@agenshield/sandbox 0.7.0 → 0.7.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/discovery/index.d.ts +1 -1
- package/discovery/index.d.ts.map +1 -1
- package/discovery/skill-scanner.d.ts +8 -0
- package/discovery/skill-scanner.d.ts.map +1 -1
- package/index.d.ts +1 -1
- package/index.d.ts.map +1 -1
- package/index.js +26 -4
- package/package.json +2 -2
package/discovery/index.d.ts
CHANGED
|
@@ -3,5 +3,5 @@
|
|
|
3
3
|
*/
|
|
4
4
|
export { scanDiscovery } from './scanner';
|
|
5
5
|
export { scanBinaries, classifyDirectory, detectNpmGlobalBin, detectYarnGlobalBin, getProtection, isShieldExecLink, categorize, } from './binary-scanner';
|
|
6
|
-
export { scanSkills, parseSkillMd, extractCommands, extractSkillInfo, getApprovalStatus, } from './skill-scanner';
|
|
6
|
+
export { scanSkills, parseSkillMd, extractCommands, extractSkillInfo, getApprovalStatus, stripEnvFromSkillMd, } from './skill-scanner';
|
|
7
7
|
//# sourceMappingURL=index.d.ts.map
|
package/discovery/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/discovery/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,kBAAkB,EAClB,mBAAmB,EACnB,aAAa,EACb,gBAAgB,EAChB,UAAU,GACX,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,UAAU,EACV,YAAY,EACZ,eAAe,EACf,gBAAgB,EAChB,iBAAiB,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/discovery/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,kBAAkB,EAClB,mBAAmB,EACnB,aAAa,EACb,gBAAgB,EAChB,UAAU,GACX,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,UAAU,EACV,YAAY,EACZ,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EACjB,mBAAmB,GACpB,MAAM,iBAAiB,CAAC"}
|
|
@@ -28,4 +28,12 @@ export declare function getApprovalStatus(skillName: string): 'approved' | 'quar
|
|
|
28
28
|
* Scan the skills directory and return discovered skills
|
|
29
29
|
*/
|
|
30
30
|
export declare function scanSkills(options: DiscoveryOptions, binaryLookup: Map<string, DiscoveredBinary>): DiscoveredSkill[];
|
|
31
|
+
/**
|
|
32
|
+
* Strip env-related fields from SKILL.md frontmatter.
|
|
33
|
+
*
|
|
34
|
+
* OpenClaw reads `requires.env` / `metadata.openclaw.requires.env` / `metadata.openclaw.primaryEnv`
|
|
35
|
+
* from SKILL.md and prompts the user for those env vars. AgenShield handles secrets via its own
|
|
36
|
+
* vault/broker, so we strip these fields before writing to the agent's skill directory.
|
|
37
|
+
*/
|
|
38
|
+
export declare function stripEnvFromSkillMd(content: string): string;
|
|
31
39
|
//# sourceMappingURL=skill-scanner.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"skill-scanner.d.ts","sourceRoot":"","sources":["../../src/discovery/skill-scanner.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EACV,aAAa,
|
|
1
|
+
{"version":3,"file":"skill-scanner.d.ts","sourceRoot":"","sources":["../../src/discovery/skill-scanner.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EACV,aAAa,EAEb,kBAAkB,EAClB,eAAe,EACf,uBAAuB,EACvB,gBAAgB,EAChB,gBAAgB,EACjB,MAAM,iBAAiB,CAAC;AAkCzB;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,aAAa,GAAG,IAAI,GAAG,kBAAkB,CAWnF;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG;IAAE,QAAQ,EAAE,aAAa,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAkB9F;AAED;;GAEG;AACH,wBAAgB,eAAe,CAC7B,QAAQ,EAAE,aAAa,GAAG,IAAI,EAC9B,IAAI,EAAE,MAAM,EACZ,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE,gBAAgB,CAAC,GAC1C,uBAAuB,EAAE,CAiE3B;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,SAAS,EAAE,MAAM,GAChB,UAAU,GAAG,aAAa,GAAG,SAAS,CAyBxC;AAED;;GAEG;AACH,wBAAgB,UAAU,CACxB,OAAO,EAAE,gBAAgB,EACzB,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE,gBAAgB,CAAC,GAC1C,eAAe,EAAE,CAiGnB;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAuB3D"}
