@agenshield/sandbox 0.4.0 → 0.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/directories.d.ts +6 -0
- package/directories.d.ts.map +1 -1
- package/guarded-shell.d.ts +1 -1
- package/guarded-shell.d.ts.map +1 -1
- package/index.d.ts +1 -1
- package/index.d.ts.map +1 -1
- package/index.js +62 -31
- package/migration.d.ts.map +1 -1
- package/package.json +2 -2
- package/wrappers.d.ts.map +1 -1
package/directories.d.ts
CHANGED
|
@@ -61,6 +61,12 @@ export declare function createDirectory(dirPath: string, options: {
|
|
|
61
61
|
* @param options - Optional verbose options
|
|
62
62
|
*/
|
|
63
63
|
export declare function createSystemDirectories(config?: UserConfig, options?: VerboseOptions): Promise<DirectoryResult[]>;
|
|
64
|
+
/**
|
|
65
|
+
* Seed configuration files inside agent directories so the broker can
|
|
66
|
+
* read/write them at runtime without needing to create them (which would
|
|
67
|
+
* require root and result in wrong ownership).
|
|
68
|
+
*/
|
|
69
|
+
export declare function seedConfigFiles(config?: UserConfig, options?: VerboseOptions): Promise<DirectoryResult[]>;
|
|
64
70
|
/**
|
|
65
71
|
* Create all agent directories
|
|
66
72
|
*
|
package/directories.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"directories.d.ts","sourceRoot":"","sources":["../src/directories.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAK/D;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;IAC5C,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;CAC5C;AAED;;;;;GAKG;AACH,wBAAgB,wBAAwB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,kBAAkB,CA0HhF;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,WAAW,CAalE;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,KAAK,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE;IACP,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf,EACD,cAAc,CAAC,EAAE,cAAc,GAC9B,OAAO,CAAC,eAAe,CAAC,CA6B1B;AAED;;;;;GAKG;AACH,wBAAsB,uBAAuB,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CAUvH;AAED;;;;;GAKG;AACH,wBAAsB,sBAAsB,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,
|
|
1
|
+
{"version":3,"file":"directories.d.ts","sourceRoot":"","sources":["../src/directories.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAK/D;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;IAC5C,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;CAC5C;AAED;;;;;GAKG;AACH,wBAAgB,wBAAwB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,kBAAkB,CA0HhF;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,WAAW,CAalE;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,KAAK,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE;IACP,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf,EACD,cAAc,CAAC,EAAE,cAAc,GAC9B,OAAO,CAAC,eAAe,CAAC,CA6B1B;AAED;;;;;GAKG;AACH,wBAAsB,uBAAuB,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CAUvH;AAED;;;;GAIG;AACH,wBAAsB,eAAe,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CAsB/G;AAED;;;;;GAKG;AACH,wBAAsB,sBAAsB,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CActH;AAED;;;;;GAKG;AACH,wBAAsB,oBAAoB,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CAKpH;AAED;;;;GAIG;AACH,wBAAsB,iBAAiB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC;IACpE,KAAK,EAAE,OAAO,CAAC;IACf,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,SAAS,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACnD,CAAC,CA8DD;AAED;;;;GAIG;AACH,wBAAsB,oBAAoB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,eAAe,CAAC,CAyBxF;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC;IAC/D,MAAM,EAAE,OAAO,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,GAAG,IAAI,CAAC,CAcR;AAED;;;;;GAKG;AACH,wBAAsB,oBAAoB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CA2C1F"}
|
package/guarded-shell.d.ts
CHANGED
|
@@ -30,5 +30,5 @@ export declare const ZDOT_ZSHENV_CONTENT = "# AgenShield restricted .zshenv\n# R
|
|
|
30
30
|
* ZDOTDIR .zshrc — interactive shell restrictions.
|
|
31
31
|
* Applies RESTRICTED mode, locks variables, disables builtins, installs hooks.
|
|
32
32
|
*/
|
|
33
|
-
