@agenshield/sandbox 0.7.0 → 0.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/discovery/index.d.ts +1 -1
  2. package/discovery/index.d.ts.map +1 -1
  3. package/discovery/skill-scanner.d.ts +8 -0
  4. package/discovery/skill-scanner.d.ts.map +1 -1
  5. package/index.d.ts +1 -1
  6. package/index.d.ts.map +1 -1
  7. package/index.js +24 -3
  8. package/package.json +2 -2
package/discovery/index.d.ts CHANGED
@@ -3,5 +3,5 @@
3
3
  */
4
4
  export { scanDiscovery } from './scanner';
5
5
  export { scanBinaries, classifyDirectory, detectNpmGlobalBin, detectYarnGlobalBin, getProtection, isShieldExecLink, categorize, } from './binary-scanner';
6
- export { scanSkills, parseSkillMd, extractCommands, extractSkillInfo, getApprovalStatus, } from './skill-scanner';
6
+ export { scanSkills, parseSkillMd, extractCommands, extractSkillInfo, getApprovalStatus, stripEnvFromSkillMd, } from './skill-scanner';
7
7
  //# sourceMappingURL=index.d.ts.map
package/discovery/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/discovery/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,kBAAkB,EAClB,mBAAmB,EACnB,aAAa,EACb,gBAAgB,EAChB,UAAU,GACX,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,UAAU,EACV,YAAY,EACZ,eAAe,EACf,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,iBAAiB,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/discovery/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,kBAAkB,EAClB,mBAAmB,EACnB,aAAa,EACb,gBAAgB,EAChB,UAAU,GACX,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,UAAU,EACV,YAAY,EACZ,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EACjB,mBAAmB,GACpB,MAAM,iBAAiB,CAAC"}
package/discovery/skill-scanner.d.ts CHANGED
@@ -28,4 +28,12 @@ export declare function getApprovalStatus(skillName: string): 'approved' | 'quar
28
28
  * Scan the skills directory and return discovered skills
29
29
  */
30
30
  export declare function scanSkills(options: DiscoveryOptions, binaryLookup: Map<string, DiscoveredBinary>): DiscoveredSkill[];
31
+ /**
32
+ * Strip env-related fields from SKILL.md frontmatter.
33
+ *
34
+ * OpenClaw reads `requires.env` / `metadata.openclaw.requires.env` / `metadata.openclaw.primaryEnv`
35
+ * from SKILL.md and prompts the user for those env vars. AgenShield handles secrets via its own
36
+ * vault/broker, so we strip these fields before writing to the agent's skill directory.
37
+ */
38
+ export declare function stripEnvFromSkillMd(content: string): string;
31
39
  //# sourceMappingURL=skill-scanner.d.ts.map
package/discovery/skill-scanner.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"skill-scanner.d.ts","sourceRoot":"","sources":["../../src/discovery/skill-scanner.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EACV,aAAa,EACb,kBAAkB,EAClB,eAAe,EACf,uBAAuB,EACvB,gBAAgB,EAChB,gBAAgB,EACjB,MAAM,iBAAiB,CAAC;AAkCzB;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,aAAa,GAAG,IAAI,GAAG,kBAAkB,CAUnF;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG;IAAE,QAAQ,EAAE,aAAa,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAkB9F;AAED;;GAEG;AACH,wBAAgB,eAAe,CAC7B,QAAQ,EAAE,aAAa,GAAG,IAAI,EAC9B,IAAI,EAAE,MAAM,EACZ,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE,gBAAgB,CAAC,GAC1C,uBAAuB,EAAE,CAiE3B;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,SAAS,EAAE,MAAM,GAChB,UAAU,GAAG,aAAa,GAAG,SAAS,CAyBxC;AAED;;GAEG;AACH,wBAAgB,UAAU,CACxB,OAAO,EAAE,gBAAgB,EACzB,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE,gBAAgB,CAAC,GAC1C,eAAe,EAAE,CAiGnB"}
1
