@agenshield/ipc 0.1.0

package/types/events.d.ts

@@ -0,0 +1,83 @@
+/**
+ * SSE Event types for real-time communication
+ */
+export type EventType = 'security:status' | 'security:warning' | 'security:critical' | 'process:started' | 'process:stopped' | 'api:request' | 'broker:request' | 'broker:response' | 'config:changed' | 'heartbeat';
+/**
+ * Base event structure
+ */
+export interface DaemonEvent<T = unknown> {
+    type: EventType;
+    timestamp: string;
+    data: T;
+}
+/**
+ * Security status event data
+ */
+export interface SecurityStatusEventData {
+    runningAsRoot: boolean;
+    currentUser: string;
+    sandboxUserExists: boolean;
+    isIsolated: boolean;
+    guardedShellInstalled: boolean;
+    exposedSecrets: string[];
+    warnings: string[];
+    critical: string[];
+    recommendations: string[];
+    level: 'secure' | 'partial' | 'unprotected' | 'critical';
+}
+/**
+ * Security warning event data
+ */
+export interface SecurityWarningEventData {
+    message: string;
+}
+/**
+ * Security critical event data
+ */
+export interface SecurityCriticalEventData {
+    message: string;
+}
+/**
+ * API request event data
+ */
+export interface ApiRequestEventData {
+    method: string;
+    path: string;
+    statusCode: number;
+    duration: number;
+}
+/**
+ * Broker request event data
+ */
+export interface BrokerRequestEventData {
+    operation: string;
+    args: unknown;
+}
+/**
+ * Broker response event data
+ */
+export interface BrokerResponseEventData {
+    operation: string;
+    success: boolean;
+    duration: number;
+}
+/**
+ * Heartbeat event data
+ */
+export interface HeartbeatEventData {
+    connected?: boolean;
+    ping?: boolean;
+    message?: string;
+    filter?: string;
+}
+/**
+ * Typed event definitions
+ */
+export type SecurityStatusEvent = DaemonEvent<SecurityStatusEventData>;
+export type SecurityWarningEvent = DaemonEvent<SecurityWarningEventData>;
+export type SecurityCriticalEvent = DaemonEvent<SecurityCriticalEventData>;
+export type ApiRequestEvent = DaemonEvent<ApiRequestEventData>;
+export type BrokerRequestEvent = DaemonEvent<BrokerRequestEventData>;
+export type BrokerResponseEvent = DaemonEvent<BrokerResponseEventData>;
+export type HeartbeatEvent = DaemonEvent<HeartbeatEventData>;
+//# sourceMappingURL=events.d.ts.map

package/types/events.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"events.d.ts","sourceRoot":"","sources":["../../src/types/events.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,MAAM,SAAS,GACjB,iBAAiB,GACjB,kBAAkB,GAClB,mBAAmB,GACnB,iBAAiB,GACjB,iBAAiB,GACjB,aAAa,GACb,gBAAgB,GAChB,iBAAiB,GACjB,gBAAgB,GAChB,WAAW,CAAC;AAEhB;;GAEG;AACH,MAAM,WAAW,WAAW,CAAC,CAAC,GAAG,OAAO;IACtC,IAAI,EAAE,SAAS,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,CAAC,CAAC;CACT;AAED;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,aAAa,EAAE,OAAO,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,UAAU,EAAE,OAAO,CAAC;IACpB,qBAAqB,EAAE,OAAO,CAAC;IAC/B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,KAAK,EAAE,QAAQ,GAAG,SAAS,GAAG,aAAa,GAAG,UAAU,CAAC;CAC1D;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,OAAO,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG,WAAW,CAAC,uBAAuB,CAAC,CAAC;AACvE,MAAM,MAAM,oBAAoB,GAAG,WAAW,CAAC,wBAAwB,CAAC,CAAC;AACzE,MAAM,MAAM,qBAAqB,GAAG,WAAW,CAAC,yBAAyB,CAAC,CAAC;AAC3E,MAAM,MAAM,eAAe,GAAG,WAAW,CAAC,mBAAmB,CAAC,CAAC;AAC/D,MAAM,MAAM,kBAAkB,GAAG,WAAW,CAAC,sBAAsB,CAAC,CAAC;AACrE,MAAM,MAAM,mBAAmB,GAAG,WAAW,CAAC,uBAAuB,CAAC,CAAC;AACvE,MAAM,MAAM,cAAc,GAAG,WAAW,CAAC,kBAAkB,CAAC,CAAC"}

