@agenshield/sandbox 0.4.3 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/guarded-shell.d.ts +3 -3
  2. package/guarded-shell.d.ts.map +1 -1
  3. package/index.js +91 -49
  4. package/launchdaemon.d.ts.map +1 -1
  5. package/macos.d.ts.map +1 -1
  6. package/package.json +2 -2
  7. package/restore.d.ts.map +1 -1
  8. package/shield-exec.d.ts +1 -1
  9. package/shield-exec.d.ts.map +1 -1
  10. package/wrappers.d.ts.map +1 -1
package/guarded-shell.d.ts CHANGED
@@ -20,15 +20,15 @@ export declare const ZDOT_DIR = "/etc/agenshield/zdot";
20
20
  * Guarded shell launcher — minimal, just sets ZDOTDIR and execs zsh.
21
21
  * Restrictions are applied by ZDOT_ZSHENV_CONTENT and ZDOT_ZSHRC_CONTENT.
22
22
  */
23
- export declare const GUARDED_SHELL_CONTENT = "#!/bin/zsh\n# guarded-shell: launcher for restricted agent shell.\n# All restrictions live in ZDOTDIR files (root-owned, immutable to agent).\nemulate -LR zsh\n\n# Prevent inherited env tricks before handing off to zsh\nunset HOME\nunset DYLD_LIBRARY_PATH DYLD_FALLBACK_LIBRARY_PATH DYLD_INSERT_LIBRARIES\nunset PYTHONPATH NODE_PATH RUBYLIB PERL5LIB\nunset SSH_ASKPASS LD_PRELOAD\n\n# Point zsh at our restricted config directory\nexport ZDOTDIR=\"/etc/agenshield/zdot\"\n\n# Start zsh \u2014 it will read ZDOTDIR/.zshenv then ZDOTDIR/.zshrc\nexec /bin/zsh\n";
23
+ export declare const GUARDED_SHELL_CONTENT = "#!/bin/zsh\n# guarded-shell: launcher for restricted agent shell.\n# All restrictions live in ZDOTDIR files (root-owned, immutable to agent).\nemulate -LR zsh\n\n# Prevent inherited env tricks before handing off to zsh\nunset HOME\nunset DYLD_LIBRARY_PATH DYLD_FALLBACK_LIBRARY_PATH DYLD_INSERT_LIBRARIES\nunset PYTHONPATH NODE_PATH RUBYLIB PERL5LIB\nunset SSH_ASKPASS LD_PRELOAD\n\n# Point zsh at our restricted config directory\nexport ZDOTDIR=\"/etc/agenshield/zdot\"\n\n# Start zsh \u2014 it will read ZDOTDIR/.zshenv then ZDOTDIR/.zshrc\nexec /bin/zsh \"$@\"\n";
24
24
  /**
25
25
  * ZDOTDIR .zshenv — runs after /etc/zshenv (which calls path_helper on macOS).
26
26
  * Overrides PATH to only include $HOME/bin.
27
27
  */
28
- export declare const ZDOT_ZSHENV_CONTENT = "# AgenShield restricted .zshenv\n# Runs AFTER /etc/zshenv \u2014 overrides path_helper's full system PATH.\n\n# ALWAYS set HOME based on actual user, never inherit\nexport HOME=\"/Users/$(id -un)\"\nexport HISTFILE=\"$HOME/.zsh_history\"\n\n# Suppress locale to prevent /etc/zshrc from calling locale command\nexport LC_ALL=C LANG=C\n\nexport PATH=\"$HOME/bin\"\nexport SHELL=\"/usr/local/bin/guarded-shell\"\n\n# Clear any leftover env tricks\nunset DYLD_LIBRARY_PATH DYLD_FALLBACK_LIBRARY_PATH DYLD_INSERT_LIBRARIES\nunset PYTHONPATH NODE_PATH RUBYLIB PERL5LIB\nunset SSH_ASKPASS LD_PRELOAD\n";
28
+ export declare const ZDOT_ZSHENV_CONTENT = "# AgenShield restricted .zshenv\n# Runs AFTER /etc/zshenv \u2014 overrides path_helper's full system PATH.\n\n# ALWAYS set HOME based on actual user, never inherit\nexport HOME=\"/Users/$(id -un)\"\nexport HISTFILE=\"$HOME/.zsh_history\"\n\n# Suppress locale to prevent /etc/zshrc from calling locale command\nexport LC_ALL=C LANG=C\n\nexport PATH=\"$HOME/bin\"\nexport SHELL=\"/usr/local/bin/guarded-shell\"\n\n# Clear any leftover env tricks\nunset DYLD_LIBRARY_PATH DYLD_FALLBACK_LIBRARY_PATH DYLD_INSERT_LIBRARIES\nunset PYTHONPATH NODE_PATH RUBYLIB PERL5LIB\nunset SSH_ASKPASS LD_PRELOAD\n\n# Skip system rc files (/etc/zprofile, /etc/zshrc, /etc/zlogin)\n# They may call commands not in our restricted PATH (e.g. locale).\n# ZDOTDIR files (.zshrc) are still read.\nsetopt NO_GLOBAL_RCS\n";
29
29
  /**
30
30
  * ZDOTDIR .zshrc — interactive shell restrictions.
31
31
  * Applies RESTRICTED mode, locks variables, disables builtins, installs hooks.
32
32
  */
33
- export declare const ZDOT_ZSHRC_CONTENT = "# AgenShield restricted .zshrc\n# Applied to every interactive shell for the agent user.\n\nemulate -LR zsh\n\n# ---- Shell options ----\n# Note: NOT using setopt RESTRICTED as it disables cd entirely.\n# Instead we use preexec hooks and builtin disable for enforcement.\nsetopt NO_CASE_GLOB\nsetopt NO_BEEP\n\n# ---- Lock critical variables (readonly) ----\ntypeset -r PATH HOME SHELL\n\n# ---- Enforcement helpers ----\ndeny() {\n print -r -- \"Denied by policy\"\n return 126\n}\n\nis_allowed_cmd() {\n local cmd=\"$1\"\n\n # Allow zsh reserved words (if, for, while, [[, case, etc.)\n [[ \"$(whence -w \"$cmd\" 2>/dev/null)\" == *\": reserved\" ]] && return 0\n\n # Allow shell builtins we explicitly permit\n case \"$cmd\" in\n cd|pwd|echo|printf|test|true|false|exit|return|break|continue|shift|set|unset|export|typeset|local|declare|readonly|let|read|print|pushd|popd|dirs|jobs|fg|bg|kill|wait|times|ulimit|umask|history|fc|type|whence|which|where|rehash)\n return 0\n ;;\n esac\n\n # Deny path execution outright\n [[ \"$cmd\" == */* ]] && return 1\n\n # Resolve command path\n local resolved\n resolved=\"$(whence -p -- \"$cmd\" 2>/dev/null)\" || return 1\n\n # Must live under HOME/bin exactly\n [[ \"$resolved\" == \"$HOME/bin/\"* ]] && return 0\n return 1\n}\n\n# ---- Block dangerous builtins ----\ndisable -r builtin command exec eval hash nohup setopt source unfunction functions alias unalias 2>/dev/null || true\n\n# ---- Intercept every interactive