@agenshield/sandbox 0.4.1 → 0.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/directories.d.ts +6 -0
- package/directories.d.ts.map +1 -1
- package/guarded-shell.d.ts +1 -1
- package/guarded-shell.d.ts.map +1 -1
- package/index.d.ts +1 -1
- package/index.d.ts.map +1 -1
- package/index.js +39 -7
- package/package.json +2 -2
package/directories.d.ts
CHANGED
|
@@ -61,6 +61,12 @@ export declare function createDirectory(dirPath: string, options: {
|
|
|
61
61
|
* @param options - Optional verbose options
|
|
62
62
|
*/
|
|
63
63
|
export declare function createSystemDirectories(config?: UserConfig, options?: VerboseOptions): Promise<DirectoryResult[]>;
|
|
64
|
+
/**
|
|
65
|
+
* Seed configuration files inside agent directories so the broker can
|
|
66
|
+
* read/write them at runtime without needing to create them (which would
|
|
67
|
+
* require root and result in wrong ownership).
|
|
68
|
+
*/
|
|
69
|
+
export declare function seedConfigFiles(config?: UserConfig, options?: VerboseOptions): Promise<DirectoryResult[]>;
|
|
64
70
|
/**
|
|
65
71
|
* Create all agent directories
|
|
66
72
|
*
|
package/directories.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"directories.d.ts","sourceRoot":"","sources":["../src/directories.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAK/D;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;IAC5C,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;CAC5C;AAED;;;;;GAKG;AACH,wBAAgB,wBAAwB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,kBAAkB,CA0HhF;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,WAAW,CAalE;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,KAAK,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE;IACP,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf,EACD,cAAc,CAAC,EAAE,cAAc,GAC9B,OAAO,CAAC,eAAe,CAAC,CA6B1B;AAED;;;;;GAKG;AACH,wBAAsB,uBAAuB,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CAUvH;AAED;;;;;GAKG;AACH,wBAAsB,sBAAsB,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,
|
|
1
|
+
{"version":3,"file":"directories.d.ts","sourceRoot":"","sources":["../src/directories.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAK/D;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;IAC5C,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;CAC5C;AAED;;;;;GAKG;AACH,wBAAgB,wBAAwB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,kBAAkB,CA0HhF;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,WAAW,CAalE;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,KAAK,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE;IACP,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf,EACD,cAAc,CAAC,EAAE,cAAc,GAC9B,OAAO,CAAC,eAAe,CAAC,CA6B1B;AAED;;;;;GAKG;AACH,wBAAsB,uBAAuB,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CAUvH;AAED;;;;GAIG;AACH,wBAAsB,eAAe,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CAsB/G;AAED;;;;;GAKG;AACH,wBAAsB,sBAAsB,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CActH;AAED;;;;;GAKG;AACH,wBAAsB,oBAAoB,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CAKpH;AAED;;;;GAIG;AACH,wBAAsB,iBAAiB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC;IACpE,KAAK,EAAE,OAAO,CAAC;IACf,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,SAAS,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACnD,CAAC,CA8DD;AAED;;;;GAIG;AACH,wBAAsB,oBAAoB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,eAAe,CAAC,CAyBxF;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC;IAC/D,MAAM,EAAE,OAAO,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,GAAG,IAAI,CAAC,CAcR;AAED;;;;;GAKG;AACH,wBAAsB,oBAAoB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CA2C1F"}
|
package/guarded-shell.d.ts
CHANGED
|
@@ -30,5 +30,5 @@ export declare const ZDOT_ZSHENV_CONTENT = "# AgenShield restricted .zshenv\n# R
|
|
|
30
30
|
* ZDOTDIR .zshrc — interactive shell restrictions.
|
|
31
31
|
* Applies RESTRICTED mode, locks variables, disables builtins, installs hooks.