package/types/index.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Re-export all types
+ */
+export * from './config';
+export * from './daemon';
+export * from './api';
+export * from './events';
+export * from './backup';
+export * from './ops';
+export * from './policy';
+export * from './agenco';
+export * from './state';
+export * from './vault';
+export * from './auth';
+export * from './discovery';
+export * from './catalog';
+export * from './marketplace';
+//# sourceMappingURL=index.d.ts.map

package/types/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,cAAc,UAAU,CAAC;AACzB,cAAc,UAAU,CAAC;AACzB,cAAc,OAAO,CAAC;AACtB,cAAc,UAAU,CAAC;AACzB,cAAc,UAAU,CAAC;AACzB,cAAc,OAAO,CAAC;AACtB,cAAc,UAAU,CAAC;AACzB,cAAc,UAAU,CAAC;AACzB,cAAc,SAAS,CAAC;AACxB,cAAc,SAAS,CAAC;AACxB,cAAc,QAAQ,CAAC;AACvB,cAAc,aAAa,CAAC;AAC5B,cAAc,WAAW,CAAC;AAC1B,cAAc,eAAe,CAAC"}

package/types/marketplace.d.ts

@@ -0,0 +1,101 @@
+/**
+ * Marketplace types for skill browsing and installation
+ */
+export interface MarketplaceSkill {
+    name: string;
+    slug: string;
+    description: string;
+    author: string;
+    version: string;
+    installs: number;
+    tags: string[];
+    readme?: string;
+    files?: MarketplaceSkillFile[];
+    installed?: boolean;
+    /** Pre-computed analysis returned from GET /marketplace/skills/:slug */
+    analysis?: AnalyzeSkillResponse['analysis'];
+}
+export interface MarketplaceSkillFile {
+    name: string;
+    type: string;
+    content: string;
+    purpose?: string;
+}
+export interface AnalyzeSkillRequest {
+    skillName: string;
+    publisher: string;
+    files: MarketplaceSkillFile[];
+}
+export type SkillSource = 'clawhub';
+export interface AnalyzeSkillFromSourceRequest {
+    slug: string;
+    source: SkillSource;
+    skillName?: string;
+    publisher?: string;
+}
+export type AnalyzeSkillRequestUnion = AnalyzeSkillRequest | AnalyzeSkillFromSourceRequest;
+export type SkillSecuritySeverity = 'safe' | 'low' | 'medium' | 'high' | 'critical';
+export interface EnvVariableDetail {
+    name: string;
+    required: boolean;
+    purpose: string;
+    sensitive: boolean;
+}
+export interface RuntimeRequirement {
+    runtime: string;
+    minVersion?: string;
+    reason: string;
+}
+export interface InstallationStep {
+    command: string;
+    packageManager: string;
+    required: boolean;
+    description: string;
+}
+export interface RunCommand {
+    command: string;
+    description: string;
+    entrypoint: boolean;
+}
+export interface SecurityFinding {
+    severity: SkillSecuritySeverity;
+    category: string;
+    cwe?: string;
+    owaspCategory?: string;
+    description: string;
+    evidence?: string;
+}
+export type MCPRiskType = 'tool-poisoning' | 'memory-poisoning' | 'prompt-injection' | 'soul-override' | 'permission-escalation' | 'data-exfiltration' | 'hidden-instructions';
+export interface MCPSpecificRisk {
+    riskType: MCPRiskType;
+    description: string;
+    severity: SkillSecuritySeverity;
+}
+export interface AnalyzeSkillResponse {
+    analysis: {
+        status: 'complete' | 'error';
+        vulnerability: {
+            level: SkillSecuritySeverity;
+            details: string[];
+            suggestions?: string[];
+        };
+        commands: Array<{
+            name: string;
+            source: string;
+            available: boolean;
+            resolvedPath?: string;
+            required: boolean;
+        }>;
+        envVariables?: EnvVariableDetail[];
+        runtimeRequirements?: RuntimeRequirement[];
+        installationSteps?: InstallationStep[];
+        runCommands?: RunCommand[];
+        securityFindings?: SecurityFinding[];
+        mcpSpecificRisks?: MCPSpecificRisk[];
+    };
+}
+export interface InstallSkillRequest {
+    slug: string;
+    type?: string;
+}
+//# sourceMappingURL=marketplace.d.ts.map