command before execution ----\npreexec() {\n local line=\"$1\"\n local cmd=\"${line%%[[:space:]]*}\"\n\n # Empty / whitespace lines\n [[ -z \"$cmd\" ]] && return 0\n\n # Deny anything with slash in the command token (direct path execution)\n [[ \"$cmd\" == */* ]] && { print -r -- \"Denied: direct path execution\"; kill -KILL $$; }\n\n # Deny anything not allowed\n if ! is_allowed_cmd \"$cmd\"; then\n print -r -- \"Denied: $cmd (not in $HOME/bin)\"\n kill -KILL $$\n fi\n}\n\n# ---- Also intercept non-interactive \\`zsh -c\\` cases ----\nTRAPDEBUG() {\n local line=\"${ZSH_DEBUG_CMD:-$1}\"\n local cmd=\"${line%%[[:space:]]*}\"\n [[ -z \"$cmd\" ]] && return 0\n\n # Skip zsh reserved words ([[, if, for, while, case, etc.) \u2014 they are shell syntax, not external commands\n [[ \"$(whence -w \"$cmd\" 2>/dev/null)\" == *\": reserved\" ]] && return 0\n\n [[ \"$cmd\" == */* ]] && { print -r -- \"Denied: direct path execution\"; return 126; }\n is_allowed_cmd \"$cmd\" || { print -r -- \"Denied: $cmd\"; return 126; }\n return 0\n}\n\n# ---- Ensure accessible working directory ----\ncd \"$HOME\" 2>/dev/null || cd /\n";
33
+ export declare const ZDOT_ZSHRC_CONTENT = "# AgenShield restricted .zshrc\n# Applied to every interactive shell for the agent user.\n\nemulate -LR zsh\n\n# Re-set HISTFILE (safety: ensure it points to agent's home, not ZDOTDIR)\nHISTFILE=\"$HOME/.zsh_history\"\n\n# Re-set PATH (only ~/bin \u2014 override anything that may have been added)\nPATH=\"$HOME/bin\"\n\n# ---- Shell options ----\n# Note: NOT using setopt RESTRICTED as it disables cd entirely.\n# Instead we use preexec hooks and builtin disable for enforcement.\nsetopt NO_CASE_GLOB\nsetopt NO_BEEP\n\n# ---- Lock critical variables (readonly) ----\ntypeset -r PATH HOME SHELL HISTFILE\n\n# ---- Enforcement helpers ----\ndeny() {\n print -r -- \"Denied by policy\"\n return 126\n}\n\nis_allowed_cmd() {\n local cmd=\"$1\"\n\n # Allow zsh reserved words (if, for, while, [[, case, etc.)\n [[ \"$(whence -w \"$cmd\" 2>/dev/null)\" == *\": reserved\" ]] && return 0\n\n # Allow shell builtins we explicitly permit\n case \"$cmd\" in\n cd|pwd|echo|printf|test|true|false|exit|return|break|continue|shift|set|unset|export|typeset|local|declare|readonly|let|read|print|pushd|popd|dirs|jobs|fg|bg|kill|wait|times|ulimit|umask|history|fc|type|whence|which|where|rehash)\n return 0\n ;;\n esac\n\n # Deny path execution outright\n [[ \"$cmd\" == */* ]] && return 1\n\n # Resolve command path\n local resolved\n resolved=\"$(whence -p -- \"$cmd\" 2>/dev/null)\" || return 1\n\n # Must live under HOME/bin exactly\n [[ \"$resolved\" == \"$HOME/bin/\"* ]] && return 0\n return 1\n}\n\n# ---- Block dangerous builtins ----\ndisable -r builtin command exec eval hash nohup setopt source unfunction functions alias unalias 2>/dev/null || true\n\n# ---- Intercept every interactive command before execution ----\npreexec() {\n local line=\"$1\"\n local cmd=\"${line%%[[:space:]]*}\"\n\n # Empty / whitespace lines\n [[ -z \"$cmd\" ]] && return 0\n\n # Deny anything with slash in the command token (direct path execution)\n [[ \"$cmd\" == */* ]] && { print -r -- \"Denied: direct path execution\"; kill -KILL $$; }\n\n # Deny anything not allowed\n if ! is_allowed_cmd \"$cmd\"; then\n print -r -- \"Denied: $cmd (not in $HOME/bin)\"\n kill -KILL $$\n fi\n}\n\n# ---- Also intercept non-interactive \\`zsh -c\\` cases ----\ntypeset -gi __ash_guard=0\n\nTRAPDEBUG() {\n # Prevent recursion when our own checks invoke whence/is_allowed_cmd\n (( __ash_guard )) && return 0\n\n local line=\"${ZSH_DEBUG_CMD:-$1}\"\n local cmd=\"${line%%[[:space:]]*}\"\n [[ -z \"$cmd\" ]] && return 0\n\n # Skip variable assignments (e.g. resolved=\"$(whence ...)\")\n [[ \"$cmd\" == *=* ]] && return 0\n\n # Skip zsh reserved words ([[, if, for, while, case, etc.)\n __ash_guard=1\n [[ \"$(whence -w \"$cmd\" 2>/dev/null)\" == *\": reserved\" ]] && { __ash_guard=0; return 0; }\n\n [[ \"$cmd\" == */* ]] && { __ash_guard=0; print -r -- \"Denied: direct path execution\"; return 126; }\n is_allowed_cmd \"$cmd\" || { __ash_guard=0; print -r -- \"Denied: $cmd\"; return 126; }\n __ash_guard=0\n return 0\n}\n\n# ---- Ensure accessible working directory ----\ncd \"$HOME\" 2>/dev/null || cd /\n";
34
34
  //# sourceMappingURL=guarded-shell.d.ts.map
package/guarded-shell.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"guarded-shell.d.ts","sourceRoot":"","sources":["../src/guarded-shell.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,eAAO,MAAM,kBAAkB,iCAAiC,CAAC;AACjE,eAAO,MAAM,QAAQ,yBAAyB,CAAC;AAE/C;;;GAGG;AACH,eAAO,MAAM,qBAAqB,mjBAgBjC,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,mBAAmB,ulBAiB/B,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,kBAAkB,ulFAkF9B,CAAC"}
1
+ {"version":3,"file":"guarded-shell.d.ts","sourceRoot":"","sources":["../src/guarded-shell.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,eAAO,MAAM,kBAAkB,iCAAiC,CAAC;AACjE,eAAO,MAAM,QAAQ,yBAAyB,CAAC;AAE/C;;;GAGG;AACH,eAAO,MAAM,qBAAqB,0jBAgBjC,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,mBAAmB,8xBAsB/B,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,kBAAkB,kkGAkG9B,CAAC"}
package/index.js CHANGED
@@ -38,7 +38,7 @@ unset SSH_ASKPASS LD_PRELOAD
38
38
  export ZDOTDIR="/etc/agenshield/zdot"
39
39
 
