@agenshield/sandbox 0.1.0

package/backup.d.ts

@@ -0,0 +1,53 @@
+/**
+ * Backup utilities for AgenShield installation
+ *
+ * Saves installation state before migration to enable safe uninstall.
+ * Backup is stored in /etc/agenshield/backup.json (root-owned, mode 600).
+ */
+import type { InstallationBackup, OriginalInstallation, SandboxUserInfo, MigratedPaths } from '@agenshield/ipc';
+export interface SaveBackupParams {
+    originalInstallation: OriginalInstallation;
+    sandboxUser: SandboxUserInfo;
+    migratedPaths: MigratedPaths;
+}
+/**
+ * Save installation backup before migration
+ */
+export declare function saveBackup(params: SaveBackupParams): {
+    success: boolean;
+    error?: string;
+};
+/**
+ * Load installation backup
+ * Returns null if no backup exists or if read fails
+ */
+export declare function loadBackup(): InstallationBackup | null;
+/**
+ * Check if a backup exists
+ */
+export declare function backupExists(): boolean;
+/**
+ * Delete the backup file (called after successful uninstall)
+ */
+export declare function deleteBackup(): {
+    success: boolean;
+    error?: string;
+};
+/**
+ * Rename the original config directory to a backup path
+ * Used during setup to preserve the original config
+ */
+export declare function backupOriginalConfig(configPath: string): {
+    success: boolean;
+    backupPath?: string;
+    error?: string;
+};
+/**
+ * Restore the original config from backup
+ * Used during uninstall to restore the original config
+ */
+export declare function restoreOriginalConfig(backupPath: string, targetPath: string): {
+    success: boolean;
+    error?: string;
+};
+//# sourceMappingURL=backup.d.ts.map

package/backup.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"backup.d.ts","sourceRoot":"","sources":["../src/backup.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,OAAO,KAAK,EACV,kBAAkB,EAClB,oBAAoB,EACpB,eAAe,EACf,aAAa,EACd,MAAM,iBAAiB,CAAC;AAyCzB,MAAM,WAAW,gBAAgB;IAC/B,oBAAoB,EAAE,oBAAoB,CAAC;IAC3C,WAAW,EAAE,eAAe,CAAC;IAC7B,aAAa,EAAE,aAAa,CAAC;CAC9B;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,MAAM,EAAE,gBAAgB,GAAG;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAqDzF;AAED;;;GAGG;AACH,wBAAgB,UAAU,IAAI,kBAAkB,GAAG,IAAI,CAoBtD;AAED;;GAEG;AACH,wBAAgB,YAAY,IAAI,OAAO,CAGtC;AAED;;GAEG;AACH,wBAAgB,YAAY,IAAI;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAGnE;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,UAAU,EAAE,MAAM,GAAG;IACxD,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAcA;AAED;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG;IAC7E,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAoBA"}

package/detect.d.ts

@@ -0,0 +1,44 @@
+/**
+ * OpenClaw installation detector
+ *
+ * Detects existing OpenClaw installations (npm or git method)
+ * and gathers information needed for isolation.
+ *
+ * This module is in shield-sandbox so it can be reused by both
+ * the CLI wizard and the daemon for status checks.
+ */
+export type InstallMethod = 'npm' | 'git' | 'unknown';
+export interface OpenClawInstallation {
+    /** Whether OpenClaw is installed */
+    found: boolean;
+    /** Installation method */
+    method: InstallMethod;
+    /** Path to the main package/source directory */
+    packagePath?: string;
+    /** Path to the openclaw binary/wrapper */
+    binaryPath?: string;
+    /** Path to the config directory (~/.openclaw/) */
+    configPath?: string;
+    /** Installed version */
+    version?: string;
+    /** Path to the git repo (for git installs) */
+    gitRepoPath?: string;
+}
+export interface DetectionResult {
+    installation: OpenClawInstallation;
+    errors: string[];
+    warnings: string[];
+}
+export interface PrerequisitesResult {
+    ok: boolean;
+    missing: string[];
+}
+/**
+ * Detect OpenClaw installation
+ */
+export declare function detectOpenClaw(): DetectionResult;
+/**
+ * Check prerequisites for isolation
+ */
+export declare function checkPrerequisites(): PrerequisitesResult;
+//# sourceMappingURL=detect.d.ts.map