|
package/index.d.ts
CHANGED
|
@@ -23,6 +23,6 @@ export { WRAPPERS, WRAPPER_DEFINITIONS, installWrapper, installWrappers, install
|
|
|
23
23
|
export { generateAgentProfile, generateOperationProfile, installProfiles, installSeatbeltProfiles, verifyProfile, getInstalledProfiles, type ProfileResult, } from './seatbelt';
|
|
24
24
|
export { generateBrokerPlist, generateBrokerPlistLegacy, installLaunchDaemon, loadLaunchDaemon, unloadLaunchDaemon, uninstallLaunchDaemon, isDaemonRunning, getDaemonStatus, restartDaemon, fixSocketPermissions, type DaemonResult, } from './launchdaemon';
|
|
25
25
|
export { getPreset, listPresets, listAutoDetectablePresets, autoDetectPreset, formatPresetList, openclawPreset, devHarnessPreset, customPreset, PRESETS, type TargetPreset, type PresetDetectionResult, type MigrationContext, type MigrationDirectories, type PresetMigrationResult, } from './presets';
|
|
26
|
-
export { scanDiscovery, scanBinaries, scanSkills, parseSkillMd, extractSkillInfo, classifyDirectory, } from './discovery';
|
|
26
|
+
export { scanDiscovery, scanBinaries, scanSkills, parseSkillMd, extractSkillInfo, classifyDirectory, stripEnvFromSkillMd, } from './discovery';
|
|
27
27
|
export { injectAgenCoSkill, createAgenCoSymlink, removeInjectedSkills, updateOpenClawMcpConfig, getSkillsDir, getAgenCoSkillPath, type SkillInjectionResult, } from './skill-injector';
|
|
28
28
|
//# sourceMappingURL=index.d.ts.map
|
package/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,gBAAgB,EAAE,kBAAkB,IAAI,yBAAyB,EAAE,MAAM,SAAS,CAAC;AAG7H,cAAc,iBAAiB,CAAC;AAGhC,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,gBAAgB,EAChB,YAAY,EACZ,WAAW,EACX,UAAU,EACV,eAAe,EACf,gBAAgB,EAChB,WAAW,EACX,uBAAuB,EACvB,WAAW,EACX,UAAU,EACV,YAAY,EACZ,WAAW,EACX,uBAAuB,EACvB,WAAW,EACX,UAAU,EACV,WAAW,EACX,YAAY,EACZ,oBAAoB,EACpB,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,KAAK,YAAY,GAClB,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,wBAAwB,EACxB,iBAAiB,EACjB,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,oBAAoB,EACpB,iBAAiB,EACjB,eAAe,EACf,oBAAoB,EACpB,gBAAgB,EAChB,oBAAoB,EACpB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EACvB,KAAK,eAAe,GACrB,MAAM,eAAe,CAAC;AAGvB,cAAc,aAAa,CAAC;AAG5B,OAAO,EACL,QAAQ,EACR,kBAAkB,EAClB,cAAc,EACd,iBAAiB,EACjB,eAAe,EACf,kBAAkB,EAClB,KAAK,eAAe,GACrB,MAAM,gBAAgB,CAAC;AAGxB,cAAc,YAAY,CAAC;AAG3B,cAAc,UAAU,CAAC;AAGzB,cAAc,UAAU,CAAC;AACzB,cAAc,WAAW,CAAC;AAG1B,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,GACjB,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,QAAQ,EACR,mBAAmB,EACnB,cAAc,EACd,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,gBAAgB,EAChB,iBAAiB,EACjB,cAAc,EACd,mBAAmB,EACnB,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,YAAY,EACZ,gBAAgB,EAChB,KAAK,gBAAgB,EACrB,qBAAqB,EACrB,oBAAoB,EACpB,qBAAqB,EACrB,KAAK,mBAAmB,EAExB,oBAAoB,EACpB,oBAAoB,EACpB,sBAAsB,EACtB,uBAAuB,EACvB,mBAAmB,EACnB,sBAAsB,EACtB,iBAAiB,EACjB,oBAAoB,EACpB,aAAa,EACb,KAAK,aAAa,EAClB,KAAK,iBAAiB,EACtB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,oBAAoB,EACpB,wBAAwB,EACxB,eAAe,EACf,uBAAuB,EACvB,aAAa,EACb,oBAAoB,EACpB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,mBAAmB,EACnB,yBAAyB,EACzB,mBAAmB,EACnB,gBAAgB,EAChB,kBAAkB,EAClB,qBAAqB,EACrB,eAAe,EACf,eAAe,EACf,aAAa,EACb,oBAAoB,EACpB,KAAK,YAAY,