export declare const ZDOT_ZSHRC_CONTENT = "# AgenShield restricted .zshrc\n# Applied to every interactive shell for the agent user.\n\nemulate -LR zsh\n\n# ---- Shell options ----\n# Note: NOT using setopt RESTRICTED as it disables cd entirely.\n# Instead we use preexec hooks and builtin disable for enforcement.\nsetopt NO_CASE_GLOB\nsetopt NO_BEEP\n\n# ---- Lock critical variables (readonly) ----\ntypeset -r PATH HOME SHELL\n\n# ---- Enforcement helpers ----\ndeny() {\n print -r -- \"Denied by policy\"\n return 126\n}\n\nis_allowed_cmd() {\n local cmd=\"$1\"\n\n # Allow shell builtins we explicitly permit\n case \"$cmd\" in\n cd|pwd|echo|printf|test|true|false|exit|return|break|continue|shift|set|unset|export|typeset|local|declare|readonly|let|read|print|pushd|popd|dirs|jobs|fg|bg|kill|wait|times|ulimit|umask|history|fc|type|whence|which|where|rehash)\n return 0\n ;;\n esac\n\n # Deny path execution outright\n [[ \"$cmd\" == */* ]] && return 1\n\n # Resolve command path\n local resolved\n resolved=\"$(whence -p -- \"$cmd\" 2>/dev/null)\" || return 1\n\n # Must live under HOME/bin exactly\n [[ \"$resolved\" == \"$HOME/bin/\"* ]] && return 0\n return 1\n}\n\n# ---- Block dangerous builtins ----\ndisable -r builtin command exec eval hash nohup setopt source unfunction functions alias unalias 2>/dev/null || true\n\n# ---- Intercept every interactive command before execution ----\npreexec() {\n local line=\"$1\"\n local cmd=\"${line%%[[:space:]]*}\"\n\n # Empty / whitespace lines\n [[ -z \"$cmd\" ]] && return 0\n\n # Deny anything with slash in the command token (direct path execution)\n [[ \"$cmd\" == */* ]] && { print -r -- \"Denied: direct path execution\"; kill -KILL $$; }\n\n # Deny anything not allowed\n if ! is_allowed_cmd \"$cmd\"; then\n print -r -- \"Denied: $cmd (not in $HOME/bin)\"\n kill -KILL $$\n fi\n}\n\n# ---- Also intercept non-interactive \\`zsh -c\\` cases ----\nTRAPDEBUG() {\n local line=\"${ZSH_DEBUG_CMD:-$1}\"\n local cmd=\"${line%%[[:space:]]*}\"\n [[ -z \"$cmd\" ]] && return 0\n\n [[ \"$cmd\" == */* ]] && { print -r -- \"Denied: direct path execution\"; return 126; }\n is_allowed_cmd \"$cmd\" || { print -r -- \"Denied: $cmd\"; return 126; }\n return 0\n}\n\n# ---- Ensure accessible working directory ----\ncd \"$HOME\" 2>/dev/null || cd /\n";
|
|
33
|
+
export declare const ZDOT_ZSHRC_CONTENT = "# AgenShield restricted .zshrc\n# Applied to every interactive shell for the agent user.\n\nemulate -LR zsh\n\n# ---- Shell options ----\n# Note: NOT using setopt RESTRICTED as it disables cd entirely.\n# Instead we use preexec hooks and builtin disable for enforcement.\nsetopt NO_CASE_GLOB\nsetopt NO_BEEP\n\n# ---- Lock critical variables (readonly) ----\ntypeset -r PATH HOME SHELL\n\n# ---- Enforcement helpers ----\ndeny() {\n print -r -- \"Denied by policy\"\n return 126\n}\n\nis_allowed_cmd() {\n local cmd=\"$1\"\n\n # Allow zsh reserved words (if, for, while, [[, case, etc.)\n [[ \"$(whence -w \"$cmd\" 2>/dev/null)\" == *\": reserved\" ]] && return 0\n\n # Allow shell builtins we explicitly permit\n case \"$cmd\" in\n cd|pwd|echo|printf|test|true|false|exit|return|break|continue|shift|set|unset|export|typeset|local|declare|readonly|let|read|print|pushd|popd|dirs|jobs|fg|bg|kill|wait|times|ulimit|umask|history|fc|type|whence|which|where|rehash)\n return 0\n ;;\n esac\n\n # Deny path execution outright\n [[ \"$cmd\" == */* ]] && return 1\n\n # Resolve command path\n local resolved\n resolved=\"$(whence -p -- \"$cmd\" 2>/dev/null)\" || return 1\n\n # Must live under HOME/bin exactly\n [[ \"$resolved\" == \"$HOME/bin/\"* ]] && return 0\n return 1\n}\n\n# ---- Block dangerous builtins ----\ndisable -r builtin command exec eval hash nohup setopt source unfunction functions alias unalias 2>/dev/null || true\n\n# ---- Intercept every interactive command before execution ----\npreexec() {\n local line=\"$1\"\n local cmd=\"${line%%[[:space:]]*}\"\n\n # Empty / whitespace lines\n [[ -z \"$cmd\" ]] && return 0\n\n # Deny anything with slash in the command token (direct path execution)\n [[ \"$cmd\" == */* ]] && { print -r -- \"Denied: direct path execution\"; kill -KILL $$; }\n\n # Deny anything not allowed\n if ! is_allowed_cmd \"$cmd\"; then\n print -r -- \"Denied: $cmd (not in $HOME/bin)\"\n kill -KILL $$\n fi\n}\n\n# ---- Also intercept non-interactive \\`zsh -c\\` cases ----\nTRAPDEBUG() {\n local line=\"${ZSH_DEBUG_CMD:-$1}\"\n local cmd=\"${line%%[[:space:]]*}\"\n [[ -z \"$cmd\" ]] && return 0\n\n # Skip zsh reserved words ([[, if, for, while, case, etc.) \u2014 they are shell syntax, not external commands\n [[ \"$(whence -w \"$cmd\" 2>/dev/null)\" == *\": reserved\" ]] && return 0\n\n [[ \"$cmd\" == */* ]] && { print -r -- \"Denied: direct path execution\"; return 126; }\n is_allowed_cmd \"$cmd\" || { print -r -- \"Denied: $cmd\"; return 126; }\n return 0\n}\n\n# ---- Ensure accessible working directory ----\ncd \"$HOME\" 2>/dev/null || cd /\n";
|
|
34
34
|
//# sourceMappingURL=guarded-shell.d.ts.map
|