package/detect.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"detect.d.ts","sourceRoot":"","sources":["../src/detect.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAaH,MAAM,MAAM,aAAa,GAAG,KAAK,GAAG,KAAK,GAAG,SAAS,CAAC;AAEtD,MAAM,WAAW,oBAAoB;IACnC,oCAAoC;IACpC,KAAK,EAAE,OAAO,CAAC;IACf,0BAA0B;IAC1B,MAAM,EAAE,aAAa,CAAC;IACtB,gDAAgD;IAChD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,0CAA0C;IAC1C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,kDAAkD;IAClD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,wBAAwB;IACxB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,8CAA8C;IAC9C,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,YAAY,EAAE,oBAAoB,CAAC;IACnC,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,MAAM,WAAW,mBAAmB;IAClC,EAAE,EAAE,OAAO,CAAC;IACZ,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AA8LD;;GAEG;AACH,wBAAgB,cAAc,IAAI,eAAe,CA2DhD;AAMD;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,mBAAmB,CAwBxD"}

package/directories.d.ts

@@ -0,0 +1,113 @@
+/**
+ * Directory Structure Management
+ *
+ * Creates and manages AgenShield directory structure.
+ * Supports dynamic configuration based on UserConfig.
+ */
+import type { UserConfig, PathsConfig } from '@agenshield/ipc';
+/**
+ * Directory definition with ownership and permissions
+ */
+export interface DirectoryDefinition {
+    mode: number;
+    owner: string;
+    group: string;
+}
+/**
+ * Directory structure type
+ */
+export interface DirectoryStructure {
+    system: Record<string, DirectoryDefinition>;
+    agent: Record<string, DirectoryDefinition>;
+}
+/**
+ * Create directory structure based on UserConfig
+ *
+ * @param config - Optional UserConfig, uses defaults if not provided
+ * @returns Directory structure with all paths and permissions
+ */
+export declare function createDirectoryStructure(config?: UserConfig): DirectoryStructure;
+/**
+ * Create paths configuration based on UserConfig
+ *
+ * @param config - Optional UserConfig, uses defaults if not provided
+ * @returns PathsConfig with all paths
+ */
+export declare function createPathsConfig(config?: UserConfig): PathsConfig;
+export interface DirectoryResult {
+    success: boolean;
+    path: string;
+    message: string;
+    error?: Error;
+}
+/**
+ * Verbose logging options
+ */
+export interface VerboseOptions {
+    verbose?: boolean;
+}
+/**
+ * Create a directory with specific ownership and permissions
+ */
+export declare function createDirectory(dirPath: string, options: {
+    mode: number;
+    owner: string;
+    group: string;
+}, verboseOptions?: VerboseOptions): Promise<DirectoryResult>;
+/**
+ * Create all system directories
+ *
+ * @param config - Optional UserConfig, uses defaults if not provided
+ * @param options - Optional verbose options
+ */
+export declare function createSystemDirectories(config?: UserConfig, options?: VerboseOptions): Promise<DirectoryResult[]>;
+/**
+ * Create all agent directories
+ *
+ * @param config - Optional UserConfig, uses defaults if not provided
+ * @param options - Optional verbose options
+ */
+export declare function createAgentDirectories(config?: UserConfig, options?: VerboseOptions): Promise<DirectoryResult[]>;
+/**
+ * Create all directories
+ *
+ * @param config - Optional UserConfig, uses defaults if not provided
+ * @param options - Optional verbose options
+ */
+export declare function createAllDirectories(config?: UserConfig, options?: VerboseOptions): Promise<DirectoryResult[]>;
+/**
+ * Verify directory structure
+ *
+ * @param config - Optional UserConfig, uses defaults if not provided
+ */
+export declare function verifyDirectories(config?: UserConfig): Promise<{
+    valid: boolean;
+    missing: string[];
+    incorrect: Array<{
+        path: string;
+        issue: string;
+    }>;
+}>;
+/**
+ * Setup socket directory with correct permissions
+ *
+ * @param config - Optional UserConfig, uses defaults if not provided
+ */
+export declare function setupSocketDirectory(config?: UserConfig): Promise<DirectoryResult>;
+/**
+ * Get directory info
+ */
+export declare function getDirectoryInfo(dirPath: string): Promise<{
+    exists: boolean;
+    mode?: string;
+    owner?: string;
+    group?: string;
+} | null>;
+/**
+ * Remove all directories (for uninstall/cleanup)
+ * WARNING: This is destructive!
+ *
+ * @param config - Optional UserConfig, uses defaults if not provided
+ */
+export declare function removeAllDirectories(config?: UserConfig): Promise<DirectoryResult[]>;
+//# sourceMappingURL=directories.d.ts.map

