npm - @agenshield/sandbox - Versions diffs - 0.1.0 - Mend

@agenshield/sandbox 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (52) hide show

package/backup.d.ts +53 -0
package/backup.d.ts.map +1 -0
package/detect.d.ts +44 -0
package/detect.d.ts.map +1 -0
package/directories.d.ts +113 -0
package/directories.d.ts.map +1 -0
package/discovery/binary-scanner.d.ts +44 -0
package/discovery/binary-scanner.d.ts.map +1 -0
package/discovery/index.d.ts +7 -0
package/discovery/index.d.ts.map +1 -0
package/discovery/scanner.d.ts +12 -0
package/discovery/scanner.d.ts.map +1 -0
package/discovery/skill-scanner.d.ts +31 -0
package/discovery/skill-scanner.d.ts.map +1 -0
package/guarded-shell.d.ts +34 -0
package/guarded-shell.d.ts.map +1 -0
package/index.d.ts +27 -0
package/index.d.ts.map +1 -0
package/index.js +6155 -0
package/launchdaemon.d.ts +76 -0
package/launchdaemon.d.ts.map +1 -0
package/macos.d.ts +44 -0
package/macos.d.ts.map +1 -0
package/migration.d.ts +49 -0
package/migration.d.ts.map +1 -0
package/package.json +24 -0
package/presets/custom.d.ts +12 -0
package/presets/custom.d.ts.map +1 -0
package/presets/dev-harness.d.ts +12 -0
package/presets/dev-harness.d.ts.map +1 -0
package/presets/index.d.ts +53 -0
package/presets/index.d.ts.map +1 -0
package/presets/openclaw.d.ts +12 -0
package/presets/openclaw.d.ts.map +1 -0
package/presets/types.d.ts +106 -0
package/presets/types.d.ts.map +1 -0
package/restore.d.ts +38 -0
package/restore.d.ts.map +1 -0
package/seatbelt.d.ts +59 -0
package/seatbelt.d.ts.map +1 -0
package/security.d.ts +44 -0
package/security.d.ts.map +1 -0
package/shield-exec.d.ts +20 -0
package/shield-exec.d.ts.map +1 -0
package/skill-injector.d.ts +48 -0
package/skill-injector.d.ts.map +1 -0
package/types.d.ts +38 -0
package/types.d.ts.map +1 -0
package/users.d.ts +169 -0
package/users.d.ts.map +1 -0
package/wrappers.d.ts +217 -0
package/wrappers.d.ts.map +1 -0

package/skill-injector.d.ts ADDED Viewed

@@ -0,0 +1,48 @@
+/**
+ * Skill Injector
+ *
+ * Injects security-related skills into OpenClaw's skills directory
+ * when AgenShield is set up. This ensures critical security skills
+ * are always available to the sandboxed agent.
+ */
+import type { UserConfig } from '@agenshield/ipc';
+export interface SkillInjectionResult {
+    success: boolean;
+    skillsDir: string;
+    injectedSkills: string[];
+    error?: string;
+}
+/**
+ * Get the OpenClaw skills directory for a user
+ */
+export declare function getSkillsDir(homeDir: string): string;
+/**
+ * Get the path to the bundled AgenCo skill
+ */
+export declare function getAgenCoSkillPath(): string;
+/**
+ * Inject the AgenCo skill into OpenClaw's skills directory
+ */
+export declare function injectAgenCoSkill(config: UserConfig): Promise<SkillInjectionResult>;
+/**
+ * Create a symlink for the agenco command in the agent's bin directory
+ */
+export declare function createAgenCoSymlink(config: UserConfig, binDir: string): Promise<{
+    success: boolean;
+    error?: string;
+}>;
+/**
+ * Remove injected skills (for uninstall)
+ */
+export declare function removeInjectedSkills(homeDir: string): Promise<{
+    success: boolean;
+    error?: string;
+}>;
+/**
+ * Update OpenClaw's MCP configuration to include AgenCo
+ */
+export declare function updateOpenClawMcpConfig(homeDir: string): Promise<{
+    success: boolean;
+    error?: string;
+}>;
+//# sourceMappingURL=skill-injector.d.ts.map