package/guarded-shell.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"guarded-shell.d.ts","sourceRoot":"","sources":["../src/guarded-shell.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,eAAO,MAAM,kBAAkB,iCAAiC,CAAC;AACjE,eAAO,MAAM,QAAQ,yBAAyB,CAAC;AAE/C;;;GAGG;AACH,eAAO,MAAM,qBAAqB,mjBAgBjC,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,mBAAmB,ulBAiB/B,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,kBAAkB,
|
|
1
|
+
{"version":3,"file":"guarded-shell.d.ts","sourceRoot":"","sources":["../src/guarded-shell.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,eAAO,MAAM,kBAAkB,iCAAiC,CAAC;AACjE,eAAO,MAAM,QAAQ,yBAAyB,CAAC;AAE/C;;;GAGG;AACH,eAAO,MAAM,qBAAqB,mjBAgBjC,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,mBAAmB,ulBAiB/B,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,kBAAkB,ulFAkF9B,CAAC"}
|
package/index.d.ts
CHANGED
|
@@ -11,7 +11,7 @@ export type { SandboxUser, SandboxConfig, CreateUserResult, DirectoryStructure a
|
|
|
11
11
|
export * from './guarded-shell';
|
|
12
12
|
export { createGuardedShell, createSandboxUser, deleteSandboxUser, } from './macos';
|
|
13
13
|
export { createUserConfig, createGroups, createGroup, createUser, createAgentUser, createBrokerUser, createUsers, createAllUsersAndGroups, deleteGroup, deleteUser, deleteGroups, deleteUsers, deleteAllUsersAndGroups, groupExists, userExists, getUserInfo, getGroupInfo, verifyUsersAndGroups, DEFAULT_BASE_UID, DEFAULT_BASE_GID, DEFAULT_BASE_NAME, ASH_PREFIX, type CreateResult, } from './users';
|
|
14
|
-
export { createDirectoryStructure, createPathsConfig, createDirectory, createSystemDirectories, createAgentDirectories, createAllDirectories, verifyDirectories, setupSocketDirectory, getDirectoryInfo, removeAllDirectories, type DirectoryDefinition, type DirectoryStructure, type DirectoryResult, } from './directories';
|
|
14
|
+
export { createDirectoryStructure, createPathsConfig, createDirectory, createSystemDirectories, createAgentDirectories, createAllDirectories, verifyDirectories, seedConfigFiles, setupSocketDirectory, getDirectoryInfo, removeAllDirectories, type DirectoryDefinition, type DirectoryStructure, type DirectoryResult, } from './directories';
|
|
15
15
|
export * from './migration';
|
|
16
16
|
export * from './security';
|
|
17
17
|
export * from './detect';
|
package/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,gBAAgB,EAAE,kBAAkB,IAAI,yBAAyB,EAAE,MAAM,SAAS,CAAC;AAG7H,cAAc,iBAAiB,CAAC;AAGhC,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,gBAAgB,EAChB,YAAY,EACZ,WAAW,EACX,UAAU,EACV,eAAe,EACf,gBAAgB,EAChB,WAAW,EACX,uBAAuB,EACvB,WAAW,EACX,UAAU,EACV,YAAY,EACZ,WAAW,EACX,uBAAuB,EACvB,WAAW,EACX,UAAU,EACV,WAAW,EACX,YAAY,EACZ,oBAAoB,EACpB,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,KAAK,YAAY,GAClB,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,wBAAwB,EACxB,iBAAiB,EACjB,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,oBAAoB,EACpB,iBAAiB,EACjB,oBAAoB,EACpB,gBAAgB,EAChB,oBAAoB,EACpB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EACvB,KAAK,eAAe,GACrB,MAAM,eAAe,CAAC;AAGvB,cAAc,aAAa,CAAC;AAG5B,cAAc,YAAY,CAAC;AAG3B,cAAc,UAAU,CAAC;AAGzB,cAAc,UAAU,CAAC;AACzB,cAAc,WAAW,CAAC;AAG1B,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,GACjB,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,QAAQ,EACR,mBAAmB,EACnB,cAAc,EACd,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,gBAAgB,EAChB,iBAAiB,EACjB,cAAc,EACd,mBAAmB,EACnB,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,gBAAgB,EAChB,qBAAqB,EACrB,oBAAoB,EACpB,qBAAqB,EACrB,KAAK,mBAAmB,EAExB,oBAAoB,EACpB,oBAAoB,EACpB,sBAAsB,EACtB,uBAAuB,EACvB,mBAAmB,EACnB,sBAAsB,EACtB,iBAAiB,EACjB,oBAAoB,EACpB,aAAa,EACb,KAAK,aAAa,EAClB,KAAK,iBAAiB,EACtB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,oBAAoB,EACpB,wBAAwB,EACxB,eAAe,EACf,uBAAuB,EACvB,aAAa,EACb,oBAAoB,EACpB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,mBAAmB,EACnB,yBAAyB,EACzB,mBAAmB,EACnB,gBAAgB,EAChB,kBAAkB,EAClB,qBAAqB,EACrB,eAAe,EACf,eAAe,EACf,aAAa,EACb,oBAAoB,EACpB,KAAK,YAAY,GAClB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAEL,SAAS,EACT,WAAW,EACX,yBAAyB,EACzB,gBAAgB,EAChB,gBAAgB,EAEhB,cAAc,EACd,gBAAgB,EAChB,YAAY,EACZ,OAAO,EAEP,KAAK,YAAY,EACjB,KAAK,qBAAqB,EAC1B,KAAK,gBAAgB,EACrB,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,GAC3B,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,aAAa,EACb,YAAY,EACZ,UAAU,EACV,YAAY,EACZ,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,oBAAoB,EACpB,uBAAuB,EACvB,YAAY,EACZ,kBAAkB,EAClB,KAAK,oBAAoB,GAC1B,MAAM,kBAAkB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,gBAAgB,EAAE,kBAAkB,IAAI,yBAAyB,EAAE,MAAM,SAAS,CAAC;AAG7H,cAAc,iBAAiB,CAAC;AAGhC,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