package/directories.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"directories.d.ts","sourceRoot":"","sources":["../src/directories.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAK/D;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;IAC5C,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;CAC5C;AAED;;;;;GAKG;AACH,wBAAgB,wBAAwB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,kBAAkB,CA0HhF;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,WAAW,CAalE;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,KAAK,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE;IACP,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf,EACD,cAAc,CAAC,EAAE,cAAc,GAC9B,OAAO,CAAC,eAAe,CAAC,CA6B1B;AAED;;;;;GAKG;AACH,wBAAsB,uBAAuB,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CAUvH;AAED;;;;;GAKG;AACH,wBAAsB,sBAAsB,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CAUtH;AAED;;;;;GAKG;AACH,wBAAsB,oBAAoB,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CAKpH;AAED;;;;GAIG;AACH,wBAAsB,iBAAiB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC;IACpE,KAAK,EAAE,OAAO,CAAC;IACf,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,SAAS,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACnD,CAAC,CA8DD;AAED;;;;GAIG;AACH,wBAAsB,oBAAoB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,eAAe,CAAC,CAyBxF;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC;IAC/D,MAAM,EAAE,OAAO,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,GAAG,IAAI,CAAC,CAcR;AAED;;;;;GAKG;AACH,wBAAsB,oBAAoB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CA2C1F"}

package/discovery/binary-scanner.d.ts

@@ -0,0 +1,44 @@
+/**
+ * Binary Scanner
+ *
+ * Scans system directories, PATH, npm/yarn globals, agent bins, and workspace
+ * bins to discover all executables, classifying them by source, execution
+ * context, and protection status.
+ */
+import type { BinarySourceKind, ExecutionContext, ProtectionKind, DiscoveredBinary, BinaryDirectory, DiscoveryOptions } from '@agenshield/ipc';
+/**
+ * Detect the npm global bin directory
+ */
+export declare function detectNpmGlobalBin(): string | null;
+/**
+ * Detect the yarn global bin directory
+ */
+export declare function detectYarnGlobalBin(): string | null;
+/**
+ * Classify a directory into a BinarySourceKind
+ */
+export declare function classifyDirectory(dirPath: string, npmGlobalBin: string | null, yarnGlobalBin: string | null, options: DiscoveryOptions): BinarySourceKind;
+/**
+ * Determine execution contexts for a directory
+ */
+export declare function getContextsForDir(dirPath: string, sourceKind: BinarySourceKind, _options: DiscoveryOptions): ExecutionContext[];
+/**
+ * Determine the protection status of a binary by name
+ */
+export declare function getProtection(name: string): ProtectionKind;
+/**
+ * Check if a file is a symlink pointing to shield-exec
+ */
+export declare function isShieldExecLink(filePath: string): boolean;
+/**
+ * Categorize a binary by name
+ */
+export declare function categorize(name: string): DiscoveredBinary['category'];
+/**
+ * Scan all binary directories and return discovered binaries and directory metadata
+ */
+export declare function scanBinaries(options: DiscoveryOptions): {
+    binaries: DiscoveredBinary[];
+    directories: BinaryDirectory[];
+};
+//# sourceMappingURL=binary-scanner.d.ts.map

