@agentsh/secure-sandbox 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +198 -0
- package/dist/adapters/blaxel.d.ts +5 -0
- package/dist/adapters/blaxel.js +9 -0
- package/dist/adapters/blaxel.js.map +1 -0
- package/dist/adapters/cloudflare.d.ts +5 -0
- package/dist/adapters/cloudflare.js +9 -0
- package/dist/adapters/cloudflare.js.map +1 -0
- package/dist/adapters/daytona.d.ts +5 -0
- package/dist/adapters/daytona.js +9 -0
- package/dist/adapters/daytona.js.map +1 -0
- package/dist/adapters/e2b.d.ts +5 -0
- package/dist/adapters/e2b.js +9 -0
- package/dist/adapters/e2b.js.map +1 -0
- package/dist/adapters/index.d.ts +6 -0
- package/dist/adapters/index.js +26 -0
- package/dist/adapters/index.js.map +1 -0
- package/dist/adapters/vercel.d.ts +5 -0
- package/dist/adapters/vercel.js +8 -0
- package/dist/adapters/vercel.js.map +1 -0
- package/dist/chunk-2P37YGN7.js +52 -0
- package/dist/chunk-2P37YGN7.js.map +1 -0
- package/dist/chunk-45FKFVMC.js +55 -0
- package/dist/chunk-45FKFVMC.js.map +1 -0
- package/dist/chunk-JY5ERJTX.js +49 -0
- package/dist/chunk-JY5ERJTX.js.map +1 -0
- package/dist/chunk-L4KFLVNU.js +33 -0
- package/dist/chunk-L4KFLVNU.js.map +1 -0
- package/dist/chunk-LMN3KM53.js +48 -0
- package/dist/chunk-LMN3KM53.js.map +1 -0
- package/dist/chunk-NWHVZ3DG.js +599 -0
- package/dist/chunk-NWHVZ3DG.js.map +1 -0
- package/dist/chunk-OANLKSOD.js +28 -0
- package/dist/chunk-OANLKSOD.js.map +1 -0
- package/dist/chunk-PZ5AY32C.js +10 -0
- package/dist/chunk-PZ5AY32C.js.map +1 -0
- package/dist/chunk-UYEAO27E.js +65 -0
- package/dist/chunk-UYEAO27E.js.map +1 -0
- package/dist/esm-7TZRRYDK.js +1375 -0
- package/dist/esm-7TZRRYDK.js.map +1 -0
- package/dist/index-D0UvBOzr.d.ts +463 -0
- package/dist/index-aQ1TVPtG.d.ts +16 -0
- package/dist/index.d.ts +77 -0
- package/dist/index.js +774 -0
- package/dist/index.js.map +1 -0
- package/dist/policies/index.d.ts +2 -0
- package/dist/policies/index.js +26 -0
- package/dist/policies/index.js.map +1 -0
- package/dist/testing/index.d.ts +13 -0
- package/dist/testing/index.js +32 -0
- package/dist/testing/index.js.map +1 -0
- package/dist/types-BwEbraFo.d.ts +194 -0
- package/package.json +99 -0
|
@@ -0,0 +1,599 @@
|
|
|
1
|
+
import {
|
|
2
|
+
__export
|
|
3
|
+
} from "./chunk-PZ5AY32C.js";
|
|
4
|
+
|
|
5
|
+
// src/policies/index.ts
|
|
6
|
+
var policies_exports = {};
|
|
7
|
+
__export(policies_exports, {
|
|
8
|
+
PolicyDefinitionSchema: () => PolicyDefinitionSchema,
|
|
9
|
+
agentDefault: () => agentDefault,
|
|
10
|
+
agentSandbox: () => agentSandbox,
|
|
11
|
+
ciStrict: () => ciStrict,
|
|
12
|
+
devSafe: () => devSafe,
|
|
13
|
+
merge: () => merge,
|
|
14
|
+
mergePrepend: () => mergePrepend,
|
|
15
|
+
serializePolicy: () => serializePolicy,
|
|
16
|
+
systemPolicyYaml: () => systemPolicyYaml,
|
|
17
|
+
validatePolicy: () => validatePolicy
|
|
18
|
+
});
|
|
19
|
+
|
|
20
|
+
// src/policies/schema.ts
|
|
21
|
+
import { z, ZodError } from "zod";
|
|
22
|
+
|
|
23
|
+
// src/core/errors.ts
|
|
24
|
+
var AgentSHError = class extends Error {
|
|
25
|
+
constructor(message) {
|
|
26
|
+
super(message);
|
|
27
|
+
this.name = "AgentSHError";
|
|
28
|
+
}
|
|
29
|
+
};
|
|
30
|
+
var PolicyValidationError = class extends AgentSHError {
|
|
31
|
+
issues;
|
|
32
|
+
constructor({ issues }) {
|
|
33
|
+
const summaries = issues.map((issue) => `${issue.path.join(".")}: ${issue.message}`).join("; ");
|
|
34
|
+
super(`Policy validation failed: ${summaries}`);
|
|
35
|
+
this.name = "PolicyValidationError";
|
|
36
|
+
this.issues = issues;
|
|
37
|
+
}
|
|
38
|
+
};
|
|
39
|
+
var MissingPeerDependencyError = class extends AgentSHError {
|
|
40
|
+
packageName;
|
|
41
|
+
versionRange;
|
|
42
|
+
constructor({
|
|
43
|
+
packageName,
|
|
44
|
+
versionRange
|
|
45
|
+
}) {
|
|
46
|
+
super(
|
|
47
|
+
`${packageName} is required but not installed. Run: npm install ${packageName}@"${versionRange}"`
|
|
48
|
+
);
|
|
49
|
+
this.name = "MissingPeerDependencyError";
|
|
50
|
+
this.packageName = packageName;
|
|
51
|
+
this.versionRange = versionRange;
|
|
52
|
+
}
|
|
53
|
+
};
|
|
54
|
+
var IncompatibleProviderVersionError = class extends AgentSHError {
|
|
55
|
+
installed;
|
|
56
|
+
required;
|
|
57
|
+
packageName;
|
|
58
|
+
constructor({
|
|
59
|
+
installed,
|
|
60
|
+
required,
|
|
61
|
+
packageName
|
|
62
|
+
}) {
|
|
63
|
+
super(
|
|
64
|
+
`${packageName} version ${installed} is not supported. @agentsh/secure-sandbox requires ${packageName} ${required}. Please upgrade: npm install ${packageName}@latest`
|
|
65
|
+
);
|
|
66
|
+
this.name = "IncompatibleProviderVersionError";
|
|
67
|
+
this.installed = installed;
|
|
68
|
+
this.required = required;
|
|
69
|
+
this.packageName = packageName;
|
|
70
|
+
}
|
|
71
|
+
};
|
|
72
|
+
var ProvisioningError = class extends AgentSHError {
|
|
73
|
+
phase;
|
|
74
|
+
command;
|
|
75
|
+
stderr;
|
|
76
|
+
constructor({
|
|
77
|
+
phase,
|
|
78
|
+
command,
|
|
79
|
+
stderr
|
|
80
|
+
}) {
|
|
81
|
+
super(`Provisioning failed at phase: ${phase}`);
|
|
82
|
+
this.name = "ProvisioningError";
|
|
83
|
+
this.phase = phase;
|
|
84
|
+
this.command = command;
|
|
85
|
+
this.stderr = stderr;
|
|
86
|
+
}
|
|
87
|
+
};
|
|
88
|
+
var IntegrityError = class extends AgentSHError {
|
|
89
|
+
expected;
|
|
90
|
+
actual;
|
|
91
|
+
constructor({
|
|
92
|
+
expected,
|
|
93
|
+
actual,
|
|
94
|
+
message
|
|
95
|
+
}) {
|
|
96
|
+
super(message ?? `Checksum mismatch: expected ${expected}, got ${actual}`);
|
|
97
|
+
this.name = "IntegrityError";
|
|
98
|
+
this.expected = expected;
|
|
99
|
+
this.actual = actual;
|
|
100
|
+
}
|
|
101
|
+
};
|
|
102
|
+
var RuntimeError = class extends AgentSHError {
|
|
103
|
+
sessionId;
|
|
104
|
+
command;
|
|
105
|
+
stderr;
|
|
106
|
+
constructor({
|
|
107
|
+
sessionId,
|
|
108
|
+
command,
|
|
109
|
+
stderr
|
|
110
|
+
}) {
|
|
111
|
+
super(`agentsh exec failed (session ${sessionId})`);
|
|
112
|
+
this.name = "RuntimeError";
|
|
113
|
+
this.sessionId = sessionId;
|
|
114
|
+
this.command = command;
|
|
115
|
+
this.stderr = stderr;
|
|
116
|
+
}
|
|
117
|
+
};
|
|
118
|
+
|
|
119
|
+
// src/policies/schema.ts
|
|
120
|
+
