@agenshield/sandbox 0.4.1 → 0.4.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/directories.d.ts +6 -0
- package/directories.d.ts.map +1 -1
- package/guarded-shell.d.ts +1 -1
- package/guarded-shell.d.ts.map +1 -1
- package/index.d.ts +1 -1
- package/index.d.ts.map +1 -1
- package/index.js +59 -9
- package/package.json +2 -2
- package/restore.d.ts +0 -4
- package/restore.d.ts.map +1 -1
package/directories.d.ts
CHANGED
|
@@ -61,6 +61,12 @@ export declare function createDirectory(dirPath: string, options: {
|
|
|
61
61
|
* @param options - Optional verbose options
|
|
62
62
|
*/
|
|
63
63
|
export declare function createSystemDirectories(config?: UserConfig, options?: VerboseOptions): Promise<DirectoryResult[]>;
|
|
64
|
+
/**
|
|
65
|
+
* Seed configuration files inside agent directories so the broker can
|
|
66
|
+
* read/write them at runtime without needing to create them (which would
|
|
67
|
+
* require root and result in wrong ownership).
|
|
68
|
+
*/
|
|
69
|
+
export declare function seedConfigFiles(config?: UserConfig, options?: VerboseOptions): Promise<DirectoryResult[]>;
|
|
64
70
|
/**
|
|
65
71
|
* Create all agent directories
|
|
66
72
|
*
|
package/directories.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"directories.d.ts","sourceRoot":"","sources":["../src/directories.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAK/D;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;IAC5C,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;CAC5C;AAED;;;;;GAKG;AACH,wBAAgB,wBAAwB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,kBAAkB,CA0HhF;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,WAAW,CAalE;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,KAAK,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE;IACP,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf,EACD,cAAc,CAAC,EAAE,cAAc,GAC9B,OAAO,CAAC,eAAe,CAAC,CA6B1B;AAED;;;;;GAKG;AACH,wBAAsB,uBAAuB,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CAUvH;AAED;;;;;GAKG;AACH,wBAAsB,sBAAsB,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,
|
|
1
|
+
{"version":3,"file":"directories.d.ts","sourceRoot":"","sources":["../src/directories.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAK/D;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;IAC5C,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;CAC5C;AAED;;;;;GAKG;AACH,wBAAgB,wBAAwB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,kBAAkB,CA0HhF;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,WAAW,CAalE;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,KAAK,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE;IACP,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf,EACD,cAAc,CAAC,EAAE,cAAc,GAC9B,OAAO,CAAC,eAAe,CAAC,CA6B1B;AAED;;;;;GAKG;AACH,wBAAsB,uBAAuB,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CAUvH;AAED;;;;GAIG;AACH,wBAAsB,eAAe,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CAsB/G;AAED;;;;;GAKG;AACH,wBAAsB,sBAAsB,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CActH;AAED;;;;;GAKG;AACH,wBAAsB,oBAAoB,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CAKpH;AAED;;;;GAIG;AACH,wBAAsB,iBAAiB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC;IACpE,KAAK,EAAE,OAAO,CAAC;IACf,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,SAAS,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACnD,CAAC,CA8DD;AAED;;;;GAIG;AACH,wBAAsB,oBAAoB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,eAAe,CAAC,CAyBxF;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC;IAC/D,MAAM,EAAE,OAAO,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,GAAG,IAAI,CAAC,CAcR;AAED;;;;;GAKG;AACH,wBAAsB,oBAAoB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CA2C1F"}
|
package/guarded-shell.d.ts
CHANGED
|
@@ -30,5 +30,5 @@ export declare const ZDOT_ZSHENV_CONTENT = "# AgenShield restricted .zshenv\n# R
|
|
|
30
30
|
* ZDOTDIR .zshrc — interactive shell restrictions.
|
|
31
31
|
* Applies RESTRICTED mode, locks variables, disables builtins, installs hooks.