package/discovery/binary-scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"binary-scanner.d.ts","sourceRoot":"","sources":["../../src/discovery/binary-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,OAAO,KAAK,EACV,gBAAgB,EAChB,gBAAgB,EAChB,cAAc,EACd,gBAAgB,EAChB,eAAe,EACf,gBAAgB,EACjB,MAAM,iBAAiB,CAAC;AAgDzB;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,MAAM,GAAG,IAAI,CAclD;AAED;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,MAAM,GAAG,IAAI,CAWnD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,MAAM,GAAG,IAAI,EAC3B,aAAa,EAAE,MAAM,GAAG,IAAI,EAC5B,OAAO,EAAE,gBAAgB,GACxB,gBAAgB,CAgClB;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,gBAAgB,EAC5B,QAAQ,EAAE,gBAAgB,GACzB,gBAAgB,EAAE,CAcpB;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,cAAc,CAK1D;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAO1D;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAErE;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,gBAAgB,GAAG;IACvD,QAAQ,EAAE,gBAAgB,EAAE,CAAC;IAC7B,WAAW,EAAE,eAAe,EAAE,CAAC;CAChC,CAsGA"}

package/discovery/index.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Discovery module — binary and skill scanning
+ */
+export { scanDiscovery } from './scanner';
+export { scanBinaries, classifyDirectory, detectNpmGlobalBin, detectYarnGlobalBin, getProtection, isShieldExecLink, categorize, } from './binary-scanner';
+export { scanSkills, parseSkillMd, extractCommands, extractSkillInfo, getApprovalStatus, } from './skill-scanner';
+//# sourceMappingURL=index.d.ts.map

package/discovery/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/discovery/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,kBAAkB,EAClB,mBAAmB,EACnB,aAAa,EACb,gBAAgB,EAChB,UAAU,GACX,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,UAAU,EACV,YAAY,EACZ,eAAe,EACf,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,iBAAiB,CAAC"}

package/discovery/scanner.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Discovery Orchestrator
+ *
+ * Top-level scan that combines binary scanning, skill scanning,
+ * and computes a summary of the system state.
+ */
+import type { DiscoveryOptions, DiscoveryResult } from '@agenshield/ipc';
+/**
+ * Run a full discovery scan: binaries, skills, and summary
+ */
+export declare function scanDiscovery(options: DiscoveryOptions): DiscoveryResult;
+//# sourceMappingURL=scanner.d.ts.map

package/discovery/scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scanner.d.ts","sourceRoot":"","sources":["../../src/discovery/scanner.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,gBAAgB,EAChB,eAAe,EAQhB,MAAM,iBAAiB,CAAC;AA4CzB;;GAEG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,gBAAgB,GAAG,eAAe,CAuBxE"}

package/discovery/skill-scanner.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Skill Scanner
+ *
+ * Scans the OpenClaw skills directory, parses SKILL.md frontmatter,
+ * extracts command requirements, and cross-references with discovered binaries.
+ */
+import type { SkillMetadata, SkillExtractedInfo, DiscoveredSkill, SkillCommandRequirement, DiscoveredBinary, DiscoveryOptions } from '@agenshield/ipc';
+/**
+ * Extract structured info (API keys, bins, config options, install steps) from skill metadata
+ */
+export declare function extractSkillInfo(metadata: SkillMetadata | null): SkillExtractedInfo;
+/**
+ * Parse SKILL.md content, extracting YAML frontmatter and body
+ */
+export declare function parseSkillMd(content: string): {
+    metadata: SkillMetadata;
+    body: string;
+} | null;
+/**
+ * Extract command requirements from metadata and content body
+ */
+export declare function extractCommands(metadata: SkillMetadata | null, body: string, binaryLookup: Map<string, DiscoveredBinary>): SkillCommandRequirement[];
+/**
+ * Get the approval status of a skill
+ */
+export declare function getApprovalStatus(skillName: string): 'approved' | 'quarantined' | 'unknown';
+/**
+ * Scan the skills directory and return discovered skills
+ */
+export declare function scanSkills(options: DiscoveryOptions, binaryLookup: Map<string, DiscoveredBinary>): DiscoveredSkill[];
+//# sourceMappingURL=skill-scanner.d.ts.map