var stringOrArray = z.union([z.string(), z.array(z.string())]);
|
|
121
|
+
var FileOpSchema = z.enum(["read", "write", "create", "delete"]);
|
|
122
|
+
var FileAllowRule = z.object({ allow: stringOrArray, ops: z.array(FileOpSchema).optional() }).strict();
|
|
123
|
+
var FileDenyRule = z.object({ deny: stringOrArray, ops: z.array(FileOpSchema).optional() }).strict();
|
|
124
|
+
var FileRedirectRule = z.object({
|
|
125
|
+
redirect: stringOrArray,
|
|
126
|
+
to: z.string(),
|
|
127
|
+
ops: z.array(FileOpSchema).optional()
|
|
128
|
+
}).strict();
|
|
129
|
+
var FileAuditRule = z.object({ audit: stringOrArray, ops: z.array(FileOpSchema).optional() }).strict();
|
|
130
|
+
var FileSoftDeleteRule = z.object({ softDelete: stringOrArray }).strict();
|
|
131
|
+
var FileRuleSchema = z.union([
|
|
132
|
+
FileAllowRule,
|
|
133
|
+
FileDenyRule,
|
|
134
|
+
FileRedirectRule,
|
|
135
|
+
FileAuditRule,
|
|
136
|
+
FileSoftDeleteRule
|
|
137
|
+
]);
|
|
138
|
+
var NetworkAllowRule = z.object({
|
|
139
|
+
allow: stringOrArray,
|
|
140
|
+
ports: z.array(z.number().int().min(1).max(65535)).optional()
|
|
141
|
+
}).strict();
|
|
142
|
+
var NetworkDenyRule = z.object({ deny: stringOrArray }).strict();
|
|
143
|
+
var NetworkRedirectRule = z.object({ redirect: z.string(), to: z.string() }).strict();
|
|
144
|
+
var NetworkRuleSchema = z.union([
|
|
145
|
+
NetworkAllowRule,
|
|
146
|
+
NetworkDenyRule,
|
|
147
|
+
NetworkRedirectRule
|
|
148
|
+
]);
|
|
149
|
+
var CommandRedirectTarget = z.union([
|
|
150
|
+
z.string(),
|
|
151
|
+
z.object({ cmd: z.string(), args: z.array(z.string()) }).strict()
|
|
152
|
+
]);
|
|
153
|
+
var CommandAllowRule = z.object({ allow: stringOrArray }).strict();
|
|
154
|
+
var CommandDenyRule = z.object({ deny: stringOrArray }).strict();
|
|
155
|
+
var CommandRedirectRule = z.object({ redirect: stringOrArray, to: CommandRedirectTarget }).strict();
|
|
156
|
+
var CommandRuleSchema = z.union([
|
|
157
|
+
CommandAllowRule,
|
|
158
|
+
CommandDenyRule,
|
|
159
|
+
CommandRedirectRule
|
|
160
|
+
]);
|
|
161
|
+
var EnvRuleSchema = z.object({
|
|
162
|
+
commands: z.array(z.string()),
|
|
163
|
+
allow: z.array(z.string()).optional(),
|
|
164
|
+
deny: z.array(z.string()).optional()
|
|
165
|
+
}).strict();
|
|
166
|
+
var DnsRedirectSchema = z.object({
|
|
167
|
+
match: z.string(),
|
|
168
|
+
resolveTo: z.string()
|
|
169
|
+
}).strict();
|
|
170
|
+
var ConnectRedirectSchema = z.object({
|
|
171
|
+
match: z.string(),
|
|
172
|
+
redirectTo: z.string()
|
|
173
|
+
}).strict();
|
|
174
|
+
var PolicyDefinitionSchema = z.object({
|
|
175
|
+
file: z.array(FileRuleSchema).optional(),
|
|
176
|
+
network: z.array(NetworkRuleSchema).optional(),
|
|
177
|
+
commands: z.array(CommandRuleSchema).optional(),
|
|
178
|
+
env: z.array(EnvRuleSchema).optional(),
|
|
179
|
+
dns: z.array(DnsRedirectSchema).optional(),
|
|
180
|
+
connect: z.array(ConnectRedirectSchema).optional()
|
|
181
|
+
}).strict();
|
|
182
|
+
function validatePolicy(policy) {
|
|
183
|
+
try {
|
|
184
|
+
return PolicyDefinitionSchema.parse(policy);
|
|
185
|
+
} catch (err) {
|
|
186
|
+
if (err instanceof ZodError) {
|
|
187
|
+
throw new PolicyValidationError({ issues: err.issues });
|
|
188
|
+
}
|
|
189
|
+
throw err;
|
|
190
|
+
}
|
|
191
|
+
}
|
|
192
|
+
|
|
193
|
+
// src/policies/merge.ts
|
|
194
|
+
var CATEGORIES = ["file", "network", "commands", "env", "dns", "connect"];
|
|
195
|
+
function merge(base, ...overrides) {
|
|
196
|
+
return validatePolicy(mergeInternal(base, overrides, "append"));
|
|
197
|
+
}
|
|
198
|
+
function mergePrepend(base, ...overrides) {
|
|
199
|
+
return validatePolicy(mergeInternal(base, overrides, "prepend"));
|
|
200
|
+
}
|
|
201
|
+
function mergeInternal(base, overrides, mode) {
|
|
202
|
+
const result = { ...base };
|
|
203
|
+
for (const override of overrides) {
|
|
204
|
+
for (const key of CATEGORIES) {
|
|
205
|
+
if (override[key] != null) {
|
|
206
|
+
const baseRules = result[key] ?? [];
|
|
207
|
+
result[key] = mode === "append" ? [...baseRules, ...override[key]] : [...override[key], ...baseRules];
|
|
208
|
+
}
|
|
209
|
+
}
|
|
210
|
+
}
|
|
211
|
+
return result;
|
|
212
|
+
}
|
|
213
|
+
|
|
214
|
+
// src/policies/presets.ts
|
|
215
|
+
function agentDefault(extensions) {
|
|
216
|
+
const base = {
|
|
217
|
+
file: [
|
|
218
|
+
{ allow: "/workspace/**", ops: ["read", "write", "create"] },
|
|
219
|
+
// Git/version-control credentials
|
|
220
|
+
{ deny: ["/workspace/.git/config", "/workspace/.netrc"] },
|
|
221
|
+
// Secrets and credentials
|
|
222
|
+
{ deny: ["**/.env", "**/.env.*", "**/credentials*", "**/*.pem", "**/*.key"] },
|
|
223
|
+
{ deny: ["~/.ssh/**", "/proc/*/environ"] },
|
|
224
|
+
// Cloud provider credentials
|
|
225
|
+
{ deny: ["~/.aws/**", "~/.gcp/**", "~/.azure/**", "~/.config/gcloud/**"] },
|
|
226
|
+
// Shell config injection (persistence)
|
|
227
|
+
{ deny: ["~/.bashrc", "~/.zshrc", "~/.profile", "~/.bash_profile"] },
|
|
228
|
+
// Credential stores
|
|
229
|
+
{ deny: ["~/.gitconfig", "~/.netrc", "~/.curlrc", "~/.wgetrc"] },
|
|
230
|
+
// PATH hijacking
|
|
231
|
+
{ deny: "~/.local/bin/**" },
|
|
232
|
+
// Agent config files — allow reads (project context), deny writes (prompt injection persistence)
|
|
233
|
+
{ deny: ["**/.cursorrules", "**/CLAUDE.md", "**/copilot-instructions.md"], ops: ["write", "create", "delete"] }
|
|
234
|
+
],
|
|
235
|
+
network: [
|
|
236
|
+
{
|
|
237
|
+
allow: [
|
|
238
|
+
"registry.npmjs.org",
|
|
239
|
+
"registry.yarnpkg.com",
|
|
240
|
+
"pypi.org",
|
|
241
|
+
"files.pythonhosted.org",
|
|
242
|
+
"crates.io",
|
|
243
|
+
"static.crates.io",
|
|
244
|
+
"index.crates.io",
|
|
245
|
+
"proxy.golang.org",
|
|
246
|
+
"sum.golang.org",
|
|
247
|
+
"github.com",
|
|
248
|
+
"raw.githubusercontent.com"
|
|
249
|
+
],
|
|
250
|
+
ports: [443]
|
|
251
|
+
},
|
|
252
|
+
{ deny: "*" }
|
|
253
|
+
],
|
|
254
|
+
commands: [
|
|
255
|
+
// Allow safe commands (order matters — first match wins)
|
|
256
|
+
{
|
|
257
|
+
allow: [
|
|
258
|
+
"bash",
|
|
259
|
+
"sh",
|
|
260
|
+
"echo",
|
|
261
|
+
"cat",
|
|
262
|
+
"head",
|
|
263
|
+
"tail",
|
|
264
|