|
|
32
32
|
*/
|
|
33
|
-
export declare const ZDOT_ZSHRC_CONTENT = "# AgenShield restricted .zshrc\n# Applied to every interactive shell for the agent user.\n\nemulate -LR zsh\n\n# ---- Shell options ----\n# Note: NOT using setopt RESTRICTED as it disables cd entirely.\n# Instead we use preexec hooks and builtin disable for enforcement.\nsetopt NO_CASE_GLOB\nsetopt NO_BEEP\n\n# ---- Lock critical variables (readonly) ----\ntypeset -r PATH HOME SHELL\n\n# ---- Enforcement helpers ----\ndeny() {\n print -r -- \"Denied by policy\"\n return 126\n}\n\nis_allowed_cmd() {\n local cmd=\"$1\"\n\n # Allow shell builtins we explicitly permit\n case \"$cmd\" in\n cd|pwd|echo|printf|test|true|false|exit|return|break|continue|shift|set|unset|export|typeset|local|declare|readonly|let|read|print|pushd|popd|dirs|jobs|fg|bg|kill|wait|times|ulimit|umask|history|fc|type|whence|which|where|rehash)\n return 0\n ;;\n esac\n\n # Deny path execution outright\n [[ \"$cmd\" == */* ]] && return 1\n\n # Resolve command path\n local resolved\n resolved=\"$(whence -p -- \"$cmd\" 2>/dev/null)\" || return 1\n\n # Must live under HOME/bin exactly\n [[ \"$resolved\" == \"$HOME/bin/\"* ]] && return 0\n return 1\n}\n\n# ---- Block dangerous builtins ----\ndisable -r builtin command exec eval hash nohup setopt source unfunction functions alias unalias 2>/dev/null || true\n\n# ---- Intercept every interactive command before execution ----\npreexec() {\n local line=\"$1\"\n local cmd=\"${line%%[[:space:]]*}\"\n\n # Empty / whitespace lines\n [[ -z \"$cmd\" ]] && return 0\n\n # Deny anything with slash in the command token (direct path execution)\n [[ \"$cmd\" == */* ]] && { print -r -- \"Denied: direct path execution\"; kill -KILL $$; }\n\n # Deny anything not allowed\n if ! is_allowed_cmd \"$cmd\"; then\n print -r -- \"Denied: $cmd (not in $HOME/bin)\"\n kill -KILL $$\n fi\n}\n\n# ---- Also intercept non-interactive \\`zsh -c\\` cases ----\nTRAPDEBUG() {\n local line=\"${ZSH_DEBUG_CMD:-$1}\"\n local cmd=\"${line%%[[:space:]]*}\"\n [[ -z \"$cmd\" ]] && return 0\n\n [[ \"$cmd\" == */* ]] && { print -r -- \"Denied: direct path execution\"; return 126; }\n is_allowed_cmd \"$cmd\" || { print -r -- \"Denied: $cmd\"; return 126; }\n return 0\n}\n\n# ---- Ensure accessible working directory ----\ncd \"$HOME\" 2>/dev/null || cd /\n";
|
|
33
|
+
export declare const ZDOT_ZSHRC_CONTENT = "# AgenShield restricted .zshrc\n# Applied to every interactive shell for the agent user.\n\nemulate -LR zsh\n\n# ---- Shell options ----\n# Note: NOT using setopt RESTRICTED as it disables cd entirely.\n# Instead we use preexec hooks and builtin disable for enforcement.\nsetopt NO_CASE_GLOB\nsetopt NO_BEEP\n\n# ---- Lock critical variables (readonly) ----\ntypeset -r PATH HOME SHELL\n\n# ---- Enforcement helpers ----\ndeny() {\n print -r -- \"Denied by policy\"\n return 126\n}\n\nis_allowed_cmd() {\n local cmd=\"$1\"\n\n # Allow zsh reserved words (if, for, while, [[, case, etc.)