package/discovery/skill-scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"skill-scanner.d.ts","sourceRoot":"","sources":["../../src/discovery/skill-scanner.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EACV,aAAa,EACb,kBAAkB,EAClB,eAAe,EACf,uBAAuB,EACvB,gBAAgB,EAChB,gBAAgB,EACjB,MAAM,iBAAiB,CAAC;AAkCzB;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,aAAa,GAAG,IAAI,GAAG,kBAAkB,CAUnF;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG;IAAE,QAAQ,EAAE,aAAa,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAkB9F;AAED;;GAEG;AACH,wBAAgB,eAAe,CAC7B,QAAQ,EAAE,aAAa,GAAG,IAAI,EAC9B,IAAI,EAAE,MAAM,EACZ,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE,gBAAgB,CAAC,GAC1C,uBAAuB,EAAE,CAiE3B;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,SAAS,EAAE,MAAM,GAChB,UAAU,GAAG,aAAa,GAAG,SAAS,CAyBxC;AAED;;GAEG;AACH,wBAAgB,UAAU,CACxB,OAAO,EAAE,gBAAgB,EACzB,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE,gBAAgB,CAAC,GAC1C,eAAe,EAAE,CAiGnB"}

package/guarded-shell.d.ts

@@ -0,0 +1,34 @@
+/**
+ * Hardened guarded-shell for zsh (ZDOTDIR approach)
+ *
+ * The guarded-shell is a minimal launcher that sets ZDOTDIR to a root-owned
+ * config directory, then execs /bin/zsh. The actual restrictions live in
+ * .zshenv and .zshrc inside that ZDOTDIR, which zsh reads on startup.
+ *
+ * This avoids the previous bug where `exec /bin/zsh -f` discarded all
+ * shell-level restrictions (RESTRICTED, preexec hooks, disabled builtins)
+ * and macOS /etc/zshenv restored the full system PATH via path_helper.
+ *
+ * ZDOTDIR approach guarantees:
+ * - .zshenv runs AFTER /etc/zshenv, so we override path_helper's PATH
+ * - .zshrc applies RESTRICTED mode, hooks, and builtin lockdown
+ * - Both files are root-owned (0644) so the agent cannot modify them
+ */
+export declare const GUARDED_SHELL_PATH = "/usr/local/bin/guarded-shell";
+export declare const ZDOT_DIR = "/etc/agenshield/zdot";
+/**
+ * Guarded shell launcher — minimal, just sets ZDOTDIR and execs zsh.
+ * Restrictions are applied by ZDOT_ZSHENV_CONTENT and ZDOT_ZSHRC_CONTENT.
+ */
+export declare const GUARDED_SHELL_CONTENT = "#!/bin/zsh\n# guarded-shell: launcher for restricted agent shell.\n# All restrictions live in ZDOTDIR files (root-owned, immutable to agent).\nemulate -LR zsh\n\n# Prevent inherited env tricks before handing off to zsh\nunset HOME\nunset DYLD_LIBRARY_PATH DYLD_FALLBACK_LIBRARY_PATH DYLD_INSERT_LIBRARIES\nunset PYTHONPATH NODE_PATH RUBYLIB PERL5LIB\nunset SSH_ASKPASS LD_PRELOAD\n\n# Point zsh at our restricted config directory\nexport ZDOTDIR=\"/etc/agenshield/zdot\"\n\n# Start zsh \u2014 it will read ZDOTDIR/.zshenv then ZDOTDIR/.zshrc\nexec /bin/zsh\n";
+/**
+ * ZDOTDIR .zshenv — runs after /etc/zshenv (which calls path_helper on macOS).
+ * Overrides PATH to only include $HOME/bin.
+ */