40
40
  # Start zsh \u2014 it will read ZDOTDIR/.zshenv then ZDOTDIR/.zshrc
41
- exec /bin/zsh
41
+ exec /bin/zsh "$@"
42
42
  `;
43
43
  ZDOT_ZSHENV_CONTENT = `# AgenShield restricted .zshenv
44
44
  # Runs AFTER /etc/zshenv \u2014 overrides path_helper's full system PATH.
@@ -57,12 +57,23 @@ export SHELL="/usr/local/bin/guarded-shell"
57
57
  unset DYLD_LIBRARY_PATH DYLD_FALLBACK_LIBRARY_PATH DYLD_INSERT_LIBRARIES
58
58
  unset PYTHONPATH NODE_PATH RUBYLIB PERL5LIB
59
59
  unset SSH_ASKPASS LD_PRELOAD
60
+
61
+ # Skip system rc files (/etc/zprofile, /etc/zshrc, /etc/zlogin)
62
+ # They may call commands not in our restricted PATH (e.g. locale).
63
+ # ZDOTDIR files (.zshrc) are still read.
64
+ setopt NO_GLOBAL_RCS
60
65
  `;
61
66
  ZDOT_ZSHRC_CONTENT = `# AgenShield restricted .zshrc
62
67
  # Applied to every interactive shell for the agent user.
63
68
 