\n [[ \"$(whence -w \"$cmd\" 2>/dev/null)\" == *\": reserved\" ]] && return 0\n\n # Allow shell builtins we explicitly permit\n case \"$cmd\" in\n cd|pwd|echo|printf|test|true|false|exit|return|break|continue|shift|set|unset|export|typeset|local|declare|readonly|let|read|print|pushd|popd|dirs|jobs|fg|bg|kill|wait|times|ulimit|umask|history|fc|type|whence|which|where|rehash)\n return 0\n ;;\n esac\n\n # Deny path execution outright\n [[ \"$cmd\" == */* ]] && return 1\n\n # Resolve command path\n local resolved\n resolved=\"$(whence -p -- \"$cmd\" 2>/dev/null)\" || return 1\n\n # Must live under HOME/bin exactly\n [[ \"$resolved\" == \"$HOME/bin/\"* ]] && return 0\n return 1\n}\n\n# ---- Block dangerous builtins ----\ndisable -r builtin command exec eval hash nohup setopt source unfunction functions alias unalias 2>/dev/null || true\n\n# ---- Intercept every interactive command before execution ----\npreexec() {\n local line=\"$1\"\n local cmd=\"${line%%[[:space:]]*}\"\n\n # Empty / whitespace lines\n [[ -z \"$cmd\" ]] && return 0\n\n # Deny anything with slash in the command token (direct path execution)\n [[ \"$cmd\" == */* ]] && { print -r -- \"Denied: direct path execution\"; kill -KILL $$; }\n\n # Deny anything not allowed\n if ! is_allowed_cmd \"$cmd\"; then\n print -r -- \"Denied: $cmd (not in $HOME/bin)\"\n kill -KILL $$\n fi\n}\n\n# ---- Also intercept non-interactive \\`zsh -c\\` cases ----\nTRAPDEBUG() {\n local line=\"${ZSH_DEBUG_CMD:-$1}\"\n local cmd=\"${line%%[[:space:]]*}\"\n [[ -z \"$cmd\" ]] && return 0\n\n # Skip zsh reserved words ([[, if, for, while, case, etc.) \u2014 they are shell syntax, not external commands\n [[ \"$(whence -w \"$cmd\" 2>/dev/null)\" == *\": reserved\" ]] && return 0\n\n [[ \"$cmd\" == */* ]] && { print -r -- \"Denied: direct path execution\"; return 126; }\n is_allowed_cmd \"$cmd\" || { print -r -- \"Denied: $cmd\"; return 126; }\n return 0\n}\n\n# ---- Ensure accessible working directory ----\ncd \"$HOME\" 2>/dev/null || cd /\n";
|
|
34
34
|
//# sourceMappingURL=guarded-shell.d.ts.map
|
package/guarded-shell.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"guarded-shell.d.ts","sourceRoot":"","sources":["../src/guarded-shell.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,eAAO,MAAM,kBAAkB,iCAAiC,CAAC;AACjE,eAAO,MAAM,QAAQ,yBAAyB,CAAC;AAE/C;;;GAGG;AACH,eAAO,MAAM,qBAAqB,mjBAgBjC,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,mBAAmB,ulBAiB/B,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,kBAAkB,
|
|
1
|
+
{"version":3,"file":"guarded-shell.d.ts","sourceRoot":"","sources":["../src/guarded-shell.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,eAAO,MAAM,kBAAkB,iCAAiC,CAAC;AACjE,eAAO,MAAM,QAAQ,yBAAyB,CAAC;AAE/C;;;GAGG;AACH,eAAO,MAAM,qBAAqB,mjBAgBjC,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,mBAAmB,ulBAiB/B,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,kBAAkB,ulFAkF9B,CAAC"}
|
package/index.d.ts
CHANGED
|
@@ -11,7 +11,7 @@ export type { SandboxUser, SandboxConfig, CreateUserResult, DirectoryStructure a
|
|
|
11
11
|
export * from './guarded-shell';
|
|
12
12
|
export { createGuardedShell, createSandboxUser, deleteSandboxUser, } from './macos';
|
|
13
13
|
export { createUserConfig, createGroups, createGroup, createUser, createAgentUser, createBrokerUser, createUsers, createAllUsersAndGroups, deleteGroup, deleteUser, deleteGroups, deleteUsers, deleteAllUsersAndGroups, groupExists, userExists, getUserInfo, getGroupInfo, verifyUsersAndGroups, DEFAULT_BASE_UID, DEFAULT_BASE_GID, DEFAULT_BASE_NAME, ASH_PREFIX, type CreateResult, } from './users';