+
"grep",
|
|
265
|
+
"find",
|
|
266
|
+
"ls",
|
|
267
|
+
"wc",
|
|
268
|
+
"sort",
|
|
269
|
+
"uniq",
|
|
270
|
+
"diff",
|
|
271
|
+
"pwd",
|
|
272
|
+
"date",
|
|
273
|
+
"which",
|
|
274
|
+
"whoami",
|
|
275
|
+
"id",
|
|
276
|
+
"uname",
|
|
277
|
+
"printf",
|
|
278
|
+
"test",
|
|
279
|
+
"true",
|
|
280
|
+
"false",
|
|
281
|
+
"mkdir",
|
|
282
|
+
"cp",
|
|
283
|
+
"mv",
|
|
284
|
+
"rm",
|
|
285
|
+
"touch",
|
|
286
|
+
"chmod",
|
|
287
|
+
"tr",
|
|
288
|
+
"cut",
|
|
289
|
+
"sed",
|
|
290
|
+
"awk",
|
|
291
|
+
"tee",
|
|
292
|
+
"xargs",
|
|
293
|
+
"basename",
|
|
294
|
+
"dirname",
|
|
295
|
+
"realpath",
|
|
296
|
+
"base64",
|
|
297
|
+
"md5sum",
|
|
298
|
+
"sha256sum",
|
|
299
|
+
"tar",
|
|
300
|
+
"gzip",
|
|
301
|
+
"gunzip"
|
|
302
|
+
]
|
|
303
|
+
},
|
|
304
|
+
// Allow dev tools
|
|
305
|
+
{
|
|
306
|
+
allow: [
|
|
307
|
+
"git",
|
|
308
|
+
"node",
|
|
309
|
+
"npm",
|
|
310
|
+
"npx",
|
|
311
|
+
"yarn",
|
|
312
|
+
"pnpm",
|
|
313
|
+
"bun",
|
|
314
|
+
"python",
|
|
315
|
+
"python3",
|
|
316
|
+
"pip",
|
|
317
|
+
"pip3",
|
|
318
|
+
"cargo",
|
|
319
|
+
"rustc",
|
|
320
|
+
"go",
|
|
321
|
+
"make",
|
|
322
|
+
"cmake"
|
|
323
|
+
]
|
|
324
|
+
},
|
|
325
|
+
// Deny dangerous commands
|
|
326
|
+
{ deny: ["env", "printenv", "sudo", "su", "doas"] },
|
|
327
|
+
{ deny: ["shutdown", "reboot", "halt", "poweroff"] },
|
|
328
|
+
{ deny: ["nc", "ncat", "netcat", "socat", "telnet"] },
|
|
329
|
+
{ deny: ["git push --force", "git reset --hard"] },
|
|
330
|
+
{
|
|
331
|
+
redirect: ["curl", "wget"],
|
|
332
|
+
to: { cmd: "agentsh-fetch", args: ["--audit"] }
|
|
333
|
+
}
|
|
334
|
+
]
|
|
335
|
+
};
|
|
336
|
+
return extensions ? merge(base, extensions) : base;
|
|
337
|
+
}
|
|
338
|
+
function devSafe(extensions) {
|
|
339
|
+
const base = {
|
|
340
|
+
file: [
|
|
341
|
+
{ allow: "/workspace/**", ops: ["read", "write", "create"] },
|
|
342
|
+
{ deny: ["**/.env", "**/.env.*", "**/credentials*", "**/*.pem", "**/*.key"] },
|
|
343
|
+
{ deny: ["~/.ssh/**", "/proc/*/environ"] },
|
|
344
|
+
{ deny: ["~/.aws/**", "~/.gcp/**", "~/.azure/**", "~/.config/gcloud/**"] },
|
|
345
|
+
{ deny: ["~/.bashrc", "~/.zshrc", "~/.profile", "~/.bash_profile"] },
|
|
346
|
+
{ deny: ["~/.gitconfig", "~/.netrc", "~/.curlrc", "~/.wgetrc"] }
|
|
347
|
+
],
|
|
348
|
+
network: [
|
|
349
|
+
{
|
|
350
|
+
allow: ["registry.npmjs.org", "registry.yarnpkg.com"],
|
|
351
|
+
ports: [443]
|
|
352
|
+
}
|
|
353
|
+
],
|
|
354
|
+
commands: [{ deny: ["env", "printenv", "shutdown", "reboot"] }]
|
|
355
|
+
};
|
|
356
|
+
return extensions ? merge(base, extensions) : base;
|
|
357
|
+
}
|
|
358
|
+
function ciStrict(extensions) {
|
|
359
|
+
const base = {
|
|
360
|
+
file: [
|
|
361
|
+
{ allow: "/workspace/**" },
|
|
362
|
+
{ deny: ["**/.env", "**/.env.*", "**/credentials*", "**/*.pem", "**/*.key"] },
|
|
363
|
+
{ deny: ["~/.aws/**", "~/.gcp/**", "~/.azure/**", "~/.config/gcloud/**"] },
|
|
364
|
+
{ deny: "/**" }
|
|
365
|
+
],
|
|
366
|
+
network: [
|
|
367
|
+
{
|
|
368
|
+
allow: [
|
|
369
|
+
"registry.npmjs.org",
|
|
370
|
+
"registry.yarnpkg.com",
|
|
371
|
+
"pypi.org",
|
|
372
|
+
"files.pythonhosted.org",
|
|
373
|
+
"crates.io",
|
|
374
|
+
"static.crates.io",
|
|
375
|
+
"index.crates.io",
|
|
376
|
+
"proxy.golang.org",
|
|
377
|
+
"sum.golang.org"
|
|
378
|
+
],
|
|
379
|
+
ports: [443]
|
|
380
|
+
},
|
|
381
|
+
{ deny: "*" }
|
|
382
|
+
],
|
|
383
|
+
commands: [
|
|
384
|
+
{ deny: ["env", "printenv", "shutdown", "reboot", "sudo"] }
|
|
385
|
+
]
|
|
386
|
+
};
|
|
387
|
+
return extensions ? merge(base, extensions) : base;
|
|
388
|
+
}
|
|
389
|
+
function agentSandbox(extensions) {
|
|
390
|
+
const base = {
|
|
391
|
+
file: [
|
|
392
|
+
{ allow: "/workspace/**", ops: ["read"] },
|
|
393
|
+
{ deny: "/**" }
|
|
394
|
+
],
|
|
395
|
+
network: [{ deny: "*" }],
|
|
396
|
+
commands: [
|
|
397
|
+
{ deny: ["env", "printenv", "sudo", "su", "shutdown", "reboot"] }
|
|
398
|
+
]
|
|
399
|
+
};
|
|
400
|
+
return extensions ? merge(base, extensions) : base;
|
|
401
|
+
}
|
|
402
|
+
|
|
403
|
+
// src/policies/serialize.ts
|
|
404
|
+
import yaml from "js-yaml";
|
|
405
|
+
function toArray(value) {
|
|
406
|
+
return Array.isArray(value) ? value : [value];
|
|
407
|
+
}
|
|
408
|
+
var FILE_DECISION_KEYS = [
|
|
409
|
+
"allow",
|
|
410
|
+
"deny",
|
|
411
|
+
"redirect",
|
|
412
|
+
"audit",
|
|
413
|
+
"softDelete"
|
|
414
|
+
];
|
|
415
|
+
var SIMPLE_DECISION_KEYS = ["allow", "deny", "redirect"];
|
|
416
|
+
function findDecision(rule, keys) {
|
|
417
|
+
for (const k of keys) {
|
|
418
|
+
if (k in rule) {
|
|
419
|
+
return { key: k, value: rule[k] };
|
|
420
|
+
}
|
|
421
|
+
}
|
|
422
|
+
throw new Error(`No decision key found in rule: ${JSON.stringify(rule)}`);
|
|
423
|
+
}
|
|
424
|
+
function yamlDecision(key) {
|
|
425
|
+
return key === "softDelete" ? "soft_delete" : key;
|
|
426
|
+
}
|
|
427
|
+
function serializeFileRules(rules) {
|
|
428
|
+
return rules.map((rule, i) => {
|
|
429
|
+
const r = rule;
|
|
430
|
+
const { key, value } = findDecision(r, FILE_DECISION_KEYS);
|
|
431
|
+
const paths = toArray(value);
|
|
432
|
+
const out = {
|
|
433
|
+
name: `file-rule-${i}`,
|
|
434
|
+
paths
|
|
435
|
+
};
|
|
436
|
+
if ("ops" in r && r.ops) {
|
|
437
|
+
out.operations = r.ops;
|
|
438
|
+
}
|
|
439
|
+
out.decision = yamlDecision(key);
|
|
440
|
+
if (key === "redirect" && "to" in r) {
|
|
441
|
+
out.redirect_to = r.to;
|
|
442
|
+
}
|
|
443
|
+
return out;
|
|
444
|
+
});
|
|
445
|
+
}
|
|
446
|
+
function serializeNetworkRules(rules) {
|
|
447
|
+
return rules.map((rule, i) => {
|
|
448
|
+
const r = rule;
|
|
449
|
+
const { key, value } = findDecision(r, SIMPLE_DECISION_KEYS);
|
|
450
|
+
const domains = toArray(value);
|
|
451
|
+
const out = {
|
|
452
|
+
name: `network-rule-${i}`,
|
|
453
|
+
domains,
|
|
454
|
+
decision: key
|
|
455
|
+
};
|
|
456
|
+
if ("ports" in r && r.ports) {
|
|
457
|
+
out.ports = r.ports;
|
|
458
|
+
}
|
|
459
|
+
if (key === "redirect" && "to" in r) {
|
|
460
|
+
out.redirect_to = r.to;
|
|
461
|
+
}
|
|
462
|
+
return out;
|
|
463
|
+
});
|
|
464
|
+
}
|
|
465
|
+