64
69
  emulate -LR zsh
65
70
 
71
+ # Re-set HISTFILE (safety: ensure it points to agent's home, not ZDOTDIR)
72
+ HISTFILE="$HOME/.zsh_history"
73
+
74
+ # Re-set PATH (only ~/bin \u2014 override anything that may have been added)
75
+ PATH="$HOME/bin"
76
+
66
77
  # ---- Shell options ----
67
78
  # Note: NOT using setopt RESTRICTED as it disables cd entirely.
68
79
  # Instead we use preexec hooks and builtin disable for enforcement.
@@ -70,7 +81,7 @@ setopt NO_CASE_GLOB
70
81
  setopt NO_BEEP
71
82
 
72
83
  # ---- Lock critical variables (readonly) ----
73
- typeset -r PATH HOME SHELL
84
+ typeset -r PATH HOME SHELL HISTFILE
74
85
 
75
86
  # ---- Enforcement helpers ----
76
87
  deny() {
@@ -125,16 +136,26 @@ preexec() {
125
136
  }
126
137
 
127
138
  # ---- Also intercept non-interactive \\\`zsh -c\\\` cases ----
139
+ typeset -gi __ash_guard=0
140
+
128
141
  TRAPDEBUG() {
142
+ # Prevent recursion when our own checks invoke whence/is_allowed_cmd
143
+ (( __ash_guard )) && return 0
144
+
129
145
  local line="\${ZSH_DEBUG_CMD:-$1}"
130
146
  local cmd="\${line%%[[:space:]]*}"
131
147
  [[ -z "$cmd" ]] && return 0
132
148
 
133
- # Skip zsh reserved words ([[, if, for, while, case, etc.) \u2014 they are shell syntax, not external commands
134
- [[ "$(whence -w "$cmd" 2>/dev/null)" == *": reserved" ]] && return 0
149
+ # Skip variable assignments (e.g. resolved="$(whence ...)")
150
+ [[ "$cmd" == *=* ]] && return 0
151
+
152
+ # Skip zsh reserved words ([[, if, for, while, case, etc.)
153
+ __ash_guard=1
154
+ [[ "$(whence -w "$cmd" 2>/dev/null)" == *": reserved" ]] && { __ash_guard=0; return 0; }
135
155
 
136
- [[ "$cmd" == */* ]] && { print -r -- "Denied: direct path execution"; return 126; }
137
- is_allowed_cmd "$cmd" || { print -r -- "Denied: $cmd"; return 126; }
156
+ [[ "$cmd" == */* ]] && { __ash_guard=0; print -r -- "Denied: direct path execution"; return 126; }
157
+ is_allowed_cmd "$cmd" || { __ash_guard=0; print -r -- "Denied: $cmd"; return 126; }
158
+ __ash_guard=0
138
159
  return 0
139
160
  }
140
161
 
@@ -280,10 +301,8 @@ var init_shield_exec = __esm({
280
301
  });
281
302
  }
282
303
  SHIELD_EXEC_CONTENT = `#!/usr/bin/env node
283
- 'use strict';
284
-
285
- const path = require('path');
286
- const net = require('net');
304
+ import path from 'node:path';
305
+ import net from 'node:net';
287
306
 
288
307
  const DEFAULT_SOCKET_PATH = '/var/run/agenshield/agenshield.sock';
289
308
 
