@agenshield/ipc 0.6.2 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/constants.d.ts +2 -0
- package/constants.d.ts.map +1 -1
- package/index.d.ts +2 -0
- package/index.d.ts.map +1 -1
- package/index.js +110 -3
- package/package.json +1 -1
- package/presets.d.ts +16 -0
- package/presets.d.ts.map +1 -0
- package/schemas/config.schema.d.ts +18 -2
- package/schemas/config.schema.d.ts.map +1 -1
- package/schemas/policy.schema.d.ts +2 -0
- package/schemas/policy.schema.d.ts.map +1 -1
- package/types/api.d.ts +5 -1
- package/types/api.d.ts.map +1 -1
- package/types/config.d.ts +14 -1
- package/types/config.d.ts.map +1 -1
- package/types/daemon.d.ts +11 -0
- package/types/daemon.d.ts.map +1 -1
- package/types/index.d.ts +1 -0
- package/types/index.d.ts.map +1 -1
- package/types/migration.d.ts +67 -0
- package/types/migration.d.ts.map +1 -0
- package/types/policy.d.ts +48 -0
- package/types/policy.d.ts.map +1 -1
- package/types/vault.d.ts +64 -0
- package/types/vault.d.ts.map +1 -1
package/constants.d.ts
CHANGED
|
@@ -19,6 +19,8 @@ export declare const LOG_FILE = "daemon.log";
|
|
|
19
19
|
export declare const STATE_FILE = "state.json";
|
|
20
20
|
/** Encrypted vault file name */
|
|
21
21
|
export declare const VAULT_FILE = "vault.enc";
|
|
22
|
+
/** Synced secrets file name (daemon -> broker) */
|
|
23
|
+
export declare const SYNCED_SECRETS_FILE = "synced-secrets.json";
|
|
22
24
|
/** AgenCo subdirectory */
|
|
23
25
|
export declare const AGENCO_DIR = "agenco";
|
|
24
26
|
/** Policies subdirectory */
|
package/constants.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,+BAA+B;AAC/B,eAAO,MAAM,YAAY,OAAO,CAAC;AAEjC,kFAAkF;AAClF,eAAO,MAAM,YAAY,cAAc,CAAC;AAExC,2CAA2C;AAC3C,eAAO,MAAM,eAAe,gBAAgB,CAAC;AAG7C,mCAAmC;AACnC,eAAO,MAAM,UAAU,gBAAgB,CAAC;AAExC,8BAA8B;AAC9B,eAAO,MAAM,WAAW,gBAAgB,CAAC;AAEzC,oBAAoB;AACpB,eAAO,MAAM,QAAQ,eAAe,CAAC;AAErC,oBAAoB;AACpB,eAAO,MAAM,QAAQ,eAAe,CAAC;AAErC,sBAAsB;AACtB,eAAO,MAAM,UAAU,eAAe,CAAC;AAEvC,gCAAgC;AAChC,eAAO,MAAM,UAAU,cAAc,CAAC;AAEtC,0BAA0B;AAC1B,eAAO,MAAM,UAAU,WAAW,CAAC;AAEnC,4BAA4B;AAC5B,eAAO,MAAM,YAAY,aAAa,CAAC;AAEvC,yBAAyB;AACzB,eAAO,MAAM,SAAS,UAAU,CAAC;AAEjC,4DAA4D;AAC5D,eAAO,MAAM,eAAe,gBAAgB,CAAC;AAE7C,kCAAkC;AAClC,eAAO,MAAM,aAAa,OAAO,CAAC;AAElC,sBAAsB;AACtB,eAAO,MAAM,WAAW,yCAAyC,CAAC;AAElE,qFAAqF;AACrF,eAAO,MAAM,eAAe,4CAA4C,CAAC;AAGzE,uBAAuB;AACvB,eAAO,MAAM,UAAU,SAAS,CAAC;AAEjC,yBAAyB;AACzB,eAAO,MAAM,SAAS;;;;;;CAMZ,CAAC;AAGX,uBAAuB;AACvB,eAAO,MAAM,UAAU,SAAS,CAAC;AAEjC,yBAAyB;AACzB,eAAO,MAAM,aAAa;IACxB,wBAAwB;;IAExB,2BAA2B;;IAE3B,yBAAyB;;IAEzB,8BAA8B;;CAEtB,CAAC"}
|
|
1
|
+
{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,+BAA+B;AAC/B,eAAO,MAAM,YAAY,OAAO,CAAC;AAEjC,kFAAkF;AAClF,eAAO,MAAM,YAAY,cAAc,CAAC;AAExC,2CAA2C;AAC3C,eAAO,MAAM,eAAe,gBAAgB,CAAC;AAG7C,mCAAmC;AACnC,eAAO,MAAM,UAAU,gBAAgB,CAAC;AAExC,8BAA8B;AAC9B,eAAO,MAAM,WAAW,gBAAgB,CAAC;AAEzC,oBAAoB;AACpB,eAAO,MAAM,QAAQ,eAAe,CAAC;AAErC,oBAAoB;AACpB,eAAO,MAAM,QAAQ,eAAe,CAAC;AAErC,sBAAsB;AACtB,eAAO,MAAM,UAAU,eAAe,CAAC;AAEvC,gCAAgC;AAChC,eAAO,MAAM,UAAU,cAAc,CAAC;AAEtC,kDAAkD;AAClD,eAAO,MAAM,mBAAmB,wBAAwB,CAAC;AAEzD,0BAA0B;AAC1B,eAAO,MAAM,UAAU,WAAW,CAAC;AAEnC,4BAA4B;AAC5B,eAAO,MAAM,YAAY,aAAa,CAAC;AAEvC,yBAAyB;AACzB,eAAO,MAAM,SAAS,UAAU,CAAC;AAEjC,4DAA4D;AAC5D,eAAO,MAAM,eAAe,gBAAgB,CAAC;AAE7C,kCAAkC;AAClC,eAAO,MAAM,aAAa,OAAO,CAAC;AAElC,sBAAsB;AACtB,eAAO,MAAM,WAAW,yCAAyC,CAAC;AAElE,qFAAqF;AACrF,eAAO,MAAM,eAAe,4CAA4C,CAAC;AAGzE,uBAAuB;AACvB,eAAO,MAAM,UAAU,SAAS,CAAC;AAEjC,yBAAyB;AACzB,eAAO,MAAM,SAAS;;;;;;CAMZ,CAAC;AAGX,uBAAuB;AACvB,eAAO,MAAM,UAAU,SAAS,CAAC;AAEjC,yBAAyB;AACzB,eAAO,MAAM,aAAa;IACxB,wBAAwB;;IAExB,2BAA2B;;IAE3B,yBAAyB;;IAEzB,8BAA8B;;CAEtB,CAAC"}
|
package/index.d.ts
CHANGED
|
@@ -14,6 +14,8 @@ export { AgenCoAuthStartRequestSchema, AgenCoAuthStartResponseSchema, AgenCoAuth
|
|
|
14
14
|
export { DaemonStateSchema, UserStateSchema, GroupStateSchema, AgenCoStateSchema, InstallationStateSchema, PasscodeProtectionStateSchema, SystemStateSchema, } from './schemas/state.schema';
|
|
15
15
|
export { AgenCoSecretsSchema, VaultContentsSchema, } from './schemas/vault.schema';
|
|
16
16
|
export { AuthStatusResponseSchema, UnlockRequestSchema, UnlockResponseSchema, LockRequestSchema, LockResponseSchema, SetupPasscodeRequestSchema, SetupPasscodeResponseSchema, ChangePasscodeRequestSchema, ChangePasscodeResponseSchema, SessionSchema, AuthConfigSchema, PasscodeDataSchema, } from './schemas/auth.schema';
|
|
17
|
+
export { OPENCLAW_PRESET, POLICY_PRESETS } from './presets';
|
|
18
|
+
export type { PolicyPreset } from './presets';
|
|
17
19
|
export { COMMAND_CATALOG, searchCatalog } from './catalog';
|
|
18
20
|
export * from './constants';
|
|
19
21
|
//# sourceMappingURL=index.d.ts.map
|
package/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,cAAc,eAAe,CAAC;AAG9B,OAAO,EAEL,kBAAkB,EAClB,kBAAkB,EAClB,iBAAiB,EACjB,kBAAkB,EAClB,oBAAoB,EACpB,qBAAqB,EACrB,gBAAgB,EAChB,iBAAiB,EACjB,wBAAwB,GACzB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EAEL,mBAAmB,EACnB,uBAAuB,EACvB,oBAAoB,EACpB,qBAAqB,EACrB,oBAAoB,EACpB,gBAAgB,EAChB,mBAAmB,EACnB,wBAAwB,EACxB,gBAAgB,EAChB,uBAAuB,EACvB,mBAAmB,EACnB,iBAAiB,EACjB,oBAAoB,GACrB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAEL,gBAAgB,EAChB,mBAAmB,EACnB,wBAAwB,EACxB,sBAAsB,EACtB,yBAAyB,EACzB,4BAA4B,EAC5B,wBAAwB,GACzB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EAEL,4BAA4B,EAC5B,6BAA6B,EAC7B,+BAA+B,EAC/B,gCAAgC,EAChC,8BAA8B,EAC9B,0BAA0B,EAC1B,2BAA2B,EAC3B,2BAA2B,EAC3B,gBAAgB,EAChB,4BAA4B,EAC5B,6BAA6B,EAC7B,mCAAmC,EACnC,6BAA6B,EAC7B,uBAAuB,EACvB,oCAAoC,EACpC,gCAAgC,EAChC,yCAAyC,EACzC,qCAAqC,EACrC,sCAAsC,GACvC,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EAEL,iBAAiB,EACjB,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EACjB,uBAAuB,EACvB,6BAA6B,EAC7B,iBAAiB,GAClB,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EAEL,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EAEL,wBAAwB,EACxB,mBAAmB,EACnB,oBAAoB,EACpB,iBAAiB,EACjB,kBAAkB,EAClB,0BAA0B,EAC1B,2BAA2B,EAC3B,2BAA2B,EAC3B,4BAA4B,EAC5B,aAAa,EACb,gBAAgB,EAChB,kBAAkB,GACnB,MAAM,uBAAuB,CAAC;AAG/B,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAG3D,cAAc,aAAa,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,cAAc,eAAe,CAAC;AAG9B,OAAO,EAEL,kBAAkB,EAClB,kBAAkB,EAClB,iBAAiB,EACjB,kBAAkB,EAClB,oBAAoB,EACpB,qBAAqB,EACrB,gBAAgB,EAChB,iBAAiB,EACjB,wBAAwB,GACzB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EAEL,mBAAmB,EACnB,uBAAuB,EACvB,oBAAoB,EACpB,qBAAqB,EACrB,oBAAoB,EACpB,gBAAgB,EAChB,mBAAmB,EACnB,wBAAwB,EACxB,gBAAgB,EAChB,uBAAuB,EACvB,mBAAmB,EACnB,iBAAiB,EACjB,oBAAoB,GACrB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAEL,gBAAgB,EAChB,mBAAmB,EACnB,wBAAwB,EACxB,sBAAsB,EACtB,yBAAyB,EACzB,4BAA4B,EAC5B,wBAAwB,GACzB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EAEL,4BAA4B,EAC5B,6BAA6B,EAC7B,+BAA+B,EAC/B,gCAAgC,EAChC,8BAA8B,EAC9B,0BAA0B,EAC1B,2BAA2B,EAC3B,2BAA2B,EAC3B,gBAAgB,EAChB,4BAA4B,EAC5B,6BAA6B,EAC7B,mCAAmC,EACnC,6BAA6B,EAC7B,uBAAuB,EACvB,oCAAoC,EACpC,gCAAgC,EAChC,yCAAyC,EACzC,qCAAqC,EACrC,sCAAsC,GACvC,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EAEL,iBAAiB,EACjB,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EACjB,uBAAuB,EACvB,6BAA6B,EAC7B,iBAAiB,GAClB,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EAEL,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EAEL,wBAAwB,EACxB,mBAAmB,EACnB,oBAAoB,EACpB,iBAAiB,EACjB,kBAAkB,EAClB,0BAA0B,EAC1B,2BAA2B,EAC3B,2BAA2B,EAC3B,4BAA4B,EAC5B,aAAa,EACb,gBAAgB,EAChB,kBAAkB,GACnB,MAAM,uBAAuB,CAAC;AAG/B,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC5D,YAAY,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAG9C,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAG3D,cAAc,aAAa,CAAC"}
|
package/index.js
CHANGED
|
@@ -83,13 +83,17 @@ var DaemonConfigSchema = z.object({
|
|
|
83
83
|
enableHostsEntry: z.boolean().default(false)
|
|
84
84
|
});
|
|
85
85
|
var PolicyConfigSchema = z.object({
|
|
86
|
-
id: z.string().
|
|
86
|
+
id: z.string().min(1),
|
|
87
87
|
name: z.string().min(1).max(100),
|
|
88
88
|
action: z.enum(["allow", "deny", "approval"]),
|
|
89
89
|
target: z.enum(["skill", "command", "url", "filesystem"]),
|
|
90
90
|
patterns: z.array(z.string()),
|
|
91
91
|
enabled: z.boolean().default(true),
|
|
92
|
-
|
|
92
|
+
priority: z.number().optional(),
|
|
93
|
+
operations: z.array(z.string()).optional(),
|
|
94
|
+
preset: z.string().optional(),
|
|
95
|
+
scope: z.string().optional(),
|
|
96
|
+
networkAccess: z.enum(["none", "proxy", "direct"]).optional()
|
|
93
97
|
});
|
|
94
98
|
var VaultConfigSchema = z.object({
|
|
95
99
|
enabled: z.boolean(),
|
|
@@ -191,7 +195,8 @@ var PolicyRuleSchema = z3.object({
|
|
|
191
195
|
operations: z3.array(OperationTypeSchema),
|
|
192
196
|
patterns: z3.array(z3.string()),
|
|
193
197
|
enabled: z3.boolean(),
|
|
194
|
-
priority: z3.number().optional()
|
|
198
|
+
priority: z3.number().optional(),
|
|
199
|
+
scope: z3.string().optional()
|
|
195
200
|
});
|
|
196
201
|
var FsConstraintsSchema = z3.object({
|
|
197
202
|
allowedPaths: z3.array(z3.string()),
|
|
@@ -448,6 +453,104 @@ var VaultContentsSchema = z7.object({
|
|
|
448
453
|
passcode: PasscodeDataSchema.optional()
|
|
449
454
|
});
|
|
450
455
|
|
|
456
|
+
// libs/shield-ipc/src/presets.ts
|
|
457
|
+
var OPENCLAW_PRESET = {
|
|
458
|
+
id: "openclaw",
|
|
459
|
+
name: "OpenClaw",
|
|
460
|
+
description: "Default policies for OpenClaw AI coding agent",
|
|
461
|
+
policies: [
|
|
462
|
+
{
|
|
463
|
+
id: "preset-openclaw-ai-apis",
|
|
464
|
+
name: "AI Provider APIs",
|
|
465
|
+
action: "allow",
|
|
466
|
+
target: "url",
|
|
467
|
+
patterns: [
|
|
468
|
+
"api.openai.com",
|
|
469
|
+
"api.anthropic.com",
|
|
470
|
+
"generativelanguage.googleapis.com",
|
|
471
|
+
"api.mistral.ai",
|
|
472
|
+
"api.cohere.ai",
|
|
473
|
+
"openrouter.ai"
|
|
474
|
+
],
|
|
475
|
+
enabled: true,
|
|
476
|
+
priority: 5,
|
|
477
|
+
preset: "openclaw"
|
|
478
|
+
},
|
|
479
|
+
{
|
|
480
|
+
id: "preset-openclaw-registries",
|
|
481
|
+
name: "Package Registries & Git",
|
|
482
|
+
action: "allow",
|
|
483
|
+
target: "url",
|
|
484
|
+
patterns: [
|
|
485
|
+
"registry.npmjs.org",
|
|
486
|
+
"registry.yarnpkg.com",
|
|
487
|
+
"github.com",
|
|
488
|
+
"api.github.com",
|
|
489
|
+
"pypi.org"
|
|
490
|
+
],
|
|
491
|
+
enabled: true,
|
|
492
|
+
priority: 5,
|
|
493
|
+
preset: "openclaw"
|
|
494
|
+
},
|
|
495
|
+
{
|
|
496
|
+
id: "preset-openclaw-commands",
|
|
497
|
+
name: "OpenClaw Core Commands",
|
|
498
|
+
action: "allow",
|
|
499
|
+
target: "command",
|
|
500
|
+
patterns: [
|
|
501
|
+
"node:*",
|
|
502
|
+
"node-bin:*",
|
|
503
|
+
"npm:*",
|
|
504
|
+
"npx:*",
|
|
505
|
+
"openclaw:*",
|
|
506
|
+
"git:*",
|
|
507
|
+
"curl:*",
|
|
508
|
+
"ls:*",
|
|
509
|
+
"cat:*",
|
|
510
|
+
"head:*",
|
|
511
|
+
"tail:*",
|
|
512
|
+
"grep:*",
|
|
513
|
+
"find:*",
|
|
514
|
+
"which:*",
|
|
515
|
+
"echo:*",
|
|
516
|
+
"touch:*",
|
|
517
|
+
"mkdir:*",
|
|
518
|
+
"cp:*",
|
|
519
|
+
"mv:*",
|
|
520
|
+
"rm:*",
|
|
521
|
+
"env:*",
|
|
522
|
+
"printenv:*",
|
|
523
|
+
"wc:*",
|
|
524
|
+
"sort:*",
|
|
525
|
+
"uniq:*",
|
|
526
|
+
"sed:*",
|
|
527
|
+
"awk:*",
|
|
528
|
+
"xargs:*",
|
|
529
|
+
"tar:*",
|
|
530
|
+
"tee:*"
|
|
531
|
+
],
|
|
532
|
+
enabled: true,
|
|
533
|
+
priority: 5,
|
|
534
|
+
preset: "openclaw"
|
|
535
|
+
},
|
|
536
|
+
{
|
|
537
|
+
id: "preset-openclaw-filesystem",
|
|
538
|
+
name: "OpenClaw Workspace Access",
|
|
539
|
+
action: "allow",
|
|
540
|
+
target: "filesystem",
|
|
541
|
+
patterns: [
|
|
542
|
+
"$WORKSPACE/**",
|
|
543
|
+
"/tmp/**"
|
|
544
|
+
],
|
|
545
|
+
operations: ["file_read", "file_write"],
|
|
546
|
+
enabled: true,
|
|
547
|
+
priority: 5,
|
|
548
|
+
preset: "openclaw"
|
|
549
|
+
}
|
|
550
|
+
]
|
|
551
|
+
};
|
|
552
|
+
var POLICY_PRESETS = [OPENCLAW_PRESET];
|
|
553
|
+
|
|
451
554
|
// libs/shield-ipc/src/catalog.ts
|
|
452
555
|
var COMMAND_CATALOG = {
|
|
453
556
|
// ── Network ────────────────────────────────────────────────
|
|
@@ -1254,6 +1357,7 @@ var PID_FILE = "daemon.pid";
|
|
|
1254
1357
|
var LOG_FILE = "daemon.log";
|
|
1255
1358
|
var STATE_FILE = "state.json";
|
|
1256
1359
|
var VAULT_FILE = "vault.enc";
|
|
1360
|
+
var SYNCED_SECRETS_FILE = "synced-secrets.json";
|
|
1257
1361
|
var AGENCO_DIR = "agenco";
|
|
1258
1362
|
var POLICIES_DIR = "policies";
|
|
1259
1363
|
var USERS_DIR = "users";
|
|
@@ -1343,10 +1447,12 @@ export {
|
|
|
1343
1447
|
MARKETPLACE_DIR,
|
|
1344
1448
|
MCP_GATEWAY,
|
|
1345
1449
|
NetworkConstraintsSchema,
|
|
1450
|
+
OPENCLAW_PRESET,
|
|
1346
1451
|
OpenUrlParamsSchema,
|
|
1347
1452
|
OperationTypeSchema,
|
|
1348
1453
|
PID_FILE,
|
|
1349
1454
|
POLICIES_DIR,
|
|
1455
|
+
POLICY_PRESETS,
|
|
1350
1456
|
PasscodeDataSchema,
|
|
1351
1457
|
PasscodeProtectionStateSchema,
|
|
1352
1458
|
PathsConfigSchema,
|
|
@@ -1359,6 +1465,7 @@ export {
|
|
|
1359
1465
|
SSE_ENDPOINTS,
|
|
1360
1466
|
SSE_PREFIX,
|
|
1361
1467
|
STATE_FILE,
|
|
1468
|
+
SYNCED_SECRETS_FILE,
|
|
1362
1469
|
SecretInjectParamsSchema,
|
|
1363
1470
|
SessionSchema,
|
|
1364
1471
|
SetupPasscodeRequestSchema,
|
package/package.json
CHANGED
package/presets.d.ts
ADDED