package/types/marketplace.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"marketplace.d.ts","sourceRoot":"","sources":["../../src/types/marketplace.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,oBAAoB,EAAE,CAAC;IAC/B,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,wEAAwE;IACxE,QAAQ,CAAC,EAAE,oBAAoB,CAAC,UAAU,CAAC,CAAC;CAC7C;AAED,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,mBAAmB;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,oBAAoB,EAAE,CAAC;CAC/B;AAED,MAAM,MAAM,WAAW,GAAG,SAAS,CAAC;AAEpC,MAAM,WAAW,6BAA6B;IAC5C,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,WAAW,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,MAAM,wBAAwB,GAAG,mBAAmB,GAAG,6BAA6B,CAAC;AAM3F,MAAM,MAAM,qBAAqB,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAEpF,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,OAAO,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,OAAO,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,OAAO,CAAC;CACrB;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,qBAAqB,CAAC;IAChC,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,MAAM,WAAW,GACnB,gBAAgB,GAChB,kBAAkB,GAClB,kBAAkB,GAClB,eAAe,GACf,uBAAuB,GACvB,mBAAmB,GACnB,qBAAqB,CAAC;AAE1B,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,WAAW,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,qBAAqB,CAAC;CACjC;AAMD,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE;QACR,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC;QAC7B,aAAa,EAAE;YACb,KAAK,EAAE,qBAAqB,CAAC;YAC7B,OAAO,EAAE,MAAM,EAAE,CAAC;YAClB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;SACxB,CAAC;QACF,QAAQ,EAAE,KAAK,CAAC;YACd,IAAI,EAAE,MAAM,CAAC;YACb,MAAM,EAAE,MAAM,CAAC;YACf,SAAS,EAAE,OAAO,CAAC;YACnB,YAAY,CAAC,EAAE,MAAM,CAAC;YACtB,QAAQ,EAAE,OAAO,CAAC;SACnB,CAAC,CAAC;QACH,YAAY,CAAC,EAAE,iBAAiB,EAAE,CAAC;QACnC,mBAAmB,CAAC,EAAE,kBAAkB,EAAE,CAAC;QAC3C,iBAAiB,CAAC,EAAE,gBAAgB,EAAE,CAAC;QACvC,WAAW,CAAC,EAAE,UAAU,EAAE,CAAC;QAC3B,gBAAgB,CAAC,EAAE,eAAe,EAAE,CAAC;QACrC,gBAAgB,CAAC,EAAE,eAAe,EAAE,CAAC;KACtC,CAAC;CACH;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;CACf"}