+export declare const ZDOT_ZSHENV_CONTENT = "# AgenShield restricted .zshenv\n# Runs AFTER /etc/zshenv \u2014 overrides path_helper's full system PATH.\n\n# ALWAYS set HOME based on actual user, never inherit\nexport HOME=\"/Users/$(id -un)\"\nexport PATH=\"$HOME/bin\"\nexport SHELL=\"/usr/local/bin/guarded-shell\"\n\n# Clear any leftover env tricks\nunset DYLD_LIBRARY_PATH DYLD_FALLBACK_LIBRARY_PATH DYLD_INSERT_LIBRARIES\nunset PYTHONPATH NODE_PATH RUBYLIB PERL5LIB\nunset SSH_ASKPASS LD_PRELOAD\n";
+/**
+ * ZDOTDIR .zshrc — interactive shell restrictions.
+ * Applies RESTRICTED mode, locks variables, disables builtins, installs hooks.
+ */
+export declare const ZDOT_ZSHRC_CONTENT = "# AgenShield restricted .zshrc\n# Applied to every interactive shell for the agent user.\n\nemulate -LR zsh\n\n# ---- Shell options ----\n# Note: NOT using setopt RESTRICTED as it disables cd entirely.\n# Instead we use preexec hooks and builtin disable for enforcement.\nsetopt NO_CASE_GLOB\nsetopt NO_BEEP\n\n# ---- Lock critical variables (readonly) ----\ntypeset -r PATH HOME SHELL\n\n# ---- Enforcement helpers ----\ndeny() {\n  print -r -- \"Denied by policy\"\n  return 126\n}\n\nis_allowed_cmd() {\n  local cmd=\"$1\"\n\n  # Allow shell builtins we explicitly permit\n  case \"\\$cmd\" in\n    cd|pwd|echo|printf|test|true|false|exit|return|break|continue|shift|set|unset|export|typeset|local|declare|readonly|let|read|print|pushd|popd|dirs|jobs|fg|bg|kill|wait|times|ulimit|umask|history|fc|type|whence|which|where|rehash)\n      return 0\n      ;;\n  esac\n\n  # Deny path execution outright\n  [[ \"$cmd\" == */* ]] && return 1\n\n  # Resolve command path\n  local resolved\n  resolved=\"\\$(whence -p -- \"\\$cmd\" 2>/dev/null)\" || return 1\n\n  # Must live under HOME/bin exactly\n  [[ \"\\$resolved\" == \"$HOME/bin/\"* ]] && return 0\n  return 1\n}\n\n# ---- Block dangerous builtins ----\ndisable -r builtin command exec eval hash nohup setopt source unfunction functions alias unalias 2>/dev/null || true\n\n# ---- Intercept every interactive command before execution ----\npreexec() {\n  local line=\"$1\"\n  local cmd=\"${line%%[[:space:]]*}\"\n\n  # Empty / whitespace lines\n  [[ -z \"\\$cmd\" ]] && return 0\n\n  # Deny anything with slash in the command token (direct path execution)\n  [[ \"\\$cmd\" == */* ]] && { print -r -- \"Denied: direct path execution\"; kill -KILL $$; }\n\n  # Deny anything not allowed\n  if ! is_allowed_cmd \"\\$cmd\"; then\n    print -r -- \"Denied: \\$cmd (not in \\$HOME/bin)\"\n    kill -KILL $$\n  fi\n}\n\n# ---- Also intercept non-interactive \\`zsh -c\\` cases ----\nTRAPDEBUG() {\n  local line=\"${ZSH_DEBUG_CMD:-$1}\"\n  local cmd=\"${line%%[[:space:]]*}\"\n  [[ -z \"\\$cmd\" ]] && return 0\n\n  [[ \"\\$cmd\" == */* ]] && { print -r -- \"Denied: direct path execution\"; return 126; }\n  is_allowed_cmd \"\\$cmd\" || { print -r -- \"Denied: \\$cmd\"; return 126; }\n  return 0\n}\n\n# ---- Ensure accessible working directory ----\ncd \"$HOME\" 2>/dev/null || cd /\n";
+//# sourceMappingURL=guarded-shell.d.ts.map

