@agenshield/sandbox 0.1.0

package/launchdaemon.d.ts

@@ -0,0 +1,76 @@
+/**
+ * LaunchDaemon Management
+ *
+ * Creates and manages macOS LaunchDaemon for the broker.
+ */
+/**
+ * Generate the broker LaunchDaemon plist (with UserConfig)
+ */
+export declare function generateBrokerPlist(config: import('@agenshield/ipc').UserConfig, options?: {
+    brokerPath?: string;
+    configPath?: string;
+    socketPath?: string;
+    nodeBinPath?: string;
+}): string;
+/**
+ * Generate the broker LaunchDaemon plist (legacy - no UserConfig)
+ */
+export declare function generateBrokerPlistLegacy(options?: {
+    brokerBinary?: string;
+    configPath?: string;
+    socketPath?: string;
+}): string;
+export interface DaemonResult {
+    success: boolean;
+    message: string;
+    plistPath?: string;
+    loaded?: boolean;
+    error?: Error;
+}
+/**
+ * Install the LaunchDaemon from plist content
+ */
+export declare function installLaunchDaemon(plistContent: string): Promise<DaemonResult>;
+/**
+ * Install the LaunchDaemon with options (legacy)
+ */
+export declare function installLaunchDaemon(options?: {
+    brokerBinary?: string;
+    configPath?: string;
+    socketPath?: string;
+}): Promise<DaemonResult>;
+/**
+ * Load the LaunchDaemon
+ */
+export declare function loadLaunchDaemon(): Promise<DaemonResult>;
+/**
+ * Unload the LaunchDaemon
+ */
+export declare function unloadLaunchDaemon(): Promise<DaemonResult>;
+/**
+ * Uninstall the LaunchDaemon
+ */
+export declare function uninstallLaunchDaemon(): Promise<DaemonResult>;
+/**
+ * Check if LaunchDaemon is running
+ */
+export declare function isDaemonRunning(): Promise<boolean>;
+/**
+ * Get daemon status
+ */
+export declare function getDaemonStatus(): Promise<{
+    installed: boolean;
+    running: boolean;
+    pid?: number;
+    lastExitStatus?: number;
+}>;
+/**
+ * Restart the daemon
+ */
+export declare function restartDaemon(): Promise<DaemonResult>;
+/**
+ * Fix socket permissions after broker starts
+ * This ensures the daemon user can access the broker socket
+ */
+export declare function fixSocketPermissions(config?: import('@agenshield/ipc').UserConfig): Promise<DaemonResult>;
+//# sourceMappingURL=launchdaemon.d.ts.map

package/launchdaemon.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"launchdaemon.d.ts","sourceRoot":"","sources":["../src/launchdaemon.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAWH;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,OAAO,iBAAiB,EAAE,UAAU,EAC5C,OAAO,CAAC,EAAE;IACR,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,GACA,MAAM,CAkER;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,CAAC,EAAE;IAClD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GAAG,MAAM,CA8DT;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,KAAK,CAAC;CACf;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;AACvF;;GAEG;AACH,wBAAsB,mBAAmB,CAAC,OAAO,CAAC,EAAE;IAClD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;AA+C1B;;GAEG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,YAAY,CAAC,CAe9D;AAED;;GAEG;AACH,wBAAsB,kBAAkB,IAAI,OAAO,CAAC,YAAY,CAAC,CAuBhE;AAED;;GAEG;AACH,wBAAsB,qBAAqB,IAAI,OAAO,CAAC,YAAY,CAAC,CAmBnE;AAED;;GAEG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC,CAOxD;AAED;;GAEG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC;IAC/C,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,CAAC,CA6CD;AAED;;GAEG;AACH,wBAAsB,aAAa,IAAI,OAAO,CAAC,YAAY,CAAC,CAgB3D;AAED;;;GAGG;AACH,wBAAsB,oBAAoB,CAAC,MAAM,CAAC,EAAE,OAAO,iBAAiB,EAAE,UAAU,GAAG,OAAO,CAAC,YAAY,CAAC,CAsC/G"}