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Policy Presets
|
|
3
|
+
*
|
|
4
|
+
* Predefined policy sets that provide sensible defaults for common use cases.
|
|
5
|
+
* Seeded on first config creation.
|
|
6
|
+
*/
|
|
7
|
+
import type { PolicyConfig } from './types/config';
|
|
8
|
+
export interface PolicyPreset {
|
|
9
|
+
id: string;
|
|
10
|
+
name: string;
|
|
11
|
+
description: string;
|
|
12
|
+
policies: PolicyConfig[];
|
|
13
|
+
}
|
|
14
|
+
export declare const OPENCLAW_PRESET: PolicyPreset;
|
|
15
|
+
export declare const POLICY_PRESETS: PolicyPreset[];
|
|
16
|
+
//# sourceMappingURL=presets.d.ts.map
|
package/presets.d.ts.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"presets.d.ts","sourceRoot":"","sources":["../src/presets.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAEnD,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,YAAY,EAAE,CAAC;CAC1B;AAED,eAAO,MAAM,eAAe,EAAE,YA0E7B,CAAC;AAEF,eAAO,MAAM,cAAc,EAAE,YAAY,EAAsB,CAAC"}
|
|
@@ -130,9 +130,9 @@ export declare const DaemonConfigSchema: z.ZodObject<{
|
|
|
130
130
|
host: z.ZodDefault<z.ZodString>;
|
|
131
131
|
logLevel: z.ZodDefault<z.ZodEnum<{
|
|
132
132
|
info: "info";
|
|
133
|
+
error: "error";
|
|
133
134
|
debug: "debug";
|
|
134
135
|
warn: "warn";
|
|
135
|
-
error: "error";
|
|
136
136
|
}>>;
|
|
137
137
|
enableHostsEntry: z.ZodDefault<z.ZodBoolean>;
|
|
138
138
|
}, z.core.$strip>;
|
|
@@ -152,7 +152,15 @@ export declare const PolicyConfigSchema: z.ZodObject<{
|
|
|
152
152
|
}>;
|
|
153
153
|
patterns: z.ZodArray<z.ZodString>;
|
|
154
154
|
enabled: z.ZodDefault<z.ZodBoolean>;
|
|
155
|
+
priority: z.ZodOptional<z.ZodNumber>;
|
|
155
156
|
operations: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
157
|
+
preset: z.ZodOptional<z.ZodString>;
|
|
158
|
+
scope: z.ZodOptional<z.ZodString>;
|
|
159
|
+
networkAccess: z.ZodOptional<z.ZodEnum<{
|
|
160
|
+
none: "none";
|
|
161
|
+
proxy: "proxy";
|
|
162
|
+
direct: "direct";
|
|
163
|
+
}>>;
|
|
156
164
|
}, z.core.$strip>;
|
|
157
165
|
export declare const VaultConfigSchema: z.ZodObject<{
|
|
158
166
|
enabled: z.ZodBoolean;
|
|
@@ -168,9 +176,9 @@ export declare const ShieldConfigSchema: z.ZodObject<{
|
|
|
168
176
|
host: z.ZodDefault<z.ZodString>;
|
|
169
177
|
logLevel: z.ZodDefault<z.ZodEnum<{
|
|
170
178
|
info: "info";
|
|
179
|
+
error: "error";
|
|
171
180
|
debug: "debug";
|
|
172
181
|
warn: "warn";
|
|
173
|
-
error: "error";
|
|
174
182
|
}>>;
|
|
175
183
|
enableHostsEntry: z.ZodDefault<z.ZodBoolean>;
|
|
176
184
|
}, z.core.$strip>;
|
|
@@ -190,7 +198,15 @@ export declare const ShieldConfigSchema: z.ZodObject<{
|
|
|
190
198
|
}>;
|
|
191
199
|
patterns: z.ZodArray<z.ZodString>;
|
|
192
200
|
enabled: z.ZodDefault<z.ZodBoolean>;
|
|
201
|
+
priority: z.ZodOptional<z.ZodNumber>;
|
|
193
202
|
operations: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
203
|
+
preset: z.ZodOptional<z.ZodString>;
|
|
204
|
+
scope: z.ZodOptional<z.ZodString>;
|
|
205
|
+
networkAccess: z.ZodOptional<z.ZodEnum<{
|
|
206
|
+
none: "none";
|
|
207
|
+
proxy: "proxy";
|
|
208
|
+
direct: "direct";
|
|
209
|
+
}>>;
|
|
194
210
|
}, z.core.$strip>>>;
|
|
195
211
|
vault: z.ZodOptional<z.ZodObject<{
|
|
196
212
|
enabled: z.ZodBoolean;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.schema.d.ts","sourceRoot":"","sources":["../../src/schemas/config.schema.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;GAEG;AACH,eAAO,MAAM,oBAAoB;;;;;;;;iBAQ/B,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,qBAAqB;;;;iBAIhC,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAW3B,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,iBAAiB;;;;;;;;iBAQ5B,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAKnC,CAAC;AAEH,eAAO,MAAM,kBAAkB;;;;;;;;;;iBAK7B,CAAC;AAEH,eAAO,MAAM,kBAAkB
|
|
1
|
+
{"version":3,"file":"config.schema.d.ts","sourceRoot":"","sources":["../../src/schemas/config.schema.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;GAEG;AACH,eAAO,MAAM,oBAAoB;;;;;;;;iBAQ/B,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,qBAAqB;;;;iBAIhC,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAW3B,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,iBAAiB;;;;;;;;iBAQ5B,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAKnC,CAAC;AAEH,eAAO,MAAM,kBAAkB;;;;;;;;;;iBAK7B,CAAC;AAEH,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;iBAY7B,CAAC;AAEH,eAAO,MAAM,iBAAiB;;;;;;iBAG5B,CAAC;AAEH,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAK7B,CAAC;AAGH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AACnE,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,kBAAkB,CAAC,CAAC;AACrE,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AACnE,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AACnE,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAGrE,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AACvE,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,oBAAoB,CAAC,CAAC;AACzE,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AACzE,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAC3E,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAC/D,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,gBAAgB,CAAC,CAAC;AACjE,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AACjE,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,iBAAiB,CAAC,CAAC;AACnE,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAC/E,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,wBAAwB,CAAC,CAAC"}
|
|
@@ -31,6 +31,7 @@ export declare const PolicyRuleSchema: z.ZodObject<{
|
|
|
31
31
|
patterns: z.ZodArray<z.ZodString>;
|
|
32
32
|
enabled: z.ZodBoolean;
|
|
33
33
|
priority: z.ZodOptional<z.ZodNumber>;
|
|
34
|
+
scope: z.ZodOptional<z.ZodString>;
|
|
34
35
|
}, z.core.$strip>;
|
|
35
36
|
export declare const FsConstraintsSchema: z.ZodObject<{
|
|
36
37
|
allowedPaths: z.ZodArray<z.ZodString>;
|
|
@@ -88,6 +89,7 @@ export declare const PolicyConfigurationSchema: z.ZodObject<{
|
|
|
88
89
|
patterns: z.ZodArray<z.ZodString>;
|
|
89
90
|
enabled: z.ZodBoolean;
|
|
90
91
|
priority: z.ZodOptional<z.ZodNumber>;
|
|
92
|
+
scope: z.ZodOptional<z.ZodString>;
|
|
91
93
|
}, z.core.$strip>>;
|
|
92
94
|
defaultAction: z.ZodEnum<{
|
|
93
95
|
allow: "allow";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"policy.schema.d.ts","sourceRoot":"","sources":["../../src/schemas/policy.schema.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,eAAO,MAAM,gBAAgB
|
|
1
|
+