function serializeCommandRules(rules) {
|
|
466
|
+
return rules.map((rule, i) => {
|
|
467
|
+
const r = rule;
|
|
468
|
+
const { key, value } = findDecision(r, SIMPLE_DECISION_KEYS);
|
|
469
|
+
const commands = toArray(value);
|
|
470
|
+
const out = {
|
|
471
|
+
name: `command-rule-${i}`,
|
|
472
|
+
commands,
|
|
473
|
+
decision: key
|
|
474
|
+
};
|
|
475
|
+
if (key === "redirect" && "to" in r) {
|
|
476
|
+
const to = r.to;
|
|
477
|
+
if (typeof to === "string") {
|
|
478
|
+
out.redirect_to = to;
|
|
479
|
+
} else if (typeof to === "object" && to !== null) {
|
|
480
|
+
const target = to;
|
|
481
|
+
out.redirect_to = { command: target.cmd, args: target.args };
|
|
482
|
+
}
|
|
483
|
+
}
|
|
484
|
+
return out;
|
|
485
|
+
});
|
|
486
|
+
}
|
|
487
|
+
function serializeEnvRules(rules) {
|
|
488
|
+
return rules.map((rule, i) => {
|
|
489
|
+
const out = {
|
|
490
|
+
name: `env-rule-${i}`,
|
|
491
|
+
commands: rule.commands
|
|
492
|
+
};
|
|
493
|
+
if (rule.allow) {
|
|
494
|
+
out.allow = rule.allow;
|
|
495
|
+
}
|
|
496
|
+
if (rule.deny) {
|
|
497
|
+
out.deny = rule.deny;
|
|
498
|
+
}
|
|
499
|
+
return out;
|
|
500
|
+
});
|
|
501
|
+
}
|
|
502
|
+
function serializeDnsRedirects(redirects) {
|
|
503
|
+
return redirects.map((r) => ({
|
|
504
|
+
match: r.match,
|
|
505
|
+
resolve_to: r.resolveTo
|
|
506
|
+
}));
|
|
507
|
+
}
|
|
508
|
+
function serializeConnectRedirects(redirects) {
|
|
509
|
+
return redirects.map((r) => ({
|
|
510
|
+
match: r.match,
|
|
511
|
+
redirect_to: r.redirectTo
|
|
512
|
+
}));
|
|
513
|
+
}
|
|
514
|
+
function serializePolicy(policy) {
|
|
515
|
+
const doc = {
|
|
516
|
+
version: 1,
|
|
517
|
+
name: "secure-sandbox-policy"
|
|
518
|
+
};
|
|
519
|
+
if (policy.file && policy.file.length > 0) {
|
|
520
|
+
doc.file_rules = serializeFileRules(policy.file);
|
|
521
|
+
}
|
|
522
|
+
if (policy.network && policy.network.length > 0) {
|
|
523
|
+
doc.network_rules = serializeNetworkRules(policy.network);
|
|
524
|
+
}
|
|
525
|
+
if (policy.commands && policy.commands.length > 0) {
|
|
526
|
+
doc.command_rules = serializeCommandRules(policy.commands);
|
|
527
|
+
}
|
|
528
|
+
if (policy.env && policy.env.length > 0) {
|
|
529
|
+
doc.env_rules = serializeEnvRules(policy.env);
|
|
530
|
+
}
|
|
531
|
+
if (policy.dns && policy.dns.length > 0) {
|
|
532
|
+
doc.dns_redirects = serializeDnsRedirects(policy.dns);
|
|
533
|
+
}
|
|
534
|
+
if (policy.connect && policy.connect.length > 0) {
|
|
535
|
+
doc.connect_redirects = serializeConnectRedirects(policy.connect);
|
|
536
|
+
}
|
|
537
|
+
return yaml.dump(doc, { lineWidth: -1 });
|
|
538
|
+
}
|
|
539
|
+
function systemPolicyYaml() {
|
|
540
|
+
const doc = {
|
|
541
|
+
version: 1,
|
|
542
|
+
name: "_system-protection",
|
|
543
|
+
file_rules: [
|
|
544
|
+
{
|
|
545
|
+
name: "_system-protect-config",
|
|
546
|
+
paths: ["/etc/agentsh/**"],
|
|
547
|
+
operations: ["write", "create", "delete"],
|
|
548
|
+
decision: "deny",
|
|
549
|
+
message: "Policy files are immutable during agent execution"
|
|
550
|
+
},
|
|
551
|
+
{
|
|
552
|
+
name: "_system-protect-binary",
|
|
553
|
+
paths: ["/usr/local/bin/agentsh*", "/usr/bin/agentsh*"],
|
|
554
|
+
operations: ["write", "create", "delete"],
|
|
555
|
+
decision: "deny",
|
|
556
|
+
message: "agentsh binary is immutable during agent execution"
|
|
557
|
+
},
|
|
558
|
+
{
|
|
559
|
+
name: "_system-protect-shim-files",
|
|
560
|
+
paths: ["/usr/bin/agentsh-shell-shim", "/bin/bash", "/bin/sh"],
|
|
561
|
+
operations: ["write", "create", "delete"],
|
|
562
|
+
decision: "deny",
|
|
563
|
+
message: "Shell and shim binaries are immutable during agent execution"
|
|
564
|
+
}
|
|
565
|
+
],
|
|
566
|
+
command_rules: [
|
|
567
|
+
{
|
|
568
|
+
name: "_system-protect-process",
|
|
569
|
+
commands: ["kill", "killall", "pkill"],
|
|
570
|
+
args_match: ["agentsh"],
|
|
571
|
+
decision: "deny",
|
|
572
|
+
message: "Cannot terminate agentsh processes"
|
|
573
|
+
}
|
|
574
|
+
]
|
|
575
|
+
};
|
|
576
|
+
return yaml.dump(doc, { lineWidth: -1 });
|
|
577
|
+
}
|
|
578
|
+
|
|
579
|
+
export {
|
|
580
|
+
AgentSHError,
|
|
581
|
+
PolicyValidationError,
|
|
582
|
+
MissingPeerDependencyError,
|
|
583
|
+
IncompatibleProviderVersionError,
|
|
584
|
+
ProvisioningError,
|
|
585
|
+
IntegrityError,
|
|
586
|
+
RuntimeError,
|
|
587
|
+
serializePolicy,
|
|
588
|
+
systemPolicyYaml,
|
|
589
|
+
PolicyDefinitionSchema,
|
|
590
|
+
validatePolicy,
|
|
591
|
+
merge,
|
|
592
|
+
mergePrepend,
|
|
593
|
+
agentDefault,
|
|
594
|
+
devSafe,
|
|
595
|
+
ciStrict,
|
|
596
|
+
agentSandbox,
|
|
597
|
+
policies_exports
|
|
598
|
+
};
|
|
599
|
+
//# sourceMappingURL=chunk-NWHVZ3DG.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/policies/index.ts","../src/policies/schema.ts","../src/core/errors.ts","../src/policies/merge.ts","../src/policies/presets.ts","../src/policies/serialize.ts"],"sourcesContent":["export { PolicyDefinitionSchema, validatePolicy } from './schema.js';\nexport type { PolicyDefinition, FileRule, NetworkRule, CommandRule, EnvRule, DnsRedirect, ConnectRedirect } from './schema.js';\nexport { agentDefault, devSafe, ciStrict, agentSandbox } from './presets.js';\nexport { merge, mergePrepend } from './merge.js';\nexport { serializePolicy, systemPolicyYaml } from './serialize.js';\n","import { z, ZodError } from 'zod';\nimport { PolicyValidationError } from '../core/errors.js';\n\n// ─── Shared helpers ─────────────────────────────────────────\n\nconst stringOrArray = z.union([z.string(), z.array(z.string())]);\n\n// ─── File rules ─────────────────────────────────────────────\n\nexport const FileOpSchema = z.enum(['read', 'write', 'create', 'delete']);\n\nconst FileAllowRule = z\n .object({ allow: stringOrArray, ops: z.array(FileOpSchema).optional() })\n .strict();\n\nconst FileDenyRule = z\n .object({ deny: stringOrArray, ops: z.array(FileOpSchema).optional() })\n .strict();\n\nconst FileRedirectRule = z\n .object({\n redirect: stringOrArray,\n to: z.string(),\n ops: z.array(FileOpSchema).optional(),\n })\n .strict();\n\nconst FileAuditRule = z\n .object({ audit: stringOrArray, ops: z.array(FileOpSchema).optional() })\n .strict();\n\nconst FileSoftDeleteRule = z.object({ softDelete: stringOrArray }).strict();\n\nexport const FileRuleSchema = z.union([\n FileAllowRule,\n FileDenyRule,\n FileRedirectRule,\n FileAuditRule,\n FileSoftDeleteRule,\n]);\n\n// ─── Network rules ──────────────────────────────────────────\n\nconst NetworkAllowRule = z\n .object({\n allow: stringOrArray,\n ports: z.array(z.number().int().min(1).max(65535)).optional(),\n })\n .strict();\n\nconst NetworkDenyRule = z.object({ deny: stringOrArray }).strict();\n\nconst NetworkRedirectRule = z\n .object({ redirect: z.string(), to: z.string() })\n .strict();\n\nexport const NetworkRuleSchema = z.union([\n NetworkAllowRule,\n NetworkDenyRule,\n NetworkRedirectRule,\n]);\n\n// ─── Command rules ──────────────────────────────────────────\n\nconst CommandRedirectTarget = z.union([\n z.string(),\n z.object({ cmd: z.string(), args: z.array(z.string()) }).strict(),\n]);\n\nconst CommandAllowRule = z.object({ allow: stringOrArray }).strict();\n\nconst CommandDenyRule = z.object({ deny: stringOrArray }).strict();\n\nconst CommandRedirectRule = z\n .object({ redirect: stringOrArray, to: CommandRedirectTarget })\n .strict();\n\nexport const CommandRuleSchema = z.union([\n CommandAllowRule,\n CommandDenyRule,\n CommandRedirectRule,\n]);\n\n// ─── Env rules ──────────────────────────────────────────────\n\nexport const EnvRuleSchema = z\n .object({\n commands: z.array(z.string()),\n allow: z.array(z.string()).optional(),\n deny: z.array(z.string()).optional(),\n })\n .strict();\n\n// ─── DNS / Connect redirects ────────────────────────────────\n\nexport const DnsRedirectSchema = z\n .object({\n match: z.string(),\n resolveTo: z.string(),\n })\n .strict();\n\nexport const ConnectRedirectSchema = z\n .object({\n match: z.string(),\n redirectTo: z.string(),\n })\n .strict();\n\n// ─── PolicyDefinition ───────────────────────────────────────\n\nexport const PolicyDefinitionSchema = z\n .object({\n file: z.array(FileRuleSchema).optional(),\n network: z.array(NetworkRuleSchema).optional(),\n commands: z.array(CommandRuleSchema).optional(),\n env: z.array(EnvRuleSchema).optional(),\n dns: z.array(DnsRedirectSchema).optional(),\n connect: z.array(ConnectRedirectSchema).optional(),\n })\n .strict();\n\n// ─── Inferred types ─────────────────────────────────────────\n\nexport type PolicyDefinition = z.infer<typeof PolicyDefinitionSchema>;\nexport type FileOp = z.infer<typeof FileOpSchema>;\nexport type FileRule = z.infer<typeof FileRuleSchema>;\nexport type NetworkRule = z.infer<typeof NetworkRuleSchema>;\nexport type CommandRule = z.infer<typeof CommandRuleSchema>;\nexport type EnvRule = z.infer<typeof EnvRuleSchema>;\nexport type DnsRedirect = z.infer<typeof DnsRedirectSchema>;\nexport type ConnectRedirect = z.infer<typeof ConnectRedirectSchema>;\n\n// ─── Validation ─────────────────────────────────────────────\n\nexport function validatePolicy(policy: unknown): PolicyDefinition {\n try {\n return PolicyDefinitionSchema.parse(policy);\n } catch (err) {\n if (err instanceof ZodError) {\n throw new PolicyValidationError({ issues: err.issues });\n }\n throw err;\n }\n}\n","import type { ZodIssue } from 'zod';\n\nexport class AgentSHError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'AgentSHError';\n }\n}\n\nexport class PolicyValidationError extends AgentSHError {\n readonly issues: ZodIssue[];\n\n constructor({ issues }: { issues: ZodIssue[] }) {\n const summaries = issues\n .map((issue) => `${issue.path.join('.')}: ${issue.message}`)\n .join('; ');\n super(`Policy validation failed: ${summaries}`);\n this.name = 'PolicyValidationError';\n this.issues = issues;\n }\n}\n\nexport class MissingPeerDependencyError extends AgentSHError {\n readonly packageName: string;\n readonly versionRange: string;\n\n constructor({\n packageName,\n versionRange,\n }: {\n packageName: string;\n versionRange: string;\n }) {\n super(\n `${packageName} is required but not installed. Run: npm install ${packageName}@\"${versionRange}\"`,\n );\n this.name = 'MissingPeerDependencyError';\n this.packageName = packageName;\n this.versionRange = versionRange;\n }\n}\n\nexport class IncompatibleProviderVersionError extends AgentSHError {\n readonly installed: string;\n readonly required: string;\n readonly packageName: string;\n\n constructor({\n installed,\n required,\n packageName,\n }: {\n installed: string;\n required: string;\n packageName: string;\n }) {\n super(\n `${packageName} version ${installed} is not supported. @agentsh/secure-sandbox requires ${packageName} ${required}. Please upgrade: npm install ${packageName}@latest`,\n );\n this.name = 'IncompatibleProviderVersionError';\n this.installed = installed;\n this.required = required;\n this.packageName = packageName;\n }\n}\n\nexport class ProvisioningError extends AgentSHError {\n readonly phase: string;\n readonly command: string;\n readonly stderr: string;\n\n constructor({\n phase,\n command,\n stderr,\n }: {\n phase: string;\n command: string;\n stderr: string;\n }) {\n super(`Provisioning failed at phase: ${phase}`);\n this.name = 'ProvisioningError';\n this.phase = phase;\n this.command = command;\n this.stderr = stderr;\n }\n}\n\nexport class IntegrityError extends AgentSHError {\n readonly expected: string;\n readonly actual: string;\n\n constructor({\n expected,\n actual,\n message,\n }: {\n expected: string;\n actual: string;\n message?: string;\n }) {\n super(message ?? `Checksum mismatch: expected ${expected}, got ${actual}`);\n this.name = 'IntegrityError';\n this.expected = expected;\n this.actual = actual;\n }\n}\n\nexport class RuntimeError extends AgentSHError {\n readonly sessionId: string;\n readonly command: string;\n readonly stderr: string;\n\n constructor({\n sessionId,\n command,\n stderr,\n }: {\n sessionId: string;\n command: string;\n stderr: string;\n }) {\n super(`agentsh exec failed (session ${sessionId})`);\n this.name = 'RuntimeError';\n this.sessionId = sessionId;\n this.command = command;\n this.stderr = stderr;\n }\n}\n","import type { PolicyDefinition } from './schema.js';\nimport { validatePolicy } from './schema.js';\n\nconst CATEGORIES = ['file', 'network', 'commands', 'env', 'dns', 'connect'] as const;\n\n/**\n * Merge policy overrides AFTER base rules for each category.