|
|
32
32
|
*/
|
|
33
|
-
export declare const ZDOT_ZSHRC_CONTENT = "# AgenShield restricted .zshrc\n# Applied to every interactive shell for the agent user.\n\nemulate -LR zsh\n\n# ---- Shell options ----\n# Note: NOT using setopt RESTRICTED as it disables cd entirely.\n# Instead we use preexec hooks and builtin disable for enforcement.\nsetopt NO_CASE_GLOB\nsetopt NO_BEEP\n\n# ---- Lock critical variables (readonly) ----\ntypeset -r PATH HOME SHELL\n\n# ---- Enforcement helpers ----\ndeny() {\n print -r -- \"Denied by policy\"\n return 126\n}\n\nis_allowed_cmd() {\n local cmd=\"$1\"\n\n # Allow shell builtins we explicitly permit\n case \"$cmd\" in\n cd|pwd|echo|printf|test|true|false|exit|return|break|continue|shift|set|unset|export|typeset|local|declare|readonly|let|read|print|pushd|popd|dirs|jobs|fg|bg|kill|wait|times|ulimit|umask|history|fc|type|whence|which|where|rehash)\n return 0\n ;;\n esac\n\n # Deny path execution outright\n [[ \"$cmd\" == */* ]] && return 1\n\n # Resolve command path\n local resolved\n resolved=\"$(whence -p -- \"$cmd\" 2>/dev/null)\" || return 1\n\n # Must live under HOME/bin exactly\n [[ \"$resolved\" == \"$HOME/bin/\"* ]] && return 0\n return 1\n}\n\n# ---- Block dangerous builtins ----\ndisable -r builtin command exec eval hash nohup setopt source unfunction functions alias unalias 2>/dev/null || true\n\n# ---- Intercept every interactive command before execution ----\npreexec() {\n local line=\"$1\"\n local cmd=\"${line%%[[:space:]]*}\"\n\n # Empty / whitespace lines\n [[ -z \"$cmd\" ]] && return 0\n\n # Deny anything with slash in the command token (direct path execution)\n [[ \"$cmd\" == */* ]] && { print -r -- \"Denied: direct path execution\"; kill -KILL $$; }\n\n # Deny anything not allowed\n if ! is_allowed_cmd \"$cmd\"; then\n print -r -- \"Denied: $cmd (not in $HOME/bin)\"\n kill -KILL $$\n fi\n}\n\n# ---- Also intercept non-interactive \\`zsh -c\\` cases ----\nTRAPDEBUG() {\n local line=\"${ZSH_DEBUG_CMD:-$1}\"\n local cmd=\"${line%%[[:space:]]*}\"\n [[ -z \"$cmd\" ]] && return 0\n\n [[ \"$cmd\" == */* ]] && { print -r -- \"Denied: direct path execution\"; return 126; }\n is_allowed_cmd \"$cmd\" || { print -r -- \"Denied: $cmd\"; return 126; }\n return 0\n}\n\n# ---- Ensure accessible working directory ----\ncd \"$HOME\" 2>/dev/null || cd /\n";
|
|
33
|
+
export declare const ZDOT_ZSHRC_CONTENT = "# AgenShield restricted .zshrc\n# Applied to every interactive shell for the agent user.\n\nemulate -LR zsh\n\n# ---- Shell options ----\n# Note: NOT using setopt RESTRICTED as it disables cd entirely.\n# Instead we use preexec hooks and builtin disable for enforcement.\nsetopt NO_CASE_GLOB\nsetopt NO_BEEP\n\n# ---- Lock critical variables (readonly) ----\ntypeset -r PATH HOME SHELL\n\n# ---- Enforcement helpers ----\ndeny() {\n print -r -- \"Denied by policy\"\n return 126\n}\n\nis_allowed_cmd() {\n local cmd=\"$1\"\n\n # Allow zsh reserved words (if, for, while, [[, case, etc.)