{"version":3,"file":"policy.schema.d.ts","sourceRoot":"","sources":["../../src/schemas/policy.schema.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAU3B,CAAC;AAEH,eAAO,MAAM,mBAAmB;;;iBAG9B,CAAC;AAEH,eAAO,MAAM,wBAAwB;;;;iBAInC,CAAC;AAEH,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;iBAIjC,CAAC;AAEH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAOpC,CAAC;AAEH,eAAO,MAAM,4BAA4B;;;;;iBAKvC,CAAC;AAEH,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;iBAGnC,CAAC;AAGH,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAC1D,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAChE,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAC1E,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AACtE,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAC5E,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,4BAA4B,CAAC,CAAC;AAClF,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC"}
|
package/types/api.d.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* API types for AgenShield daemon communication
|
|
3
3
|
*/
|
|
4
|
-
import type { DaemonStatus } from './daemon';
|
|
4
|
+
import type { DaemonStatus, OpenClawServiceStatus } from './daemon';
|
|
5
5
|
import type { ShieldConfig } from './config';
|
|
6
6
|
export interface ApiResponse<T> {
|
|
7
7
|
success: boolean;
|
|
@@ -55,5 +55,9 @@ export interface FsBrowseEntry {
|
|
|
55
55
|
export type FsBrowseResponse = ApiResponse<{
|
|
56
56
|
entries: FsBrowseEntry[];
|
|
57
57
|
}>;
|
|
58
|
+
export type GetOpenClawStatusResponse = ApiResponse<OpenClawServiceStatus>;
|
|
59
|
+
export type OpenClawActionResponse = ApiResponse<{
|
|
60
|
+
message: string;
|
|
61
|
+
}>;
|
|
58
62
|
export type UpdateConfigRequest = Partial<ShieldConfig>;
|
|
59
63
|
//# sourceMappingURL=api.d.ts.map
|
package/types/api.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../../src/types/api.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;
|
|
1
|
+
{"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../../src/types/api.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,qBAAqB,EAAE,MAAM,UAAU,CAAC;AACpE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAE7C,MAAM,WAAW,WAAW,CAAC,CAAC;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,CAAC,EAAE,CAAC,CAAC;IACT,KAAK,CAAC,EAAE,QAAQ,CAAC;CAClB;AAED,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,8CAA8C;IAC9C,aAAa,EAAE,OAAO,CAAC;IACvB,mBAAmB;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,+BAA+B;IAC/B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,4CAA4C;IAC5C,UAAU,EAAE,OAAO,CAAC;IACpB,kCAAkC;IAClC,qBAAqB,EAAE,OAAO,CAAC;IAC/B,wDAAwD;IACxD,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,wBAAwB;IACxB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,+BAA+B;IAC/B,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,sBAAsB;IACtB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,6BAA6B;IAC7B,KAAK,EAAE,QAAQ,GAAG,SAAS,GAAG,aAAa,GAAG,UAAU,CAAC;CAC1D;AAGD,MAAM,MAAM,iBAAiB,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC;AAC1D,MAAM,MAAM,iBAAiB,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC;AAC1D,MAAM,MAAM,oBAAoB,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC;AAC7D,MAAM,MAAM,cAAc,GAAG,WAAW,CAAC;IAAE,EAAE,EAAE,OAAO,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,QAAQ,GAAG,OAAO,CAAA;CAAE,CAAC,CAAC;AACxG,MAAM,MAAM,yBAAyB,GAAG,WAAW,CAAC,kBAAkB,CAAC,CAAC;AAGxE,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,GAAG,WAAW,CAAC;CAC5B;AACD,MAAM,MAAM,gBAAgB,GAAG,WAAW,CAAC;IAAE,OAAO,EAAE,aAAa,EAAE,CAAA;CAAE,CAAC,CAAC;AAGzE,MAAM,MAAM,yBAAyB,GAAG,WAAW,CAAC,qBAAqB,CAAC,CAAC;AAC3E,MAAM,MAAM,sBAAsB,GAAG,WAAW,CAAC;IAAE,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC;AAGtE,MAAM,MAAM,mBAAmB,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC"}
|
package/types/config.d.ts
CHANGED
|
@@ -42,7 +42,7 @@ export interface UserConfig {
|
|
|
42
42
|
brokerUser: UserDefinition;
|
|
43
43
|
/** Groups to create */
|
|
44
44
|
groups: {
|
|
45
|
-
/** Socket access group (
|
|
45
|
+
/** Socket access group (ash_default) */
|
|
46
46
|
socket: GroupDefinition;
|
|
47
47
|
/** Workspace access group (clawworkspace) */
|
|
48
48
|
workspace: GroupDefinition;
|
|
@@ -146,6 +146,12 @@ export interface PolicyConfig {
|
|
|
146
146
|
priority?: number;
|
|
147
147
|
/** Operations this policy applies to */
|
|
148
148
|
operations?: string[];
|
|
149
|
+
/** Preset this policy belongs to (undefined = user-created) */
|
|
150
|
+
preset?: string;
|
|
151
|
+
/** Scope restriction: 'agent', 'skill', or 'skill:<slug>' */
|
|
152
|
+
scope?: 'agent' | 'skill' | string;
|
|
153
|
+
/** Network access level for sandboxed commands: none (default), proxy, or direct */
|
|
154
|
+
networkAccess?: 'none' | 'proxy' | 'direct';
|
|
149
155
|
}
|
|
150
156
|
export interface VaultConfig {
|
|
151
157
|
/** Whether vault is enabled */
|
|
@@ -173,6 +179,7 @@ export interface SoulConfig {
|
|
|
173
179
|
/** Security level */
|
|
174
180
|
securityLevel?: 'low' | 'medium' | 'high';
|
|
175
181
|
}
|
|
182
|
+
import type { EnvVariableDetail, RuntimeRequirement, InstallationStep, RunCommand, SecurityFinding, MCPSpecificRisk } from './marketplace';
|
|
176
183
|
export interface SkillAnalysis {
|
|
177
184
|
status: 'pending' | 'analyzing' | 'complete' | 'error';
|
|
178
185
|
analyzedAt?: string;
|
|
@@ -184,6 +191,12 @@ export interface SkillAnalysis {
|
|
|
184
191
|
};
|
|
185
192
|
commands: ExtractedCommand[];
|
|
186
193
|
error?: string;
|
|
194
|
+
envVariables?: EnvVariableDetail[];
|
|
195
|
+
runtimeRequirements?: RuntimeRequirement[];
|
|
196
|
+
installationSteps?: InstallationStep[];
|
|
197
|
+
runCommands?: RunCommand[];
|
|
198
|
+
securityFindings?: SecurityFinding[];
|
|
199
|
+
mcpSpecificRisks?: MCPSpecificRisk[];
|
|
187
200
|
}
|
|
188
201
|
export interface ExtractedCommand {
|
|
189
202
|
name: string;
|
package/types/config.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/types/config.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,sEAAsE;IACtE,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,uBAAuB;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,iBAAiB;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,qBAAqB;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,8BAA8B;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,wBAAwB;IACxB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,4DAA4D;IAC5D,IAAI,EAAE,MAAM,CAAC;IACb,eAAe;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,kBAAkB;IAClB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;GAGG;AACH,MAAM,WAAW,UAAU;IACzB,4BAA4B;IAC5B,SAAS,EAAE,cAAc,CAAC;IAC1B,6BAA6B;IAC7B,UAAU,EAAE,cAAc,CAAC;IAC3B,uBAAuB;IACvB,MAAM,EAAE;QACN,