package/macos.d.ts

@@ -0,0 +1,44 @@
+/**
+ * macOS sandbox user management
+ *
+ * Creates and configures an unprivileged user for running OpenClaw
+ * in an isolated environment.
+ */
+import type { SandboxUser, SandboxConfig, CreateUserResult, DirectoryStructure } from './types';
+/**
+ * Check if a user exists
+ */
+export declare function userExists(username: string): boolean;
+/**
+ * Create the guarded shell script
+ */
+export declare function createGuardedShell(): {
+    success: boolean;
+    error?: string;
+};
+/**
+ * Create the sandbox user on macOS
+ */
+export declare function createSandboxUser(config?: Partial<SandboxConfig>): CreateUserResult;
+/**
+ * Create the directory structure for the sandbox user
+ */
+export declare function createDirectoryStructure(user: SandboxUser): {
+    success: boolean;
+    dirs?: DirectoryStructure;
+    error?: string;
+};
+/**
+ * Delete the sandbox user
+ *
+ * @param username - The username to delete
+ * @param options - Options for deletion
+ * @param options.removeHomeDir - Whether to remove the home directory (default: false)
+ */
+export declare function deleteSandboxUser(username: string, options?: {
+    removeHomeDir?: boolean;
+}): {
+    success: boolean;
+    error?: string;
+};
+//# sourceMappingURL=macos.d.ts.map

package/macos.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"macos.d.ts","sourceRoot":"","sources":["../src/macos.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAuBhG;;GAEG;AACH,wBAAgB,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAMpD;AAiBD;;GAEG;AACH,wBAAgB,kBAAkB,IAAI;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAsBzE;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,GAAE,OAAO,CAAC,aAAa,CAAM,GAAG,gBAAgB,CA6FvF;AAED;;GAEG;AACH,wBAAgB,wBAAwB,CAAC,IAAI,EAAE,WAAW,GAAG;IAC3D,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,CAAC,EAAE,kBAAkB,CAAC;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAqCA;AAED;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,MAAM,EAChB,OAAO,GAAE;IAAE,aAAa,CAAC,EAAE,OAAO,CAAA;CAAO,GACxC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAyCtC"}

package/migration.d.ts

@@ -0,0 +1,49 @@
+/**
+ * File migration utilities for OpenClaw isolation
+ *
+ * Handles moving OpenClaw installation files from the original
+ * user to the sandboxed user.
+ */
+import type { SandboxUser, DirectoryStructure } from './types';
+export interface MigrationSource {
+    /** Installation method: npm or git */
+    method: 'npm' | 'git';
+    /** Path to the package directory */
+    packagePath: string;
+    /** Path to the binary */
+    binaryPath?: string;
+    /** Path to the config directory */
+    configPath?: string;
+    /** Path to the git repo (for git installs) */
+    gitRepoPath?: string;
+}
+export interface MigrationResult {
+    success: boolean;
+    error?: string;
+    /** New paths after migration */
+    newPaths?: {
+        packagePath: string;
+        binaryPath: string;
+        configPath: string;
+    };
+}
+/**
+ * Migrate npm-based OpenClaw installation to sandbox user
+ */
+export declare function migrateNpmInstall(source: MigrationSource, user: SandboxUser, dirs: DirectoryStructure): MigrationResult;
+/**
+ * Migrate git-based OpenClaw installation to sandbox user
+ */
+export declare function migrateGitInstall(source: MigrationSource, user: SandboxUser, dirs: DirectoryStructure): MigrationResult;
+/**
+ * Migrate OpenClaw installation to sandbox user
+ */
+export declare function migrateOpenClaw(source: MigrationSource, user: SandboxUser, dirs: DirectoryStructure): MigrationResult;
+/**
+ * Create a Node.js wrapper in the sandbox user's bin directory
+ */
+export declare function createNodeWrapper(user: SandboxUser, dirs: DirectoryStructure): {
+    success: boolean;
+    error?: string;
+};
+//# sourceMappingURL=migration.d.ts.map