package/types/ops.d.ts

@@ -0,0 +1,141 @@
+/**
+ * Broker operation types
+ *
+ * JSON-RPC 2.0 based protocol for broker communication.
+ */
+/**
+ * Operation types supported by the broker
+ */
+export type OperationType = 'http_request' | 'file_read' | 'file_write' | 'file_list' | 'exec' | 'command_execute' | 'open_url' | 'secret_inject' | 'ping' | 'policy_check';
+/**
+ * JSON-RPC 2.0 request
+ */
+export interface BrokerRequest {
+    jsonrpc: '2.0';
+    id: string | number;
+    method: OperationType;
+    params: OperationParams;
+    /** Track request origin */
+    channel?: 'socket' | 'http';
+}
+/**
+ * JSON-RPC 2.0 response
+ */
+export interface BrokerResponse<T = unknown> {
+    jsonrpc: '2.0';
+    id: string | number;
+    result?: T;
+    error?: BrokerError;
+}
+/**
+ * JSON-RPC 2.0 error
+ */
+export interface BrokerError {
+    code: number;
+    message: string;
+    data?: unknown;
+}
+/**
+ * Union type for all operation parameters
+ */
+export type OperationParams = HttpRequestParams | FileReadParams | FileWriteParams | FileListParams | ExecParams | OpenUrlParams | SecretInjectParams | PingParams | PolicyCheckParams;
+/**
+ * Union type for all operation results
+ */
+export type OperationResult = HttpRequestResult | FileReadResult | FileWriteResult | FileListResult | ExecResult | OpenUrlResult | SecretInjectResult | PingResult | PolicyCheckResult;
+export interface HttpRequestParams {
+    url: string;
+    method?: 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH' | 'HEAD' | 'OPTIONS';
+    headers?: Record<string, string>;
+    body?: string;
+    timeout?: number;
+    followRedirects?: boolean;
+}
+export interface HttpRequestResult {
+    status: number;
+    statusText: string;
+    headers: Record<string, string>;
+    body: string;
+}
+export interface FileReadParams {
+    path: string;
+    encoding?: BufferEncoding;
+}
+export interface FileReadResult {
+    content: string;
+    size: number;
+    mtime: string;
+}
+export interface FileWriteParams {
+    path: string;
+    content: string;
+    encoding?: BufferEncoding;
+    mode?: number;
+}
+export interface FileWriteResult {
+    bytesWritten: number;
+    path: string;
+}
+export interface FileListParams {
+    path: string;
+    recursive?: boolean;
+    pattern?: string;
+}
+export interface FileListResult {
+    entries: FileEntry[];
+}
+export interface FileEntry {
+    name: string;
+    path: string;
+    type: 'file' | 'directory' | 'symlink';
+    size: number;
+    mtime: string;
+}
+export interface ExecParams {
+    command: string;
+    args?: string[];
+    cwd?: string;
+    env?: Record<string, string>;
+    timeout?: number;
+    shell?: boolean;
+}
+export interface ExecResult {
+    exitCode: number;
+    stdout: string;
+    stderr: string;
+    signal?: string;
+}
+export interface OpenUrlParams {
+    url: string;
+    browser?: string;
+}
+export interface OpenUrlResult {
+    opened: boolean;
+}
+export interface SecretInjectParams {
+    name: string;
+    targetEnv?: string;
+}
+export interface SecretInjectResult {
+    value: string;
+    injected: boolean;
+}
+export interface PingParams {
+    echo?: string;
+}
+export interface PingResult {
+    pong: true;
+    echo?: string;
+    timestamp: string;
+    version: string;
+}
+export interface PolicyCheckParams {
+    operation: OperationType;
+    target: string;
+}
+export interface PolicyCheckResult {
+    allowed: boolean;
+    policyId?: string;
+    reason?: string;
+}
+//# sourceMappingURL=ops.d.ts.map

package/types/ops.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ops.d.ts","sourceRoot":"","sources":["../../src/types/ops.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;GAEG;AACH,MAAM,MAAM,aAAa,GACrB,cAAc,GACd,WAAW,GACX,YAAY,GACZ,WAAW,GACX,MAAM,GACN,iBAAiB,GACjB,UAAU,GACV,eAAe,GACf,MAAM,GACN,cAAc,CAAC;AAEnB;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,KAAK,CAAC;IACf,EAAE,EAAE,MAAM,GAAG,MAAM,CAAC;IACpB,MAAM,EAAE,aAAa,CAAC;IACtB,MAAM,EAAE,eAAe,CAAC;IACxB,2BAA2B;IAC3B,OAAO,CAAC,EAAE,QAAQ,GAAG,MAAM,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,cAAc,CAAC,CAAC,GAAG,OAAO;IACzC,OAAO,EAAE,KAAK,CAAC;IACf,EAAE,EAAE,MAAM,GAAG,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,CAAC,CAAC;IACX,KAAK,CAAC,EAAE,WAAW,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,MAAM,eAAe,GACvB,iBAAiB,GACjB,cAAc,GACd,eAAe,GACf,cAAc,GACd,UAAU,GACV,aAAa,GACb,kBAAkB,GAClB,UAAU,GACV,iBAAiB,CAAC;AAEtB;;GAEG;AACH,MAAM,MAAM,eAAe,GACvB,iBAAiB,GACjB,cAAc,GACd,eAAe,GACf,cAAc,GACd,UAAU,GACV,aAAa,GACb,kBAAkB,GAClB,UAAU,GACV,iBAAiB,CAAC;AAMtB,MAAM,WAAW,iBAAiB;IAChC,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,CAAC,EAAE,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,OAAO,GAAG,MAAM,GAAG,SAAS,CAAC;IAC1E,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,EAAE,MAAM,CAAC;CACd;AAMD,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,cAAc,CAAC;CAC3B;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,eAAe;IAC9B,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,SAAS,EAAE,CAAC;CACtB;AAED,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,GAAG,WAAW,GAAG,SAAS,CAAC;IACvC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;CACf;AAMD,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAMD,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,OAAO,CAAC;CACjB;AAMD,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,OAAO,CAAC;CACnB;AAMD,MAAM,WAAW,UAAU;IACzB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,IAAI,CAAC;IACX,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;CACjB;AAMD,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,aAAa,CAAC;IACzB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB"}