package/guarded-shell.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"guarded-shell.d.ts","sourceRoot":"","sources":["../src/guarded-shell.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,eAAO,MAAM,kBAAkB,iCAAiC,CAAC;AACjE,eAAO,MAAM,QAAQ,yBAAyB,CAAC;AAE/C;;;GAGG;AACH,eAAO,MAAM,qBAAqB,mjBAgBjC,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,mBAAmB,8cAY/B,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,kBAAkB,gyEA4E9B,CAAC"}

package/index.d.ts

@@ -0,0 +1,27 @@
+/**
+ * AgenShield Sandbox Library
+ *
+ * User isolation and sandboxing utilities for OpenClaw.
+ * Handles creation of restricted users, guarded shells,
+ * and directory structures for sandboxed execution.
+ *
+ * @packageDocumentation
+ */
+export type { SandboxUser, SandboxConfig, CreateUserResult, DirectoryStructure as SandboxDirectoryStructure } from './types';
+export * from './guarded-shell';
+export { createGuardedShell, createSandboxUser, deleteSandboxUser, } from './macos';
+export { createUserConfig, createGroups, createGroup, createUser, createAgentUser, createBrokerUser, createUsers, createAllUsersAndGroups, deleteGroup, deleteUser, deleteGroups, deleteUsers, deleteAllUsersAndGroups, groupExists, userExists, getUserInfo, getGroupInfo, verifyUsersAndGroups, DEFAULT_BASE_UID, DEFAULT_BASE_GID, DEFAULT_BASE_NAME, ASH_PREFIX, type CreateResult, } from './users';
+export { createDirectoryStructure, createPathsConfig, createDirectory, createSystemDirectories, createAgentDirectories, createAllDirectories, verifyDirectories, setupSocketDirectory, getDirectoryInfo, removeAllDirectories, type DirectoryDefinition, type DirectoryStructure, type DirectoryResult, } from './directories';
+export * from './migration';
+export * from './security';
+export * from './detect';
+export * from './backup';
+export * from './restore';
+export { SHIELD_EXEC_CONTENT, SHIELD_EXEC_PATH, PROXIED_COMMANDS, } from './shield-exec';
+export { WRAPPERS, WRAPPER_DEFINITIONS, installWrapper, installWrappers, installSpecificWrappers, installWrapperWithSudo, uninstallWrapper, uninstallWrappers, verifyWrappers, installGuardedShell, installAllWrappers, installShieldExec, deployInterceptor, copyNodeBinary, copyBrokerBinary, installPresetBinaries, installBasicCommands, BASIC_SYSTEM_COMMANDS, type PresetInstallResult, getAvailableWrappers, getWrapperDefinition, generateWrapperContent, getDefaultWrapperConfig, wrapperUsesSeatbelt, wrapperUsesInterceptor, addDynamicWrapper, removeDynamicWrapper, updateWrapper, type WrapperResult, type WrapperDefinition, type WrapperConfig, } from './wrappers';
+export { generateAgentProfile, generateOperationProfile, installProfiles, installSeatbeltProfiles, verifyProfile, getInstalledProfiles, type ProfileResult, } from './seatbelt';
+export { generateBrokerPlist, generateBrokerPlistLegacy, installLaunchDaemon, loadLaunchDaemon, unloadLaunchDaemon, uninstallLaunchDaemon, isDaemonRunning, getDaemonStatus, restartDaemon, fixSocketPermissions, type DaemonResult, } from './launchdaemon';
+export { getPreset, listPresets, listAutoDetectablePresets, autoDetectPreset, formatPresetList, openclawPreset, devHarnessPreset, customPreset, PRESETS, type TargetPreset, type PresetDetectionResult, type MigrationContext, type MigrationDirectories, type PresetMigrationResult, } from './presets';
+export { scanDiscovery, scanBinaries, scanSkills, parseSkillMd, extractSkillInfo, classifyDirectory, } from './discovery';
+export { injectAgenCoSkill, createAgenCoSymlink, removeInjectedSkills, updateOpenClawMcpConfig, getSkillsDir, getAgenCoSkillPath, type SkillInjectionResult, } from './skill-injector';
+//# sourceMappingURL=index.d.ts.map