|
|
14
|
-
export { createDirectoryStructure, createPathsConfig, createDirectory, createSystemDirectories, createAgentDirectories, createAllDirectories, verifyDirectories, setupSocketDirectory, getDirectoryInfo, removeAllDirectories, type DirectoryDefinition, type DirectoryStructure, type DirectoryResult, } from './directories';
|
|
14
|
+
export { createDirectoryStructure, createPathsConfig, createDirectory, createSystemDirectories, createAgentDirectories, createAllDirectories, verifyDirectories, seedConfigFiles, setupSocketDirectory, getDirectoryInfo, removeAllDirectories, type DirectoryDefinition, type DirectoryStructure, type DirectoryResult, } from './directories';
|
|
15
15
|
export * from './migration';
|
|
16
16
|
export * from './security';
|
|
17
17
|
export * from './detect';
|
package/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,gBAAgB,EAAE,kBAAkB,IAAI,yBAAyB,EAAE,MAAM,SAAS,CAAC;AAG7H,cAAc,iBAAiB,CAAC;AAGhC,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,gBAAgB,EAChB,YAAY,EACZ,WAAW,EACX,UAAU,EACV,eAAe,EACf,gBAAgB,EAChB,WAAW,EACX,uBAAuB,EACvB,WAAW,EACX,UAAU,EACV,YAAY,EACZ,WAAW,EACX,uBAAuB,EACvB,WAAW,EACX,UAAU,EACV,WAAW,EACX,YAAY,EACZ,oBAAoB,EACpB,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,KAAK,YAAY,GAClB,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,wBAAwB,EACxB,iBAAiB,EACjB,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,oBAAoB,EACpB,iBAAiB,EACjB,oBAAoB,EACpB,gBAAgB,EAChB,oBAAoB,EACpB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EACvB,KAAK,eAAe,GACrB,MAAM,eAAe,CAAC;AAGvB,cAAc,aAAa,CAAC;AAG5B,cAAc,YAAY,CAAC;AAG3B,cAAc,UAAU,CAAC;AAGzB,cAAc,UAAU,CAAC;AACzB,cAAc,WAAW,CAAC;AAG1B,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,GACjB,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,QAAQ,EACR,mBAAmB,EACnB,cAAc,EACd,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,gBAAgB,EAChB,iBAAiB,EACjB,cAAc,EACd,mBAAmB,EACnB,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,gBAAgB,EAChB,qBAAqB,EACrB,oBAAoB,EACpB,qBAAqB,EACrB,KAAK,mBAAmB,EAExB,oBAAoB,EACpB,oBAAoB,EACpB,sBAAsB,EACtB,uBAAuB,EACvB,mBAAmB,EACnB,sBAAsB,EACtB,iBAAiB,EACjB,oBAAoB,EACpB,aAAa,EACb,KAAK,aAAa,EAClB,KAAK,iBAAiB,EACtB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,oBAAoB,EACpB,wBAAwB,EACxB,eAAe,EACf,uBAAuB,EACvB,aAAa,EACb,oBAAoB,EACpB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,mBAAmB,EACnB,yBAAyB,EACzB,mBAAmB,EACnB,gBAAgB,EAChB,kBAAkB,EAClB,qBAAqB,EACrB,eAAe,EACf,eAAe,EACf,aAAa,EACb,oBAAoB,EACpB,KAAK,YAAY,GAClB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAEL,SAAS,EACT,WAAW,EACX,yBAAyB,EACzB,gBAAgB,EAChB,gBAAgB,EAEhB,cAAc,EACd,gBAAgB,EAChB,YAAY,EACZ,OAAO,EAEP,KAAK,YAAY,EACjB,KAAK,qBAAqB,EAC1B,KAAK,gBAAgB,EACrB,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,GAC3B,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,aAAa,EACb,YAAY,EACZ,UAAU,EACV,YAAY,EACZ,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,oBAAoB,EACpB,uBAAuB,EACvB,YAAY,EACZ,kBAAkB,EAClB,KAAK,oBAAoB,GAC1B,MAAM,kBAAkB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,gBAAgB,EAAE,kBAAkB,IAAI,yBAAyB,EAAE,MAAM,SAAS,CAAC;AAG7H,cAAc,iBAAiB,CAAC;AAGhC,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,gBAAgB,EAChB,YAAY,EACZ,WAAW