GAClB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAEL,SAAS,EACT,WAAW,EACX,yBAAyB,EACzB,gBAAgB,EAChB,gBAAgB,EAEhB,cAAc,EACd,gBAAgB,EAChB,YAAY,EACZ,OAAO,EAEP,KAAK,YAAY,EACjB,KAAK,qBAAqB,EAC1B,KAAK,gBAAgB,EACrB,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,GAC3B,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,aAAa,EACb,YAAY,EACZ,UAAU,EACV,YAAY,EACZ,gBAAgB,EAChB,iBAAiB,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,gBAAgB,EAAE,kBAAkB,IAAI,yBAAyB,EAAE,MAAM,SAAS,CAAC;AAG7H,cAAc,iBAAiB,CAAC;AAGhC,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,gBAAgB,EAChB,YAAY,EACZ,WAAW,EACX,UAAU,EACV,eAAe,EACf,gBAAgB,EAChB,WAAW,EACX,uBAAuB,EACvB,WAAW,EACX,UAAU,EACV,YAAY,EACZ,WAAW,EACX,uBAAuB,EACvB,WAAW,EACX,UAAU,EACV,WAAW,EACX,YAAY,EACZ,oBAAoB,EACpB,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,KAAK,YAAY,GAClB,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,wBAAwB,EACxB,iBAAiB,EACjB,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,oBAAoB,EACpB,iBAAiB,EACjB,eAAe,EACf,oBAAoB,EACpB,gBAAgB,EAChB,oBAAoB,EACpB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EACvB,KAAK,eAAe,GACrB,MAAM,eAAe,CAAC;AAGvB,cAAc,aAAa,CAAC;AAG5B,OAAO,EACL,QAAQ,EACR,kBAAkB,EAClB,cAAc,EACd,iBAAiB,EACjB,eAAe,EACf,kBAAkB,EAClB,KAAK,eAAe,GACrB,MAAM,gBAAgB,CAAC;AAGxB,cAAc,YAAY,CAAC;AAG3B,cAAc,UAAU,CAAC;AAGzB,cAAc,UAAU,CAAC;AACzB,cAAc,WAAW,CAAC;AAG1B,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,GACjB,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,QAAQ,EACR,mBAAmB,EACnB,cAAc,EACd,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,gBAAgB,EAChB,iBAAiB,EACjB,cAAc,EACd,mBAAmB,EACnB,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,YAAY,EACZ,gBAAgB,EAChB,KAAK,gBAAgB,EACrB,qBAAqB,EACrB,oBAAoB,EACpB,qBAAqB,EACrB,KAAK,mBAAmB,EAExB,oBAAoB,EACpB,oBAAoB,EACpB,sBAAsB,EACtB,uBAAuB,EACvB,mBAAmB,EACnB,sBAAsB,EACtB,iBAAiB,EACjB,oBAAoB,EACpB,aAAa,EACb,KAAK,aAAa,EAClB,KAAK,iBAAiB,EACtB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,oBAAoB,EACpB,wBAAwB,EACxB,eAAe,EACf,uBAAuB,EACvB,aAAa,EACb,oBAAoB,EACpB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,mBAAmB,EACnB,yBAAyB,EACzB,mBAAmB,EACnB,gBAAgB,EAChB,kBAAkB,EAClB,qBAAqB,EACrB,eAAe,EACf,eAAe,EACf,aAAa,EACb,oBAAoB,EACpB,KAAK,YAAY,GAClB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAEL,SAAS,EACT,WAAW,EACX,yBAAyB,EACzB,gBAAgB,EAChB,gBAAgB,EAEhB,cAAc,EACd,gBAAgB,EAChB,YAAY,EACZ,OAAO,EAEP,KAAK,YAAY,EACjB,KAAK,qBAAqB,EAC1B,KAAK,gBAAgB,EACrB,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,GAC3B,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,aAAa,EACb,YAAY,EACZ,UAAU,EACV,YAAY,EACZ,gBAAgB,EAChB,iBAAiB,EACjB,mBAAmB,GACpB,MAAM,aAAa,CAAC;AAMrB,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,oBAAoB,EACpB,uBAAuB,EACvB,YAAY,EACZ,kBAAkB,EAClB,KAAK,oBAAoB,GAC1B,MAAM,kBAAkB,CAAC"}
|
package/index.js
CHANGED
|
@@ -2755,7 +2755,8 @@ var VaultContentsSchema = z7.object({
|
|
|
2755
2755
|
agenco: AgenCoSecretsSchema.optional(),
|
|
2756
2756
|
envSecrets: z7.record(z7.string(), z7.string()),
|
|
2757
2757
|
sensitivePatterns: z7.array(z7.string()),
|
|
2758
|
-
passcode: PasscodeDataSchema.optional()
|
|
2758
|
+
passcode: PasscodeDataSchema.optional(),
|
|
2759
|
+
installationKey: z7.string().optional()
|
|
2759
2760
|
});
|
|
2760
2761
|
var COMMAND_CATALOG = {
|
|
2761
2762
|
// ── Network ────────────────────────────────────────────────
|
|
@@ -6222,7 +6223,7 @@ function scanBinaries(options) {
|
|
|
6222
6223
|
// libs/shield-sandbox/src/discovery/skill-scanner.ts