@@ -1456,7 +1475,7 @@ async function setupSocketDirectory(config) {
1456
1475
  try {
1457
1476
  await execAsync2(`sudo mkdir -p "${socketDir}"`);
1458
1477
  await execAsync2(`sudo chown ${cfg.brokerUser.username}:${cfg.groups.socket.name} "${socketDir}"`);
1459
- await execAsync2(`sudo chmod 770 "${socketDir}"`);
1478
+ await execAsync2(`sudo chmod 775 "${socketDir}"`);
1460
1479
  return {
1461
1480
  success: true,
1462
1481
  path: socketDir,
@@ -3337,33 +3356,42 @@ function findDaemonPidByPort(port) {
3337
3356
  }
3338
3357
  return null;
3339
3358
  }
3359
+ function waitForProcessExit(pid, timeoutMs = 5e3) {
3360
+ const start = Date.now();
3361
+ while (Date.now() - start < timeoutMs) {
3362
+ try {
3363
+ process.kill(pid, 0);
3364
+ } catch {
3365
+ return true;
3366
+ }
3367
+ execSync6("sleep 0.2", { stdio: "pipe" });
3368
+ }
3369
+ try {
3370
+ process.kill(pid, "SIGKILL");
3371
+ } catch {
3372
+ return true;
3373
+ }
3374
+ const killStart = Date.now();
3375
+ while (Date.now() - killStart < 2e3) {
3376
+ try {
3377
+ process.kill(pid, 0);
3378
+ } catch {
3379
+ return true;
3380
+ }
3381
+ execSync6("sleep 0.2", { stdio: "pipe" });
3382
+ }
3383
+ return false;
3384
+ }
3340
3385
  function stopDaemon() {
3341
3386
  const plistPath = "/Library/LaunchDaemons/com.agenshield.daemon.plist";
3342
3387
  if (fs7.existsSync(plistPath)) {
3343
- const result = sudoExec4(`launchctl unload "${plistPath}"`);
3344
- if (!result.success) {
3345
- return {
3346
- step: "stop-daemon",
3347
- success: true,
3348
- message: "Daemon stopped (or was not running)"
3349
- };
3350
- }
3351
3388
  sudoExec4(`rm -f "${plistPath}"`);
3352
- return {
3353
- step: "stop-daemon",
3354
- success: true,
3355
- message: "Daemon stopped and plist removed"
3356
- };
3389
+ sudoExec4(`launchctl unload "${plistPath}" 2>/dev/null || true`);
3357
3390
  }
3358
3391
  const pid = findDaemonPidByPort(DEFAULT_PORT);
3359
3392
  if (pid) {
3360
3393
  try {
3361
3394
  process.kill(pid, "SIGTERM");
3362
- return {
3363
- step: "stop-daemon",
3364
- success: true,
3365
- message: `Daemon stopped (PID ${pid}, via port lookup)`
3366
- };
3367
3395
  } catch (err) {
3368
3396
  const errCode = err.code;
3369
3397
  if (errCode === "ESRCH") {
@@ -3373,13 +3401,18 @@ function stopDaemon() {
3373
3401
  message: `Daemon process ${pid} already terminated`
3374
3402
  };
3375
3403
  }
3376
- return {
3377
- step: "stop-daemon",
3378
- success: false,
3379
- message: `Failed to kill daemon PID ${pid}`,
3380
- error: String(err)
3381
- };
3404
+ sudoExec4(`kill -9 ${pid}`);
3382
3405
  }
3406
+ const exited = waitForProcessExit(pid);
3407
+ if (!exited) {
3408
+ sudoExec4(`kill -9 ${pid}`);
3409
+ waitForProcessExit(pid, 2e3);
3410
+ }
3411
+ return {
3412
+ step: "stop-daemon",
3413
+ success: true,
3414
+ message: `Daemon stopped (PID ${pid})`
3415
+ };
3383
3416
  }
3384
3417
  return {
3385
3418
  step: "stop-daemon",
@@ -3396,8 +3429,8 @@ function stopBrokerDaemon() {
3396
3429
  message: "Broker daemon not installed (plist not found)"
3397
3430
  };
3398
3431
  }
3399
- sudoExec4(`launchctl unload "${plistPath}"`);
3400
3432
  sudoExec4(`rm -f "${plistPath}"`);
3433
+ sudoExec4(`launchctl unload "${plistPath}" 2>/dev/null || true`);
3401
3434
  return {
3402
3435
  step: "stop-broker",
3403
3436
  success: true,
@@ -4364,6 +4397,7 @@ async function installGuardedShell(userConfig, options) {
4364
4397
  const shellPath = GUARDED_SHELL_PATH2;
4365
4398
  try {
4366
4399
  log(`Installing guarded shell launcher to ${shellPath}`);
4400
+ await execAsync4(`sudo mkdir -p "${path6.dirname(shellPath)}"`);
4367
4401
  await execAsync4(`sudo tee "${shellPath}" > /dev/null << 'GUARDEDEOF'
4368
4402
  ${GUARDED_SHELL_CONTENT2}
4369
4403
  GUARDEDEOF`);
@@ -4589,6 +4623,13 @@ async function copyBrokerBinary(userConfig) {
4589
4623
  await execAsync4(`sudo cp "${srcPath}" "${targetPath}"`);
4590
4624
  await execAsync4(`sudo chmod 755 "${targetPath}"`);
4591
4625
  await execAsync4(`sudo chown root:${socketGroupName} "${targetPath}"`);
4626
+ await execAsync4(
4627
+ `sudo tee /opt/agenshield/package.json > /dev/null << 'PKGJSONEOF'
4628
+ {"type":"module"}
4629
+ PKGJSONEOF`
4630
+ );
4631
+ await execAsync4(`sudo chown root:wheel /opt/agenshield/package.json`);
4632
+ await execAsync4(`sudo chmod 644 /opt/agenshield/package.json`);
4592
4633
  return {
4593
4634
  success: true,
4594
4635
  name: "agenshield-broker",
@@ -4818,10 +4859,7 @@ function generateBrokerPlist(config, options) {
4818
4859
  <true/>
4819
4860
 
4820
4861
  <key>KeepAlive</key>
4821
- <dict>
4822
- <key>SuccessfulExit</key>
4823
- <false/>
4824
- </dict>
4862
+ <true/>
4825
4863
 
4826
4864
  <key>ThrottleInterval</key>
4827
4865
  <integer>10</integer>
@@ -4880,10 +4918,7 @@ function generateBrokerPlistLegacy(options) {
4880
4918
  <true/>
4881
4919
 
4882
4920
  <key>KeepAlive</key>
4883
- <dict>
4884
- <key>SuccessfulExit</key>
4885
- <false/>
4886
- </dict>
4921
+ <true/>
4887
4922
 