package/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,gBAAgB,EAAE,kBAAkB,IAAI,yBAAyB,EAAE,MAAM,SAAS,CAAC;AAG7H,cAAc,iBAAiB,CAAC;AAGhC,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,gBAAgB,EAChB,YAAY,EACZ,WAAW,EACX,UAAU,EACV,eAAe,EACf,gBAAgB,EAChB,WAAW,EACX,uBAAuB,EACvB,WAAW,EACX,UAAU,EACV,YAAY,EACZ,WAAW,EACX,uBAAuB,EACvB,WAAW,EACX,UAAU,EACV,WAAW,EACX,YAAY,EACZ,oBAAoB,EACpB,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,KAAK,YAAY,GAClB,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,wBAAwB,EACxB,iBAAiB,EACjB,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,oBAAoB,EACpB,iBAAiB,EACjB,oBAAoB,EACpB,gBAAgB,EAChB,oBAAoB,EACpB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EACvB,KAAK,eAAe,GACrB,MAAM,eAAe,CAAC;AAGvB,cAAc,aAAa,CAAC;AAG5B,cAAc,YAAY,CAAC;AAG3B,cAAc,UAAU,CAAC;AAGzB,cAAc,UAAU,CAAC;AACzB,cAAc,WAAW,CAAC;AAG1B,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,GACjB,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,QAAQ,EACR,mBAAmB,EACnB,cAAc,EACd,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,gBAAgB,EAChB,iBAAiB,EACjB,cAAc,EACd,mBAAmB,EACnB,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,gBAAgB,EAChB,qBAAqB,EACrB,oBAAoB,EACpB,qBAAqB,EACrB,KAAK,mBAAmB,EAExB,oBAAoB,EACpB,oBAAoB,EACpB,sBAAsB,EACtB,uBAAuB,EACvB,mBAAmB,EACnB,sBAAsB,EACtB,iBAAiB,EACjB,oBAAoB,EACpB,aAAa,EACb,KAAK,aAAa,EAClB,KAAK,iBAAiB,EACtB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,oBAAoB,EACpB,wBAAwB,EACxB,eAAe,EACf,uBAAuB,EACvB,aAAa,EACb,oBAAoB,EACpB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,mBAAmB,EACnB,yBAAyB,EACzB,mBAAmB,EACnB,gBAAgB,EAChB,kBAAkB,EAClB,qBAAqB,EACrB,eAAe,EACf,eAAe,EACf,aAAa,EACb,oBAAoB,EACpB,KAAK,YAAY,GAClB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAEL,SAAS,EACT,WAAW,EACX,yBAAyB,EACzB,gBAAgB,EAChB,gBAAgB,EAEhB,cAAc,EACd,gBAAgB,EAChB,YAAY,EACZ,OAAO,EAEP,KAAK,YAAY,EACjB,KAAK,qBAAqB,EAC1B,KAAK,gBAAgB,EACrB,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,GAC3B,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,aAAa,EACb,YAAY,EACZ,UAAU,EACV,YAAY,EACZ,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,oBAAoB,EACpB,uBAAuB,EACvB,YAAY,EACZ,kBAAkB,EAClB,KAAK,oBAAoB,GAC1B,MAAM,kBAAkB,CAAC"}