package/types/policy.d.ts

@@ -0,0 +1,100 @@
+/**
+ * Policy types for AgenShield
+ */
+import type { OperationType } from './ops';
+/**
+ * Policy rule definition
+ */
+export interface PolicyRule {
+    /** Unique identifier */
+    id: string;
+    /** Human-readable name */
+    name: string;
+    /** Policy action: allow, deny, or approval (future) */
+    action: 'allow' | 'deny' | 'approval';
+    /** What this rule targets */
+    target: 'skill' | 'command' | 'url' | 'filesystem';
+    /** Operations this rule applies to */
+    operations: OperationType[];
+    /** Patterns to match (glob or regex) */
+    patterns: string[];
+    /** Whether rule is enabled */
+    enabled: boolean;
+    /** Priority (higher = evaluated first) */
+    priority?: number;
+}
+/**
+ * File system constraints
+ */
+export interface FsConstraints {
+    /** Paths that are allowed for file operations */
+    allowedPaths: string[];
+    /** Patterns that are denied (e.g., .env, secrets.json) */
+    deniedPatterns: string[];
+}
+/**
+ * Network constraints
+ */
+export interface NetworkConstraints {
+    /** Hosts that are allowed */
+    allowedHosts: string[];
+    /** Hosts that are denied */
+    deniedHosts: string[];
+    /** Ports that are allowed */
+    allowedPorts: number[];
+}
+/**
+ * Environment variable injection rule
+ */
+export interface EnvInjectionRule {
+    /** Name of the secret in vault */
+    secretName: string;
+    /** Target environment variable name */
+    targetEnv: string;
+    /** Operations that can access this secret */
+    operations: OperationType[];
+}
+/**
+ * Complete policy configuration
+ */
+export interface PolicyConfiguration {
+    /** Schema version */
+    version: string;
+    /** Policy rules */
+    rules: PolicyRule[];
+    /** Default action when no rules match */
+    defaultAction: 'allow' | 'deny';
+    /** File system constraints */
+    fsConstraints?: FsConstraints;
+    /** Network constraints */
+    networkConstraints?: NetworkConstraints;
+    /** Environment injection rules */
+    envInjection?: EnvInjectionRule[];
+}
+/**
+ * Policy evaluation result
+ */
+export interface PolicyEvaluationResult {
+    /** Whether the operation is allowed */
+    allowed: boolean;
+    /** ID of the matching policy rule */
+    policyId?: string;
+    /** Reason for the decision */
+    reason?: string;
+    /** Evaluation duration in ms */
+    durationMs?: number;
+}
+/**
+ * Channel restrictions for operations
+ */
+export interface ChannelRestriction {
+    /** Operation type */
+    operation: OperationType;
+    /** Allowed channels */
+    allowedChannels: ('socket' | 'http')[];
+}
+/**
+ * Default channel restrictions
+ */
+export declare const DEFAULT_CHANNEL_RESTRICTIONS: ChannelRestriction[];
+//# sourceMappingURL=policy.d.ts.map

package/types/policy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy.d.ts","sourceRoot":"","sources":["../../src/types/policy.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,OAAO,CAAC;AAE3C;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,wBAAwB;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,0BAA0B;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,uDAAuD;IACvD,MAAM,EAAE,OAAO,GAAG,MAAM,GAAG,UAAU,CAAC;IACtC,6BAA6B;IAC7B,MAAM,EAAE,OAAO,GAAG,SAAS,GAAG,KAAK,GAAG,YAAY,CAAC;IACnD,sCAAsC;IACtC,UAAU,EAAE,aAAa,EAAE,CAAC;IAC5B,wCAAwC;IACxC,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,8BAA8B;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,0CAA0C;IAC1C,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,iDAAiD;IACjD,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,0DAA0D;IAC1D,cAAc,EAAE,MAAM,EAAE,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,6BAA6B;IAC7B,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,4BAA4B;IAC5B,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,6BAA6B;IAC7B,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,kCAAkC;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,uCAAuC;IACvC,SAAS,EAAE,MAAM,CAAC;IAClB,6CAA6C;IAC7C,UAAU,EAAE,aAAa,EAAE,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,qBAAqB;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,mBAAmB;IACnB,KAAK,EAAE,UAAU,EAAE,CAAC;IACpB,yCAAyC;IACzC,aAAa,EAAE,OAAO,GAAG,MAAM,CAAC;IAChC,8BAA8B;IAC9B,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,0BAA0B;IAC1B,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,kCAAkC;IAClC,YAAY,CAAC,EAAE,gBAAgB,EAAE,CAAC;CACnC;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,uCAAuC;IACvC,OAAO,EAAE,OAAO,CAAC;IACjB,qCAAqC;IACrC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,8BAA8B;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,gCAAgC;IAChC,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,qBAAqB;IACrB,SAAS,EAAE,aAAa,CAAC;IACzB,uBAAuB;IACvB,eAAe,EAAE,CAAC,QAAQ,GAAG,MAAM,CAAC,EAAE,CAAC;CACxC;AAED;;GAEG;AACH,eAAO,MAAM,4BAA4B,EAAE,kBAAkB,EAU5D,CAAC"}