4888
4923
  <key>ThrottleInterval</key>
4889
4924
  <integer>10</integer>
@@ -5058,20 +5093,27 @@ async function fixSocketPermissions(config) {
5058
5093
  const socketDir = "/var/run/agenshield";
5059
5094
  const socketPath = `${socketDir}/agenshield.sock`;
5060
5095
  const brokerUsername = config?.brokerUser?.username || "ash_default_broker";
5096
+ const socketGroupName = config?.groups?.socket?.name || "ash_default";
5061
5097
  try {
5062
5098
  await execAsync5(`sudo chmod 775 "${socketDir}"`);
5063
- let attempts = 0;
5064
- while (attempts < 10) {
5099
+ let socketFound = false;
5100
+ for (let attempt = 0; attempt < 20; attempt++) {
5065
5101
  try {
5066
5102
  await fs10.access(socketPath);
5103
+ socketFound = true;
5067
5104
  break;
5068
5105
  } catch {
5069
5106
  await new Promise((resolve6) => setTimeout(resolve6, 500));
5070
- attempts++;
5071
5107
  }
5072
5108
  }
5073
- await execAsync5(`sudo chmod 660 "${socketPath}"`);
5074
- await execAsync5(`sudo chown ${brokerUsername}:staff "${socketPath}"`);
5109
+ if (!socketFound) {
5110
+ return {
5111
+ success: false,
5112
+ message: "Broker socket not created after 10s \u2014 check /var/log/agenshield/broker.error.log"
5113
+ };
5114
+ }
5115
+ await execAsync5(`sudo chmod 666 "${socketPath}"`);
5116
+ await execAsync5(`sudo chown ${brokerUsername}:${socketGroupName} "${socketPath}"`);
5075
5117
  return {
5076
5118
  success: true,
5077
5119
  message: "Socket permissions configured"
package/launchdaemon.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"launchdaemon.d.ts","sourceRoot":"","sources":["../src/launchdaemon.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAWH;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,OAAO,iBAAiB,EAAE,UAAU,EAC5C,OAAO,CAAC,EAAE;IACR,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,GACA,MAAM,CAkER;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,CAAC,EAAE;IAClD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GAAG,MAAM,CA8DT;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,KAAK,CAAC;CACf;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;AACvF;;GAEG;AACH,wBAAsB,mBAAmB,CAAC,OAAO,CAAC,EAAE;IAClD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;AA+C1B;;GAEG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,YAAY,CAAC,CAe9D;AAED;;GAEG;AACH,wBAAsB,kBAAkB,IAAI,OAAO,CAAC,YAAY,CAAC,CAuBhE;AAED;;GAEG;AACH,wBAAsB,qBAAqB,IAAI,OAAO,CAAC,YAAY,CAAC,CAmBnE;AAED;;GAEG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC,CAOxD;AAED;;GAEG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC;IAC/C,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,CAAC,CA6CD;AAED;;GAEG;AACH,wBAAsB,aAAa,IAAI,OAAO,CAAC,YAAY,CAAC,CAgB3D;AAED;;;GAGG;AACH,wBAAsB,oBAAoB,CAAC,MAAM,CAAC,EAAE,OAAO,iBAAiB,EAAE,UAAU,GAAG,OAAO,CAAC,YAAY,CAAC,CAsC/G"}
1
+ {"version":3,"file":"launchdaemon.d.ts","sourceRoot":"","sources":["../src/launchdaemon.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAWH;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,OAAO,iBAAiB,EAAE,UAAU,EAC5C,OAAO,CAAC,EAAE;IACR,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,GACA,MAAM,CA+DR;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,CAAC,EAAE;IAClD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GAAG,MAAM,CA2DT;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,KAAK,CAAC;CACf;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;AACvF;;GAEG;AACH,wBAAsB,mBAAmB,CAAC,OAAO,CAAC,EAAE;IAClD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;AA+C1B;;GAEG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,YAAY,CAAC,CAe9D;AAED;;GAEG;AACH,wBAAsB,kBAAkB,IAAI,OAAO,CAAC,YAAY,CAAC,CAuBhE;AAED;;GAEG;AACH,wBAAsB,qBAAqB,IAAI,OAAO,CAAC,YAAY,CAAC,CAmBnE;AAED;;GAEG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC,CAOxD;AAED;;GAEG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC;IAC/C,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,CAAC,CA6CD;AAED;;GAEG;AACH,wBAAsB,aAAa,IAAI,OAAO,CAAC,YAAY,CAAC,CAgB3D;AAED;;;GAGG;AACH,wBAAsB,oBAAoB,CAAC,MAAM,CAAC,EAAE,OAAO,iBAAiB,EAAE,UAAU,GAAG,OAAO,CAAC,YAAY,CAAC,CA+C/G"}
package/macos.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"macos.d.ts","sourceRoot":"","sources":["../src/macos.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAuBhG;;GAEG;AACH,wBAAgB,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAMpD;AAiBD;;GAEG;AACH,wBAAgB,kBAAkB,IAAI;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAsBzE;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,GAAE,OAAO,CAAC,aAAa,CAAM,GAAG,gBAAgB,CA6FvF;AAED;;GAEG;AACH,wBAAgB,wBAAwB,CAAC,IAAI,EAAE,WAAW,GAAG;IAC3D,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,CAAC,EAAE,kBAAkB,CAAC;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAqCA;AAED;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,MAAM,EAChB,OAAO,GAAE;IAAE,aAAa,CAAC,EAAE,OAAO,CAAA;CAAO,GACxC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAyCtC"}
1
+ {"version":3,"file":"macos.d.ts","sourceRoot":"","sources":["../src/macos.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAuBhG;;GAEG;AACH,wBAAgB,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAMpD;AAiBD;;GAEG;AACH,wBAAgB,kBAAkB,IAAI;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAsBzE;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,GAAE,OAAO,CAAC,aAAa,CAAM,GAAG,gBAAgB,CA6FvF;AAED;;GAEG;AACH,wBAAgB,wBAAwB,CAAC,IAAI,EAAE,WAAW,GAAG;IAC3D,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,CAAC,EAAE,kBAAkB,CAAC;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAoCA;AAED;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,MAAM,EAChB,OAAO,GAAE;IAAE,aAAa,CAAC,EAAE,OAAO,CAAA;CAAO,GACxC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAyCtC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@agenshield/sandbox",
3
- "version": "0.4.3",
3
+ "version": "0.5.0",
4
4
  "type": "module",
5
5
  "description": "User isolation and sandboxing utilities for AgenShield",
6
6
  "main": "./index.js",
@@ -15,7 +15,7 @@
15
15
  },
16
16
  "license": "MIT",
17
17
  "dependencies": {
18
- "@agenshield/skills": "0.4.3",
18
+ "@agenshield/skills": "0.5.0",
19
19
  "yaml": "^2.7.1"
20
20
  },
21
21
  "devDependencies": {
package/restore.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"restore.d.ts","sourceRoot":"","sources":["../src/restore.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAmB1D,MAAM,MAAM,WAAW,GACnB,UAAU,GACV,aAAa,GACb,aAAa,GACb,gBAAgB,GAChB,gBAAgB,GAChB,iBAAiB,GACjB,aAAa,GACb,cAAc,GACd,SAAS,GACT,QAAQ,CAAC;AAEb,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,WAAW,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,eAAe,EAAE,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAyWD;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,kBAAkB,EAC1B,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE,eAAe,KAAK,IAAI,GAC/C,aAAa,CA+Ef;AAED;;GAEG;AACH,wBAAgB,YAAY,IAAI;IAC9B,YAAY,EAAE,OAAO,CAAC;IACtB,MAAM,EAAE,OAAO,CAAC;IAChB,SAAS,EAAE,OAAO,CAAC;IACnB,MAAM,EAAE,kBAAkB,GAAG,IAAI,CAAC;IAClC,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CA+BA;AAuDD,wBAAgB,cAAc,CAC5B,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE,eAAe,KAAK,IAAI,GAC/C,aAAa,CAuHf"}
1
+ {"version":3,"file":"restore.d.ts","sourceRoot":"","sources":["../src/restore.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAmB1D,MAAM,MAAM,WAAW,GACnB,UAAU,GACV,aAAa,GACb,aAAa,GACb,gBAAgB,GAChB,gBAAgB,GAChB,iBAAiB,GACjB,aAAa,GACb,cAAc,GACd,SAAS,GACT,QAAQ,CAAC;AAEb,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,WAAW,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,eAAe,EAAE,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AA2XD;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,kBAAkB,EAC1B,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE,eAAe,KAAK,IAAI,GAC/C,aAAa,CA+Ef;AAED;;GAEG;AACH,wBAAgB,YAAY,IAAI;IAC9B,YAAY,EAAE,OAAO,CAAC;IACtB,MAAM,EAAE,OAAO,CAAC;IAChB,SAAS,EAAE,OAAO,CAAC;IACnB,MAAM,EAAE,kBAAkB,GAAG,IAAI,CAAC;IAClC,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CA+BA;AAuDD,wBAAgB,cAAc,CAC5B,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE,eAAe,KAAK,IAAI,GAC/C,aAAa,CAuHf"}