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/types/config.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,sEAAsE;IACtE,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,uBAAuB;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,iBAAiB;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,qBAAqB;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,8BAA8B;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,wBAAwB;IACxB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,4DAA4D;IAC5D,IAAI,EAAE,MAAM,CAAC;IACb,eAAe;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,kBAAkB;IAClB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;GAGG;AACH,MAAM,WAAW,UAAU;IACzB,4BAA4B;IAC5B,SAAS,EAAE,cAAc,CAAC;IAC1B,6BAA6B;IAC7B,UAAU,EAAE,cAAc,CAAC;IAC3B,uBAAuB;IACvB,MAAM,EAAE;QACN,wCAAwC;QACxC,MAAM,EAAE,eAAe,CAAC;QACxB,6CAA6C;QAC7C,SAAS,EAAE,eAAe,CAAC;KAC5B,CAAC;IACF,+EAA+E;IAC/E,MAAM,EAAE,MAAM,CAAC;IACf,yDAAyD;IACzD,QAAQ,EAAE,MAAM,CAAC;IACjB,iCAAiC;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,kCAAkC;IAClC,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,kBAAkB;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,4BAA4B;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,yBAAyB;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,kCAAkC;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,oBAAoB;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,2BAA2B;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,uBAAuB;IACvB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,mCAAmC;IACnC,KAAK,EAAE,UAAU,CAAC;IAClB,0BAA0B;IAC1B,KAAK,EAAE,WAAW,CAAC;IACnB,sCAAsC;IACtC,YAAY,EAAE,OAAO,CAAC;IACtB,yBAAyB;IACzB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,YAAY,CAAC;IACrB,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,QAAQ,EAAE,YAAY,EAAE,CAAC;IACzB,KAAK,CAAC,EAAE,WAAW,CAAC;IACpB,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,IAAI,CAAC,EAAE,UAAU,CAAC;CACnB;AAED,MAAM,WAAW,YAAY;IAC3B,uCAAuC;IACvC,IAAI,EAAE,MAAM,CAAC;IACb,8CAA8C;IAC9C,IAAI,EAAE,MAAM,CAAC;IACb,oBAAoB;IACpB,QAAQ,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IAC9C,+CAA+C;IAC/C,gBAAgB,EAAE,OAAO,CAAC;CAC3B;AAED,MAAM,WAAW,YAAY;IAC3B,uBAAuB;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,uCAAuC;IACvC,WAAW,EAAE,OAAO,CAAC;IACrB,yBAAyB;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,yBAAyB;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,iCAAiC;IACjC,YAAY,EAAE,MAAM,CAAC;IACrB,wBAAwB;IACxB,YAAY,EAAE,MAAM,CAAC;IACrB,iDAAiD;IACjD,QAAQ,EAAE,OAAO,CAAC;IAClB,sCAAsC;IACtC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,wBAAwB;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,yBAAyB;IACzB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,YAAY;IAC3B,uCAAuC;IACvC,EAAE,EAAE,MAAM,CAAC;IACX,0BAA0B;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,uDAAuD;IACvD,MAAM,EAAE,OAAO,GAAG,MAAM,GAAG,UAAU,CAAC;IACtC,+BAA+B;IAC/B,MAAM,EAAE,OAAO,GAAG,SAAS,GAAG,KAAK,GAAG,YAAY,CAAC;IACnD,oCAAoC;IACpC,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,oCAAoC;IACpC,OAAO,EAAE,OAAO,CAAC;IACjB,0CAA0C;IAC1C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,wCAAwC;IACxC,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,+DAA+D;IAC/D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,6DAA6D;IAC7D,KAAK,CAAC,EAAE,OAAO,GAAG,OAAO,GAAG,MAAM,CAAC;IACnC,oFAAoF;IACpF,aAAa,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,QAAQ,CAAC;CAC7C;AAED,MAAM,WAAW,WAAW;IAC1B,+BAA+B;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,2BAA2B;IAC3B,QAAQ,EAAE,OAAO,GAAG,KAAK,CAAC;IAC1B,mCAAmC;IACnC,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,YAAY;IAC3B,iCAAiC;IACjC,OAAO,EAAE,OAAO,CAAC;IACjB,sCAAsC;IACtC,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,gCAAgC;IAChC,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;CAC1B;AAED,MAAM,WAAW,UAAU;IACzB,wCAAwC;IACxC,OAAO,EAAE,OAAO,CAAC;IACjB,qBAAqB;IACrB,IAAI,EAAE,SAAS,GAAG,QAAQ,GAAG,SAAS,CAAC;IACvC,0BAA0B;IAC1B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,qBAAqB;IACrB,aAAa,CAAC,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;CAC3C;AAID,OAAO,KAAK,EACV,iBAAiB,EACjB,kBAAkB,EAClB,gBAAgB,EAChB,UAAU,EACV,eAAe,EACf,eAAe,EAChB,MAAM,eAAe,CAAC;AAEvB,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,SAAS,GAAG,WAAW,GAAG,UAAU,GAAG,OAAO,CAAC;IACvD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE;QACd,KAAK,EAAE,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;QACvD,OAAO,EAAE,MAAM,EAAE,CAAC;QAClB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;KACxB,CAAC;IACF,QAAQ,EAAE,gBAAgB,EAAE,CAAC;IAC7B,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,YAAY,CAAC,EAAE,iBAAiB,EAAE,CAAC;IACnC,mBAAmB,CAAC,EAAE,kBAAkB,EAAE,CAAC;IAC3C,iBAAiB,CAAC,EAAE,gBAAgB,EAAE,CAAC;IACvC,WAAW,CAAC,EAAE,UAAU,EAAE,CAAC;IAC3B,gBAAgB,CAAC,EAAE,eAAe,EAAE,CAAC;IACrC,gBAAgB,CAAC,EAAE,eAAe,EAAE,CAAC;CACtC;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,UAAU,GAAG,UAAU,CAAC;IAChC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,OAAO,CAAC;IACnB,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,YAAY,GAAG,QAAQ,CAAC;IAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;CACd"}
|
package/types/daemon.d.ts
CHANGED
|
@@ -1,6 +1,15 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Daemon status types for AgenShield
|
|
3
3
|
*/
|
|
4
|
+
export interface OpenClawProcessStatus {
|
|
5
|
+
running: boolean;
|
|
6
|
+
pid?: number;
|
|
7
|
+
lastExitStatus?: number;
|
|
8
|
+
}
|
|
9
|
+
export interface OpenClawServiceStatus {
|
|
10
|
+
daemon: OpenClawProcessStatus;
|
|
11
|
+
gateway: OpenClawProcessStatus;
|
|
12
|
+
}
|
|
4
13
|
export interface DaemonStatus {
|
|
5
14
|
/** Whether the daemon is currently running */
|
|
6
15
|
running: boolean;
|
|
@@ -18,5 +27,7 @@ export interface DaemonStatus {
|
|
|
18
27
|
agentUsername?: string;
|
|
19
28
|
/** Workspace group name from state (type='workspace') */
|
|
20
29
|
workspaceGroup?: string;
|
|
30
|
+
/** OpenClaw service status (daemon + gateway) */
|
|
31
|
+
openclaw?: OpenClawServiceStatus;
|
|
21
32
|
}
|
|
22
33
|
//# sourceMappingURL=daemon.d.ts.map
|