,EACX,UAAU,EACV,eAAe,EACf,gBAAgB,EAChB,WAAW,EACX,uBAAuB,EACvB,WAAW,EACX,UAAU,EACV,YAAY,EACZ,WAAW,EACX,uBAAuB,EACvB,WAAW,EACX,UAAU,EACV,WAAW,EACX,YAAY,EACZ,oBAAoB,EACpB,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,KAAK,YAAY,GAClB,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,wBAAwB,EACxB,iBAAiB,EACjB,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,oBAAoB,EACpB,iBAAiB,EACjB,eAAe,EACf,oBAAoB,EACpB,gBAAgB,EAChB,oBAAoB,EACpB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EACvB,KAAK,eAAe,GACrB,MAAM,eAAe,CAAC;AAGvB,cAAc,aAAa,CAAC;AAG5B,cAAc,YAAY,CAAC;AAG3B,cAAc,UAAU,CAAC;AAGzB,cAAc,UAAU,CAAC;AACzB,cAAc,WAAW,CAAC;AAG1B,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,GACjB,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,QAAQ,EACR,mBAAmB,EACnB,cAAc,EACd,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,gBAAgB,EAChB,iBAAiB,EACjB,cAAc,EACd,mBAAmB,EACnB,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,gBAAgB,EAChB,qBAAqB,EACrB,oBAAoB,EACpB,qBAAqB,EACrB,KAAK,mBAAmB,EAExB,oBAAoB,EACpB,oBAAoB,EACpB,sBAAsB,EACtB,uBAAuB,EACvB,mBAAmB,EACnB,sBAAsB,EACtB,iBAAiB,EACjB,oBAAoB,EACpB,aAAa,EACb,KAAK,aAAa,EAClB,KAAK,iBAAiB,EACtB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,oBAAoB,EACpB,wBAAwB,EACxB,eAAe,EACf,uBAAuB,EACvB,aAAa,EACb,oBAAoB,EACpB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,mBAAmB,EACnB,yBAAyB,EACzB,mBAAmB,EACnB,gBAAgB,EAChB,kBAAkB,EAClB,qBAAqB,EACrB,eAAe,EACf,eAAe,EACf,aAAa,EACb,oBAAoB,EACpB,KAAK,YAAY,GAClB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAEL,SAAS,EACT,WAAW,EACX,yBAAyB,EACzB,gBAAgB,EAChB,gBAAgB,EAEhB,cAAc,EACd,gBAAgB,EAChB,YAAY,EACZ,OAAO,EAEP,KAAK,YAAY,EACjB,KAAK,qBAAqB,EAC1B,KAAK,gBAAgB,EACrB,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,GAC3B,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,aAAa,EACb,YAAY,EACZ,UAAU,EACV,YAAY,EACZ,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,oBAAoB,EACpB,uBAAuB,EACvB,YAAY,EACZ,kBAAkB,EAClB,KAAK,oBAAoB,GAC1B,MAAM,kBAAkB,CAAC"}
|
package/index.js
CHANGED
|
@@ -81,6 +81,9 @@ deny() {
|
|
|
81
81
|
is_allowed_cmd() {
|
|
82
82
|
local cmd="$1"
|
|
83
83
|
|
|
84
|
+
# Allow zsh reserved words (if, for, while, [[, case, etc.)
|
|
85
|
+
[[ "$(whence -w "$cmd" 2>/dev/null)" == *": reserved" ]] && return 0
|
|
86
|
+
|
|
84
87
|
# Allow shell builtins we explicitly permit
|
|
85
88
|
case "$cmd" in
|
|
86
89
|
cd|pwd|echo|printf|test|true|false|exit|return|break|continue|shift|set|unset|export|typeset|local|declare|readonly|let|read|print|pushd|popd|dirs|jobs|fg|bg|kill|wait|times|ulimit|umask|history|fc|type|whence|which|where|rehash)
|
|
@@ -127,6 +130,9 @@ TRAPDEBUG() {
|
|
|
127
130
|
local cmd="\${line%%[[:space:]]*}"
|
|
128
131
|
[[ -z "$cmd" ]] && return 0
|
|
129
132
|
|
|
133
|
+
# Skip zsh reserved words ([[, if, for, while, case, etc.) \u2014 they are shell syntax, not external commands
|
|
134
|
+
[[ "$(whence -w "$cmd" 2>/dev/null)" == *": reserved" ]] && return 0
|
|
135
|
+
|
|
130
136
|
[[ "$cmd" == */* ]] && { print -r -- "Denied: direct path execution"; return 126; }
|
|
131
137
|
is_allowed_cmd "$cmd" || { print -r -- "Denied: $cmd"; return 126; }
|
|
132
138
|
return 0
|
|
@@ -838,7 +844,7 @@ function createSandboxUser(config = {}) {
|
|
|
838
844
|