+ {"version":3,"file":"skill-scanner.d.ts","sourceRoot":"","sources":["../../src/discovery/skill-scanner.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EACV,aAAa,EAEb,kBAAkB,EAClB,eAAe,EACf,uBAAuB,EACvB,gBAAgB,EAChB,gBAAgB,EACjB,MAAM,iBAAiB,CAAC;AAkCzB;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,aAAa,GAAG,IAAI,GAAG,kBAAkB,CAWnF;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG;IAAE,QAAQ,EAAE,aAAa,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAkB9F;AAED;;GAEG;AACH,wBAAgB,eAAe,CAC7B,QAAQ,EAAE,aAAa,GAAG,IAAI,EAC9B,IAAI,EAAE,MAAM,EACZ,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE,gBAAgB,CAAC,GAC1C,uBAAuB,EAAE,CAiE3B;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,SAAS,EAAE,MAAM,GAChB,UAAU,GAAG,aAAa,GAAG,SAAS,CAyBxC;AAED;;GAEG;AACH,wBAAgB,UAAU,CACxB,OAAO,EAAE,gBAAgB,EACzB,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE,gBAAgB,CAAC,GAC1C,eAAe,EAAE,CAiGnB;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAuB3D"}
package/index.d.ts CHANGED
@@ -23,6 +23,6 @@ export { WRAPPERS, WRAPPER_DEFINITIONS, installWrapper, installWrappers, install
23
23
  export { generateAgentProfile, generateOperationProfile, installProfiles, installSeatbeltProfiles, verifyProfile, getInstalledProfiles, type ProfileResult, } from './seatbelt';
24
24
  export { generateBrokerPlist, generateBrokerPlistLegacy, installLaunchDaemon, loadLaunchDaemon, unloadLaunchDaemon, uninstallLaunchDaemon, isDaemonRunning, getDaemonStatus, restartDaemon, fixSocketPermissions, type DaemonResult, } from './launchdaemon';
25
25
  export { getPreset, listPresets, listAutoDetectablePresets, autoDetectPreset, formatPresetList, openclawPreset, devHarnessPreset, customPreset, PRESETS, type TargetPreset, type PresetDetectionResult, type MigrationContext, type MigrationDirectories, type PresetMigrationResult, } from './presets';
26
- export { scanDiscovery, scanBinaries, scanSkills, parseSkillMd, extractSkillInfo, classifyDirectory, } from './discovery';
26
+ export { scanDiscovery, scanBinaries, scanSkills, parseSkillMd, extractSkillInfo, classifyDirectory, stripEnvFromSkillMd, } from './discovery';
27
27
  export { injectAgenCoSkill, createAgenCoSymlink, removeInjectedSkills, updateOpenClawMcpConfig, getSkillsDir, getAgenCoSkillPath, type SkillInjectionResult, } from './skill-injector';
28
28
  //# sourceMappingURL=index.d.ts.map
package/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,gBAAgB,EAAE,kBAAkB,IAAI,yBAAyB,EAAE,MAAM,SAAS,CAAC;AAG7H,cAAc,iBAAiB,CAAC;AAGhC,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,gBAAgB,EAChB,YAAY,EACZ,WAAW,EACX,UAAU,EACV,eAAe,EACf,gBAAgB,EAChB,WAAW,EACX,uBAAuB,EACvB,WAAW,EACX,UAAU,EACV,YAAY,EACZ,WAAW,EACX,uBAAuB,EACvB,WAAW,EACX,UAAU,EACV,WAAW,EACX,YAAY,EACZ,oBAAoB,EACpB,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,KAAK,YAAY,GAClB,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,wBAAwB,EACxB,iBAAiB,EACjB,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,oBAAoB,EACpB,iBAAiB,EACjB,eAAe,EACf,oBAAoB,EACpB,gBAAgB,EAChB,oBAAoB,EACpB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EACvB,KAAK,eAAe,GACrB,MAAM,eAAe,CAAC;AAGvB,cAAc,aAAa,CAAC;AAG5B,OAAO,EACL,QAAQ,EACR,kBAAkB,EAClB,cAAc,EACd,iBAAiB,EACjB,eAAe,EACf,kBAAkB,EAClB,KAAK,eAAe,GACrB,MAAM,gBAAgB,CAAC;AAGxB,cAAc,YAAY,CAAC;AAG3B,cAAc,UAAU,CAAC;AAGzB,cAAc,UAAU,CAAC;AACzB,cAAc,WAAW,CAAC;AAG1B,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,GACjB,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,QAAQ,EACR,mBAAmB,EACnB,cAAc,EACd,