package/skill-injector.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"skill-injector.d.ts","sourceRoot":"","sources":["../src/skill-injector.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAElD,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAepD;AAED;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,MAAM,CAmB3C;AA4BD;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,oBAAoB,CAAC,CA2D/B;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,UAAU,EAClB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CA8B/C;AAED;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,MAAM,GACd,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAgB/C;AAED;;GAEG;AACH,wBAAsB,uBAAuB,CAC3C,OAAO,EAAE,MAAM,GACd,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAiE/C"}

package/types.d.ts ADDED Viewed

@@ -0,0 +1,38 @@
+/**
+ * Types for sandbox user management
+ */
+export interface SandboxUser {
+    username: string;
+    uid: number;
+    gid: number;
+    homeDir: string;
+    shell: string;
+}
+export interface SandboxConfig {
+    /** Username for the sandbox user */
+    username: string;
+    /** Home directory path */
+    homeDir: string;
+    /** Shell to use (should be restricted) */
+    shell: string;
+    /** Real name for the user */
+    realName: string;
+}
+export interface CreateUserResult {
+    success: boolean;
+    user?: SandboxUser;
+    error?: string;
+}
+export interface DirectoryStructure {
+    /** Local binaries */
+    binDir: string;
+    /** Wrapper scripts for broker */
+    wrappersDir: string;
+    /** OpenClaw config */
+    configDir: string;
+    /** OpenClaw package */
+    packageDir: string;
+    /** npm global packages */
+    npmDir: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,aAAa;IAC5B,oCAAoC;IACpC,QAAQ,EAAE,MAAM,CAAC;IACjB,0BAA0B;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,0CAA0C;IAC1C,KAAK,EAAE,MAAM,CAAC;IACd,6BAA6B;IAC7B,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,CAAC,EAAE,WAAW,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,kBAAkB;IACjC,qBAAqB;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,iCAAiC;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,sBAAsB;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,uBAAuB;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,0BAA0B;IAC1B,MAAM,EAAE,MAAM,CAAC;CAChB"}