\n [[ \"$(whence -w \"$cmd\" 2>/dev/null)\" == *\": reserved\" ]] && return 0\n\n # Allow shell builtins we explicitly permit\n case \"$cmd\" in\n cd|pwd|echo|printf|test|true|false|exit|return|break|continue|shift|set|unset|export|typeset|local|declare|readonly|let|read|print|pushd|popd|dirs|jobs|fg|bg|kill|wait|times|ulimit|umask|history|fc|type|whence|which|where|rehash)\n return 0\n ;;\n esac\n\n # Deny path execution outright\n [[ \"$cmd\" == */* ]] && return 1\n\n # Resolve command path\n local resolved\n resolved=\"$(whence -p -- \"$cmd\" 2>/dev/null)\" || return 1\n\n # Must live under HOME/bin exactly\n [[ \"$resolved\" == \"$HOME/bin/\"* ]] && return 0\n return 1\n}\n\n# ---- Block dangerous builtins ----\ndisable -r builtin command exec eval hash nohup setopt source unfunction functions alias unalias 2>/dev/null || true\n\n# ---- Intercept every interactive command before execution ----\npreexec() {\n local line=\"$1\"\n local cmd=\"${line%%[[:space:]]*}\"\n\n # Empty / whitespace lines\n [[ -z \"$cmd\" ]] && return 0\n\n # Deny anything with slash in the command token (direct path execution)\n [[ \"$cmd\" == */* ]] && { print -r -- \"Denied: direct path execution\"; kill -KILL $$; }\n\n # Deny anything not allowed\n if ! is_allowed_cmd \"$cmd\"; then\n print -r -- \"Denied: $cmd (not in $HOME/bin)\"\n kill -KILL $$\n fi\n}\n\n# ---- Also intercept non-interactive \\`zsh -c\\` cases ----\nTRAPDEBUG() {\n local line=\"${ZSH_DEBUG_CMD:-$1}\"\n local cmd=\"${line%%[[:space:]]*}\"\n [[ -z \"$cmd\" ]] && return 0\n\n # Skip zsh reserved words ([[, if, for, while, case, etc.) \u2014 they are shell syntax, not external commands\n [[ \"$(whence -w \"$cmd\" 2>/dev/null)\" == *\": reserved\" ]] && return 0\n\n [[ \"$cmd\" == */* ]] && { print -r -- \"Denied: direct path execution\"; return 126; }\n is_allowed_cmd \"$cmd\" || { print -r -- \"Denied: $cmd\"; return 126; }\n return 0\n}\n\n# ---- Ensure accessible working directory ----\ncd \"$HOME\" 2>/dev/null || cd /\n";
|
|
34
34
|
//# sourceMappingURL=guarded-shell.d.ts.map
|
package/guarded-shell.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"guarded-shell.d.ts","sourceRoot":"","sources":["../src/guarded-shell.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,eAAO,MAAM,kBAAkB,iCAAiC,CAAC;AACjE,eAAO,MAAM,QAAQ,yBAAyB,CAAC;AAE/C;;;GAGG;AACH,eAAO,MAAM,qBAAqB,mjBAgBjC,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,mBAAmB,ulBAiB/B,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,kBAAkB,
|
|
1
|
+
{"version":3,"file":"guarded-shell.d.ts","sourceRoot":"","sources":["../src/guarded-shell.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,eAAO,MAAM,kBAAkB,iCAAiC,CAAC;AACjE,eAAO,MAAM,QAAQ,yBAAyB,CAAC;AAE/C;;;GAGG;AACH,eAAO,MAAM,qBAAqB,mjBAgBjC,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,mBAAmB,ulBAiB/B,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,kBAAkB,ulFAkF9B,CAAC"}
|
package/index.d.ts
CHANGED
|
@@ -11,7 +11,7 @@ export type { SandboxUser, SandboxConfig, CreateUserResult, DirectoryStructure a
|
|
|
11
11
|
export * from './guarded-shell';
|
|
12
12
|
export { createGuardedShell, createSandboxUser, deleteSandboxUser, } from './macos';
|
|
13
13
|
export { createUserConfig, createGroups, createGroup, createUser, createAgentUser, createBrokerUser, createUsers, createAllUsersAndGroups, deleteGroup, deleteUser, deleteGroups, deleteUsers, deleteAllUsersAndGroups, groupExists, userExists, getUserInfo, getGroupInfo, verifyUsersAndGroups, DEFAULT_BASE_UID, DEFAULT_BASE_GID, DEFAULT_BASE_NAME, ASH_PREFIX, type CreateResult, } from './users';
|
|
14
|
-