package/migration.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"migration.d.ts","sourceRoot":"","sources":["../src/migration.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAE/D,MAAM,WAAW,eAAe;IAC9B,sCAAsC;IACtC,MAAM,EAAE,KAAK,GAAG,KAAK,CAAC;IACtB,oCAAoC;IACpC,WAAW,EAAE,MAAM,CAAC;IACpB,yBAAyB;IACzB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mCAAmC;IACnC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,8CAA8C;IAC9C,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gCAAgC;IAChC,QAAQ,CAAC,EAAE;QACT,WAAW,EAAE,MAAM,CAAC;QACpB,UAAU,EAAE,MAAM,CAAC;QACnB,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;CACH;AAsFD;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE,eAAe,EACvB,IAAI,EAAE,WAAW,EACjB,IAAI,EAAE,kBAAkB,GACvB,eAAe,CAqDjB;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE,eAAe,EACvB,IAAI,EAAE,WAAW,EACjB,IAAI,EAAE,kBAAkB,GACvB,eAAe,CAuDjB;AAED;;GAEG;AACH,wBAAgB,eAAe,CAC7B,MAAM,EAAE,eAAe,EACvB,IAAI,EAAE,WAAW,EACjB,IAAI,EAAE,kBAAkB,GACvB,eAAe,CAMjB;AAyBD;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,kBAAkB,GAAG;IAC9E,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAiCA"}

package/package.json

@@ -0,0 +1,24 @@
+{
+  "name": "@agenshield/sandbox",
+  "version": "0.1.0",
+  "type": "module",
+  "description": "User isolation and sandboxing utilities for AgenShield",
+  "main": "./index.js",
+  "types": "./index.d.ts",
+  "exports": {
+    "./package.json": "./package.json",
+    ".": {
+      "types": "./index.d.ts",
+      "import": "./index.js",
+      "default": "./index.js"
+    }
+  },
+  "license": "MIT",
+  "dependencies": {
+    "yaml": "^2.7.1"
+  },
+  "devDependencies": {
+    "@types/node": "^24.0.0",
+    "typescript": "^5.9.3"
+  }
+}

package/presets/custom.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Custom Preset
+ *
+ * Preset for sandboxing arbitrary Node.js applications.
+ * Requires user to specify the entry point.
+ */
+import type { TargetPreset } from './types.js';
+/**
+ * Custom preset implementation
+ */
+export declare const customPreset: TargetPreset;
+//# sourceMappingURL=custom.d.ts.map

package/presets/custom.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"custom.d.ts","sourceRoot":"","sources":["../../src/presets/custom.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EACV,YAAY,EAIb,MAAM,YAAY,CAAC;AAsBpB;;GAEG;AACH,eAAO,MAAM,YAAY,EAAE,YA6F1B,CAAC"}

package/presets/dev-harness.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Dev Test Harness Preset
+ *
+ * Preset for detecting and migrating the AgenShield test harness (dummy-openclaw).
+ * Auto-detected in dev mode so the setup wizard works without workarounds.
+ */
+import type { TargetPreset } from './types.js';
+/**
+ * Dev test harness preset implementation
+ */
+export declare const devHarnessPreset: TargetPreset;
+//# sourceMappingURL=dev-harness.d.ts.map

package/presets/dev-harness.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dev-harness.d.ts","sourceRoot":"","sources":["../../src/presets/dev-harness.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,OAAO,KAAK,EACV,YAAY,EAIb,MAAM,YAAY,CAAC;AAmCpB;;GAEG;AACH,eAAO,MAAM,gBAAgB,EAAE,YAyK9B,CAAC"}

package/presets/index.d.ts

@@ -0,0 +1,53 @@
+/**
+ * Preset System
+ *
+ * Provides a registry of target presets for AgenShield.
+ * Each preset defines how to detect, migrate, and run a specific application.
+ */
+import type { TargetPreset, PresetDetectionResult } from './types.js';
+export * from './types.js';
+export { openclawPreset } from './openclaw.js';
+export { devHarnessPreset } from './dev-harness.js';
+export { customPreset } from './custom.js';
+/**
+ * All available presets
+ * Order matters: openclaw is preferred over dev-harness when both exist.
+ * 'custom' is excluded from auto-detection by listAutoDetectablePresets().
+ */
+export declare const PRESETS: Record<string, TargetPreset>;
+/**
+ * Get preset by ID
+ *
+ * @param id - Preset identifier
+ * @returns The preset or undefined if not found
+ */
+export declare function getPreset(id: string): TargetPreset | undefined;
+/**
+ * List all available presets
+ *
+ * @returns Array of all presets
+ */
+export declare function listPresets(): TargetPreset[];
+/**
+ * List presets that can auto-detect (excludes 'custom')
+ *
+ * @returns Array of auto-detectable presets
+ */
+export declare function listAutoDetectablePresets(): TargetPreset[];
+/**
+ * Auto-detect which preset matches the current system
+ * Returns the first matching preset found.
+ *
+ * @returns Object with preset and detection result, or null if none found
+ */
+export declare function autoDetectPreset(): Promise<{
+    preset: TargetPreset;
+    detection: PresetDetectionResult;
+} | null>;
+/**
+ * Format preset list for display
+ *
+ * @returns Formatted string showing available presets
+ */
+export declare function formatPresetList(): string;
+//# sourceMappingURL=index.d.ts.map