package/shield-exec.d.ts CHANGED
@@ -16,5 +16,5 @@ export declare const PROXIED_COMMANDS: readonly ["curl", "wget", "git", "ssh", "
16
16
  /**
17
17
  * The content of shield-exec as a string, for installation
18
18
  */
19
- export declare const SHIELD_EXEC_CONTENT = "#!/usr/bin/env node\n'use strict';\n\nconst path = require('path');\nconst net = require('net');\n\nconst DEFAULT_SOCKET_PATH = '/var/run/agenshield/agenshield.sock';\n\nfunction sendRequest(socketPath, request) {\n return new Promise((resolve, reject) => {\n const socket = net.createConnection(socketPath, () => {\n socket.write(JSON.stringify(request) + '\\n');\n });\n let data = '';\n socket.on('data', (chunk) => {\n data += chunk.toString();\n const idx = data.indexOf('\\n');\n if (idx >= 0) {\n try {\n const resp = JSON.parse(data.slice(0, idx));\n socket.end();\n resolve(resp);\n } catch (e) {\n socket.end();\n reject(new Error('Invalid JSON response: ' + e.message));\n }\n }\n });\n socket.on('error', (err) => reject(new Error('Socket error: ' + err.message)));\n socket.on('end', () => {\n if (data.trim()) {\n try { resolve(JSON.parse(data.trim())); }\n catch { reject(new Error('Connection closed before response')); }\n } else {\n reject(new Error('Connection closed without response'));\n }\n });\n socket.setTimeout(30000, () => {\n socket.destroy();\n reject(new Error('Request timed out'));\n });\n });\n}\n\nasync function main() {\n const socketPath = process.env.AGENSHIELD_SOCKET || DEFAULT_SOCKET_PATH;\n const invoked = path.basename(process.argv[1] || 'shield-exec');\n const args = process.argv.slice(2);\n const commandName = invoked === 'shield-exec' ? (args.shift() || '') : invoked;\n\n if (!commandName) {\n process.stderr.write('Usage: shield-exec <command> [args...]\\n');\n process.exit(1);\n }\n\n const request = {\n jsonrpc: '2.0',\n id: 'shield-exec-' + Date.now() + '-' + Math.random().toString(36).slice(2, 8),\n method: 'exec',\n params: { command: commandName, args: args, cwd: process.cwd() },\n };\n\n try {\n const response = await sendRequest(socketPath, request);\n if (response.error) {\n process.stderr.write('Error: ' + response.error.message + '\\n');\n process.exit(1);\n }\n const result = response.result;\n if (!result) { process.stderr.write('Error: Empty response\\n'); process.exit(1); }\n if (!result.success) {\n process.stderr.write('Error: ' + (result.error?.message || 'Unknown error') + '\\n');\n process.exit(1);\n }\n const data = result.data;\n if (!data) process.exit(0);\n if (data.stdout) process.stdout.write(data.stdout);\n if (data.stderr) process.stderr.write(data.stderr);\n process.exit(data.exitCode ?? 0);\n } catch (err) {\n process.stderr.write('shield-exec error: ' + err.message + '\\n');\n process.exit(1);\n }\n}\n\nmain().catch((err) => { process.stderr.write('Fatal: ' + err.message + '\\n'); process.exit(1); });\n";
19
+ export declare const SHIELD_EXEC_CONTENT = "#!/usr/bin/env node\nimport path from 'node:path';\nimport net from 'node:net';\n\nconst DEFAULT_SOCKET_PATH = '/var/run/agenshield/agenshield.sock';\n\nfunction sendRequest(socketPath, request) {\n return new Promise((resolve, reject) => {\n const socket = net.createConnection(socketPath, () => {\n socket.write(JSON.stringify(request) + '\\n');\n });\n let data = '';\n socket.on('data', (chunk) => {\n data += chunk.toString();\n const idx = data.indexOf('\\n');\n if (idx >= 0) {\n try {\n const resp = JSON.parse(data.slice(0, idx));\n socket.end();\n resolve(resp);\n } catch (e) {\n socket.end();\n reject(new Error('Invalid JSON response: ' + e.message));\n }\n }\n });\n socket.on('error', (err) => reject(new Error('Socket error: ' + err.message)));\n socket.on('end', () => {\n if (data.trim()) {\n try { resolve(JSON.parse(data.trim())); }\n catch { reject(new Error('Connection closed before response')); }\n } else {\n reject(new Error('Connection closed without response'));\n }\n });\n socket.setTimeout(30000, () => {\n socket.destroy();\n reject(new Error('Request timed out'));\n });\n });\n}\n\nasync function main() {\n const socketPath = process.env.AGENSHIELD_SOCKET || DEFAULT_SOCKET_PATH;\n const invoked = path.basename(process.argv[1] || 'shield-exec');\n const args = process.argv.slice(2);\n const commandName = invoked === 'shield-exec' ? (args.shift() || '') : invoked;\n\n if (!commandName) {\n process.stderr.write('Usage: shield-exec <command> [args...]\\n');\n process.exit(1);\n }\n\n const request = {\n jsonrpc: '2.0',\n id: 'shield-exec-' + Date.now() + '-' + Math.random().toString(36).slice(2, 8),\n method: 'exec',\n params: { command: commandName, args: args, cwd: process.cwd() },\n };\n\n try {\n const response = await sendRequest(socketPath, request);\n if (response.error) {\n process.stderr.write('Error: ' + response.error.message + '\\n');\n process.exit(1);\n }\n const result = response.result;\n if (!result) { process.stderr.write('Error: Empty response\\n'); process.exit(1); }\n if (!result.success) {\n process.stderr.write('Error: ' + (result.error?.message || 'Unknown error') + '\\n');\n process.exit(1);\n }\n const data = result.data;\n if (!data) process.exit(0);\n if (data.stdout) process.stdout.write(data.stdout);\n if (data.stderr) process.stderr.write(data.stderr);\n process.exit(data.exitCode ?? 0);\n } catch (err) {\n process.stderr.write('shield-exec error: ' + err.message + '\\n');\n process.exit(1);\n }\n}\n\nmain().catch((err) => { process.stderr.write('Fatal: ' + err.message + '\\n'); process.exit(1); });\n";
20
20
  //# sourceMappingURL=shield-exec.d.ts.map
package/shield-exec.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"shield-exec.d.ts","sourceRoot":"","sources":["../src/shield-exec.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAKH,0CAA0C;AAC1C,eAAO,MAAM,gBAAgB,oCAAoC,CAAC;AAKlE,4EAA4E;AAC5E,eAAO,MAAM,gBAAgB,iIAInB,CAAC;AAsKX;;GAEG;AACH,eAAO,MAAM,mBAAmB,wzFAsF/B,CAAC"}
1
+ {"version":3,"file":"shield-exec.d.ts","sourceRoot":"","sources":["../src/shield-exec.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAKH,0CAA0C;AAC1C,eAAO,MAAM,gBAAgB,oCAAoC,CAAC;AAKlE,4EAA4E;AAC5E,eAAO,MAAM,gBAAgB,iIAInB,CAAC;AAsKX;;GAEG;AACH,eAAO,MAAM,mBAAmB,uyFAoF/B,CAAC"}
package/wrappers.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"wrappers.d.ts","sourceRoot":"","sources":["../src/wrappers.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAQH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAOlD;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,qDAAqD;IACrD,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,oDAAoD;IACpD,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,qCAAqC;IACrC,QAAQ,EAAE,CAAC,MAAM,EAAE,aAAa,KAAK,MAAM,CAAC;CAC7C;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,2BAA2B;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,qBAAqB;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,kBAAkB;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,yBAAyB;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,iCAAiC;IACjC,eAAe,EAAE,MAAM,CAAC;IACxB,mEAAmE;IACnE,eAAe,EAAE,MAAM,CAAC;IACxB,gCAAgC;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,gCAAgC;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,iCAAiC;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,8BAA8B;IAC9B,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,UAAU,CAAC,EAAE,UAAU,GAAG,aAAa,CAe9E;AAED;;GAEG;AACH,eAAO,MAAM,mBAAmB,EAAE,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAgWjE,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,QAAQ,EAQhB,MAAM,CAAC,MAAM,EAAE;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC;AAE9D,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