package/types/state.d.ts

@@ -0,0 +1,105 @@
+/**
+ * System state types
+ *
+ * Types for tracking AgenShield system state in state.json
+ */
+/**
+ * Daemon state information
+ */
+export interface DaemonState {
+    /** Whether daemon is running */
+    running: boolean;
+    /** Process ID if running */
+    pid?: number;
+    /** When daemon was started */
+    startedAt?: string;
+    /** Port daemon is listening on */
+    port: number;
+}
+/**
+ * User state information
+ */
+export interface UserState {
+    /** Username */
+    username: string;
+    /** User ID */
+    uid: number;
+    /** User type */
+    type: 'agent' | 'broker';
+    /** When user was created */
+    createdAt: string;
+    /** Home directory */
+    homeDir: string;
+}
+/**
+ * Group state information
+ */
+export interface GroupState {
+    /** Group name */
+    name: string;
+    /** Group ID */
+    gid: number;
+    /** Group type */
+    type: 'socket' | 'workspace';
+}
+/**
+ * AgenCo state information
+ */
+export interface AgenCoState {
+    /** Whether user is authenticated */
+    authenticated: boolean;
+    /** Last authentication time */
+    lastAuthAt?: string;
+    /** List of connected integration IDs */
+    connectedIntegrations: string[];
+}
+/**
+ * Installation state information
+ */
+export interface InstallationState {
+    /** Installation preset used */
+    preset: string;
+    /** Base name for users/groups */
+    baseName: string;
+    /** Optional prefix */
+    prefix?: string;
+    /** Installed wrapper paths */
+    wrappers: string[];
+    /** Whether seatbelt is installed */
+    seatbeltInstalled: boolean;
+}
+/**
+ * Passcode protection state information
+ */
+export interface PasscodeProtectionState {
+    /** Whether passcode protection is enabled */
+    enabled: boolean;
+    /** Whether anonymous read-only access is allowed when protection is enabled (default: true) */
+    allowAnonymousReadOnly?: boolean;
+    /** Number of failed authentication attempts */
+    failedAttempts?: number;
+    /** ISO timestamp until which authentication is locked out */
+    lockedUntil?: string;
+}
+/**
+ * Complete system state
+ */
+export interface SystemState {
+    /** State schema version */
+    version: string;
+    /** When AgenShield was installed */
+    installedAt: string;
+    /** Daemon state */
+    daemon: DaemonState;
+    /** Created users */
+    users: UserState[];
+    /** Created groups */
+    groups: GroupState[];
+    /** AgenCo state */
+    agenco: AgenCoState;
+    /** Installation state */
+    installation: InstallationState;
+    /** Passcode protection state */
+    passcodeProtection?: PasscodeProtectionState;
+}
+//# sourceMappingURL=state.d.ts.map