package/types/daemon.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"daemon.d.ts","sourceRoot":"","sources":["../../src/types/daemon.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,YAAY;IAC3B,8CAA8C;IAC9C,OAAO,EAAE,OAAO,CAAC;IACjB,+BAA+B;IAC/B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,wBAAwB;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,4BAA4B;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,sCAAsC;IACtC,IAAI,EAAE,MAAM,CAAC;IACb,4CAA4C;IAC5C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,+CAA+C;IAC/C,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,yDAAyD;IACzD,cAAc,CAAC,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"daemon.d.ts","sourceRoot":"","sources":["../../src/types/daemon.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,OAAO,CAAC;IACjB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,qBAAqB,CAAC;IAC9B,OAAO,EAAE,qBAAqB,CAAC;CAChC;AAED,MAAM,WAAW,YAAY;IAC3B,8CAA8C;IAC9C,OAAO,EAAE,OAAO,CAAC;IACjB,+BAA+B;IAC/B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,wBAAwB;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,4BAA4B;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,sCAAsC;IACtC,IAAI,EAAE,MAAM,CAAC;IACb,4CAA4C;IAC5C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,+CAA+C;IAC/C,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,yDAAyD;IACzD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,iDAAiD;IACjD,QAAQ,CAAC,EAAE,qBAAqB,CAAC;CAClC"}
|
package/types/index.d.ts
CHANGED
package/types/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,cAAc,UAAU,CAAC;AACzB,cAAc,UAAU,CAAC;AACzB,cAAc,OAAO,CAAC;AACtB,cAAc,UAAU,CAAC;AACzB,cAAc,UAAU,CAAC;AACzB,cAAc,OAAO,CAAC;AACtB,cAAc,UAAU,CAAC;AACzB,cAAc,UAAU,CAAC;AACzB,cAAc,SAAS,CAAC;AACxB,cAAc,SAAS,CAAC;AACxB,cAAc,QAAQ,CAAC;AACvB,cAAc,aAAa,CAAC;AAC5B,cAAc,WAAW,CAAC;AAC1B,cAAc,eAAe,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,cAAc,UAAU,CAAC;AACzB,cAAc,UAAU,CAAC;AACzB,cAAc,OAAO,CAAC;AACtB,cAAc,UAAU,CAAC;AACzB,cAAc,UAAU,CAAC;AACzB,cAAc,OAAO,CAAC;AACtB,cAAc,UAAU,CAAC;AACzB,cAAc,UAAU,CAAC;AACzB,cAAc,SAAS,CAAC;AACxB,cAAc,SAAS,CAAC;AACxB,cAAc,QAAQ,CAAC;AACvB,cAAc,aAAa,CAAC;AAC5B,cAAc,WAAW,CAAC;AAC1B,cAAc,eAAe,CAAC;AAC9B,cAAc,aAAa,CAAC"}
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Types for the migration scan + selection flow
|
|
3
|
+
*
|
|
4
|
+
* Used by the preset scan system, wizard engine, setup server, and UI.
|
|
5
|
+
* The scanning phase is strictly read-only — source files are never modified.
|
|
6
|
+
*/
|
|
7
|
+
/**
|
|
8
|
+
* A skill discovered in the source application's config
|
|
9
|
+
*/
|
|
10
|
+
export interface ScannedSkill {
|
|
11
|
+
/** Skill name/slug (key in the source config, e.g. openclaw.json skills.entries) */
|
|
12
|
+
name: string;
|
|
13
|
+
/** Whether the skill is enabled in the source config */
|
|
14
|
+
enabled: boolean;
|
|
15
|
+
/** Environment variables associated with this skill in source config */
|
|
16
|
+
envVars: Record<string, string>;
|
|
17
|
+
/** Path to the skill directory (if it exists on disk) */
|
|
18
|
+
skillPath?: string;
|
|
19
|
+
/** Whether the skill has a SKILL.md file */
|
|
20
|
+
hasSkillMd: boolean;
|
|
21
|
+
/** Human-readable description from SKILL.md metadata */
|
|
22
|
+
description?: string;
|
|
23
|
+
}
|
|
24
|
+
/**
|
|
25
|
+
* A discovered environment variable / secret
|
|
26
|
+
*/
|
|
27
|
+
export interface ScannedEnvVar {
|
|
28
|
+
/** Variable name (e.g. OPENAI_API_KEY) */
|
|
29
|
+
name: string;
|
|
30
|
+
/** Masked value for display (e.g. "sk-...1234") */
|
|
31
|
+
maskedValue: string;
|
|
32
|
+
/** Where this env var was discovered */
|
|
33
|
+
source: 'app-config' | 'process-env' | 'shell-profile';
|
|
34
|
+
/** Which shell profile file it was found in (if source is shell-profile) */
|
|
35
|
+
profilePath?: string;
|
|
36
|
+
/** Whether it matches known secret patterns */
|
|
37
|
+
isSecret: boolean;
|
|
38
|
+
/** The skill name this env var is associated with (if from app config) */
|
|
39
|
+
associatedSkill?: string;
|
|
40
|
+
}
|
|
41
|
+
/**
|
|
42
|
+
* Complete result of scanning the source application
|
|
43
|
+
*/
|
|
44
|
+
export interface MigrationScanResult {
|
|
45
|
+
/** Discovered skills */
|
|
46
|
+
skills: ScannedSkill[];
|
|
47
|
+
/** Discovered environment variables / secrets */
|
|
48
|
+
envVars: ScannedEnvVar[];
|
|
49
|
+
/** Source config path that was read */
|
|
50
|
+
configPath?: string;
|
|
51
|
+
/** Shell profile files that were scanned */
|
|
52
|
+
scannedProfiles: string[];
|
|
53
|
+
/** Timestamp of the scan */
|
|
54
|
+
scannedAt: string;
|
|
55
|
+
/** Any warnings during scanning */
|
|
56
|
+
warnings: string[];
|
|
57
|
+
}
|
|
58
|
+
/**
|
|
59
|
+
* User's selection of what to migrate
|
|
60
|
+
*/
|
|
61
|
+
export interface MigrationSelection {
|
|
62
|
+
/** Skill names to migrate */
|
|
63
|
+
selectedSkills: string[];
|
|
64
|
+
/** Env var names to import into vault */
|
|
65
|
+
selectedEnvVars: string[];
|
|
66
|
+
}
|
|
67
|
+
//# sourceMappingURL=migration.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"migration.d.ts","sourceRoot":"","sources":["../../src/types/migration.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,oFAAoF;IACpF,IAAI,EAAE,MAAM,CAAC;IACb,wDAAwD;IACxD,OAAO,EAAE,OAAO,CAAC;IACjB,wEAAwE;IACxE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,yDAAyD;IACzD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,4CAA4C;IAC5C,UAAU,EAAE,OAAO,CAAC;IACpB,wDAAwD;IACxD,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,0CAA0C;IAC1C,IAAI,EAAE,MAAM,CAAC;IACb,mDAAmD;IACnD,WAAW,EAAE,MAAM,CAAC;IACpB,wCAAwC;IACxC,MAAM,EAAE,YAAY,GAAG,aAAa,GAAG,eAAe,CAAC;IACvD,4EAA4E;IAC5E,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,+CAA+C;IAC/C,QAAQ,EAAE,OAAO,CAAC;IAClB,0EAA0E;IAC1E,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,wBAAwB;IACxB,MAAM,EAAE,YAAY,EAAE,CAAC;IACvB,iDAAiD;IACjD,OAAO,EAAE,aAAa,EAAE,CAAC;IACzB,uCAAuC;IACvC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,4CAA4C;IAC5C,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,4BAA4B;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,mCAAmC;IACnC,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,6BAA6B;IAC7B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,yCAAyC;IACzC,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B"}
|
package/types/policy.d.ts
CHANGED
|
@@ -22,6 +22,8 @@ export interface PolicyRule {
|
|
|
22
22
|
enabled: boolean;
|
|
23
23
|
/** Priority (higher = evaluated first) */
|
|
24
24
|
priority?: number;
|
|
25
|
+
/** Scope restriction: 'agent', 'skill', or 'skill:<slug>' */
|
|
26
|
+
scope?: 'agent' | 'skill' | string;
|
|
25
27
|
}
|
|
26
28
|
/**
|
|
27
29
|
* File system constraints
|
|
@@ -71,6 +73,48 @@ export interface PolicyConfiguration {
|
|
|
71
73
|
/** Environment injection rules */
|
|
72
74
|
envInjection?: EnvInjectionRule[];
|
|
73
75
|
}
|
|
76
|
+
/**
|
|
77
|
+
* Sandbox configuration for seatbelt wrapping
|
|
78
|
+
*/
|
|
79