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,gBAAgB,EAChB,iBAAiB,EACjB,cAAc,EACd,mBAAmB,EACnB,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,YAAY,EACZ,gBAAgB,EAChB,KAAK,gBAAgB,EACrB,qBAAqB,EACrB,oBAAoB,EACpB,qBAAqB,EACrB,KAAK,mBAAmB,EAExB,oBAAoB,EACpB,oBAAoB,EACpB,sBAAsB,EACtB,uBAAuB,EACvB,mBAAmB,EACnB,sBAAsB,EACtB,iBAAiB,EACjB,oBAAoB,EACpB,aAAa,EACb,KAAK,aAAa,EAClB,KAAK,iBAAiB,EACtB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,oBAAoB,EACpB,wBAAwB,EACxB,eAAe,EACf,uBAAuB,EACvB,aAAa,EACb,oBAAoB,EACpB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,mBAAmB,EACnB,yBAAyB,EACzB,mBAAmB,EACnB,gBAAgB,EAChB,kBAAkB,EAClB,qBAAqB,EACrB,eAAe,EACf,eAAe,EACf,aAAa,EACb,oBAAoB,EACpB,KAAK,YAAY,GAClB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAEL,SAAS,EACT,WAAW,EACX,yBAAyB,EACzB,gBAAgB,EAChB,gBAAgB,EAEhB,cAAc,EACd,gBAAgB,EAChB,YAAY,EACZ,OAAO,EAEP,KAAK,YAAY,EACjB,KAAK,qBAAqB,EAC1B,KAAK,gBAAgB,EACrB,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,GAC3B,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,aAAa,EACb,YAAY,EACZ,UAAU,EACV,YAAY,EACZ,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAMrB,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,oBAAoB,EACpB,uBAAuB,EACvB,YAAY,EACZ,kBAAkB,EAClB,KAAK,oBAAoB,GAC1B,MAAM,kBAAkB,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,gBAAgB,EAAE,kBAAkB,IAAI,yBAAyB,EAAE,MAAM,SAAS,CAAC;AAG7H,cAAc,iBAAiB,CAAC;AAGhC,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,gBAAgB,EAChB,YAAY,EACZ,WAAW,EACX,UAAU,EACV,eAAe,EACf,gBAAgB,EAChB,WAAW,EACX,uBAAuB,EACvB,WAAW,EACX,UAAU,EACV,YAAY,EACZ,WAAW,EACX,uBAAuB,EACvB,WAAW,EACX,UAAU,EACV,WAAW,EACX,YAAY,EACZ,oBAAoB,EACpB,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,KAAK,YAAY,GAClB,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,wBAAwB,EACxB,iBAAiB,EACjB,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,oBAAoB,EACpB,iBAAiB,EACjB,eAAe,EACf,oBAAoB,EACpB,gBAAgB,EAChB,oBAAoB,EACpB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EACvB,KAAK,eAAe,GACrB,MAAM,eAAe,CAAC;AAGvB,cAAc,aAAa,CAAC;AAG5B,OAAO,EACL,QAAQ,EACR,kBAAkB,EAClB,cAAc,EACd,iBAAiB,EACjB,eAAe,EACf,kBAAkB,EAClB,KAAK,eAAe,GACrB,MAAM,gBAAgB,CAAC;AAGxB,cAAc,YAAY,CAAC;AAG3B,cAAc,UAAU,CAAC;AAGzB,cAAc,UAAU,CAAC;AACzB,cAAc,WAAW,CAAC;AAG1B,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,GACjB,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,QAAQ,EACR,mBAAmB,EACnB,cAAc,EACd,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,gBAAgB,EAChB,iBAAiB,EACjB,cAAc,EACd,mBAAmB,EACnB,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,YAAY,EACZ,gBAAgB,EAChB,KAAK,gBAAgB,EACrB,qBAAqB,EACrB,oBAAoB,EACpB,qBAAqB,EACrB,KAAK,mBAAmB,EAExB,oBAAoB,EACpB,oBAAoB,EACpB,sBAAsB,EACtB,uBAAuB,EACvB,mBAAmB,EACnB,sBAAsB,EACtB,iBAAiB,EACjB,oBAAoB,EACpB,aAAa,EACb,KAAK,aAAa,EAClB,KAAK,iBAAiB,EACtB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,oBAAoB,EACpB,wBAAwB,EACxB,eAAe,EACf,uBAAuB,EACvB,aAAa,EACb,oBAAoB,EACpB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,mBAAmB,EACnB,yBAAyB,EACzB,mBAAmB,EACnB,gBAAgB,EAChB,kBAAkB,EAClB,qBAAqB,EACrB,eAAe,EACf,eAAe,EACf,aAAa,EACb,oBAAoB,EACpB,KAAK,YAAY,GAClB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAEL,SAAS,EACT,WAAW,EACX,yBAAyB,EACzB,gBAAgB,EAChB,gBAAgB,EAEhB,cAAc,EACd,gBAAgB,EAChB,YAAY,EACZ,OAAO,EAEP,KAAK,YAAY,EACjB,KAAK,qBAAqB,EAC1B,KAAK,gBAAgB,EACrB,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,GAC3B,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,aAAa,EACb,YAAY,EACZ,UAAU,EACV,YAAY,EACZ,gBAAgB,EAChB,iBAAiB,EACjB,mBAAmB,GACpB,MAAM,aAAa,CAAC;AAMrB,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,oBAAoB,EACpB,uBAAuB,EACvB,YAAY,EACZ,kBAAkB,EAClB,KAAK,oBAAoB,GAC1B,MAAM,kBAAkB,CAAC"}