export { createDirectoryStructure, createPathsConfig, createDirectory, createSystemDirectories, createAgentDirectories, createAllDirectories, verifyDirectories, setupSocketDirectory, getDirectoryInfo, removeAllDirectories, type DirectoryDefinition, type DirectoryStructure, type DirectoryResult, } from './directories';
|
|
14
|
+
export { createDirectoryStructure, createPathsConfig, createDirectory, createSystemDirectories, createAgentDirectories, createAllDirectories, verifyDirectories, seedConfigFiles, setupSocketDirectory, getDirectoryInfo, removeAllDirectories, type DirectoryDefinition, type DirectoryStructure, type DirectoryResult, } from './directories';
|
|
15
15
|
export * from './migration';
|
|
16
16
|
export * from './security';
|
|
17
17
|
export * from './detect';
|
package/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,gBAAgB,EAAE,kBAAkB,IAAI,yBAAyB,EAAE,MAAM,SAAS,CAAC;AAG7H,cAAc,iBAAiB,CAAC;AAGhC,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,gBAAgB,EAChB,YAAY,EACZ,WAAW,EACX,UAAU,EACV,eAAe,EACf,gBAAgB,EAChB,WAAW,EACX,uBAAuB,EACvB,WAAW,EACX,UAAU,EACV,YAAY,EACZ,WAAW,EACX,uBAAuB,EACvB,WAAW,EACX,UAAU,EACV,WAAW,EACX,YAAY,EACZ,oBAAoB,EACpB,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,KAAK,YAAY,GAClB,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,wBAAwB,EACxB,iBAAiB,EACjB,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,oBAAoB,EACpB,iBAAiB,EACjB,oBAAoB,EACpB,gBAAgB,EAChB,oBAAoB,EACpB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EACvB,KAAK,eAAe,GACrB,MAAM,eAAe,CAAC;AAGvB,cAAc,aAAa,CAAC;AAG5B,cAAc,YAAY,CAAC;AAG3B,cAAc,UAAU,CAAC;AAGzB,cAAc,UAAU,CAAC;AACzB,cAAc,WAAW,CAAC;AAG1B,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,GACjB,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,QAAQ,EACR,mBAAmB,EACnB,cAAc,EACd,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,gBAAgB,EAChB,iBAAiB,EACjB,cAAc,EACd,mBAAmB,EACnB,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,gBAAgB,EAChB,qBAAqB,EACrB,oBAAoB,EACpB,qBAAqB,EACrB,KAAK,mBAAmB,EAExB,oBAAoB,EACpB,oBAAoB,EACpB,sBAAsB,EACtB,uBAAuB,EACvB,mBAAmB,EACnB,sBAAsB,EACtB,iBAAiB,EACjB,oBAAoB,EACpB,aAAa,EACb,KAAK,aAAa,EAClB,KAAK,iBAAiB,EACtB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,oBAAoB,EACpB,wBAAwB,EACxB,eAAe,EACf,uBAAuB,EACvB,aAAa,EACb,oBAAoB,EACpB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,mBAAmB,EACnB,yBAAyB,EACzB,mBAAmB,EACnB,gBAAgB,EAChB,kBAAkB,EAClB,qBAAqB,EACrB,eAAe,EACf,eAAe,EACf,aAAa,EACb,oBAAoB,EACpB,KAAK,YAAY,GAClB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAEL,SAAS,EACT,WAAW,EACX,yBAAyB,EACzB,gBAAgB,EAChB,gBAAgB,EAEhB,cAAc,EACd,gBAAgB,EAChB,YAAY,EACZ,OAAO,EAEP,KAAK,YAAY,EACjB,KAAK,qBAAqB,EAC1B,KAAK,gBAAgB,EACrB,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,GAC3B,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,aAAa,EACb,YAAY,EACZ,UAAU,EACV,YAAY,EACZ,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,oBAAoB,EACpB,uBAAuB,EACvB,YAAY,EACZ,kBAAkB,EAClB,KAAK,oBAAoB,GAC1B,MAAM,kBAAkB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,gBAAgB,EAAE,kBAAkB,IAAI,yBAAyB,EAAE,MAAM,SAAS,CAAC;AAG7H,cAAc,iBAAiB,CAAC;AAGhC,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,gBAAgB,EAChB,YAAY,EACZ,WAAW,EACX,UAAU,EACV,eAAe,EACf,gBAAgB,EAChB,WAAW,EACX,uBAAuB,EACvB,WAAW,EACX,UAAU,EACV,YAAY,EACZ,WAAW,EACX,uBAAuB,EACvB,WAAW,EACX,UAAU,EACV,WAAW,EACX,YAAY,EACZ,oBAAoB,EACpB,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,KAAK,YAAY,GAClB,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,wBAAwB,EACxB,iBAAiB,EACjB,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,oBAAoB,EACpB,iBAAiB,EACjB,eAAe,EACf,oBAAoB,EACpB,gBAAgB,EAChB,oBAAoB,EACpB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EACvB,KAAK,eAAe,GACrB,MAAM,eAAe,CAAC;AAGvB,cAAc,aAAa,CAAC;AAG5B,cAAc,YAAY,CAAC;AAG3B,cAAc,UAAU,CAAC;AAGzB,cAAc,UAAU,CAAC;AACzB,cAAc,WAAW,CAAC;AAG1B,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,GACjB,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,QAAQ,EACR,mBAAmB,EACnB,cAAc,EACd,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,gBAAgB,EAChB,iBAAiB,EACjB,cAAc,EACd,mBAAmB,EACnB,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,gBAAgB,EAChB,qBAAqB,EACrB,oBAAoB,EACpB,qBAAqB,EACrB,KAAK,mBAAmB,EAExB,oBAAoB,EACpB,oBAAoB,EACpB,sBAAsB,EACtB,uBAAuB,EACvB,mBAAmB,EACnB,sBAAsB,EACtB,iBAAiB,EACjB,oBAAoB,EACpB,aAAa,EACb,KAAK,aAAa,EAClB,KAAK,iBAAiB,EACtB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,oBAAoB,EACpB,wBAAwB,EACxB,eAAe,EACf,uBAAuB,EACvB,aAAa,EACb,oBAAoB,EACpB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,mBAAmB,EACnB,yBAAyB,EACzB,mBAAmB,EACnB,gBAAgB,EAChB,kBAAkB,EAClB,qBAAqB,EACrB,eAAe,EACf,eAAe,EACf,aAAa,EACb,oBAAoB,EACpB,KAAK,YAAY,GAClB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAEL,SAAS,EACT,WAAW,EACX,yBAAyB,EACzB,gBAAgB,EAChB,gBAAgB,EAEhB,cAAc,EACd,gBAAgB,EAChB,YAAY,EACZ,OAAO,EAEP,KAAK,YAAY,EACjB,KAAK,qBAAqB,EAC1B,KAAK,gBAAgB,EACrB,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,GAC3B,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,aAAa,EACb,YAAY,EACZ,UAAU,EACV,YAAY,EACZ,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,oBAAoB,EACpB,uBAAuB,EACvB,YAAY,EACZ,kBAAkB,EAClB,KAAK,oBAAoB,GAC1B,MAAM,kBAAkB,CAAC"}
|
package/index.js
CHANGED
|
@@ -81,6 +81,9 @@ deny() {
|
|
|
81
81
|
is_allowed_cmd() {
|
|
82
82
|
local cmd="$1"
|
|
83
83
|
|
|
84
|
+
# Allow zsh reserved words (if, for, while, [[, case, etc.)
|
|
85
|
+
[[ "$(whence -w "$cmd" 2>/dev/null)" == *": reserved" ]] && return 0
|
|
86
|
+
|
|
84
87
|
# Allow shell builtins we explicitly permit
|
|
85
88
|
case "$cmd" in
|
|
86
89
|
cd|pwd|echo|printf|test|true|false|exit|return|break|continue|shift|set|unset|export|typeset|local|declare|readonly|let|read|print|pushd|popd|dirs|jobs|fg|bg|kill|wait|times|ulimit|umask|history|fc|type|whence|which|where|rehash)
|
|
@@ -127,6 +130,9 @@ TRAPDEBUG() {
|
|
|
127
130
|
local cmd="\${line%%[[:space:]]*}"
|
|
128
131
|
[[ -z "$cmd" ]] && return 0
|
|
129
132
|
|
|
133
|
+
# Skip zsh reserved words ([[, if, for, while, case, etc.) \u2014 they are shell syntax, not external commands
|
|
134
|
+
[[ "$(whence -w "$cmd" 2>/dev/null)" == *": reserved" ]] && return 0
|
|
135
|
+
|
|
130
136
|
[[ "$cmd" == */* ]] && { print -r -- "Denied: direct path execution"; return 126; }
|
|
131
137
|
is_allowed_cmd "$cmd" || { print -r -- "Denied: $cmd"; return 126; }
|
|
132
138
|
return 0
|
|
@@ -838,7 +844,7 @@ function createSandboxUser(config = {}) {
|
|
|
838
844
|
result = sudoExec(`mkdir -p ${cfg.homeDir}`);
|
|
839
845
|
if (!result.success)
|
|
840
846
|
return { success: false, error: `Failed to create home dir: ${result.error}` };
|
|
841
|
-
result = sudoExec(`chown -R ${cfg.username}:${
|
|
847
|
+
result = sudoExec(`chown -R ${cfg.username}:${gid} ${cfg.homeDir}`);