|
+
export interface SandboxConfig {
|
|
80
|
+
/** Whether seatbelt wrapping is enabled */
|
|
81
|
+
enabled: boolean;
|
|
82
|
+
/** Paths allowed for read access */
|
|
83
|
+
allowedReadPaths: string[];
|
|
84
|
+
/** Paths allowed for read+write access */
|
|
85
|
+
allowedWritePaths: string[];
|
|
86
|
+
/** Paths explicitly denied */
|
|
87
|
+
deniedPaths: string[];
|
|
88
|
+
/** Whether network access is allowed */
|
|
89
|
+
networkAllowed: boolean;
|
|
90
|
+
/** Specific hosts allowed for network access */
|
|
91
|
+
allowedHosts: string[];
|
|
92
|
+
/** Specific ports allowed for network access */
|
|
93
|
+
allowedPorts: number[];
|
|
94
|
+
/** Binaries allowed to execute */
|
|
95
|
+
allowedBinaries: string[];
|
|
96
|
+
/** Binaries explicitly denied */
|
|
97
|
+
deniedBinaries: string[];
|
|
98
|
+
/** Environment variables to inject */
|
|
99
|
+
envInjection: Record<string, string>;
|
|
100
|
+
/** Environment variable names to strip */
|
|
101
|
+
envDeny: string[];
|
|
102
|
+
/** Pre-generated SBPL profile content (overrides dynamic generation) */
|
|
103
|
+
profileContent?: string;
|
|
104
|
+
}
|
|
105
|
+
/**
|
|
106
|
+
* Execution context for hierarchical permission checking
|
|
107
|
+
*/
|
|
108
|
+
export interface PolicyExecutionContext {
|
|
109
|
+
/** Whether the caller is an agent or a skill */
|
|
110
|
+
callerType: 'agent' | 'skill';
|
|
111
|
+
/** Slug of the skill (if callerType is 'skill') */
|
|
112
|
+
skillSlug?: string;
|
|
113
|
+
/** Agent identifier */
|
|
114
|
+
agentId?: string;
|
|
115
|
+
/** Call depth in the execution chain */
|
|
116
|
+
depth: number;
|
|
117
|
+
}
|
|
74
118
|
/**
|
|
75
119
|
* Policy evaluation result
|
|
76
120
|
*/
|
|
@@ -83,6 +127,10 @@ export interface PolicyEvaluationResult {
|
|
|
83
127
|
reason?: string;
|
|
84
128
|
/** Evaluation duration in ms */
|
|
85
129
|
durationMs?: number;
|
|
130
|
+
/** Sandbox configuration for approved exec operations */
|
|
131
|
+
sandbox?: SandboxConfig;
|
|
132
|
+
/** Execution context used during evaluation */
|
|
133
|
+
executionContext?: PolicyExecutionContext;
|
|
86
134
|
}
|
|
87
135
|
/**
|
|
88
136
|
* Channel restrictions for operations
|
package/types/policy.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"policy.d.ts","sourceRoot":"","sources":["../../src/types/policy.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,OAAO,CAAC;AAE3C;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,wBAAwB;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,0BAA0B;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,uDAAuD;IACvD,MAAM,EAAE,OAAO,GAAG,MAAM,GAAG,UAAU,CAAC;IACtC,6BAA6B;IAC7B,MAAM,EAAE,OAAO,GAAG,SAAS,GAAG,KAAK,GAAG,YAAY,CAAC;IACnD,sCAAsC;IACtC,UAAU,EAAE,aAAa,EAAE,CAAC;IAC5B,wCAAwC;IACxC,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,8BAA8B;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,0CAA0C;IAC1C,QAAQ,CAAC,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"policy.d.ts","sourceRoot":"","sources":["../../src/types/policy.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,OAAO,CAAC;AAE3C;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,wBAAwB;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,0BAA0B;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,uDAAuD;IACvD,MAAM,EAAE,OAAO,GAAG,MAAM,GAAG,UAAU,CAAC;IACtC,6BAA6B;IAC7B,MAAM,EAAE,OAAO,GAAG,SAAS,GAAG,KAAK,GAAG,YAAY,CAAC;IACnD,sCAAsC;IACtC,UAAU,EAAE,aAAa,EAAE,CAAC;IAC5B,wCAAwC;IACxC,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,8BAA8B;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,0CAA0C;IAC1C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,6DAA6D;IAC7D,KAAK,CAAC,EAAE,OAAO,GAAG,OAAO,GAAG,MAAM,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,iDAAiD;IACjD,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,0DAA0D;IAC1D,cAAc,EAAE,MAAM,EAAE,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,6BAA6B;IAC7B,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,4BAA4B;IAC5B,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,6BAA6B;IAC7B,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,kCAAkC;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,uCAAuC;IACvC,SAAS,EAAE,MAAM,CAAC;IAClB,6CAA6C;IAC7C,UAAU,EAAE,aAAa,EAAE,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,qBAAqB;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,mBAAmB;IACnB,KAAK,EAAE,UAAU,EAAE,CAAC;IACpB,yCAAyC;IACzC,aAAa,EAAE,OAAO,GAAG,MAAM,CAAC;IAChC,8BAA8B;IAC9B,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,0BAA0B;IAC1B,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,kCAAkC;IAClC,YAAY,CAAC,EAAE,gBAAgB,EAAE,CAAC;CACnC;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,2CAA2C;IAC3C,OAAO,EAAE,OAAO,CAAC;IACjB,oCAAoC;IACpC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,0CAA0C;IAC1C,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,8BAA8B;IAC9B,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,wCAAwC;IACxC,cAAc,EAAE,OAAO,CAAC;IACxB,gDAAgD;IAChD,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,gDAAgD;IAChD,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,kCAAkC;IAClC,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,iCAAiC;IACjC,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,sCAAsC;IACtC,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACrC,0CAA0C;IAC1C,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,wEAAwE;IACxE,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,gDAAgD;IAChD,UAAU,EAAE,OAAO,GAAG,OAAO,CAAC;IAC9B,mDAAmD;IACnD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,uBAAuB;IACvB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,wCAAwC;IACxC,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,uCAAuC;IACvC,OAAO,EAAE,OAAO,CAAC;IACjB,qCAAqC;IACrC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,8BAA8B;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,gCAAgC;IAChC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,yDAAyD;IACzD,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,+CAA+C;IAC/C,gBAAgB,CAAC,EAAE,sBAAsB,CAAC;CAC3C;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,qBAAqB;IACrB,SAAS,EAAE,aAAa,CAAC;IACzB,uBAAuB;IACvB,eAAe,EAAE,CAAC,QAAQ,GAAG,MAAM,CAAC,EAAE,CAAC;CACxC;AAED;;GAEG;AACH,eAAO,MAAM,4BAA4B,EAAE,kBAAkB,EAU5D,CAAC"}
|
package/types/vault.d.ts
CHANGED
|
@@ -29,6 +29,13 @@ export interface PasscodeData {
|
|
|
29
29
|
/** ISO timestamp when passcode was last changed */
|
|
30
30
|
changedAt?: string;
|
|
31
31
|
}
|
|
32
|
+
/**
|
|
33
|
+
* Secret scope determines how a secret is injected at runtime.