,gBAAgB,EAChB,YAAY,EACZ,WAAW,EACX,UAAU,EACV,eAAe,EACf,gBAAgB,EAChB,WAAW,EACX,uBAAuB,EACvB,WAAW,EACX,UAAU,EACV,YAAY,EACZ,WAAW,EACX,uBAAuB,EACvB,WAAW,EACX,UAAU,EACV,WAAW,EACX,YAAY,EACZ,oBAAoB,EACpB,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,KAAK,YAAY,GAClB,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,wBAAwB,EACxB,iBAAiB,EACjB,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,oBAAoB,EACpB,iBAAiB,EACjB,eAAe,EACf,oBAAoB,EACpB,gBAAgB,EAChB,oBAAoB,EACpB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EACvB,KAAK,eAAe,GACrB,MAAM,eAAe,CAAC;AAGvB,cAAc,aAAa,CAAC;AAG5B,cAAc,YAAY,CAAC;AAG3B,cAAc,UAAU,CAAC;AAGzB,cAAc,UAAU,CAAC;AACzB,cAAc,WAAW,CAAC;AAG1B,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,GACjB,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,QAAQ,EACR,mBAAmB,EACnB,cAAc,EACd,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,gBAAgB,EAChB,iBAAiB,EACjB,cAAc,EACd,mBAAmB,EACnB,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,gBAAgB,EAChB,qBAAqB,EACrB,oBAAoB,EACpB,qBAAqB,EACrB,KAAK,mBAAmB,EAExB,oBAAoB,EACpB,oBAAoB,EACpB,sBAAsB,EACtB,uBAAuB,EACvB,mBAAmB,EACnB,sBAAsB,EACtB,iBAAiB,EACjB,oBAAoB,EACpB,aAAa,EACb,KAAK,aAAa,EAClB,KAAK,iBAAiB,EACtB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,oBAAoB,EACpB,wBAAwB,EACxB,eAAe,EACf,uBAAuB,EACvB,aAAa,EACb,oBAAoB,EACpB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,mBAAmB,EACnB,yBAAyB,EACzB,mBAAmB,EACnB,gBAAgB,EAChB,kBAAkB,EAClB,qBAAqB,EACrB,eAAe,EACf,eAAe,EACf,aAAa,EACb,oBAAoB,EACpB,KAAK,YAAY,GAClB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAEL,SAAS,EACT,WAAW,EACX,yBAAyB,EACzB,gBAAgB,EAChB,gBAAgB,EAEhB,cAAc,EACd,gBAAgB,EAChB,YAAY,EACZ,OAAO,EAEP,KAAK,YAAY,EACjB,KAAK,qBAAqB,EAC1B,KAAK,gBAAgB,EACrB,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,GAC3B,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,aAAa,EACb,YAAY,EACZ,UAAU,EACV,YAAY,EACZ,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,oBAAoB,EACpB,uBAAuB,EACvB,YAAY,EACZ,kBAAkB,EAClB,KAAK,oBAAoB,GAC1B,MAAM,kBAAkB,CAAC"}
|
package/index.js
CHANGED
|
@@ -81,6 +81,9 @@ deny() {
|
|
|
81
81
|
is_allowed_cmd() {
|
|
82
82
|
local cmd="$1"
|
|
83
83
|
|
|
84
|
+
# Allow zsh reserved words (if, for, while, [[, case, etc.)
|
|
85
|
+
[[ "$(whence -w "$cmd" 2>/dev/null)" == *": reserved" ]] && return 0
|
|
86
|
+
|
|
84
87
|
# Allow shell builtins we explicitly permit
|
|
85
88
|
case "$cmd" in
|
|
86
89
|
cd|pwd|echo|printf|test|true|false|exit|return|break|continue|shift|set|unset|export|typeset|local|declare|readonly|let|read|print|pushd|popd|dirs|jobs|fg|bg|kill|wait|times|ulimit|umask|history|fc|type|whence|which|where|rehash)
|
|
@@ -127,6 +130,9 @@ TRAPDEBUG() {
|
|
|
127
130
|
local cmd="\${line%%[[:space:]]*}"
|
|
128
131
|
[[ -z "$cmd" ]] && return 0
|
|
129
132
|
|
|
133
|
+
# Skip zsh reserved words ([[, if, for, while, case, etc.) \u2014 they are shell syntax, not external commands
|
|
134
|
+
[[ "$(whence -w "$cmd" 2>/dev/null)" == *": reserved" ]] && return 0
|
|
135
|
+
|
|
130
136
|
[[ "$cmd" == */* ]] && { print -r -- "Denied: direct path execution"; return 126; }
|
|
131
137
|
is_allowed_cmd "$cmd" || { print -r -- "Denied: $cmd"; return 126; }
|
|
132
138
|
return 0
|
|
@@ -148,7 +154,7 @@ __export(shield_exec_exports, {
|
|
|
148
154
|
import * as path4 from "node:path";
|
|
149
155
|
import * as net from "node:net";
|
|
150
156
|
function sendRequest(socketPath, request) {
|
|
151
|
-
return new Promise((
|
|
157
|
+
return new Promise((resolve6, reject) => {
|
|
152
158
|
const socket = net.createConnection(socketPath, () => {
|
|
153
159
|
socket.write(JSON.stringify(request) + "\n");
|
|
154
160
|
});
|
|
@@ -160,7 +166,7 @@ function sendRequest(socketPath, request) {
|
|
|
160
166
|
try {
|
|
161
167
|
const response = JSON.parse(data.slice(0, newlineIdx));
|
|
162
168
|
socket.end();
|
|
163
|
-
|
|
169
|
+
resolve6(response);
|
|
164
170
|
} catch (err) {
|
|
165
171
|
socket.end();
|
|
166
172
|
reject(new Error(`Invalid JSON response: ${err.message}`));
|
|
@@ -173,7 +179,7 @@ function sendRequest(socketPath, request) {
|
|
|
173
179
|
socket.on("end", () => {
|
|
174
180
|
if (data.trim()) {
|
|
175
181
|
try {
|
|
176
|
-
|
|
182
|
+
resolve6(JSON.parse(data.trim()));
|
|
177
183
|
} catch {
|
|
178
184
|
reject(new Error("Connection closed before response"));
|
|
179
185
|
}
|
|
@@ -838,7 +844,7 @@ function createSandboxUser(config = {}) {
|
|
|
838
844
|
result = sudoExec(`mkdir -p ${cfg.homeDir}`);
|
|
839
845
|
if (!result.success)
|
|
840
846
|
return { success: false, error: `Failed to create home dir: ${result.error}` };