package/users.d.ts ADDED Viewed

@@ -0,0 +1,169 @@
+/**
+ * User and Group Management
+ *
+ * Creates and manages AgenShield users and groups on macOS.
+ * Supports dynamic configuration with optional prefix for testing/multiple instances.
+ */
+import type { UserConfig, UserDefinition } from '@agenshield/ipc';
+/**
+ * Default base UIDs/GIDs
+ */
+export declare const DEFAULT_BASE_UID = 5200;
+export declare const DEFAULT_BASE_GID = 5100;
+/**
+ * Default base name for users/groups (the part after ash_ prefix)
+ */
+export declare const DEFAULT_BASE_NAME = "default";
+/**
+ * Required prefix for all AgenShield users/groups
+ */
+export declare const ASH_PREFIX = "ash_";
+/**
+ * Create user configuration with optional prefix, base IDs, and base name
+ *
+ * @param options - Configuration options
+ * @param options.prefix - Optional additional prefix for all names (for testing multiple instances)
+ * @param options.baseUid - Base UID for users (default: 5200)
+ * @param options.baseGid - Base GID for groups (default: 5100)
+ * @param options.baseName - Base name for users/groups (default: 'default')
+ * @returns Complete UserConfig object
+ *
+ * Naming pattern: ash_{baseName}_{role} (or {prefix}_ash_{baseName}_{role} with prefix)
+ *
+ * @example
+ * // Default configuration
+ * const config = createUserConfig();
+ * // config.agentUser.username === 'ash_default_agent'
+ * // config.groups.socket.name === 'ash_default'
+ *
+ * @example
+ * // With custom base name
+ * const customConfig = createUserConfig({ baseName: 'myapp' });
+ * // customConfig.agentUser.username === 'ash_myapp_agent'
+ *
+ * @example
+ * // With prefix for testing multiple instances
+ * const testConfig = createUserConfig({ prefix: 'test1', baseName: 'myapp' });
+ * // testConfig.agentUser.username === 'test1_ash_myapp_agent'
+ *
+ * @example
+ * // With custom UIDs
+ * const customConfig = createUserConfig({ baseName: 'ci', baseUid: 6200, baseGid: 6100 });
+ */
+export declare function createUserConfig(options?: {
+    prefix?: string;
+    baseUid?: number;
+    baseGid?: number;
+    baseName?: string;
+}): UserConfig;
+export interface CreateResult {
+    success: boolean;
+    message: string;
+    error?: Error;
+}
+/**
+ * Check if a group exists
+ */
+export declare function groupExists(name: string): Promise<boolean>;
+/**
+ * Check if a user exists
+ */
+export declare function userExists(username: string): Promise<boolean>;
+/**
+ * Verbose logging options
+ */
+export interface VerboseOptions {
+    verbose?: boolean;
+}
+/**
+ * Create a group
+ */
+export declare function createGroup(name: string, gid: number, description?: string, options?: VerboseOptions): Promise<CreateResult>;
+/**
+ * Create all required groups from config
+ *
+ * @param config - Optional UserConfig, uses defaults if not provided
+ * @param options - Optional verbose options
+ */
+export declare function createGroups(config?: UserConfig, options?: VerboseOptions): Promise<CreateResult[]>;
+/**
+ * Create a user from UserDefinition
+ */
+export declare function createUser(userDef: UserDefinition, options?: VerboseOptions): Promise<CreateResult>;
+/**
+ * Create the agent user
+ *
+ * @param config - Optional UserConfig, uses defaults if not provided
+ * @param options - Optional verbose options
+ */
+export declare function createAgentUser(config?: UserConfig, options?: VerboseOptions): Promise<CreateResult>;
+/**
+ * Create the broker user
+ *
+ * @param config - Optional UserConfig, uses defaults if not provided
+ * @param options - Optional verbose options
+ */
+export declare function createBrokerUser(config?: UserConfig, options?: VerboseOptions): Promise<CreateResult>;
+/**
+ * Create all required users
+ *
+ * @param config - Optional UserConfig, uses defaults if not provided
+ */
+export declare function createUsers(config?: UserConfig): Promise<CreateResult[]>;
+/**
+ * Create all groups and users
+ *
+ * @param config - Optional UserConfig, uses defaults if not provided
+ */
+export declare function createAllUsersAndGroups(config?: UserConfig): Promise<{
+    groups: CreateResult[];
+    users: CreateResult[];
+}>;
+/**
+ * Delete a group
+ */
+export declare function deleteGroup(name: string): Promise<CreateResult>;
+/**
+ * Delete a user
+ */
+export declare function deleteUser(username: string): Promise<CreateResult>;
+/**
+ * Delete all groups from config
+ *
+ * @param config - Optional UserConfig, uses defaults if not provided
+ */
+export declare function deleteGroups(config?: UserConfig): Promise<CreateResult[]>;
+/**
+ * Delete all users from config
+ *
+ * @param config - Optional UserConfig, uses defaults if not provided
+ */
+export declare function deleteUsers(config?: UserConfig): Promise<CreateResult[]>;
+/**
+ * Delete all users and groups (for uninstall/cleanup)
+ *
+ * @param config - Optional UserConfig, uses defaults if not provided
+ */
+export declare function deleteAllUsersAndGroups(config?: UserConfig): Promise<{
+    users: CreateResult[];
+    groups: CreateResult[];
+}>;
+/**
+ * Get user info
+ */
+export declare function getUserInfo(username: string): Promise<Record<string, string> | null>;
+/**
+ * Get group info
+ */
+export declare function getGroupInfo(name: string): Promise<Record<string, string> | null>;
+/**
+ * Verify that all required users and groups exist
+ *
+ * @param config - Optional UserConfig, uses defaults if not provided
+ */
+export declare function verifyUsersAndGroups(config?: UserConfig): Promise<{
+    valid: boolean;
+    missingGroups: string[];
+    missingUsers: string[];
+}>;
+//# sourceMappingURL=users.d.ts.map