package/presets/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/presets/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAMtE,cAAc,YAAY,CAAC;AAG3B,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC/C,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C;;;;GAIG;AACH,eAAO,MAAM,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,YAAY,CAIhD,CAAC;AAEF;;;;;GAKG;AACH,wBAAgB,SAAS,CAAC,EAAE,EAAE,MAAM,GAAG,YAAY,GAAG,SAAS,CAE9D;AAED;;;;GAIG;AACH,wBAAgB,WAAW,IAAI,YAAY,EAAE,CAE5C;AAED;;;;GAIG;AACH,wBAAgB,yBAAyB,IAAI,YAAY,EAAE,CAE1D;AAED;;;;;GAKG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC;IAChD,MAAM,EAAE,YAAY,CAAC;IACrB,SAAS,EAAE,qBAAqB,CAAC;CAClC,GAAG,IAAI,CAAC,CAQR;AAED;;;;GAIG;AACH,wBAAgB,gBAAgB,IAAI,MAAM,CASzC"}

package/presets/openclaw.d.ts

@@ -0,0 +1,12 @@
+/**
+ * OpenClaw Preset
+ *
+ * Preset for detecting and migrating OpenClaw AI coding agent installations.
+ * Supports both npm global and git clone installations.
+ */
+import type { TargetPreset } from './types.js';
+/**
+ * OpenClaw preset implementation
+ */
+export declare const openclawPreset: TargetPreset;
+//# sourceMappingURL=openclaw.d.ts.map

package/presets/openclaw.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"openclaw.d.ts","sourceRoot":"","sources":["../../src/presets/openclaw.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,YAAY,EAIb,MAAM,YAAY,CAAC;AAKpB;;GAEG;AACH,eAAO,MAAM,cAAc,EAAE,YAmE5B,CAAC"}

package/presets/types.d.ts

@@ -0,0 +1,106 @@
+/**
+ * Preset System Types
+ *
+ * A preset defines how to detect, migrate, and run a specific target application.
+ * The sandboxing (users, groups, seatbelt, wrappers) is universal for all targets.
+ */
+import type { UserDefinition } from '@agenshield/ipc';
+/**
+ * Result of detecting a target application
+ */
+export interface PresetDetectionResult {
+    /** Whether the target was found */
+    found: boolean;
+    /** Installed version (if detected) */
+    version?: string;
+    /** Path to the main package/source directory */
+    packagePath?: string;
+    /** Path to the binary/entry point */
+    binaryPath?: string;
+    /** Path to the config directory */
+    configPath?: string;
+    /** How the target was installed */
+    method?: 'npm' | 'git' | 'binary' | 'custom';
+}
+/**
+ * Directory structure for migration
+ */
+export interface MigrationDirectories {
+    /** Local binaries directory */
+    binDir: string;
+    /** Wrapper scripts directory */
+    wrappersDir: string;
+    /** Config directory */
+    configDir: string;
+    /** Package/source directory */
+    packageDir: string;
+    /** npm packages directory */
+    npmDir: string;
+}
+/**
+ * Context provided to preset migration
+ */
+export interface MigrationContext {
+    /** Agent user definition */
+    agentUser: UserDefinition;
+    /** Directory structure for the sandbox */
+    directories: MigrationDirectories;
+    /** Entry point path (for custom preset) */
+    entryPoint?: string;
+    /** Detection result from the detect phase */
+    detection?: PresetDetectionResult;
+}
+/**
+ * Result of migrating a target to the sandbox
+ */
+export interface PresetMigrationResult {
+    /** Whether migration succeeded */
+    success: boolean;
+    /** Error message if failed */
+    error?: string;
+    /** New paths after migration */
+    newPaths?: {
+        packagePath: string;
+        binaryPath: string;
+        configPath?: string;
+    };
+}
+/**
+ * A preset defines how to detect, migrate, and run a specific target application.
+ * The sandboxing (users, groups, seatbelt, wrappers) is universal.
+ */
+export interface TargetPreset {
+    /** Unique preset identifier */
+    id: string;
+    /** Display name */
+    name: string;
+    /** Description shown in wizard */
+    description: string;
+    /**
+     * Commands this preset requires in the sandbox.
+     * These will be installed as protected wrappers in $HOME/bin.
+     * Names must match keys in WRAPPER_DEFINITIONS (e.g. 'node', 'npm', 'git', 'curl').
+     */
+    requiredBins: string[];
+    /**
+     * Optional commands the preset can use if available.
+     * Installed only when the user opts in or when the full wrapper set is requested.
+     */
+    optionalBins?: string[];
+    /**
+     * Detect if this target is installed on the system.
+     * Returns detection info or null if not found.
+     */
+    detect(): Promise<PresetDetectionResult | null>;
+    /**
+     * Migrate the target to the sandbox user.
+     * Copies files, sets permissions, creates entry wrapper.
+     */
+    migrate(context: MigrationContext): Promise<PresetMigrationResult>;
+    /**
+     * Get the command to run the target in the sandbox.
+     * This is what the wrapper scripts will invoke.
+     */
+    getEntryCommand(context: MigrationContext): string;
+}
+//# sourceMappingURL=types.d.ts.map