|
|
841
|
-
result = sudoExec(`chown -R ${cfg.username}:${
|
|
847
|
+
result = sudoExec(`chown -R ${cfg.username}:${gid} ${cfg.homeDir}`);
|
|
842
848
|
if (!result.success)
|
|
843
849
|
return { success: false, error: `Failed to set ownership: ${result.error}` };
|
|
844
850
|
result = sudoExec(`dscl . -create /Users/${cfg.username} IsHidden 1`);
|
|
@@ -1270,7 +1276,8 @@ function createDirectoryStructure(config) {
|
|
|
1270
1276
|
group: socketGroupName
|
|
1271
1277
|
},
|
|
1272
1278
|
[`${agentHome}/bin`]: {
|
|
1273
|
-
mode:
|
|
1279
|
+
mode: 1533,
|
|
1280
|
+
// setgid + group-writable
|
|
1274
1281
|
owner: brokerUsername,
|
|
1275
1282
|
// broker owns bin, can create skill wrappers
|
|
1276
1283
|
group: socketGroupName
|
|
@@ -1350,6 +1357,29 @@ async function createSystemDirectories(config, options) {
|
|
|
1350
1357
|
}
|
|
1351
1358
|
return results;
|
|
1352
1359
|
}
|
|
1360
|
+
async function seedConfigFiles(config, options) {
|
|
1361
|
+
const cfg = config || createUserConfig();
|
|
1362
|
+
const agentHome = cfg.agentUser.home;
|
|
1363
|
+
const brokerUsername = cfg.brokerUser.username;
|
|
1364
|
+
const socketGroupName = cfg.groups.socket.name;
|
|
1365
|
+
const log = (msg) => options?.verbose && process.stderr.write(`[SETUP] ${msg}
|
|
1366
|
+
`);
|
|
1367
|
+
const filePath = `${agentHome}/.openclaw/openclaw.json`;
|
|
1368
|
+
try {
|
|
1369
|
+
log(`Seeding ${filePath}`);
|
|
1370
|
+
await execAsync2(`sudo tee "${filePath}" > /dev/null <<< '{}'`);
|
|
1371
|
+
await execAsync2(`sudo chown ${brokerUsername}:${socketGroupName} "${filePath}"`);
|
|
1372
|
+
await execAsync2(`sudo chmod 664 "${filePath}"`);
|
|
1373
|
+
return [{ success: true, path: filePath, message: `Seeded ${filePath}` }];
|
|
1374
|
+
} catch (error) {
|
|
1375
|
+
return [{
|
|
1376
|
+
success: false,
|
|
1377
|
+
path: filePath,
|
|
1378
|
+
message: `Failed to seed ${filePath}: ${error.message}`,
|
|
1379
|
+
error
|
|
1380
|
+
}];
|
|
1381
|
+
}
|
|
1382
|
+
}
|
|
1353
1383
|
async function createAgentDirectories(config, options) {
|
|
1354
1384
|
const structure = createDirectoryStructure(config);
|
|
1355
1385
|
const results = [];
|
|
@@ -1357,6 +1387,8 @@ async function createAgentDirectories(config, options) {
|
|
|
1357
1387
|
const result = await createDirectory(dirPath, dirOptions, options);
|
|
1358
1388
|
results.push(result);
|
|
1359
1389
|
}
|
|
1390
|
+
const seedResults = await seedConfigFiles(config, options);
|
|
1391
|
+
results.push(...seedResults);
|
|
1360
1392
|
return results;
|
|
1361
1393
|
}
|
|
1362
1394
|
async function createAllDirectories(config, options) {
|
|
@@ -1508,20 +1540,15 @@ function sudoCopyDir(src, dest) {
|
|
|
1508
1540
|
}
|
|
1509
1541
|
function createOpenClawWrapper(user, dirs, method) {
|
|
1510
1542
|
const wrapperPath = path.join(dirs.binDir, "openclaw");
|
|
1511
|
-
let
|
|
1512
|
-
|
|
1513
|
-
const
|
|
1514
|
-
|
|
1515
|
-
|
|
1516
|
-
|
|
1517
|
-
|
|
1518
|
-
|
|
1519
|
-
|
|
1520
|
-
exec "\${AGENT_BIN}/node" "${entryPath}" "$@"
|
|
1521
|
-
`;
|
|
1522
|
-
} else {
|
|
1523
|
-
const entryPath = path.join(dirs.packageDir, "dist", "entry.js");
|
|
1524
|
-
wrapperContent = `#!/usr/bin/env bash
|
|
1543
|
+
let entryPath = path.join(dirs.packageDir, "dist", "entry.js");
|
|
1544
|
+
try {
|
|
1545
|
+
const pkgJsonPath = path.join(dirs.packageDir, "package.json");
|
|
1546
|
+
const pkg = JSON.parse(fs3.readFileSync(pkgJsonPath, "utf-8"));
|
|
1547
|
+
const binEntry = typeof pkg.bin === "string" ? pkg.bin : pkg.bin?.["openclaw"] || "./dist/entry.js";
|
|
1548
|
+
entryPath = path.resolve(dirs.packageDir, binEntry);
|
|
1549
|
+
} catch {
|
|
1550
|
+
}
|
|
1551
|
+
const wrapperContent = `#!/usr/bin/env bash
|
|
1525
1552
|
set -euo pipefail
|
|
1526
1553
|
# Avoid getcwd errors when cwd is inaccessible
|
|
1527
1554
|
cd ~ 2>/dev/null || cd /
|
|
@@ -1529,7 +1556,6 @@ cd ~ 2>/dev/null || cd /
|
|
|
1529
1556
|
AGENT_BIN="$(cd "$(dirname "$0")" && pwd)"
|
|
1530
1557
|
exec "\${AGENT_BIN}/node" "${entryPath}" "$@"
|
|
1531
1558
|
`;
|
|
1532
|
-
}
|
|
1533
1559
|
const tempPath = "/tmp/openclaw-wrapper";
|
|
1534
1560
|
try {
|
|
1535
1561
|
fs3.writeFileSync(tempPath, wrapperContent, { mode: 493 });
|
|
@@ -1540,7 +1566,7 @@ exec "\${AGENT_BIN}/node" "${entryPath}" "$@"
|
|
|
1540
1566
|
if (!result.success) {
|
|
1541
1567
|
return { success: false, error: `Failed to install wrapper: ${result.error}` };
|
|
1542
1568
|
}
|
|
1543
|
-
result = sudoExec2(`chown ${user.username}:${user.