package/users.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"users.d.ts","sourceRoot":"","sources":["../src/users.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,KAAK,EAAE,UAAU,EAAE,cAAc,EAAmB,MAAM,iBAAiB,CAAC;AAInF;;GAEG;AACH,eAAO,MAAM,gBAAgB,OAAO,CAAC;AACrC,eAAO,MAAM,gBAAgB,OAAO,CAAC;AAErC;;GAEG;AACH,eAAO,MAAM,iBAAiB,YAAY,CAAC;AAE3C;;GAEG;AACH,eAAO,MAAM,UAAU,SAAS,CAAC;AAEjC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,CAAC,EAAE;IACzC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,GAAG,UAAU,CAoDb;AAOD,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,KAAK,CAAC;CACf;AAED;;GAEG;AACH,wBAAsB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAOhE;AAED;;GAEG;AACH,wBAAsB,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAOnE;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,wBAAsB,WAAW,CAC/B,IAAI,EAAE,MAAM,EACZ,GAAG,EAAE,MAAM,EACX,WAAW,CAAC,EAAE,MAAM,EACpB,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,YAAY,CAAC,CA8BvB;AAED;;;;;GAKG;AACH,wBAAsB,YAAY,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,CAuBzG;AAED;;GAEG;AACH,wBAAsB,UAAU,CAAC,OAAO,EAAE,cAAc,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,YAAY,CAAC,CA6DzG;AAED;;;;;GAKG;AACH,wBAAsB,eAAe,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,YAAY,CAAC,CAG1G;AAED;;;;;GAKG;AACH,wBAAsB,gBAAgB,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,YAAY,CAAC,CAG3G;AAED;;;;GAIG;AACH,wBAAsB,WAAW,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,CAO9E;AAED;;;;GAIG;AACH,wBAAsB,uBAAuB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC;IAC1E,MAAM,EAAE,YAAY,EAAE,CAAC;IACvB,KAAK,EAAE,YAAY,EAAE,CAAC;CACvB,CAAC,CAID;AAED;;GAEG;AACH,wBAAsB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAerE;AAED;;GAEG;AACH,wBAAsB,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAexE;AAED;;;;GAIG;AACH,wBAAsB,YAAY,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,CAQ/E;AAED;;;;GAIG;AACH,wBAAsB,WAAW,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,CAQ9E;AAED;;;;GAIG;AACH,wBAAsB,uBAAuB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC;IAC1E,KAAK,EAAE,YAAY,EAAE,CAAC;IACtB,MAAM,EAAE,YAAY,EAAE,CAAC;CACxB,CAAC,CAKD;AAED;;GAEG;AACH,wBAAsB,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,IAAI,CAAC,CAkB1F;AAED;;GAEG;AACH,wBAAsB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,IAAI,CAAC,CAkBvF;AAED;;;;GAIG;AACH,wBAAsB,oBAAoB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC;IACvE,KAAK,EAAE,OAAO,CAAC;IACf,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB,CAAC,CA0BD"}