result = sudoExec(`mkdir -p ${cfg.homeDir}`);
|
|
839
845
|
if (!result.success)
|
|
840
846
|
return { success: false, error: `Failed to create home dir: ${result.error}` };
|
|
841
|
-
result = sudoExec(`chown -R ${cfg.username}:${
|
|
847
|
+
result = sudoExec(`chown -R ${cfg.username}:${gid} ${cfg.homeDir}`);
|
|
842
848
|
if (!result.success)
|
|
843
849
|
return { success: false, error: `Failed to set ownership: ${result.error}` };
|
|
844
850
|
result = sudoExec(`dscl . -create /Users/${cfg.username} IsHidden 1`);
|
|
@@ -1351,6 +1357,29 @@ async function createSystemDirectories(config, options) {
|
|
|
1351
1357
|
}
|
|
1352
1358
|
return results;
|
|
1353
1359
|
}
|
|
1360
|
+
async function seedConfigFiles(config, options) {
|
|
1361
|
+
const cfg = config || createUserConfig();
|
|
1362
|
+
const agentHome = cfg.agentUser.home;
|
|
1363
|
+
const brokerUsername = cfg.brokerUser.username;
|
|
1364
|
+
const socketGroupName = cfg.groups.socket.name;
|
|
1365
|
+
const log = (msg) => options?.verbose && process.stderr.write(`[SETUP] ${msg}
|
|
1366
|
+
`);
|
|
1367
|
+
const filePath = `${agentHome}/.openclaw/openclaw.json`;
|
|
1368
|
+
try {
|
|
1369
|
+
log(`Seeding ${filePath}`);
|
|
1370
|
+
await execAsync2(`sudo tee "${filePath}" > /dev/null <<< '{}'`);
|
|
1371
|
+
await execAsync2(`sudo chown ${brokerUsername}:${socketGroupName} "${filePath}"`);
|
|
1372
|
+
await execAsync2(`sudo chmod 664 "${filePath}"`);
|
|
1373
|
+
return [{ success: true, path: filePath, message: `Seeded ${filePath}` }];
|
|
1374
|
+
} catch (error) {
|
|
1375
|
+
return [{
|
|
1376
|
+
success: false,
|
|
1377
|
+
path: filePath,
|
|
1378
|
+
message: `Failed to seed ${filePath}: ${error.message}`,
|
|
1379
|
+
error
|
|
1380
|
+
}];
|
|
1381
|
+
}
|
|
1382
|
+
}
|
|
1354
1383
|
async function createAgentDirectories(config, options) {
|
|
1355
1384
|
const structure = createDirectoryStructure(config);
|
|
1356
1385
|
const results = [];
|
|
@@ -1358,6 +1387,8 @@ async function createAgentDirectories(config, options) {
|
|
|
1358
1387
|
const result = await createDirectory(dirPath, dirOptions, options);
|
|
1359
1388
|
results.push(result);
|
|
1360
1389
|
}
|
|
1390
|
+
const seedResults = await seedConfigFiles(config, options);
|
|
1391
|
+
results.push(...seedResults);
|
|
1361
1392
|
return results;
|
|
1362
1393
|
}
|
|
1363
1394
|
async function createAllDirectories(config, options) {
|
|
@@ -1535,7 +1566,7 @@ exec "\${AGENT_BIN}/node" "${entryPath}" "$@"
|
|
|
1535
1566
|
if (!result.success) {
|
|
1536
1567
|
return { success: false, error: `Failed to install wrapper: ${result.error}` };
|
|
1537
1568
|
}
|
|
1538
|
-
result = sudoExec2(`chown ${user.username}:${user.
|
|
1569
|
+
result = sudoExec2(`chown ${user.username}:${user.gid} "${wrapperPath}"`);
|
|
1539
1570
|
if (!result.success) {
|
|
1540
1571
|
return { success: false, error: `Failed to set wrapper ownership: ${result.error}` };
|
|
1541
1572
|
}
|
|
@@ -1561,12 +1592,12 @@ function migrateNpmInstall(source, user, dirs) {
|
|
|
1561
1592
|
sudoExec2(`rm -rf "${dirs.configDir}/skills" 2>/dev/null`);
|
|
1562
1593
|
injectSkillWatcherSetting(dirs.configDir);
|
|
1563
1594
|
}
|
|
1564
|
-
result = sudoExec2(`chown -R ${user.username}:${user.