|
|
1569
|
+
result = sudoExec2(`chown ${user.username}:${user.gid} "${wrapperPath}"`);
|
|
1544
1570
|
if (!result.success) {
|
|
1545
1571
|
return { success: false, error: `Failed to set wrapper ownership: ${result.error}` };
|
|
1546
1572
|
}
|
|
@@ -1566,12 +1592,12 @@ function migrateNpmInstall(source, user, dirs) {
|
|
|
1566
1592
|
sudoExec2(`rm -rf "${dirs.configDir}/skills" 2>/dev/null`);
|
|
1567
1593
|
injectSkillWatcherSetting(dirs.configDir);
|
|
1568
1594
|
}
|
|
1569
|
-
result = sudoExec2(`chown -R ${user.username}:${user.
|
|
1595
|
+
result = sudoExec2(`chown -R ${user.username}:${user.gid} "${dirs.packageDir}"`);
|
|
1570
1596
|
if (!result.success) {
|
|
1571
1597
|
return { success: false, error: `Failed to set package ownership: ${result.error}` };
|
|
1572
1598
|
}
|
|
1573
1599
|
if (fs3.existsSync(dirs.configDir)) {
|
|
1574
|
-
result = sudoExec2(`chown -R ${user.username}:${user.
|
|
1600
|
+
result = sudoExec2(`chown -R ${user.username}:${user.gid} "${dirs.configDir}"`);
|
|
1575
1601
|
if (!result.success) {
|
|
1576
1602
|
return { success: false, error: `Failed to set config ownership: ${result.error}` };
|
|
1577
1603
|
}
|
|
@@ -1606,12 +1632,12 @@ function migrateGitInstall(source, user, dirs) {
|
|
|
1606
1632
|
sudoExec2(`rm -rf "${dirs.configDir}/skills" 2>/dev/null`);
|
|
1607
1633
|
injectSkillWatcherSetting(dirs.configDir);
|
|
1608
1634
|
}
|
|
1609
|
-
result = sudoExec2(`chown -R ${user.username}:${user.
|
|
1635
|
+
result = sudoExec2(`chown -R ${user.username}:${user.gid} "${dirs.packageDir}"`);
|
|
1610
1636
|
if (!result.success) {
|
|
1611
1637
|
return { success: false, error: `Failed to set package ownership: ${result.error}` };
|
|
1612
1638
|
}
|
|
1613
1639
|
if (fs3.existsSync(dirs.configDir)) {
|
|
1614
|
-
result = sudoExec2(`chown -R ${user.username}:${user.
|
|
1640
|
+
result = sudoExec2(`chown -R ${user.username}:${user.gid} "${dirs.configDir}"`);
|
|
1615
1641
|
if (!result.success) {
|
|
1616
1642
|
return { success: false, error: `Failed to set config ownership: ${result.error}` };
|
|
1617
1643
|
}
|
|
@@ -1673,7 +1699,7 @@ exec "${nodePath}" "$@"
|
|
|
1673
1699
|
if (!result.success) {
|
|
1674
1700
|
return { success: false, error: `Failed to install node wrapper: ${result.error}` };
|
|
1675
1701
|
}
|
|
1676
|
-
result = sudoExec2(`chown ${user.username}:${user.
|
|
1702
|
+
result = sudoExec2(`chown ${user.username}:${user.gid} "${wrapperPath}"`);
|
|
1677
1703
|
if (!result.success) {
|
|
1678
1704
|
return { success: false, error: `Failed to set node wrapper ownership: ${result.error}` };
|
|
1679
1705
|
}
|
|
@@ -4426,7 +4452,8 @@ PY3EOF`);
|
|
|
4426
4452
|
await execAsync4(`sudo chmod 755 "${python3Path}"`);
|
|
4427
4453
|
installed.push("python3");
|
|
4428
4454
|
await execAsync4(`sudo chown -R root:${socketGroupName} "${binDir}"`);
|
|
4429
|
-
await execAsync4(`sudo
|
|
4455
|
+
await execAsync4(`sudo chown ${userConfig.brokerUser.username}:${socketGroupName} "${binDir}"`);
|
|
4456
|
+
await execAsync4(`sudo chmod 2775 "${binDir}"`);
|
|
4430
4457
|
return { success: true, installed };
|
|
4431
4458
|
} catch (err) {
|
|
4432
4459
|
return {
|
|
@@ -4536,7 +4563,9 @@ async function copyBrokerBinary(userConfig) {
|
|
|
4536
4563
|
try {
|
|
4537
4564
|
const brokerPkgPath = require2.resolve("@agenshield/broker/package.json");
|
|
4538
4565
|
const brokerDir = path6.dirname(brokerPkgPath);
|
|
4539
|
-
const
|
|
4566
|
+
const brokerPkg = JSON.parse(await fs9.readFile(brokerPkgPath, "utf-8"));
|
|
4567
|
+
const binEntry = typeof brokerPkg.bin === "string" ? brokerPkg.bin : brokerPkg.bin?.["agenshield-broker"] || "./dist/main.js";
|
|
4568
|
+
const srcPath = path6.resolve(brokerDir, binEntry);
|
|
4540
4569
|
await fs9.access(srcPath);
|
|
4541
4570
|
await execAsync4("sudo mkdir -p /opt/agenshield/bin");
|
|
4542
4571
|
await execAsync4(`sudo cp "${srcPath}" "${targetPath}"`);
|
|
@@ -4715,10 +4744,11 @@ async function installPresetBinaries(options) {
|
|
|
4715
4744
|
}
|
|
4716
4745
|
installedWrappers.push(...basicResult.installed);
|
|
4717
4746
|
try {
|
|
4718
|
-
log(`Locking down bin directory: root:${socketGroupName} ownership`);
|
|
4747
|
+
log(`Locking down bin directory: root:${socketGroupName} file ownership`);
|
|
4719
4748
|
await execAsync4(`sudo chown -R root:${socketGroupName} "${binDir}"`);
|
|
4720
|
-
await execAsync4(`sudo chmod 755 "${binDir}"`);
|
|
4721
4749
|
await execAsync4(`sudo chmod -R 755 "${binDir}"`);
|
|
4750
|
+
await execAsync4(`sudo chown ${userConfig.brokerUser.username}:${socketGroupName} "${binDir}"`);
|
|
4751
|
+
await execAsync4(`sudo chmod 2775 "${binDir}"`);
|
|
4722
4752
|
} catch (err) {
|
|
4723
4753
|
errors.push(`Lockdown: ${err.message}`);
|
|
4724
4754
|
}
|
|
@@ -5018,7 +5048,7 @@ async function fixSocketPermissions(config) {
|
|
|
5018
5048
|
await fs10.access(socketPath);
|
|
5019
5049
|
break;
|
|
5020
5050
|
} catch {
|
|
5021
|
-
await new Promise((
|
|
5051
|
+
await new Promise((resolve6) => setTimeout(resolve6, 500));
|
|
5022
5052
|
attempts++;
|
|
5023
5053
|
}
|
|
5024