package/wrappers.d.ts ADDED Viewed

@@ -0,0 +1,217 @@
+/**
+ * Wrapper Scripts Installation
+ *
+ * Installs command wrappers that route operations through the broker.
+ * Supports dynamic wrapper management based on policy configuration.
+ */
+import type { UserConfig } from '@agenshield/ipc';
+/**
+ * Wrapper definition interface
+ */
+export interface WrapperDefinition {
+    description: string;
+    /** Whether this wrapper requires seatbelt profile */
+    usesSeatbelt?: boolean;
+    /** Whether this wrapper uses Node.js interceptor */
+    usesInterceptor?: boolean;
+    /** The content generator function */
+    generate: (config: WrapperConfig) => string;
+}
+/**
+ * Configuration for wrapper generation
+ */
+export interface WrapperConfig {
+    /** Agent home directory */
+    agentHome: string;
+    /** Agent username */
+    agentUsername: string;
+    /** Socket path */
+    socketPath: string;
+    /** HTTP fallback port */
+    httpPort: number;
+    /** Path to interceptor module */
+    interceptorPath: string;
+    /** NODE_OPTIONS flag: '--require' for CJS or '--import' for ESM */
+    interceptorFlag: string;
+    /** Path to seatbelt profiles */
+    seatbeltDir: string;
+    /** Path to Python executable */
+    pythonPath: string;
+    /** Path to Node.js executable */
+    nodePath: string;
+    /** Path to npm executable */
+    npmPath: string;
+    /** Path to brew executable */
+    brewPath: string;
+}
+/**
+ * Default wrapper configuration
+ */
+export declare function getDefaultWrapperConfig(userConfig?: UserConfig): WrapperConfig;
+/**
+ * Wrapper definitions with dynamic content generation
+ */
+export declare const WRAPPER_DEFINITIONS: Record<string, WrapperDefinition>;
+/**
+ * Legacy static WRAPPERS export for backward compatibility
+ */
+export declare const WRAPPERS: Record<string, {
+    description: string;
+    content: string;
+}>;
+export interface WrapperResult {
+    success: boolean;
+    name: string;
+    path: string;
+    message: string;
+    error?: Error;
+}
+/**
+ * Generate wrapper content from definition
+ */
+export declare function generateWrapperContent(name: string, config?: WrapperConfig): string | null;
+/**
+ * Install a single wrapper
+ */
+export declare function installWrapper(name: string, content: string, targetDir: string): Promise<WrapperResult>;
+/**
+ * Install a wrapper with sudo (for system directories)
+ */
+export declare function installWrapperWithSudo(name: string, content: string, targetDir: string, owner?: string, group?: string): Promise<WrapperResult>;
+/**
+ * Install all wrappers
+ */
+export declare function installWrappers(targetDir?: string, config?: WrapperConfig): Promise<WrapperResult[]>;
+/**
+ * Install specific wrappers by name
+ */
+export declare function installSpecificWrappers(names: string[], targetDir: string, config?: WrapperConfig): Promise<WrapperResult[]>;
+/**
+ * Uninstall a wrapper
+ */
+export declare function uninstallWrapper(name: string, targetDir: string): Promise<WrapperResult>;
+/**
+ * Uninstall all wrappers
+ */
+export declare function uninstallWrappers(targetDir?: string): Promise<WrapperResult[]>;
+/**
+ * Verify wrapper installation
+ */
+export declare function verifyWrappers(targetDir?: string): Promise<{
+    valid: boolean;
+    installed: string[];
+    missing: string[];
+}>;
+/**
+ * Install all wrappers using UserConfig
+ *
+ * @param userConfig - UserConfig with user information
+ * @param directories - Directories configuration
+ */
+export declare function installAllWrappers(userConfig: UserConfig, directories: {
+    binDir: string;
+    wrappersDir: string;
+}): Promise<{
+    success: boolean;
+    error?: string;
+    installed?: string[];