\n * Since agentsh evaluates first-match-wins, appended rules only apply\n * to paths not already matched by base.\n */\nexport function merge(base: PolicyDefinition, ...overrides: Partial<PolicyDefinition>[]): PolicyDefinition {\n return validatePolicy(mergeInternal(base, overrides, 'append'));\n}\n\n/**\n * Merge policy overrides BEFORE base rules for each category,\n * making overrides take priority in first-match-wins evaluation.\n */\nexport function mergePrepend(base: PolicyDefinition, ...overrides: Partial<PolicyDefinition>[]): PolicyDefinition {\n return validatePolicy(mergeInternal(base, overrides, 'prepend'));\n}\n\nfunction mergeInternal(\n base: PolicyDefinition,\n overrides: Partial<PolicyDefinition>[],\n mode: 'append' | 'prepend',\n): PolicyDefinition {\n const result: any = { ...base };\n for (const override of overrides) {\n for (const key of CATEGORIES) {\n if (override[key] != null) {\n const baseRules = result[key] ?? [];\n result[key] = mode === 'append'\n ? [...baseRules, ...override[key]!]\n : [...override[key]!, ...baseRules];\n }\n }\n }\n return result;\n}\n","import type { PolicyDefinition } from './schema.js';\nimport { merge } from './merge.js';\n\n// ─── agentDefault ──────────────────────────────────────────\n\n/**\n * Comprehensive policy for AI coding agents. This is the DEFAULT policy\n * used when no policy is specified. Based on agentsh v0.13's agent-default\n * policy.\n */\nexport function agentDefault(\n extensions?: Partial<PolicyDefinition>,\n): PolicyDefinition {\n const base: PolicyDefinition = {\n file: [\n { allow: '/workspace/**', ops: ['read', 'write', 'create'] },\n // Git/version-control credentials\n { deny: ['/workspace/.git/config', '/workspace/.netrc'] },\n // Secrets and credentials\n { deny: ['**/.env', '**/.env.*', '**/credentials*', '**/*.pem', '**/*.key'] },\n { deny: ['~/.ssh/**', '/proc/*/environ'] },\n // Cloud provider credentials\n { deny: ['~/.aws/**', '~/.gcp/**', '~/.azure/**', '~/.config/gcloud/**'] },\n // Shell config injection (persistence)\n { deny: ['~/.bashrc', '~/.zshrc', '~/.profile', '~/.bash_profile'] },\n // Credential stores\n { deny: ['~/.gitconfig', '~/.netrc', '~/.curlrc', '~/.wgetrc'] },\n // PATH hijacking\n { deny: '~/.local/bin/**' },\n // Agent config files — allow reads (project context), deny writes (prompt injection persistence)\n { deny: ['**/.cursorrules', '**/CLAUDE.md', '**/copilot-instructions.md'], ops: ['write', 'create', 'delete'] },\n ],\n network: [\n {\n allow: [\n 'registry.npmjs.org',\n 'registry.yarnpkg.com',\n 'pypi.org',\n 'files.pythonhosted.org',\n 'crates.io',\n 'static.crates.io',\n 'index.crates.io',\n 'proxy.golang.org',\n 'sum.golang.org',\n 'github.com',\n 'raw.githubusercontent.com',\n ],\n ports: [443],\n },\n { deny: '*' },\n ],\n commands: [\n // Allow safe commands (order matters — first match wins)\n {\n allow: [\n 'bash', 'sh', 'echo', 'cat', 'head', 'tail', 'grep', 'find',\n 'ls', 'wc', 'sort', 'uniq', 'diff', 'pwd', 'date', 'which',\n 'whoami', 'id', 'uname', 'printf', 'test', 'true', 'false',\n 'mkdir', 'cp', 'mv', 'rm', 'touch', 'chmod', 'tr', 'cut',\n 'sed', 'awk', 'tee', 'xargs', 'basename', 'dirname', 'realpath',\n 'base64', 'md5sum', 'sha256sum', 'tar', 'gzip', 'gunzip',\n ],\n },\n // Allow dev tools\n {\n allow: [\n 'git', 'node', 'npm', 'npx', 'yarn', 'pnpm', 'bun',\n 'python', 'python3', 'pip', 'pip3',\n 'cargo', 'rustc', 'go', 'make', 'cmake',\n ],\n },\n // Deny dangerous commands\n { deny: ['env', 'printenv', 'sudo', 'su', 'doas'] },\n { deny: ['shutdown', 'reboot', 'halt', 'poweroff'] },\n { deny: ['nc', 'ncat', 'netcat', 'socat', 'telnet'] },\n { deny: ['git push --force', 'git reset --hard'] },\n {\n redirect: ['curl', 'wget'],\n to: { cmd: 'agentsh-fetch', args: ['--audit'] },\n },\n ],\n };\n return extensions ? merge(base, extensions) : base;\n}\n\n// ─── devSafe ───────────────────────────────────────────────\n\n/**\n * Permissive defaults for local development. Not recommended for production.\n */\nexport function devSafe(\n extensions?: Partial<PolicyDefinition>,\n): PolicyDefinition {\n const base: PolicyDefinition = {\n file: [\n { allow: '/workspace/**', ops: ['read', 'write', 'create'] },\n { deny: ['**/.env', '**/.env.*', '**/credentials*', '**/*.pem', '**/*.key'] },\n { deny: ['~/.ssh/**', '/proc/*/environ'] },\n { deny: ['~/.aws/**', '~/.gcp/**', '~/.azure/**', '~/.config/gcloud/**'] },\n { deny: ['~/.bashrc', '~/.zshrc', '~/.profile', '~/.bash_profile'] },\n { deny: ['~/.gitconfig', '~/.netrc', '~/.curlrc', '~/.wgetrc'] },\n ],\n network: [\n {\n allow: ['registry.npmjs.org', 'registry.yarnpkg.com'],\n ports: [443],\n },\n ],\n commands: [{ deny: ['env', 'printenv', 'shutdown', 'reboot'] }],\n };\n return extensions ? merge(base, extensions) : base;\n}\n\n// ─── ciStrict ──────────────────────────────────────────────\n\n/**\n * Locked down for CI/CD runners.\n */\nexport function ciStrict(\n extensions?: Partial<PolicyDefinition>,\n): PolicyDefinition {\n const base: PolicyDefinition = {\n file: [\n { allow: '/workspace/**' },\n { deny: ['**/.env', '**/.env.*', '**/credentials*', '**/*.pem', '**/*.key'] },\n { deny: ['~/.aws/**', '~/.gcp/**', '~/.azure/**', '~/.config/gcloud/**'] },\n { deny: '/**' },\n ],\n network: [\n {\n allow: [\n 'registry.npmjs.org',\n 'registry.yarnpkg.com',\n 'pypi.org',\n 'files.pythonhosted.org',\n 'crates.io',\n 'static.crates.io',\n 'index.crates.io',\n 'proxy.golang.org',\n 'sum.golang.org',\n ],\n ports: [443],\n },\n { deny: '*' },\n ],\n commands: [\n { deny: ['env', 'printenv', 'shutdown', 'reboot', 'sudo'] },\n ],\n };\n return extensions ? merge(base, extensions) : base;\n}\n\n// ─── agentSandbox ──────────────────────────────────────────\n\n/**\n * Maximum restriction for untrusted code. Read-only workspace, no network.