package/index.js CHANGED
@@ -6222,7 +6222,7 @@ function scanBinaries(options) {
6222
6222
  // libs/shield-sandbox/src/discovery/skill-scanner.ts
6223
6223
  import * as fs16 from "node:fs";
6224
6224
  import * as path13 from "node:path";
6225
- import { parse as parseYaml } from "yaml";
6225
+ import { parse as parseYaml, stringify as stringifyYaml } from "yaml";
6226
6226
 
6227
6227
  // libs/shield-sandbox/src/skill-injector.ts
6228
6228
  import * as fs15 from "node:fs";
@@ -6489,13 +6489,14 @@ function unique(value, index, self) {
6489
6489
  }
6490
6490
  function extractSkillInfo(metadata) {
6491
6491
  const topReq = metadata?.requires;
6492
- const oclReq = metadata?.metadata?.openclaw?.requires;
6492
+ const oclMeta = metadata?.metadata?.openclaw ?? metadata?.metadata?.clawdbot;
6493
+ const oclReq = oclMeta?.requires;
6493
6494
  return {
6494
6495
  apiKeys: [...topReq?.env ?? [], ...oclReq?.env ?? []].filter(unique),
6495
6496
  bins: [...topReq?.bins ?? [], ...oclReq?.bins ?? []].filter(unique),
6496
6497
  anyBins: [...topReq?.anyBins ?? [], ...oclReq?.anyBins ?? []].filter(unique),
6497
6498
  configOptions: [...topReq?.config ?? [], ...oclReq?.config ?? []].filter(unique),
6498
- installSteps: metadata?.metadata?.openclaw?.install
6499
+ installSteps: oclMeta?.install
6499
6500
  };
6500
6501
  }
6501
6502
  function parseSkillMd(content) {
@@ -6670,6 +6671,25 @@ function scanSkills(options, binaryLookup) {
6670
6671
  }
6671
6672
  return results.sort((a, b) => a.name.localeCompare(b.name));
6672
6673
  }
6674
+ function stripEnvFromSkillMd(content) {
6675
+ const match = content.match(/^---\s*\n([\s\S]*?)\n---\s*\n?([\s\S]*)$/);
6676
+ if (!match) return content;
6677
+ try {
6678
+ const metadata = parseYaml(match[1]);
6679
+ if (!metadata || typeof metadata !== "object") return content;
6680
+ if (metadata.requires?.env) delete metadata.requires.env;
6681
+ if (metadata.metadata?.openclaw?.requires?.env) delete metadata.metadata.openclaw.requires.env;
6682
+ if (metadata.metadata?.openclaw?.primaryEnv) delete metadata.metadata.openclaw.primaryEnv;
6683
+ if (metadata.metadata?.clawdbot?.requires?.env) delete metadata.metadata.clawdbot.requires.env;
6684
+ if (metadata.metadata?.clawdbot?.primaryEnv) delete metadata.metadata.clawdbot.primaryEnv;
6685
+ return `---
6686
+ ${stringifyYaml(metadata).trimEnd()}
6687
+ ---
6688
+ ${match[2]}`;
6689
+ } catch {
6690
+ return content;
6691
+ }
6692
+ }
6673
6693
 
6674
6694
  // libs/shield-sandbox/src/discovery/scanner.ts
6675
6695
  function computeSummary(binaries, directories, skills) {
@@ -6838,6 +6858,7 @@ export {
6838
6858
  scanSkills,
6839
6859
  seedConfigFiles,
6840
6860
  setupSocketDirectory,
6861
+ stripEnvFromSkillMd,
6841
6862
  uninstallLaunchDaemon,
6842
6863
  uninstallWrapper,
6843
6864
  uninstallWrappers,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@agenshield/sandbox",
3
- "version": "0.7.0",
3
+ "version": "0.7.1",
4
4
  "type": "module",
5
5
  "description": "User isolation and sandboxing utilities for AgenShield",
6
6
  "main": "./index.js",
@@ -15,7 +15,7 @@
15
15
  },
16
16
  "license": "MIT",
17
17
  "dependencies": {
18
- "@agenshield/skills": "0.7.0",
18
+ "@agenshield/skills": "0.7.1",
19
19
  "yaml": "^2.7.1"
20
20
  },
21
21
  "devDependencies": {