+}>;
+/**
+ * Verbose logging options
+ */
+export interface VerboseOptions {
+    verbose?: boolean;
+}
+/**
+ * Install guarded shell using the hardened zsh guarded-shell content
+ */
+export declare function installGuardedShell(userConfig?: UserConfig, options?: VerboseOptions): Promise<WrapperResult>;
+/**
+ * Install the shield-exec Node.js command proxy and create symlinks.
+ *
+ * Writes shield-exec to /opt/agenshield/bin/shield-exec (root-owned, mode 755),
+ * then creates symlinks in the agent's bin directory for all proxied commands.
+ * node/python are kept as separate bash wrappers (they need NODE_OPTIONS/seatbelt).
+ */
+export declare function installShieldExec(userConfig: UserConfig, binDir: string): Promise<{
+    success: boolean;
+    error?: string;
+    installed?: string[];
+}>;
+/**
+ * Get list of available wrapper names
+ */
+export declare function getAvailableWrappers(): string[];
+/**
+ * Get wrapper definition by name
+ */
+export declare function getWrapperDefinition(name: string): WrapperDefinition | null;
+/**
+ * Check if a wrapper uses seatbelt
+ */
+export declare function wrapperUsesSeatbelt(name: string): boolean;
+/**
+ * Check if a wrapper uses interceptor
+ */
+export declare function wrapperUsesInterceptor(name: string): boolean;
+/**
+ * Dynamic wrapper management - add a new wrapper at runtime
+ */
+export declare function addDynamicWrapper(name: string, content: string, targetDir: string, useSudo?: boolean, owner?: string, group?: string): Promise<WrapperResult>;
+/**
+ * Dynamic wrapper management - remove a wrapper at runtime
+ */
+export declare function removeDynamicWrapper(name: string, targetDir: string, useSudo?: boolean): Promise<WrapperResult>;
+/**
+ * Update an existing wrapper with new content
+ */
+export declare function updateWrapper(name: string, targetDir: string, config?: WrapperConfig, useSudo?: boolean): Promise<WrapperResult>;
+/**
+ * Deploy the interceptor CJS bundle to the sandbox.
+ *
+ * Copies `libs/shield-interceptor/dist/register.js` (which is CJS despite the
+ * package.json "type":"module") to `/opt/agenshield/lib/interceptor/register.cjs`
+ * so that node wrappers can use `--require` to load it.
+ */
+export declare function deployInterceptor(userConfig?: UserConfig): Promise<WrapperResult>;
+/**
+ * Copy the broker binary to /opt/agenshield/bin/
+ * The broker is the privileged daemon that handles socket communication.
+ */
+export declare function copyBrokerBinary(userConfig?: UserConfig): Promise<WrapperResult>;
+/**
+ * Copy the current Node.js binary to the sandbox so the node wrapper
+ * can exec a known-good binary without relying on system PATH.
+ */
+export declare function copyNodeBinary(userConfig?: UserConfig): Promise<WrapperResult>;
+export interface PresetInstallResult {
+    success: boolean;
+    installedWrappers: string[];
+    errors: string[];
+    seatbeltInstalled: boolean;
+}
+/**
+ * Basic system commands that should be available via symlinks (no interception needed)
+ */
+export declare const BASIC_SYSTEM_COMMANDS: string[];
+/**
+ * Install symlinks for basic system commands that don't need interception
+ */
+export declare function installBasicCommands(binDir: string, options?: {
+    verbose?: boolean;
+}): Promise<{
+    success: boolean;
+    installed: string[];
+    errors: string[];
+}>;
+/**
+ * Install binaries for a preset: node binary, interceptor, wrappers, seatbelt, ownership lockdown.
+ */
+export declare function installPresetBinaries(options: {
+    requiredBins: string[];
+    userConfig: UserConfig;
+    binDir: string;
+    socketGroupName: string;
+    verbose?: boolean;
+}): Promise<PresetInstallResult>;
+//# sourceMappingURL=wrappers.d.ts.map