|
|
842
848
|
if (!result.success)
|
|
843
849
|
return { success: false, error: `Failed to set ownership: ${result.error}` };
|
|
844
850
|
result = sudoExec(`dscl . -create /Users/${cfg.username} IsHidden 1`);
|
|
@@ -1351,6 +1357,29 @@ async function createSystemDirectories(config, options) {
|
|
|
1351
1357
|
}
|
|
1352
1358
|
return results;
|
|
1353
1359
|
}
|
|
1360
|
+
async function seedConfigFiles(config, options) {
|
|
1361
|
+
const cfg = config || createUserConfig();
|
|
1362
|
+
const agentHome = cfg.agentUser.home;
|
|
1363
|
+
const brokerUsername = cfg.brokerUser.username;
|
|
1364
|
+
const socketGroupName = cfg.groups.socket.name;
|
|
1365
|
+
const log = (msg) => options?.verbose && process.stderr.write(`[SETUP] ${msg}
|
|
1366
|
+
`);
|
|
1367
|
+
const filePath = `${agentHome}/.openclaw/openclaw.json`;
|
|
1368
|
+
try {
|
|
1369
|
+
log(`Seeding ${filePath}`);
|
|
1370
|
+
await execAsync2(`sudo tee "${filePath}" > /dev/null <<< '{}'`);
|
|
1371
|
+
await execAsync2(`sudo chown ${brokerUsername}:${socketGroupName} "${filePath}"`);
|
|
1372
|
+
await execAsync2(`sudo chmod 664 "${filePath}"`);
|
|
1373
|
+
return [{ success: true, path: filePath, message: `Seeded ${filePath}` }];
|
|
1374
|
+
} catch (error) {
|
|
1375
|
+
return [{
|
|
1376
|
+
success: false,
|
|
1377
|
+
path: filePath,
|
|
1378
|
+
message: `Failed to seed ${filePath}: ${error.message}`,
|
|
1379
|
+
error
|
|
1380
|
+
}];
|
|
1381
|
+
}
|
|
1382
|
+
}
|
|
1354
1383
|
async function createAgentDirectories(config, options) {
|
|
1355
1384
|
const structure = createDirectoryStructure(config);
|
|
1356
1385
|
const results = [];
|
|
@@ -1358,6 +1387,8 @@ async function createAgentDirectories(config, options) {
|
|
|
1358
1387
|
const result = await createDirectory(dirPath, dirOptions, options);
|
|
1359
1388
|
results.push(result);
|
|
1360
1389
|
}
|
|
1390
|
+
const seedResults = await seedConfigFiles(config, options);
|
|
1391
|
+
results.push(...seedResults);
|
|
1361
1392
|
return results;
|
|
1362
1393
|
}
|
|
1363
1394
|
async function createAllDirectories(config, options) {
|
|
@@ -1535,7 +1566,7 @@ exec "\${AGENT_BIN}/node" "${entryPath}" "$@"
|
|
|
1535
1566
|
if (!result.success) {
|
|
1536
1567
|
return { success: false, error: `Failed to install wrapper: ${result.error}` };
|
|
1537
1568
|
}
|
|
1538
|
-
result = sudoExec2(`chown ${user.username}:${user.
|
|
1569
|
+
result = sudoExec2(`chown ${user.username}:${user.gid} "${wrapperPath}"`);
|
|
1539
1570
|
if (!result.success) {
|
|
1540
1571
|
return { success: false, error: `Failed to set wrapper ownership: ${result.error}` };
|
|
1541
1572
|
}
|
|
@@ -1561,12 +1592,12 @@ function migrateNpmInstall(source, user, dirs) {
|
|
|
1561
1592
|
sudoExec2(`rm -rf "${dirs.configDir}/skills" 2>/dev/null`);
|
|
1562
1593
|
injectSkillWatcherSetting(dirs.configDir);
|
|
1563
1594
|
}
|
|
1564
|
-
result = sudoExec2(`chown -R ${user.username}:${user.
|
|
1595
|
+
result = sudoExec2(`chown -R ${user.username}:${user.gid} "${dirs.packageDir}"`);
|
|
1565
1596
|
if (!result.success) {
|
|
1566
1597
|
return { success: false, error: `Failed to set package ownership: ${result.error}` };
|
|
1567
1598
|
}
|
|
1568
1599
|
if (fs3.existsSync(dirs.configDir)) {
|
|
1569
|
-
result = sudoExec2(`chown -R ${user.username}:${user.