package/presets/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/presets/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAEtD;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,mCAAmC;IACnC,KAAK,EAAE,OAAO,CAAC;IACf,sCAAsC;IACtC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,gDAAgD;IAChD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,qCAAqC;IACrC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mCAAmC;IACnC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mCAAmC;IACnC,MAAM,CAAC,EAAE,KAAK,GAAG,KAAK,GAAG,QAAQ,GAAG,QAAQ,CAAC;CAC9C;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,+BAA+B;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,gCAAgC;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,uBAAuB;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,+BAA+B;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,6BAA6B;IAC7B,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,4BAA4B;IAC5B,SAAS,EAAE,cAAc,CAAC;IAC1B,0CAA0C;IAC1C,WAAW,EAAE,oBAAoB,CAAC;IAClC,2CAA2C;IAC3C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,6CAA6C;IAC7C,SAAS,CAAC,EAAE,qBAAqB,CAAC;CACnC;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,kCAAkC;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,8BAA8B;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gCAAgC;IAChC,QAAQ,CAAC,EAAE;QACT,WAAW,EAAE,MAAM,CAAC;QACpB,UAAU,EAAE,MAAM,CAAC;QACnB,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,CAAC;CACH;AAED;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,+BAA+B;IAC/B,EAAE,EAAE,MAAM,CAAC;IAEX,mBAAmB;IACnB,IAAI,EAAE,MAAM,CAAC;IAEb,kCAAkC;IAClC,WAAW,EAAE,MAAM,CAAC;IAEpB;;;;OAIG;IACH,YAAY,EAAE,MAAM,EAAE,CAAC;IAEvB;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IAExB;;;OAGG;IACH,MAAM,IAAI,OAAO,CAAC,qBAAqB,GAAG,IAAI,CAAC,CAAC;IAEhD;;;OAGG;IACH,OAAO,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,qBAAqB,CAAC,CAAC;IAEnE;;;OAGG;IACH,eAAe,CAAC,OAAO,EAAE,gBAAgB,GAAG,MAAM,CAAC;CACpD"}