\n */\nexport function agentSandbox(\n extensions?: Partial<PolicyDefinition>,\n): PolicyDefinition {\n const base: PolicyDefinition = {\n file: [\n { allow: '/workspace/**', ops: ['read'] },\n { deny: '/**' },\n ],\n network: [{ deny: '*' }],\n commands: [\n { deny: ['env', 'printenv', 'sudo', 'su', 'shutdown', 'reboot'] },\n ],\n };\n return extensions ? merge(base, extensions) : base;\n}\n","import yaml from 'js-yaml';\nimport type {\n PolicyDefinition,\n FileRule,\n NetworkRule,\n CommandRule,\n EnvRule,\n DnsRedirect,\n ConnectRedirect,\n} from './schema.js';\n\n// ─── Helpers ────────────────────────────────────────────────\n\n/** Normalize a string-or-array value to always be an array. */\nfunction toArray(value: string | string[]): string[] {\n return Array.isArray(value) ? value : [value];\n}\n\n/** Detect the decision key from a rule object. */\ntype DecisionKey = 'allow' | 'deny' | 'redirect' | 'audit' | 'softDelete';\n\nconst FILE_DECISION_KEYS: DecisionKey[] = [\n 'allow',\n 'deny',\n 'redirect',\n 'audit',\n 'softDelete',\n];\n\nconst SIMPLE_DECISION_KEYS: DecisionKey[] = ['allow', 'deny', 'redirect'];\n\nfunction findDecision(\n rule: Record<string, unknown>,\n keys: DecisionKey[],\n): { key: DecisionKey; value: unknown } {\n for (const k of keys) {\n if (k in rule) {\n return { key: k, value: rule[k] };\n }\n }\n throw new Error(`No decision key found in rule: ${JSON.stringify(rule)}`);\n}\n\n/** Map softDelete → soft_delete for YAML output. */\nfunction yamlDecision(key: DecisionKey): string {\n return key === 'softDelete' ? 'soft_delete' : key;\n}\n\n// ─── File rules ─────────────────────────────────────────────\n\nfunction serializeFileRules(rules: FileRule[]): Record<string, unknown>[] {\n return rules.map((rule, i) => {\n const r = rule as Record<string, unknown>;\n const { key, value } = findDecision(r, FILE_DECISION_KEYS);\n const paths = toArray(value as string | string[]);\n\n const out: Record<string, unknown> = {\n name: `file-rule-${i}`,\n paths,\n };\n\n if ('ops' in r && r.ops) {\n out.operations = r.ops;\n }\n\n out.decision = yamlDecision(key);\n\n if (key === 'redirect' && 'to' in r) {\n out.redirect_to = r.to;\n }\n\n return out;\n });\n}\n\n// ─── Network rules ──────────────────────────────────────────\n\nfunction serializeNetworkRules(\n rules: NetworkRule[],\n): Record<string, unknown>[] {\n return rules.map((rule, i) => {\n const r = rule as Record<string, unknown>;\n const { key, value } = findDecision(r, SIMPLE_DECISION_KEYS);\n const domains = toArray(value as string | string[]);\n\n const out: Record<string, unknown> = {\n name: `network-rule-${i}`,\n domains,\n decision: key,\n };\n\n if ('ports' in r && r.ports) {\n out.ports = r.ports;\n }\n\n if (key === 'redirect' && 'to' in r) {\n out.redirect_to = r.to;\n }\n\n return out;\n });\n}\n\n// ─── Command rules ──────────────────────────────────────────\n\nfunction serializeCommandRules(\n rules: CommandRule[],\n): Record<string, unknown>[] {\n return rules.map((rule, i) => {\n const r = rule as Record<string, unknown>;\n const { key, value } = findDecision(r, SIMPLE_DECISION_KEYS);\n const commands = toArray(value as string | string[]);\n\n const out: Record<string, unknown> = {\n name: `command-rule-${i}`,\n commands,\n decision: key,\n };\n\n if (key === 'redirect' && 'to' in r) {\n const to = r.to;\n if (typeof to === 'string') {\n out.redirect_to = to;\n } else if (typeof to === 'object' && to !== null) {\n const target = to as { cmd: string; args: string[] };\n out.redirect_to = { command: target.cmd, args: target.args };\n }\n }\n\n return out;\n });\n}\n\n// ─── Env rules ──────────────────────────────────────────────\n\nfunction serializeEnvRules(rules: EnvRule[]): Record<string, unknown>[] {\n return rules.map((rule, i) => {\n const out: Record<string, unknown> = {\n name: `env-rule-${i}`,\n commands: rule.commands,\n };\n if (rule.allow) {\n out.allow = rule.allow;\n }\n if (rule.deny) {\n out.deny = rule.deny;\n }\n return out;\n });\n}\n\n// ─── DNS redirects ──────────────────────────────────────────\n\nfunction serializeDnsRedirects(\n redirects: DnsRedirect[],\n): Record<string, unknown>[] {\n return redirects.map((r) => ({\n match: r.match,\n resolve_to: r.resolveTo,\n }));\n}\n\n// ─── Connect redirects ──────────────────────────────────────\n\nfunction serializeConnectRedirects(\n redirects: ConnectRedirect[],\n): Record<string, unknown>[] {\n return redirects.map((r) => ({\n match: r.match,\n redirect_to: r.redirectTo,\n }));\n}\n\n// ─── Public API ─────────────────────────────────────────────\n\n/**\n * Converts a PolicyDefinition to agentsh YAML format.\n *\n * Omits empty categories from output.\n */\nexport function serializePolicy(policy: PolicyDefinition): string {\n const doc: Record<string, unknown> = {\n version: 1,\n name: 'secure-sandbox-policy',\n };\n\n if (policy.file && policy.file.length > 0) {\n doc.file_rules = serializeFileRules(policy.file);\n }\n\n if (policy.network && policy.network.length > 0) {\n doc.network_rules = serializeNetworkRules(policy.network);\n }\n\n if (policy.commands && policy.commands.length > 0) {\n doc.command_rules = serializeCommandRules(policy.commands);\n }\n\n if (policy.env && policy.env.length > 0) {\n doc.env_rules = serializeEnvRules(policy.env);\n }\n\n if (policy.dns && policy.dns.length > 0) {\n doc.dns_redirects = serializeDnsRedirects(policy.dns);\n }\n\n if (policy.connect && policy.connect.length > 0) {\n doc.connect_redirects = serializeConnectRedirects(policy.connect);\n }\n\n return yaml.dump(doc, { lineWidth: -1 });\n}\n\n/**\n * Returns the fixed system policy YAML from the spec (Section 9.4).\n *\n * This static set of rules protects agentsh's own configuration, binaries,\n * and processes from tampering by the agent. These rules are written to a\n * separate system policy directory evaluated before user policy.