|
|
34
|
+
* - 'global' — injected into every exec (policyIds=[])
|
|
35
|
+
* - 'policed' — injected only when linked policies match
|
|
36
|
+
* - 'standalone' — stored encrypted but never synced/injected
|
|
37
|
+
*/
|
|
38
|
+
export type SecretScope = 'global' | 'policed' | 'standalone';
|
|
32
39
|
/**
|
|
33
40
|
* A secret stored in the vault with policy links
|
|
34
41
|
*/
|
|
@@ -43,6 +50,63 @@ export interface VaultSecret {
|
|
|
43
50
|
policyIds: string[];
|
|
44
51
|
/** ISO timestamp when created */
|
|
45
52
|
createdAt: string;
|
|
53
|
+
/**
|
|
54
|
+
* Secret scope. When absent, inferred from policyIds for backward compat:
|
|
55
|
+
* policyIds.length === 0 => 'global', else => 'policed'
|
|
56
|
+
*/
|
|
57
|
+
scope?: SecretScope;
|
|
58
|
+
}
|
|
59
|
+
/**
|
|
60
|
+
* Aggregated env variable requirement across installed skills.
|
|
61
|
+
* Returned by GET /secrets/skill-env.
|
|
62
|
+
*/
|
|
63
|
+
export interface SkillEnvRequirement {
|
|
64
|
+
/** Env variable name (e.g. OPENAI_API_KEY) */
|
|
65
|
+
name: string;
|
|
66
|
+
/** True if any skill marks it required */
|
|
67
|
+
required: boolean;
|
|
68
|
+
/** True if any skill marks it sensitive */
|
|
69
|
+
sensitive: boolean;
|
|
70
|
+
/** Human-readable purpose from skill analysis */
|
|
71
|
+
purpose: string;
|
|
72
|
+
/** Skills that require this variable */
|
|
73
|
+
requiredBy: Array<{
|
|
74
|
+
skillName: string;
|
|
75
|
+
}>;
|
|
76
|
+
/** Whether a vault secret with this name already exists */
|
|
77
|
+
fulfilled: boolean;
|
|
78
|
+
/** Scope of the existing secret, if fulfilled */
|
|
79
|
+
existingSecretScope?: SecretScope;
|
|
80
|
+
/** ID of the existing secret, if fulfilled */
|
|
81
|
+
existingSecretId?: string;
|
|
82
|
+
}
|
|
83
|
+
/**
|
|
84
|
+
* A policy binding that carries secrets for sync to the broker.
|
|
85
|
+
* Written by the daemon to synced-secrets.json, read by the broker.
|
|
86
|
+
*/
|
|
87
|
+
export interface SecretPolicyBinding {
|
|
88
|
+
/** The daemon policy ID */
|
|
89
|
+
policyId: string;
|
|
90
|
+
/** Policy target type (url or command) */
|
|
91
|
+
target: 'url' | 'command';
|
|
92
|
+
/** Policy patterns for matching (glob/URL patterns) */
|
|
93
|
+
patterns: string[];
|
|
94
|
+
/** Secrets to inject when this policy matches: envVarName -> plaintext value */
|
|
95
|
+
secrets: Record<string, string>;
|
|
96
|
+
}
|
|
97
|
+
/**
|
|
98
|
+
* Format of the synced-secrets.json file written by the daemon, read by the broker.
|
|
99
|
+
* Contains decrypted secrets grouped by policy bindings for automatic injection.
|
|
100
|
+
*/
|
|
101
|
+
export interface SyncedSecrets {
|
|
102
|
+
/** Schema version */
|
|
103
|
+
version: string;
|
|
104
|
+
/** ISO timestamp of last sync */
|
|
105
|
+
syncedAt: string;
|
|
106
|
+
/** Global secrets (policyIds=[]) injected into every exec: envVarName -> value */
|
|
107
|
+
globalSecrets: Record<string, string>;
|
|
108
|
+
/** Policy-linked secrets, injected only when the policy's patterns match */
|
|
109
|
+
policyBindings: SecretPolicyBinding[];
|
|
46
110
|
}
|
|
47
111
|
/**
|
|
48
112
|
* Vault contents structure
|
package/types/vault.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"vault.d.ts","sourceRoot":"","sources":["../../src/types/vault.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,yBAAyB;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,0BAA0B;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,sCAAsC;IACtC,SAAS,EAAE,MAAM,CAAC;IAClB,iCAAiC;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,qCAAqC;IACrC,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,kCAAkC;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,oDAAoD;IACpD,KAAK,EAAE,MAAM,CAAC;IACd,mDAAmD;IACnD,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,wBAAwB;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,8CAA8C;IAC9C,IAAI,EAAE,MAAM,CAAC;IACb,gEAAgE;IAChE,KAAK,EAAE,MAAM,CAAC;IACd,yDAAyD;IACzD,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,iCAAiC;IACjC,SAAS,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"vault.d.ts","sourceRoot":"","sources":["../../src/types/vault.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,yBAAyB;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,0BAA0B;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,sCAAsC;IACtC,SAAS,EAAE,MAAM,CAAC;IAClB,iCAAiC;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,qCAAqC;IACrC,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,kCAAkC;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,oDAAoD;IACpD,KAAK,EAAE,MAAM,CAAC;IACd,mDAAmD;IACnD,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;;;GAKG;AACH,MAAM,MAAM,WAAW,GAAG,QAAQ,GAAG,SAAS,GAAG,YAAY,CAAC;AAE9D;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,wBAAwB;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,8CAA8C;IAC9C,IAAI,EAAE,MAAM,CAAC;IACb,gEAAgE;IAChE,KAAK,EAAE,MAAM,CAAC;IACd,yDAAyD;IACzD,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,iCAAiC;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB;;;OAGG;IACH,KAAK,CAAC,EAAE,WAAW,CAAC;CACrB;AAED;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC,8CAA8C;IAC9C,IAAI,EAAE,MAAM,CAAC;IACb,0CAA0C;IAC1C,QAAQ,EAAE,OAAO,CAAC;IAClB,2CAA2C;IAC3C,SAAS,EAAE,OAAO,CAAC;IACnB,iDAAiD;IACjD,OAAO,EAAE,MAAM,CAAC;IAChB,wCAAwC;IACxC,UAAU,EAAE,KAAK,CAAC;QAAE,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACzC,2DAA2D;IAC3D,SAAS,EAAE,OAAO,CAAC;IACnB,iDAAiD;IACjD,mBAAmB,CAAC,EAAE,WAAW,CAAC;IAClC,8CAA8C;IAC9C,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC,2BAA2B;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,0CAA0C;IAC1C,MAAM,EAAE,KAAK,GAAG,SAAS,CAAC;IAC1B,uDAAuD;IACvD,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,gFAAgF;IAChF,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACjC;AAED;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B,qBAAqB;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,iCAAiC;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,kFAAkF;IAClF,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtC,4EAA4E;IAC5E,cAAc,EAAE,mBAAmB,EAAE,CAAC;CACvC;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,sCAAsC;IACtC,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,oDAAoD;IACpD,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnC,6CAA6C;IAC7C,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,kCAAkC;IAClC,QAAQ,CAAC,EAAE,YAAY,CAAC;IACxB,sCAAsC;IACtC,OAAO,CAAC,EAAE,WAAW,EAAE,CAAC;CACzB"}
|