package/wrappers.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"wrappers.d.ts","sourceRoot":"","sources":["../src/wrappers.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAQH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAOlD;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,qDAAqD;IACrD,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,oDAAoD;IACpD,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,qCAAqC;IACrC,QAAQ,EAAE,CAAC,MAAM,EAAE,aAAa,KAAK,MAAM,CAAC;CAC7C;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,2BAA2B;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,qBAAqB;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,kBAAkB;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,yBAAyB;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,iCAAiC;IACjC,eAAe,EAAE,MAAM,CAAC;IACxB,mEAAmE;IACnE,eAAe,EAAE,MAAM,CAAC;IACxB,gCAAgC;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,gCAAgC;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,iCAAiC;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,8BAA8B;IAC9B,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,UAAU,CAAC,EAAE,UAAU,GAAG,aAAa,CAe9E;AAED;;GAEG;AACH,eAAO,MAAM,mBAAmB,EAAE,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAgWjE,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,QAAQ,EAQhB,MAAM,CAAC,MAAM,EAAE;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC;AAE9D,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,KAAK,CAAC;CACf;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,IAAI,EAAE,MAAM,EACZ,MAAM,CAAC,EAAE,aAAa,GACrB,MAAM,GAAG,IAAI,CAMf;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,aAAa,CAAC,CAsBxB;AAED;;GAEG;AACH,wBAAsB,sBAAsB,CAC1C,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,KAAK,CAAC,EAAE,MAAM,EACd,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,aAAa,CAAC,CA6BxB;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,SAAS,GAAE,MAAsC,EACjD,MAAM,CAAC,EAAE,aAAa,GACrB,OAAO,CAAC,aAAa,EAAE,CAAC,CA2B1B;AAED;;GAEG;AACH,wBAAsB,uBAAuB,CAC3C,KAAK,EAAE,MAAM,EAAE,EACf,SAAS,EAAE,MAAM,EACjB,MAAM,CAAC,EAAE,aAAa,GACrB,OAAO,CAAC,aAAa,EAAE,CAAC,CAsC1B;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,aAAa,CAAC,CA8BxB;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,SAAS,GAAE,MAAsC,GAChD,OAAO,CAAC,aAAa,EAAE,CAAC,CAS1B;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,SAAS,GAAE,MAAsC,GAChD,OAAO,CAAC;IACT,KAAK,EAAE,OAAO,CAAC;IACf,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB,CAAC,CAmBD;AAED;;;;;GAKG;AACH,wBAAsB,kBAAkB,CACtC,UAAU,EAAE,UAAU,EACtB,WAAW,EAAE;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,GACnD,OAAO,CAAC;IACT,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB,CAAC,CAkBD;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,UAAU,CAAC,EAAE,UAAU,EACvB,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,aAAa,CAAC,CAgExB;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,UAAU,EAAE,UAAU,EACtB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC;IACT,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB,CAAC,CA8FD;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,EAAE,CAE/C;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,iBAAiB,GAAG,IAAI,CAE3E;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAGzD;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAG5D;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,OAAO,GAAE,OAAe,EACxB,KAAK,CAAC,EAAE,MAAM,EACd,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,aAAa,CAAC,CAKxB;AAED;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,EACjB,OAAO,GAAE,OAAe,GACvB,OAAO,CAAC,aAAa,CAAC,CAkCxB;AAED;;GAEG;AACH,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,EACjB,MAAM,CAAC,EAAE,aAAa,EACtB,OAAO,GAAE,OAAe,GACvB,OAAO,CAAC,aAAa,CAAC,CAiBxB;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,UAAU,CAAC,EAAE,UAAU,GACtB,OAAO,CAAC,aAAa,CAAC,CAqCxB;AAED;;;GAGG;AACH,wBAAsB,gBAAgB,CACpC,UAAU,CAAC,EAAE,UAAU,GACtB,OAAO,CAAC,aAAa,CAAC,CAqCxB;AAED;;;GAGG;AACH,wBAAsB,cAAc,CAClC,UAAU,CAAC,EAAE,UAAU,GACtB,OAAO,CAAC,aAAa,CAAC,CA8BxB;AAED,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,iBAAiB,EAAE,OAAO,CAAC;CAC5B;AAED;;GAEG;AACH,eAAO,MAAM,qBAAqB,UAMjC,CAAC;AAEF;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE;IAAE,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,GAC9B,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,SAAS,EAAE,MAAM,EAAE,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CAAC,CA+BtE;AAED;;GAEG;AACH,wBAAsB,qBAAqB,CAAC,OAAO,EAAE;IACnD,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,UAAU,EAAE,UAAU,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,MAAM,CAAC;IACxB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAuF/B"}