package/types/state.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"state.d.ts","sourceRoot":"","sources":["../../src/types/state.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,gCAAgC;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,4BAA4B;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,8BAA8B;IAC9B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,kCAAkC;IAClC,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,eAAe;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,gBAAgB;IAChB,IAAI,EAAE,OAAO,GAAG,QAAQ,CAAC;IACzB,4BAA4B;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,qBAAqB;IACrB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,iBAAiB;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,eAAe;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,iBAAiB;IACjB,IAAI,EAAE,QAAQ,GAAG,WAAW,CAAC;CAC9B;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,oCAAoC;IACpC,aAAa,EAAE,OAAO,CAAC;IACvB,+BAA+B;IAC/B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,wCAAwC;IACxC,qBAAqB,EAAE,MAAM,EAAE,CAAC;CACjC;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,+BAA+B;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,iCAAiC;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,sBAAsB;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,8BAA8B;IAC9B,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,oCAAoC;IACpC,iBAAiB,EAAE,OAAO,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,6CAA6C;IAC7C,OAAO,EAAE,OAAO,CAAC;IACjB,+FAA+F;IAC/F,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC,+CAA+C;IAC/C,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,6DAA6D;IAC7D,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,2BAA2B;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,oCAAoC;IACpC,WAAW,EAAE,MAAM,CAAC;IACpB,mBAAmB;IACnB,MAAM,EAAE,WAAW,CAAC;IACpB,oBAAoB;IACpB,KAAK,EAAE,SAAS,EAAE,CAAC;IACnB,qBAAqB;IACrB,MAAM,EAAE,UAAU,EAAE,CAAC;IACrB,mBAAmB;IACnB,MAAM,EAAE,WAAW,CAAC;IACpB,yBAAyB;IACzB,YAAY,EAAE,iBAAiB,CAAC;IAChC,gCAAgC;IAChC,kBAAkB,CAAC,EAAE,uBAAuB,CAAC;CAC9C"}

package/types/vault.d.ts

@@ -0,0 +1,62 @@
+/**
+ * Vault types
+ *
+ * Types for encrypted vault storage (vault.enc)
+ */
+/**
+ * AgenCo OAuth secrets
+ */
+export interface AgenCoSecrets {
+    /** OAuth access token */
+    accessToken: string;
+    /** OAuth refresh token */
+    refreshToken: string;
+    /** Token expiration timestamp (ms) */
+    expiresAt: number;
+    /** OAuth client ID (from DCR) */
+    clientId: string;
+    /** OAuth client secret (from DCR) */
+    clientSecret: string;
+}
+/**
+ * Passcode data for authentication
+ */
+export interface PasscodeData {
+    /** bcrypt hash of the passcode */
+    hash: string;
+    /** ISO timestamp when passcode was initially set */
+    setAt: string;
+    /** ISO timestamp when passcode was last changed */
+    changedAt?: string;
+}
+/**
+ * A secret stored in the vault with policy links
+ */
+export interface VaultSecret {
+    /** Unique identifier */
+    id: string;
+    /** Human-readable name (e.g. DATABASE_URL) */
+    name: string;
+    /** Secret value (plaintext — vault is AES-256-GCM encrypted) */
+    value: string;
+    /** Policy IDs this secret is linked to (many-to-many) */
+    policyIds: string[];
+    /** ISO timestamp when created */
+    createdAt: string;
+}
+/**
+ * Vault contents structure
+ */
+export interface VaultContents {
+    /** AgenCo OAuth tokens and secrets */
+    agenco?: AgenCoSecrets;
+    /** Environment variables for sandboxed processes */
+    envSecrets: Record<string, string>;
+    /** Sensitive patterns for policy matching */
+    sensitivePatterns: string[];
+    /** Passcode for authentication */
+    passcode?: PasscodeData;
+    /** Named secrets with policy links */
+    secrets?: VaultSecret[];
+}
+//# sourceMappingURL=vault.d.ts.map

package/types/vault.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"vault.d.ts","sourceRoot":"","sources":["../../src/types/vault.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,yBAAyB;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,0BAA0B;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,sCAAsC;IACtC,SAAS,EAAE,MAAM,CAAC;IAClB,iCAAiC;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,qCAAqC;IACrC,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,kCAAkC;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,oDAAoD;IACpD,KAAK,EAAE,MAAM,CAAC;IACd,mDAAmD;IACnD,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,wBAAwB;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,8CAA8C;IAC9C,IAAI,EAAE,MAAM,CAAC;IACb,gEAAgE;IAChE,KAAK,EAAE,MAAM,CAAC;IACd,yDAAyD;IACzD,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,iCAAiC;IACjC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,sCAAsC;IACtC,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,oDAAoD;IACpD,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnC,6CAA6C;IAC7C,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,kCAAkC;IAClC,QAAQ,CAAC,EAAE,YAAY,CAAC;IACxB,sCAAsC;IACtC,OAAO,CAAC,EAAE,WAAW,EAAE,CAAC;CACzB"}