|
|
1600
|
+
result = sudoExec2(`chown -R ${user.username}:${user.gid} "${dirs.configDir}"`);
|
|
1570
1601
|
if (!result.success) {
|
|
1571
1602
|
return { success: false, error: `Failed to set config ownership: ${result.error}` };
|
|
1572
1603
|
}
|
|
@@ -1601,12 +1632,12 @@ function migrateGitInstall(source, user, dirs) {
|
|
|
1601
1632
|
sudoExec2(`rm -rf "${dirs.configDir}/skills" 2>/dev/null`);
|
|
1602
1633
|
injectSkillWatcherSetting(dirs.configDir);
|
|
1603
1634
|
}
|
|
1604
|
-
result = sudoExec2(`chown -R ${user.username}:${user.
|
|
1635
|
+
result = sudoExec2(`chown -R ${user.username}:${user.gid} "${dirs.packageDir}"`);
|
|
1605
1636
|
if (!result.success) {
|
|
1606
1637
|
return { success: false, error: `Failed to set package ownership: ${result.error}` };
|
|
1607
1638
|
}
|
|
1608
1639
|
if (fs3.existsSync(dirs.configDir)) {
|
|
1609
|
-
result = sudoExec2(`chown -R ${user.username}:${user.
|
|
1640
|
+
result = sudoExec2(`chown -R ${user.username}:${user.gid} "${dirs.configDir}"`);
|
|
1610
1641
|
if (!result.success) {
|
|
1611
1642
|
return { success: false, error: `Failed to set config ownership: ${result.error}` };
|
|
1612
1643
|
}
|
|
@@ -1668,7 +1699,7 @@ exec "${nodePath}" "$@"
|
|
|
1668
1699
|
if (!result.success) {
|
|
1669
1700
|
return { success: false, error: `Failed to install node wrapper: ${result.error}` };
|
|
1670
1701
|
}
|
|
1671
|
-
result = sudoExec2(`chown ${user.username}:${user.
|
|
1702
|
+
result = sudoExec2(`chown ${user.username}:${user.gid} "${wrapperPath}"`);
|
|
1672
1703
|
if (!result.success) {
|
|
1673
1704
|
return { success: false, error: `Failed to set node wrapper ownership: ${result.error}` };
|
|
1674
1705
|
}
|
|
@@ -3657,6 +3688,14 @@ function discoverSocketGroups() {
|
|
|
3657
3688
|
return [];
|
|
3658
3689
|
}
|
|
3659
3690
|
}
|
|
3691
|
+
function isDaemonPresent() {
|
|
3692
|
+
if (fs7.existsSync("/Library/LaunchDaemons/com.agenshield.daemon.plist")) return true;
|
|
3693
|
+
if (findDaemonPidByPort(DEFAULT_PORT)) return true;
|
|
3694
|
+
return false;
|
|
3695
|
+
}
|
|
3696
|
+
function isBrokerPresent() {
|
|
3697
|
+
return fs7.existsSync("/Library/LaunchDaemons/com.agenshield.broker.plist");
|
|
3698
|
+
}
|
|
3660
3699
|
function forceUninstall(onProgress) {
|
|
3661
3700
|
const steps = [];
|
|
3662
3701
|
const runStep = (fn) => {
|
|
@@ -3665,8 +3704,18 @@ function forceUninstall(onProgress) {
|
|
|
3665
3704
|
onProgress?.(result);
|
|
3666
3705
|
return result.success;
|
|
3667
3706
|
};
|
|
3668
|
-
|
|
3669
|
-
|
|
3707
|
+
const MAX_ATTEMPTS = 5;
|
|
3708
|
+
for (let attempt = 0; attempt < MAX_ATTEMPTS; attempt++) {
|
|
3709
|
+
const daemonUp = isDaemonPresent();
|
|
3710
|
+
const brokerUp = isBrokerPresent();
|
|
3711
|
+
if (!daemonUp && !brokerUp) break;
|
|
3712
|
+
if (daemonUp) runStep(() => stopDaemon());
|
|
3713
|
+
if (brokerUp) runStep(() => stopBrokerDaemon());
|
|
3714
|
+
try {
|
|
3715
|
+
execSync6("sleep 1", { encoding: "utf-8" });
|
|
3716
|
+
} catch {
|
|
3717
|
+
}
|
|
3718
|
+
}
|
|
3670
3719
|
const sandboxUsers = discoverSandboxUsers();
|
|
3671
3720
|
for (const username of sandboxUsers) {
|
|
3672
3721
|
runStep(() => killUserProcesses(username));
|
|
@@ -6146,6 +6195,7 @@ export {
|
|
|
6146
6195
|
scanBinaries,
|
|
6147
6196
|
scanDiscovery,
|
|
6148
6197
|
scanSkills,
|
|
6198
|
+
seedConfigFiles,
|
|
6149
6199
|
setupSocketDirectory,
|
|
6150
6200
|
uninstallLaunchDaemon,
|
|
6151
6201
|
uninstallWrapper,
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@agenshield/sandbox",
|
|
3
|
-
"version": "0.4.
