: "deny",
+      operation,
+      target,
+      timestamp: /* @__PURE__ */ new Date(),
+      policyId,
+      error: reason
+    });
+  }
+  /**
+   * Report an error
+   */
+  error(operation, target, error) {
+    this.report({
+      type: "error",
+      operation,
+      target,
+      timestamp: /* @__PURE__ */ new Date(),
+      error
+    });
+  }
+  /**
+   * Flush the event queue
+   */
+  async flush() {
+    if (this.queue.length === 0) return;
+    const events = this.queue.splice(0, this.queue.length);
+    try {
+      await this.client.request("events_batch", { events });
+      this.failedFlushCount = 0;
+    } catch {
+      this.failedFlushCount++;
+      if (this.failedFlushCount < _EventReporter.MAX_RETRIES) {
+        this.queue.unshift(...events);
+        if (this.queue.length > _EventReporter.MAX_QUEUE_SIZE) {
+          this.queue.splice(0, this.queue.length - _EventReporter.MAX_QUEUE_SIZE);
+        }
+      }
+    }
+  }
+  /**
+   * Stop the reporter
+   */
+  stop() {
+    if (this.flushInterval) {
+      clearInterval(this.flushInterval);
+      this.flushInterval = null;
+    }
+    this.flush();
+  }
+  /**
+   * Get the appropriate log level for an event
+   */
+  getLogLevel(event) {
+    switch (event.type) {
+      case "intercept":
+        return "debug";
+      case "allow":
+        return "debug";
+      case "deny":
+        return "warn";
+      case "error":
+        return "error";
+      default:
+        return "info";
+    }
+  }
+  /**
+   * Check if we should log at the given level
+   */
+  shouldLog(level) {
+    return this.levelPriority[level] >= this.levelPriority[this.logLevel];
+  }
+};
+
+// libs/shield-interceptor/src/installer.ts
+var installed = null;
+var client = null;
+var policyEvaluator = null;
+var eventReporter = null;
+function installInterceptors(configOverrides) {
+  if (installed) {
+    console.warn("AgenShield interceptors already installed");
+    return;
+  }
+  const config = createConfig(configOverrides);
+  client = new AsyncClient({
+    socketPath: config.socketPath,
+    httpHost: config.httpHost,
+    httpPort: config.httpPort,
+    timeout: config.timeout
+  });
+  policyEvaluator = new PolicyEvaluator({
+    client
+  });
+  eventReporter = new EventReporter({
+    client,
+    logLevel: config.logLevel
+  });
+  installed = {};
+  if (config.interceptFetch) {
+    installed.fetch = new FetchInterceptor({
+      client,
+      policyEvaluator,
+      eventReporter,
+      failOpen: config.failOpen
+    });
+    installed.fetch.install();
+    log(config, "debug", "Installed fetch interceptor");
+  }
+  if (config.interceptHttp) {
+    installed.http = new HttpInterceptor({
+      client,
+      policyEvaluator,
+      eventReporter,
+      failOpen: config.failOpen
+    });
+    installed.http.install();
+    log(config, "debug", "Installed http/https interceptor");
+  }
+  if (config.interceptWs) {
+    installed.websocket = new WebSocketInterceptor({
+      client,
+      policyEvaluator,
+      eventReporter,
+      failOpen: config.failOpen
+    });
+    installed.websocket.install();
+    log(config, "debug", "Installed WebSocket interceptor");
+  }
+  if (config.interceptExec) {
+    installed.childProcess = new ChildProcessInterceptor({
+      client,
+      policyEvaluator,
+      eventReporter,
+      failOpen: config.failOpen
+    });
+    installed.childProcess.install();
+    log(config, "debug", "Installed child_process interceptor");
+  }
+  if (config.interceptFs) {
+    installed.fs = new FsInterceptor({
+      client,
+      policyEvaluator,
+      eventReporter,
+      failOpen: config.failOpen
+    });
+    installed.fs.install();
+    log(config, "debug", "Installed fs interceptor");
+  }
+  log(config, "info", "AgenShield interceptors installed");
+}
+function uninstallInterceptors() {
+  if (!installed) {
+    return;
+  }
+  if (installed.fetch) {
+    installed.fetch.uninstall();
+  }
+  if (installed.http) {
+    installed.http.uninstall();
+  }
+  if (installed.websocket) {
+    installed.websocket.uninstall();
+  }
+  if (installed.childProcess) {
+    installed.childProcess.uninstall();
+  }
+  if (installed.fs) {
+    installed.fs.uninstall();
+  }
+  installed = null;
+  client = null;
+  policyEvaluator = null;
+  eventReporter = null;
+}
+function log(config, level, message) {
+  const levels = { debug: 0, info: 1, warn: 2, error: 3 };
+  if (levels[level] >= levels[config.logLevel]) {
+    console[level](`[AgenShield] ${message}`);
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AgenShieldError,
+  AsyncClient,
+  ChildProcessInterceptor,
+  EventReporter,
+  FetchInterceptor,
+  FsInterceptor,
+  HttpInterceptor,
+  PolicyDeniedError,
+  PolicyEvaluator,
+  SyncClient,
+  WebSocketInterceptor,
+  createConfig,
+  installInterceptors,
+  uninstallInterceptors
+});