|
|
1595
|
+
result = sudoExec2(`chown -R ${user.username}:${user.gid} "${dirs.packageDir}"`);
|
|
1565
1596
|
if (!result.success) {
|
|
1566
1597
|
return { success: false, error: `Failed to set package ownership: ${result.error}` };
|
|
1567
1598
|
}
|
|
1568
1599
|
if (fs3.existsSync(dirs.configDir)) {
|
|
1569
|
-
result = sudoExec2(`chown -R ${user.username}:${user.
|
|
1600
|
+
result = sudoExec2(`chown -R ${user.username}:${user.gid} "${dirs.configDir}"`);
|
|
1570
1601
|
if (!result.success) {
|
|
1571
1602
|
return { success: false, error: `Failed to set config ownership: ${result.error}` };
|
|
1572
1603
|
}
|
|
@@ -1601,12 +1632,12 @@ function migrateGitInstall(source, user, dirs) {
|
|
|
1601
1632
|
sudoExec2(`rm -rf "${dirs.configDir}/skills" 2>/dev/null`);
|
|
1602
1633
|
injectSkillWatcherSetting(dirs.configDir);
|
|
1603
1634
|
}
|
|
1604
|
-
result = sudoExec2(`chown -R ${user.username}:${user.
|
|
1635
|
+
result = sudoExec2(`chown -R ${user.username}:${user.gid} "${dirs.packageDir}"`);
|
|
1605
1636
|
if (!result.success) {
|
|
1606
1637
|
return { success: false, error: `Failed to set package ownership: ${result.error}` };
|
|
1607
1638
|
}
|
|
1608
1639
|
if (fs3.existsSync(dirs.configDir)) {
|
|
1609
|
-
result = sudoExec2(`chown -R ${user.username}:${user.
|
|
1640
|
+
result = sudoExec2(`chown -R ${user.username}:${user.gid} "${dirs.configDir}"`);
|
|
1610
1641
|
if (!result.success) {
|
|
1611
1642
|
return { success: false, error: `Failed to set config ownership: ${result.error}` };
|
|
1612
1643
|
}
|
|
@@ -1668,7 +1699,7 @@ exec "${nodePath}" "$@"
|
|
|
1668
1699
|
if (!result.success) {
|
|
1669
1700
|
return { success: false, error: `Failed to install node wrapper: ${result.error}` };
|
|
1670
1701
|
}
|
|
1671
|
-
result = sudoExec2(`chown ${user.username}:${user.
|
|
1702
|
+
result = sudoExec2(`chown ${user.username}:${user.gid} "${wrapperPath}"`);
|
|
1672
1703
|
if (!result.success) {
|
|
1673
1704
|
return { success: false, error: `Failed to set node wrapper ownership: ${result.error}` };
|
|
1674
1705
|
}
|
|
@@ -6146,6 +6177,7 @@ export {
|
|
|
6146
6177
|
scanBinaries,
|
|
6147
6178
|
scanDiscovery,
|
|
6148
6179
|
scanSkills,
|
|
6180
|
+
seedConfigFiles,
|
|
6149
6181
|
setupSocketDirectory,
|
|
6150
6182
|
uninstallLaunchDaemon,
|
|
6151
6183
|
uninstallWrapper,
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@agenshield/sandbox",
|
|
3
|
-
"version": "0.4.
|
|
3
|
+
"version": "0.4.2",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"description": "User isolation and sandboxing utilities for AgenShield",
|
|
6
6
|
"main": "./index.js",
|
|
@@ -15,7 +15,7 @@
|
|
|
15
15
|
},
|
|
16
16
|
"license": "MIT",
|
|
17
17
|
"dependencies": {
|
|
18
|
-
"@agenshield/skills": "0.4.
|
|
18
|
+
"@agenshield/skills": "0.4.2",
|
|
19
19
|
"yaml": "^2.7.1"
|
|
20
20
|
},
|
|
21
21
|
"devDependencies": {
|