5054
|
}
|
|
@@ -6147,6 +6177,7 @@ export {
|
|
|
6147
6177
|
scanBinaries,
|
|
6148
6178
|
scanDiscovery,
|
|
6149
6179
|
scanSkills,
|
|
6180
|
+
seedConfigFiles,
|
|
6150
6181
|
setupSocketDirectory,
|
|
6151
6182
|
uninstallLaunchDaemon,
|
|
6152
6183
|
uninstallWrapper,
|
package/migration.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"migration.d.ts","sourceRoot":"","sources":["../src/migration.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAE/D,MAAM,WAAW,eAAe;IAC9B,sCAAsC;IACtC,MAAM,EAAE,KAAK,GAAG,KAAK,CAAC;IACtB,oCAAoC;IACpC,WAAW,EAAE,MAAM,CAAC;IACpB,yBAAyB;IACzB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mCAAmC;IACnC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,8CAA8C;IAC9C,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gCAAgC;IAChC,QAAQ,CAAC,EAAE;QACT,WAAW,EAAE,MAAM,CAAC;QACpB,UAAU,EAAE,MAAM,CAAC;QACnB,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;CACH;
|
|
1
|
+
{"version":3,"file":"migration.d.ts","sourceRoot":"","sources":["../src/migration.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAE/D,MAAM,WAAW,eAAe;IAC9B,sCAAsC;IACtC,MAAM,EAAE,KAAK,GAAG,KAAK,CAAC;IACtB,oCAAoC;IACpC,WAAW,EAAE,MAAM,CAAC;IACpB,yBAAyB;IACzB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mCAAmC;IACnC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,8CAA8C;IAC9C,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gCAAgC;IAChC,QAAQ,CAAC,EAAE;QACT,WAAW,EAAE,MAAM,CAAC;QACpB,UAAU,EAAE,MAAM,CAAC;QACnB,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;CACH;AAmFD;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE,eAAe,EACvB,IAAI,EAAE,WAAW,EACjB,IAAI,EAAE,kBAAkB,GACvB,eAAe,CAqDjB;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE,eAAe,EACvB,IAAI,EAAE,WAAW,EACjB,IAAI,EAAE,kBAAkB,GACvB,eAAe,CAuDjB;AAED;;GAEG;AACH,wBAAgB,eAAe,CAC7B,MAAM,EAAE,eAAe,EACvB,IAAI,EAAE,WAAW,EACjB,IAAI,EAAE,kBAAkB,GACvB,eAAe,CAMjB;AAyBD;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,kBAAkB,GAAG;IAC9E,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAiCA"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@agenshield/sandbox",
|
|
3
|
-
"version": "0.4.
|
|
3
|
+
"version": "0.4.2",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"description": "User isolation and sandboxing utilities for AgenShield",
|
|
6
6
|
"main": "./index.js",
|
|
@@ -15,7 +15,7 @@
|
|
|
15
15
|
},
|
|
16
16
|
"license": "MIT",
|
|
17
17
|
"dependencies": {
|
|
18
|
-
"@agenshield/skills": "0.4.
|
|
18
|
+
"@agenshield/skills": "0.4.2",
|
|
19
19
|
"yaml": "^2.7.1"
|
|
20
20
|
},
|
|
21
21
|
"devDependencies": {
|
package/wrappers.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"wrappers.d.ts","sourceRoot":"","sources":["../src/wrappers.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAQH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAOlD;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,qDAAqD;IACrD,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,oDAAoD;IACpD,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,qCAAqC;IACrC,QAAQ,EAAE,CAAC,MAAM,EAAE,aAAa,KAAK,MAAM,CAAC;CAC7C;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,2BAA2B;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,qBAAqB;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,kBAAkB;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,yBAAyB;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,iCAAiC;IACjC,eAAe,EAAE,MAAM,CAAC;IACxB,mEAAmE;IACnE,eAAe,EAAE,MAAM,CAAC;IACxB,gCAAgC;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,gCAAgC;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,iCAAiC;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,8BAA8B;IAC9B,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,UAAU,CAAC,EAAE,UAAU,GAAG,aAAa,CAe9E;AAED;;GAEG;AACH,eAAO,MAAM,mBAAmB,EAAE,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAgWjE,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,QAAQ,EAQhB,MAAM,CAAC,MAAM,EAAE;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC;AAE9D,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,KAAK,CAAC;CACf;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,IAAI,EAAE,MAAM,EACZ,MAAM,CAAC,EAAE,aAAa,GACrB,MAAM,GAAG,IAAI,CAMf;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,aAAa,CAAC,CAsBxB;AAED;;GAEG;AACH,wBAAsB,sBAAsB,CAC1C,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,KAAK,CAAC,EAAE,MAAM,EACd,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,aAAa,CAAC,CA6BxB;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,SAAS,GAAE,MAAsC,EACjD,MAAM,CAAC,EAAE,aAAa,GACrB,OAAO,CAAC,aAAa,EAAE,CAAC,CA2B1B;AAED;;GAEG;AACH,wBAAsB,uBAAuB,CAC3C,KAAK,EAAE,MAAM,EAAE,EACf,SAAS,EAAE,MAAM,EACjB,MAAM,CAAC,EAAE,aAAa,GACrB,OAAO,CAAC,aAAa,EAAE,CAAC,CAsC1B;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,aAAa,CAAC,CA8BxB;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,SAAS,GAAE,MAAsC,GAChD,OAAO,CAAC,aAAa,EAAE,CAAC,CAS1B;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,SAAS,GAAE,MAAsC,GAChD,OAAO,CAAC;IACT,KAAK,EAAE,OAAO,CAAC;IACf,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB,CAAC,CAmBD;AAED;;;;;GAKG;AACH,wBAAsB,kBAAkB,CACtC,UAAU,EAAE,UAAU,EACtB,WAAW,EAAE;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,GACnD,OAAO,CAAC;IACT,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB,CAAC,CAkBD;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,UAAU,CAAC,EAAE,UAAU,EACvB,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,aAAa,CAAC,CAgExB;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,UAAU,EAAE,UAAU,EACtB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC;IACT,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB,CAAC,