package/restore.d.ts

@@ -0,0 +1,38 @@
+/**
+ * Restore utilities for AgenShield uninstall
+ *
+ * Restores the original OpenClaw installation from backup.
+ */
+import type { InstallationBackup } from '@agenshield/ipc';
+export type RestoreStep = 'validate' | 'stop-daemon' | 'stop-broker' | 'kill-processes' | 'restore-config' | 'restore-package' | 'delete-user' | 'remove-shell' | 'cleanup' | 'verify';
+export interface RestoreProgress {
+    step: RestoreStep;
+    success: boolean;
+    message: string;
+    error?: string;
+}
+export interface RestoreResult {
+    success: boolean;
+    steps: RestoreProgress[];
+    error?: string;
+}
+/**
+ * Perform full restore/uninstall process
+ */
+export declare function restoreInstallation(backup: InstallationBackup, onProgress?: (progress: RestoreProgress) => void): RestoreResult;
+/**
+ * Check if uninstall is possible
+ */
+export declare function canUninstall(): {
+    canUninstall: boolean;
+    isRoot: boolean;
+    hasBackup: boolean;
+    backup: InstallationBackup | null;
+    error?: string;
+};
+/**
+ * Force uninstall without a backup
+ * Used when no backup exists but user wants to clean up AgenShield artifacts
+ */
+export declare function forceUninstall(onProgress?: (progress: RestoreProgress) => void): RestoreResult;
+//# sourceMappingURL=restore.d.ts.map

package/restore.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"restore.d.ts","sourceRoot":"","sources":["../src/restore.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAmB1D,MAAM,MAAM,WAAW,GACnB,UAAU,GACV,aAAa,GACb,aAAa,GACb,gBAAgB,GAChB,gBAAgB,GAChB,iBAAiB,GACjB,aAAa,GACb,cAAc,GACd,SAAS,GACT,QAAQ,CAAC;AAEb,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,WAAW,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,eAAe,EAAE,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAyWD;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,kBAAkB,EAC1B,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE,eAAe,KAAK,IAAI,GAC/C,aAAa,CA+Ef;AAED;;GAEG;AACH,wBAAgB,YAAY,IAAI;IAC9B,YAAY,EAAE,OAAO,CAAC;IACtB,MAAM,EAAE,OAAO,CAAC;IAChB,SAAS,EAAE,OAAO,CAAC;IACnB,MAAM,EAAE,kBAAkB,GAAG,IAAI,CAAC;IAClC,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CA+BA;AAsCD;;;GAGG;AACH,wBAAgB,cAAc,CAC5B,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE,eAAe,KAAK,IAAI,GAC/C,aAAa,CA+Gf"}

package/seatbelt.d.ts

@@ -0,0 +1,59 @@
+/**
+ * Seatbelt Profile Management
+ *
+ * Generates and installs macOS sandbox profiles.
+ */
+/**
+ * Agent seatbelt profile template
+ */
+export declare function generateAgentProfile(options: {
+    workspacePath: string;
+    socketPath: string;
+    agentHome?: string;
+    additionalReadPaths?: string[];
+}): string;
+/**
+ * Per-operation profile template
+ */
+export declare function generateOperationProfile(operation: string, target?: string): string;
+export interface ProfileResult {
+    success: boolean;
+    path: string;
+    message: string;
+    error?: Error;
+}
+/**
+ * Install seatbelt profiles
+ */
+export declare function installProfiles(options: {
+    workspacePath: string;
+    socketPath: string;
+}): Promise<ProfileResult[]>;
+/**
+ * Verify seatbelt profile syntax
+ */
+export declare function verifyProfile(profilePath: string): Promise<boolean>;
+/**
+ * Install seatbelt profiles using UserConfig
+ *
+ * @param config - UserConfig with user/group information
+ * @param profiles - Generated profiles to install
+ */
+export declare function installSeatbeltProfiles(config: import('@agenshield/ipc').UserConfig, profiles: {
+    agentProfile: string;
+}): Promise<{
+    success: boolean;
+    error?: string;
+    agentProfilePath?: string;
+    operationProfilePaths?: string[];
+}>;
+/**
+ * Generate agent profile from UserConfig
+ */
+export declare function generateAgentProfileFromConfig(config: import('@agenshield/ipc').UserConfig): string;
+export { generateAgentProfileFromConfig as generateAgentProfile_v2 };
+/**
+ * Get installed profiles
+ */
+export declare function getInstalledProfiles(): Promise<string[]>;
+//# sourceMappingURL=seatbelt.d.ts.map