|
|
3
|
+
"version": "0.4.3",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"description": "User isolation and sandboxing utilities for AgenShield",
|
|
6
6
|
"main": "./index.js",
|
|
@@ -15,7 +15,7 @@
|
|
|
15
15
|
},
|
|
16
16
|
"license": "MIT",
|
|
17
17
|
"dependencies": {
|
|
18
|
-
"@agenshield/skills": "0.4.
|
|
18
|
+
"@agenshield/skills": "0.4.3",
|
|
19
19
|
"yaml": "^2.7.1"
|
|
20
20
|
},
|
|
21
21
|
"devDependencies": {
|
package/restore.d.ts
CHANGED
|
@@ -30,9 +30,5 @@ export declare function canUninstall(): {
|
|
|
30
30
|
backup: InstallationBackup | null;
|
|
31
31
|
error?: string;
|
|
32
32
|
};
|
|
33
|
-
/**
|
|
34
|
-
* Force uninstall without a backup
|
|
35
|
-
* Used when no backup exists but user wants to clean up AgenShield artifacts
|
|
36
|
-
*/
|
|
37
33
|
export declare function forceUninstall(onProgress?: (progress: RestoreProgress) => void): RestoreResult;
|
|
38
34
|
//# sourceMappingURL=restore.d.ts.map
|
package/restore.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"restore.d.ts","sourceRoot":"","sources":["../src/restore.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAmB1D,MAAM,MAAM,WAAW,GACnB,UAAU,GACV,aAAa,GACb,aAAa,GACb,gBAAgB,GAChB,gBAAgB,GAChB,iBAAiB,GACjB,aAAa,GACb,cAAc,GACd,SAAS,GACT,QAAQ,CAAC;AAEb,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,WAAW,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,eAAe,EAAE,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAyWD;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,kBAAkB,EAC1B,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE,eAAe,KAAK,IAAI,GAC/C,aAAa,CA+Ef;AAED;;GAEG;AACH,wBAAgB,YAAY,IAAI;IAC9B,YAAY,EAAE,OAAO,CAAC;IACtB,MAAM,EAAE,OAAO,CAAC;IAChB,SAAS,EAAE,OAAO,CAAC;IACnB,MAAM,EAAE,kBAAkB,GAAG,IAAI,CAAC;IAClC,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CA+BA;
|
|
1
|
+
{"version":3,"file":"restore.d.ts","sourceRoot":"","sources":["../src/restore.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAmB1D,MAAM,MAAM,WAAW,GACnB,UAAU,GACV,aAAa,GACb,aAAa,GACb,gBAAgB,GAChB,gBAAgB,GAChB,iBAAiB,GACjB,aAAa,GACb,cAAc,GACd,SAAS,GACT,QAAQ,CAAC;AAEb,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,WAAW,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,eAAe,EAAE,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAyWD;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,kBAAkB,EAC1B,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE,eAAe,KAAK,IAAI,GAC/C,aAAa,CA+Ef;AAED;;GAEG;AACH,wBAAgB,YAAY,IAAI;IAC9B,YAAY,EAAE,OAAO,CAAC;IACtB,MAAM,EAAE,OAAO,CAAC;IAChB,SAAS,EAAE,OAAO,CAAC;IACnB,MAAM,EAAE,kBAAkB,GAAG,IAAI,CAAC;IAClC,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CA+BA;AAuDD,wBAAgB,cAAc,CAC5B,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE,eAAe,KAAK,IAAI,GAC/C,aAAa,CAuHf"}
|