|
|
1
|
+
{"version":3,"file":"wrappers.d.ts","sourceRoot":"","sources":["../src/wrappers.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAQH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAOlD;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,qDAAqD;IACrD,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,oDAAoD;IACpD,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,qCAAqC;IACrC,QAAQ,EAAE,CAAC,MAAM,EAAE,aAAa,KAAK,MAAM,CAAC;CAC7C;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,2BAA2B;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,qBAAqB;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,kBAAkB;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,yBAAyB;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,iCAAiC;IACjC,eAAe,EAAE,MAAM,CAAC;IACxB,mEAAmE;IACnE,eAAe,EAAE,MAAM,CAAC;IACxB,gCAAgC;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,gCAAgC;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,iCAAiC;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,8BAA8B;IAC9B,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,UAAU,CAAC,EAAE,UAAU,GAAG,aAAa,CAe9E;AAED;;GAEG;AACH,eAAO,MAAM,mBAAmB,EAAE,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAgWjE,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,QAAQ,EAQhB,MAAM,CAAC,MAAM,EAAE;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC;AAE9D,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,KAAK,CAAC;CACf;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,IAAI,EAAE,MAAM,EACZ,MAAM,CAAC,EAAE,aAAa,GACrB,MAAM,GAAG,IAAI,CAMf;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,aAAa,CAAC,CAsBxB;AAED;;GAEG;AACH,wBAAsB,sBAAsB,CAC1C,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,KAAK,CAAC,EAAE,MAAM,EACd,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,aAAa,CAAC,CA6BxB;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,SAAS,GAAE,MAAsC,EACjD,MAAM,CAAC,EAAE,aAAa,GACrB,OAAO,CAAC,aAAa,EAAE,CAAC,CA2B1B;AAED;;GAEG;AACH,wBAAsB,uBAAuB,CAC3C,KAAK,EAAE,MAAM,EAAE,EACf,SAAS,EAAE,MAAM,EACjB,MAAM,CAAC,EAAE,aAAa,GACrB,OAAO,CAAC,aAAa,EAAE,CAAC,CAsC1B;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,aAAa,CAAC,CA8BxB;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,SAAS,GAAE,MAAsC,GAChD,OAAO,CAAC,aAAa,EAAE,CAAC,CAS1B;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,SAAS,GAAE,MAAsC,GAChD,OAAO,CAAC;IACT,KAAK,EAAE,OAAO,CAAC;IACf,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB,CAAC,CAmBD;AAED;;;;;GAKG;AACH,wBAAsB,kBAAkB,CACtC,UAAU,EAAE,UAAU,EACtB,WAAW,EAAE;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,GACnD,OAAO,CAAC;IACT,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB,CAAC,CAkBD;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,UAAU,CAAC,EAAE,UAAU,EACvB,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,aAAa,CAAC,CAgExB;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,UAAU,EAAE,UAAU,EACtB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC;IACT,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB,CAAC,CA+FD;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,EAAE,CAE/C;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,iBAAiB,GAAG,IAAI,CAE3E;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAGzD;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAG5D;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,OAAO,GAAE,OAAe,EACxB,KAAK,CAAC,EAAE,MAAM,EACd,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,aAAa,CAAC,CAKxB;AAED;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,EACjB,OAAO,GAAE,OAAe,GACvB,OAAO,CAAC,aAAa,CAAC,CAkCxB;AAED;;GAEG;AACH,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,EACjB,MAAM,CAAC,EAAE,aAAa,EACtB,OAAO,GAAE,OAAe,GACvB,OAAO,CAAC,aAAa,CAAC,CAiBxB;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,UAAU,CAAC,EAAE,UAAU,GACtB,OAAO,CAAC,aAAa,CAAC,CAkCxB;AAED;;;GAGG;AACH,wBAAsB,gBAAgB,CACpC,UAAU,CAAC,EAAE,UAAU,GACtB,OAAO,CAAC,aAAa,CAAC,CA0CxB;AAED;;;GAGG;AACH,wBAAsB,cAAc,CAClC,UAAU,CAAC,EAAE,UAAU,GACtB,OAAO,CAAC,aAAa,CAAC,CA8BxB;AAED,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,iBAAiB,EAAE,OAAO,CAAC;CAC5B;AAED;;GAEG;AACH,eAAO,MAAM,qBAAqB,UAMjC,CAAC;AAEF;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE;IAAE,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,GAC9B,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,SAAS,EAAE,MAAM,EAAE,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CAAC,CA+BtE;AAED;;GAEG;AACH,wBAAsB,qBAAqB,CAAC,OAAO,EAAE;IACnD,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,UAAU,EAAE,UAAU,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,MAAM,CAAC;IACxB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAyF/B"}
|