package/seatbelt.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"seatbelt.d.ts","sourceRoot":"","sources":["../src/seatbelt.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAWH;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE;IAC5C,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;CAChC,GAAG,MAAM,CAuJT;AAED;;GAEG;AACH,wBAAgB,wBAAwB,CACtC,SAAS,EAAE,MAAM,EACjB,MAAM,CAAC,EAAE,MAAM,GACd,MAAM,CAaR;AA4DD,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,KAAK,CAAC;CACf;AAED;;GAEG;AACH,wBAAsB,eAAe,CAAC,OAAO,EAAE;IAC7C,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;CACpB,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC,CAuD3B;AAED;;GAEG;AACH,wBAAsB,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAqBzE;AAED;;;;;GAKG;AACH,wBAAsB,uBAAuB,CAC3C,MAAM,EAAE,OAAO,iBAAiB,EAAE,UAAU,EAC5C,QAAQ,EAAE;IAAE,YAAY,EAAE,MAAM,CAAA;CAAE,GACjC,OAAO,CAAC;IACT,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAC;CAClC,CAAC,CAyCD;AAED;;GAEG;AACH,wBAAgB,8BAA8B,CAAC,MAAM,EAAE,OAAO,iBAAiB,EAAE,UAAU,GAAG,MAAM,CAMnG;AAGD,OAAO,EAAE,8BAA8B,IAAI,uBAAuB,EAAE,CAAC;AAErE;;GAEG;AACH,wBAAsB,oBAAoB,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC,CAuB9D"}

package/security.d.ts

@@ -0,0 +1,44 @@
+/**
+ * Security status checks for the sandbox
+ */
+/**
+ * Security status report
+ */
+export interface SecurityStatus {
+    /** Is the current process running as root? (dangerous!) */
+    runningAsRoot: boolean;
+    /** Current user */
+    currentUser: string;
+    /** Is sandbox user created? */
+    sandboxUserExists: boolean;
+    /** Is OpenClaw isolated to sandbox user? */
+    isIsolated: boolean;
+    /** Is guarded shell installed? */
+    guardedShellInstalled: boolean;
+    /** Exposed secrets found in environment */
+    exposedSecrets: string[];
+    /** Security warnings */
+    warnings: string[];
+    /** Critical security issues */
+    critical: string[];
+    /** Recommendations */
+    recommendations: string[];
+    /** Overall security level */
+    level: 'secure' | 'partial' | 'unprotected' | 'critical';
+}
+/**
+ * Check if an environment variable name looks like a secret
+ */
+export declare function isSecretEnvVar(name: string): boolean;
+/**
+ * Options for security status checks
+ */
+export interface SecurityCheckOptions {
+    /** Environment to scan for secrets (defaults to process.env) */
+    env?: Record<string, string | undefined>;
+}
+/**
+ * Check full security status
+ */
+export declare function checkSecurityStatus(options?: SecurityCheckOptions): SecurityStatus;
+//# sourceMappingURL=security.d.ts.map

package/security.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../src/security.ts"],"names":[],"mappings":"AAAA;;GAEG;AASH;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,2DAA2D;IAC3D,aAAa,EAAE,OAAO,CAAC;IACvB,mBAAmB;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,+BAA+B;IAC/B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,4CAA4C;IAC5C,UAAU,EAAE,OAAO,CAAC;IACpB,kCAAkC;IAClC,qBAAqB,EAAE,OAAO,CAAC;IAC/B,2CAA2C;IAC3C,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,wBAAwB;IACxB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,+BAA+B;IAC/B,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,sBAAsB;IACtB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,6BAA6B;IAC7B,KAAK,EAAE,QAAQ,GAAG,SAAS,GAAG,aAAa,GAAG,UAAU,CAAC;CAC1D;AAuBD;;GAEG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAEpD;AA2DD;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,gEAAgE;IAChE,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC;CAC1C;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,CAAC,EAAE,oBAAoB,GAAG,cAAc,CAwElF"}