|
|
6223
6224
|
import * as fs16 from "node:fs";
|
|
6224
6225
|
import * as path13 from "node:path";
|
|
6225
|
-
import { parse as parseYaml } from "yaml";
|
|
6226
|
+
import { parse as parseYaml, stringify as stringifyYaml } from "yaml";
|
|
6226
6227
|
|
|
6227
6228
|
// libs/shield-sandbox/src/skill-injector.ts
|
|
6228
6229
|
import * as fs15 from "node:fs";
|
|
@@ -6489,13 +6490,14 @@ function unique(value, index, self) {
|
|
|
6489
6490
|
}
|
|
6490
6491
|
function extractSkillInfo(metadata) {
|
|
6491
6492
|
const topReq = metadata?.requires;
|
|
6492
|
-
const
|
|
6493
|
+
const oclMeta = metadata?.metadata?.openclaw ?? metadata?.metadata?.clawdbot;
|
|
6494
|
+
const oclReq = oclMeta?.requires;
|
|
6493
6495
|
return {
|
|
6494
6496
|
apiKeys: [...topReq?.env ?? [], ...oclReq?.env ?? []].filter(unique),
|
|
6495
6497
|
bins: [...topReq?.bins ?? [], ...oclReq?.bins ?? []].filter(unique),
|
|
6496
6498
|
anyBins: [...topReq?.anyBins ?? [], ...oclReq?.anyBins ?? []].filter(unique),
|
|
6497
6499
|
configOptions: [...topReq?.config ?? [], ...oclReq?.config ?? []].filter(unique),
|
|
6498
|
-
installSteps:
|
|
6500
|
+
installSteps: oclMeta?.install
|
|
6499
6501
|
};
|
|
6500
6502
|
}
|
|
6501
6503
|
function parseSkillMd(content) {
|
|
@@ -6670,6 +6672,25 @@ function scanSkills(options, binaryLookup) {
|
|
|
6670
6672
|
}
|
|
6671
6673
|
return results.sort((a, b) => a.name.localeCompare(b.name));
|
|
6672
6674
|
}
|
|
6675
|
+
function stripEnvFromSkillMd(content) {
|
|
6676
|
+
const match = content.match(/^---\s*\n([\s\S]*?)\n---\s*\n?([\s\S]*)$/);
|
|
6677
|
+
if (!match) return content;
|
|
6678
|
+
try {
|
|
6679
|
+
const metadata = parseYaml(match[1]);
|
|
6680
|
+
if (!metadata || typeof metadata !== "object") return content;
|
|
6681
|
+
if (metadata.requires?.env) delete metadata.requires.env;
|
|
6682
|
+
if (metadata.metadata?.openclaw?.requires?.env) delete metadata.metadata.openclaw.requires.env;
|
|
6683
|
+
if (metadata.metadata?.openclaw?.primaryEnv) delete metadata.metadata.openclaw.primaryEnv;
|
|
6684
|
+
if (metadata.metadata?.clawdbot?.requires?.env) delete metadata.metadata.clawdbot.requires.env;
|
|
6685
|
+
if (metadata.metadata?.clawdbot?.primaryEnv) delete metadata.metadata.clawdbot.primaryEnv;
|
|
6686
|
+
return `---
|
|
6687
|
+
${stringifyYaml(metadata).trimEnd()}
|
|
6688
|
+
---
|
|
6689
|
+
${match[2]}`;
|
|
6690
|
+
} catch {
|
|
6691
|
+
return content;
|
|
6692
|
+
}
|
|
6693
|
+
}
|
|
6673
6694
|
|
|
6674
6695
|
// libs/shield-sandbox/src/discovery/scanner.ts
|
|
6675
6696
|
function computeSummary(binaries, directories, skills) {
|
|
@@ -6838,6 +6859,7 @@ export {
|
|
|
6838
6859
|
scanSkills,
|
|
6839
6860
|
seedConfigFiles,
|
|
6840
6861
|
setupSocketDirectory,
|
|
6862
|
+
stripEnvFromSkillMd,
|
|
6841
6863
|
uninstallLaunchDaemon,
|
|
6842
6864
|
uninstallWrapper,
|
|
6843
6865
|
uninstallWrappers,
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@agenshield/sandbox",
|
|
3
|
-
"version": "0.7.
|
|
3
|
+
"version": "0.7.2",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"description": "User isolation and sandboxing utilities for AgenShield",
|
|
6
6
|
"main": "./index.js",
|
|
@@ -15,7 +15,7 @@
|
|
|
15
15
|
},
|
|
16
16
|
"license": "MIT",
|
|
17
17
|
"dependencies": {
|
|
18
|
-
"@agenshield/skills": "0.7.
|
|
18
|
+
"@agenshield/skills": "0.7.2",
|
|
19
19
|
"yaml": "^2.7.1"
|
|
20
20
|
},
|
|
21
21
|
"devDependencies": {
|