,KAAK,CAAC;CACf;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,IAAI,EAAE,MAAM,EACZ,MAAM,CAAC,EAAE,aAAa,GACrB,MAAM,GAAG,IAAI,CAMf;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,aAAa,CAAC,CAsBxB;AAED;;GAEG;AACH,wBAAsB,sBAAsB,CAC1C,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,KAAK,CAAC,EAAE,MAAM,EACd,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,aAAa,CAAC,CA6BxB;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,SAAS,GAAE,MAAsC,EACjD,MAAM,CAAC,EAAE,aAAa,GACrB,OAAO,CAAC,aAAa,EAAE,CAAC,CA2B1B;AAED;;GAEG;AACH,wBAAsB,uBAAuB,CAC3C,KAAK,EAAE,MAAM,EAAE,EACf,SAAS,EAAE,MAAM,EACjB,MAAM,CAAC,EAAE,aAAa,GACrB,OAAO,CAAC,aAAa,EAAE,CAAC,CAsC1B;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,aAAa,CAAC,CA8BxB;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,SAAS,GAAE,MAAsC,GAChD,OAAO,CAAC,aAAa,EAAE,CAAC,CAS1B;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,SAAS,GAAE,MAAsC,GAChD,OAAO,CAAC;IACT,KAAK,EAAE,OAAO,CAAC;IACf,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB,CAAC,CAmBD;AAED;;;;;GAKG;AACH,wBAAsB,kBAAkB,CACtC,UAAU,EAAE,UAAU,EACtB,WAAW,EAAE;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,GACnD,OAAO,CAAC;IACT,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB,CAAC,CAkBD;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,UAAU,CAAC,EAAE,UAAU,EACvB,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,aAAa,CAAC,CAgExB;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,UAAU,EAAE,UAAU,EACtB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC;IACT,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB,CAAC,CA+FD;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,EAAE,CAE/C;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,iBAAiB,GAAG,IAAI,CAE3E;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAGzD;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAG5D;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,OAAO,GAAE,OAAe,EACxB,KAAK,CAAC,EAAE,MAAM,EACd,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,aAAa,CAAC,CAKxB;AAED;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,EACjB,OAAO,GAAE,OAAe,GACvB,OAAO,CAAC,aAAa,CAAC,CAkCxB;AAED;;GAEG;AACH,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,EACjB,MAAM,CAAC,EAAE,aAAa,EACtB,OAAO,GAAE,OAAe,GACvB,OAAO,CAAC,aAAa,CAAC,CAiBxB;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,UAAU,CAAC,EAAE,UAAU,GACtB,OAAO,CAAC,aAAa,CAAC,CAkCxB;AAED;;;GAGG;AACH,wBAAsB,gBAAgB,CACpC,UAAU,CAAC,EAAE,UAAU,GACtB,OAAO,CAAC,aAAa,CAAC,CA0CxB;AAED;;;GAGG;AACH,wBAAsB,cAAc,CAClC,UAAU,CAAC,EAAE,UAAU,GACtB,OAAO,CAAC,aAAa,CAAC,CA8BxB;AAED,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,iBAAiB,EAAE,OAAO,CAAC;CAC5B;AAED;;GAEG;AACH,eAAO,MAAM,qBAAqB,UAMjC,CAAC;AAEF;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE;IAAE,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,GAC9B,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,SAAS,EAAE,MAAM,EAAE,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CAAC,CA+BtE;AAED;;GAEG;AACH,wBAAsB,qBAAqB,CAAC,OAAO,EAAE;IACnD,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,UAAU,EAAE,UAAU,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,MAAM,CAAC;IACxB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAyF/B"}
1
+ {"version":3,"file":"wrappers.d.ts","sourceRoot":"","sources":["../src/wrappers.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAQH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAOlD;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,qDAAqD;IACrD,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,oDAAoD;IACpD,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,qCAAqC;IACrC,QAAQ,EAAE,CAAC,MAAM,EAAE,aAAa,KAAK,MAAM,CAAC;CAC7C;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,2BAA2B;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,qBAAqB;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,kBAAkB;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,yBAAyB;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,iCAAiC;IACjC,eAAe,EAAE,MAAM,CAAC;IACxB,mEAAmE;IACnE,eAAe,EAAE,MAAM,CAAC;IACxB,gCAAgC;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,gCAAgC;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,iCAAiC;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,8BAA8B;IAC9B,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,UAAU,CAAC,EAAE,UAAU,GAAG,aAAa,CAe9E;AAED;;GAEG;AACH,eAAO,MAAM,mBAAmB,EAAE,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAgWjE,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,QAAQ,EAQhB,MAAM,CAAC,MAAM,EAAE;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC;AAE9D,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,KAAK,CAAC;CACf;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,IAAI,EAAE,MAAM,EACZ,MAAM,CAAC,EAAE,aAAa,GACrB,MAAM,GAAG,IAAI,CAMf;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,aAAa,CAAC,CAsBxB;AAED;;GAEG;AACH,wBAAsB,sBAAsB,CAC1C,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,KAAK,CAAC,EAAE,MAAM,EACd,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,aAAa,CAAC,CA6BxB;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,SAAS,GAAE,MAAsC,EACjD,MAAM,CAAC,EAAE,aAAa,GACrB,OAAO,CAAC,aAAa,EAAE,CAAC,CA2B1B;AAED;;GAEG;AACH,wBAAsB,uBAAuB,CAC3C,KAAK,EAAE,MAAM,EAAE,EACf,SAAS,EAAE,MAAM,EACjB,MAAM,CAAC,EAAE,aAAa,GACrB,OAAO,CAAC,aAAa,EAAE,CAAC,CAsC1B;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,aAAa,CAAC,CA8BxB;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,SAAS,GAAE,MAAsC,GAChD,OAAO,CAAC,aAAa,EAAE,CAAC,CAS1B;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,SAAS,GAAE,MAAsC,GAChD,OAAO,CAAC;IACT,KAAK,EAAE,OAAO,CAAC;IACf,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB,CAAC,CAmBD;AAED;;;;;GAKG;AACH,wBAAsB,kBAAkB,CACtC,UAAU,EAAE,UAAU,EACtB,WAAW,EAAE;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,GACnD,OAAO,CAAC;IACT,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB,CAAC,CAkBD;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,UAAU,CAAC,EAAE,UAAU,EACvB,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,aAAa,CAAC,CAiExB;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,UAAU,EAAE,UAAU,EACtB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC;IACT,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB,CAAC,CA+FD;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,EAAE,CAE/C;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,iBAAiB,GAAG,IAAI,CAE3E;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAGzD;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAG5D;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,OAAO,GAAE,OAAe,EACxB,KAAK,CAAC,EAAE,MAAM,EACd,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,aAAa,CAAC,CAKxB;AAED;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,EACjB,OAAO,GAAE,OAAe,GACvB,OAAO,CAAC,aAAa,CAAC,CAkCxB;AAED;;GAEG;AACH,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,EACjB,MAAM,CAAC,EAAE,aAAa,EACtB,OAAO,GAAE,OAAe,GACvB,OAAO,CAAC,aAAa,CAAC,CAiBxB;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,UAAU,CAAC,EAAE,UAAU,GACtB,OAAO,CAAC,aAAa,CAAC,CAkCxB;AAED;;;GAGG;AACH,wBAAsB,gBAAgB,CACpC,UAAU,CAAC,EAAE,UAAU,GACtB,OAAO,CAAC,aAAa,CAAC,CAqDxB;AAED;;;GAGG;AACH,wBAAsB,cAAc,CAClC,UAAU,CAAC,EAAE,UAAU,GACtB,OAAO,CAAC,aAAa,CAAC,CA8BxB;AAED,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,iBAAiB,EAAE,OAAO,CAAC;CAC5B;AAED;;GAEG;AACH,eAAO,MAAM,qBAAqB,UAMjC,CAAC;AAEF;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE;IAAE,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,GAC9B,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,SAAS,EAAE,MAAM,EAAE,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CAAC,CA+BtE;AAED;;GAEG;AACH,wBAAsB,qBAAqB,CAAC,OAAO,EAAE;IACnD,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,UAAU,EAAE,UAAU,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,MAAM,CAAC;IACxB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAyF/B"}