package/shield-exec.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Shield-Exec: Single Node.js Command Proxy
+ *
+ * A unified command proxy installed at /opt/agenshield/bin/shield-exec.
+ * All command wrappers in $HOME/bin/ are symlinks to this binary.
+ * It detects the invoked command name via process.argv[1] (symlink name),
+ * then routes the request through the broker via Unix socket JSON-RPC.
+ *
+ * All commands are routed as `exec` operations through the broker,
+ * which handles policy enforcement (workspace boundaries, network policies, etc.).
+ */
+/** Path where shield-exec is installed */
+export declare const SHIELD_EXEC_PATH = "/opt/agenshield/bin/shield-exec";
+/** Commands that shield-exec handles (all routed through broker as exec) */
+export declare const PROXIED_COMMANDS: readonly ["curl", "wget", "git", "ssh", "scp", "rsync", "brew", "npm", "npx", "pip", "pip3", "open-url", "shieldctl", "agenco"];
+/**
+ * The content of shield-exec as a string, for installation
+ */
+export declare const SHIELD_EXEC_CONTENT = "#!/usr/bin/env node\n'use strict';\n\nconst path = require('path');\nconst net = require('net');\n\nconst DEFAULT_SOCKET_PATH = '/var/run/agenshield/agenshield.sock';\n\nfunction sendRequest(socketPath, request) {\n  return new Promise((resolve, reject) => {\n    const socket = net.createConnection(socketPath, () => {\n      socket.write(JSON.stringify(request) + '\\n');\n    });\n    let data = '';\n    socket.on('data', (chunk) => {\n      data += chunk.toString();\n      const idx = data.indexOf('\\n');\n      if (idx >= 0) {\n        try {\n          const resp = JSON.parse(data.slice(0, idx));\n          socket.end();\n          resolve(resp);\n        } catch (e) {\n          socket.end();\n          reject(new Error('Invalid JSON response: ' + e.message));\n        }\n      }\n    });\n    socket.on('error', (err) => reject(new Error('Socket error: ' + err.message)));\n    socket.on('end', () => {\n      if (data.trim()) {\n        try { resolve(JSON.parse(data.trim())); }\n        catch { reject(new Error('Connection closed before response')); }\n      } else {\n        reject(new Error('Connection closed without response'));\n      }\n    });\n    socket.setTimeout(30000, () => {\n      socket.destroy();\n      reject(new Error('Request timed out'));\n    });\n  });\n}\n\nasync function main() {\n  const socketPath = process.env.AGENSHIELD_SOCKET || DEFAULT_SOCKET_PATH;\n  const invoked = path.basename(process.argv[1] || 'shield-exec');\n  const args = process.argv.slice(2);\n  const commandName = invoked === 'shield-exec' ? (args.shift() || '') : invoked;\n\n  if (!commandName) {\n    process.stderr.write('Usage: shield-exec <command> [args...]\\n');\n    process.exit(1);\n  }\n\n  const request = {\n    jsonrpc: '2.0',\n    id: 'shield-exec-' + Date.now() + '-' + Math.random().toString(36).slice(2, 8),\n    method: 'exec',\n    params: { command: commandName, args: args, cwd: process.cwd() },\n  };\n\n  try {\n    const response = await sendRequest(socketPath, request);\n    if (response.error) {\n      process.stderr.write('Error: ' + response.error.message + '\\n');\n      process.exit(1);\n    }\n    const result = response.result;\n    if (!result) { process.stderr.write('Error: Empty response\\n'); process.exit(1); }\n    if (!result.success) {\n      process.stderr.write('Error: ' + (result.error?.message || 'Unknown error') + '\\n');\n      process.exit(1);\n    }\n    const data = result.data;\n    if (!data) process.exit(0);\n    if (data.stdout) process.stdout.write(data.stdout);\n    if (data.stderr) process.stderr.write(data.stderr);\n    process.exit(data.exitCode ?? 0);\n  } catch (err) {\n    process.stderr.write('shield-exec error: ' + err.message + '\\n');\n    process.exit(1);\n  }\n}\n\nmain().catch((err) => { process.stderr.write('Fatal: ' + err.message + '\\n'); process.exit(1); });\n";
+//# sourceMappingURL=shield-exec.d.ts.map

package/shield-exec.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"shield-exec.d.ts","sourceRoot":"","sources":["../src/shield-exec.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAKH,0CAA0C;AAC1C,eAAO,MAAM,gBAAgB,oCAAoC,CAAC;AAKlE,4EAA4E;AAC5E,eAAO,MAAM,gBAAgB,iIAInB,CAAC;AAsKX;;GAEG;AACH,eAAO,MAAM,mBAAmB,wzFAsF/B,CAAC"}