\n */\nexport function systemPolicyYaml(): string {\n const doc = {\n version: 1,\n name: '_system-protection',\n file_rules: [\n {\n name: '_system-protect-config',\n paths: ['/etc/agentsh/**'],\n operations: ['write', 'create', 'delete'],\n decision: 'deny',\n message: 'Policy files are immutable during agent execution',\n },\n {\n name: '_system-protect-binary',\n paths: ['/usr/local/bin/agentsh*', '/usr/bin/agentsh*'],\n operations: ['write', 'create', 'delete'],\n decision: 'deny',\n message: 'agentsh binary is immutable during agent execution',\n },\n {\n name: '_system-protect-shim-files',\n paths: ['/usr/bin/agentsh-shell-shim', '/bin/bash', '/bin/sh'],\n operations: ['write', 'create', 'delete'],\n decision: 'deny',\n message: 'Shell and shim binaries are immutable during agent execution',\n },\n ],\n command_rules: [\n {\n name: '_system-protect-process',\n commands: ['kill', 'killall', 'pkill'],\n args_match: ['agentsh'],\n decision: 'deny',\n message: 'Cannot terminate agentsh processes',\n },\n ],\n };\n\n return yaml.dump(doc, { lineWidth: -1 });\n}\n"],"mappings":";;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,SAAS,GAAG,gBAAgB;;;ACErB,IAAM,eAAN,cAA2B,MAAM;AAAA,EACtC,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO;AAAA,EACd;AACF;AAEO,IAAM,wBAAN,cAAoC,aAAa;AAAA,EAC7C;AAAA,EAET,YAAY,EAAE,OAAO,GAA2B;AAC9C,UAAM,YAAY,OACf,IAAI,CAAC,UAAU,GAAG,MAAM,KAAK,KAAK,GAAG,CAAC,KAAK,MAAM,OAAO,EAAE,EAC1D,KAAK,IAAI;AACZ,UAAM,6BAA6B,SAAS,EAAE;AAC9C,SAAK,OAAO;AACZ,SAAK,SAAS;AAAA,EAChB;AACF;AAEO,IAAM,6BAAN,cAAyC,aAAa;AAAA,EAClD;AAAA,EACA;AAAA,EAET,YAAY;AAAA,IACV;AAAA,IACA;AAAA,EACF,GAGG;AACD;AAAA,MACE,GAAG,WAAW,oDAAoD,WAAW,KAAK,YAAY;AAAA,IAChG;AACA,SAAK,OAAO;AACZ,SAAK,cAAc;AACnB,SAAK,eAAe;AAAA,EACtB;AACF;AAEO,IAAM,mCAAN,cAA+C,aAAa;AAAA,EACxD;AAAA,EACA;AAAA,EACA;AAAA,EAET,YAAY;AAAA,IACV;AAAA,IACA;AAAA,IACA;AAAA,EACF,GAIG;AACD;AAAA,MACE,GAAG,WAAW,YAAY,SAAS,uDAAuD,WAAW,IAAI,QAAQ,iCAAiC,WAAW;AAAA,IAC/J;AACA,SAAK,OAAO;AACZ,SAAK,YAAY;AACjB,SAAK,WAAW;AAChB,SAAK,cAAc;AAAA,EACrB;AACF;AAEO,IAAM,oBAAN,cAAgC,aAAa;AAAA,EACzC;AAAA,EACA;AAAA,EACA;AAAA,EAET,YAAY;AAAA,IACV;AAAA,IACA;AAAA,IACA;AAAA,EACF,GAIG;AACD,UAAM,iCAAiC,KAAK,EAAE;AAC9C,SAAK,OAAO;AACZ,SAAK,QAAQ;AACb,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAChB;AACF;AAEO,IAAM,iBAAN,cAA6B,aAAa;AAAA,EACtC;AAAA,EACA;AAAA,EAET,YAAY;AAAA,IACV;AAAA,IACA;AAAA,IACA;AAAA,EACF,GAIG;AACD,UAAM,WAAW,+BAA+B,QAAQ,SAAS,MAAM,EAAE;AACzE,SAAK,OAAO;AACZ,SAAK,WAAW;AAChB,SAAK,SAAS;AAAA,EAChB;AACF;AAEO,IAAM,eAAN,cAA2B,aAAa;AAAA,EACpC;AAAA,EACA;AAAA,EACA;AAAA,EAET,YAAY;AAAA,IACV;AAAA,IACA;AAAA,IACA;AAAA,EACF,GAIG;AACD,UAAM,gCAAgC,SAAS,GAAG;AAClD,SAAK,OAAO;AACZ,SAAK,YAAY;AACjB,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAChB;AACF;;;AD3HA,IAAM,gBAAgB,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;AAIxD,IAAM,eAAe,EAAE,KAAK,CAAC,QAAQ,SAAS,UAAU,QAAQ,CAAC;AAExE,IAAM,gBAAgB,EACnB,OAAO,EAAE,OAAO,eAAe,KAAK,EAAE,MAAM,YAAY,EAAE,SAAS,EAAE,CAAC,EACtE,OAAO;AAEV,IAAM,eAAe,EAClB,OAAO,EAAE,MAAM,eAAe,KAAK,EAAE,MAAM,YAAY,EAAE,SAAS,EAAE,CAAC,EACrE,OAAO;AAEV,IAAM,mBAAmB,EACtB,OAAO;AAAA,EACN,UAAU;AAAA,EACV,IAAI,EAAE,OAAO;AAAA,EACb,KAAK,EAAE,MAAM,YAAY,EAAE,SAAS;AACtC,CAAC,EACA,OAAO;AAEV,IAAM,gBAAgB,EACnB,OAAO,EAAE,OAAO,eAAe,KAAK,EAAE,MAAM,YAAY,EAAE,SAAS,EAAE,CAAC,EACtE,OAAO;AAEV,IAAM,qBAAqB,EAAE,OAAO,EAAE,YAAY,cAAc,CAAC,EAAE,OAAO;AAEnE,IAAM,iBAAiB,EAAE,MAAM;AAAA,EACpC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAID,IAAM,mBAAmB,EACtB,OAAO;AAAA,EACN,OAAO;AAAA,EACP,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,KAAK,CAAC,EAAE,SAAS;AAC9D,CAAC,EACA,OAAO;AAEV,IAAM,kBAAkB,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC,EAAE,OAAO;AAEjE,IAAM,sBAAsB,EACzB,OAAO,EAAE,UAAU,EAAE,OAAO,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC,EAC/C,OAAO;AAEH,IAAM,oBAAoB,EAAE,MAAM;AAAA,EACvC;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAID,IAAM,wBAAwB,EAAE,MAAM;AAAA,EACpC,EAAE,OAAO;AAAA,EACT,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,GAAG,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC,EAAE,OAAO;AAClE,CAAC;AAED,IAAM,mBAAmB,EAAE,OAAO,EAAE,OAAO,cAAc,CAAC,EAAE,OAAO;AAEnE,IAAM,kBAAkB,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC,EAAE,OAAO;AAEjE,IAAM,sBAAsB,EACzB,OAAO,EAAE,UAAU,eAAe,IAAI,sBAAsB,CAAC,EAC7D,OAAO;AAEH,IAAM,oBAAoB,EAAE,MAAM;AAAA,EACvC;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAIM,IAAM,gBAAgB,EAC1B,OAAO;AAAA,EACN,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC;AAAA,EAC5B,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AAAA,EACpC,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AACrC,CAAC,EACA,OAAO;AAIH,IAAM,oBAAoB,EAC9B,OAAO;AAAA,EACN,OAAO,EAAE,OAAO;AAAA,EAChB,WAAW,EAAE,OAAO;AACtB,CAAC,EACA,OAAO;AAEH,IAAM,wBAAwB,EAClC,OAAO;AAAA,EACN,OAAO,EAAE,OAAO;AAAA,EAChB,YAAY,EAAE,OAAO;AACvB,CAAC,EACA,OAAO;AAIH,IAAM,yBAAyB,EACnC,OAAO;AAAA,EACN,MAAM,EAAE,MAAM,cAAc,EAAE,SAAS;AAAA,EACvC,SAAS,EAAE,MAAM,iBAAiB,EAAE,SAAS;AAAA,EAC7C,UAAU,EAAE,MAAM,iBAAiB,EAAE,SAAS;AAAA,EAC9C,KAAK,EAAE,MAAM,aAAa,EAAE,SAAS;AAAA,EACrC,KAAK,EAAE,MAAM,iBAAiB,EAAE,SAAS;AAAA,EACzC,SAAS,EAAE,MAAM,qBAAqB,EAAE,SAAS;AACnD,CAAC,EACA,OAAO;AAeH,SAAS,eAAe,QAAmC;AAChE,MAAI;AACF,WAAO,uBAAuB,MAAM,MAAM;AAAA,EAC5C,SAAS,KAAK;AACZ,QAAI,eAAe,UAAU;AAC3B,YAAM,IAAI,sBAAsB,EAAE,QAAQ,IAAI,OAAO,CAAC;AAAA,IACxD;AACA,UAAM;AAAA,EACR;AACF;;;AE7IA,IAAM,aAAa,CAAC,QAAQ,WAAW,YAAY,OAAO,OAAO,SAAS;AAOnE,SAAS,MAAM,SAA2B,WAA0D;AACzG,SAAO,eAAe,cAAc,MAAM,WAAW,QAAQ,CAAC;AAChE;AAMO,SAAS,aAAa,SAA2B,WAA0D;AAChH,SAAO,eAAe,cAAc,MAAM,WAAW,SAAS,CAAC;AACjE;AAEA,SAAS,cACP,MACA,WACA,MACkB;AAClB,QAAM,SAAc,EAAE,GAAG,KAAK;AAC9B,aAAW,YAAY,WAAW;AAChC,eAAW,OAAO,YAAY;AAC5B,UAAI,SAAS,GAAG,KAAK,MAAM;AACzB,cAAM,YAAY,OAAO,GAAG,KAAK,CAAC;AAClC,eAAO,GAAG,IAAI,SAAS,WACnB,CAAC,GAAG,WAAW,GAAG,SAAS,GAAG,CAAE,IAChC,CAAC,GAAG,SAAS,GAAG,GAAI,GAAG,SAAS;AAAA,MACtC;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;;;AC7BO,SAAS,aACd,YACkB;AAClB,QAAM,OAAyB;AAAA,IAC7B,MAAM;AAAA,MACJ,EAAE,OAAO,iBAAiB,KAAK,CAAC,QAAQ,SAAS,QAAQ,EAAE;AAAA;AAAA,MAE3D,EAAE,MAAM,CAAC,0BAA0B,mBAAmB,EAAE;AAAA;AAAA,MAExD,EAAE,MAAM,CAAC,WAAW,aAAa,mBAAmB,YAAY,UAAU,EAAE;AAAA,MAC5E,EAAE,MAAM,CAAC,aAAa,iBAAiB,EAAE;AAAA;AAAA,MAEzC,EAAE,MAAM,CAAC,aAAa,aAAa,eAAe,qBAAqB,EAAE;AAAA;AAAA,MAEzE,EAAE,MAAM,CAAC,aAAa,YAAY,cAAc,iBAAiB,EAAE;AAAA;AAAA,MAEnE,EAAE,MAAM,CAAC,gBAAgB,YAAY,aAAa,WAAW,EAAE;AAAA;AAAA,MAE/D,EAAE,MAAM,kBAAkB;AAAA;AAAA,MAE1B,EAAE,MAAM,CAAC,mBAAmB,gBAAgB,4BAA4B,GAAG,KAAK,CAAC,SAAS,UAAU,QAAQ,EAAE;AAAA,IAChH;AAAA,IACA,SAAS;AAAA,MACP;AAAA,QACE,OAAO;AAAA,UACL;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,QACA,OAAO,CAAC,GAAG;AAAA,MACb;AAAA,MACA,EAAE,MAAM,IAAI;AAAA,IACd;AAAA,IACA,UAAU;AAAA;AAAA,MAER;AAAA,QACE,OAAO;AAAA,UACL;AAAA,UAAQ;AAAA,UAAM;AAAA,UAAQ;AAAA,UAAO;AAAA,UAAQ;AAAA,UAAQ;AAAA,UAAQ;AAAA,UACrD;AAAA,UAAM;AAAA,UAAM;AAAA,UAAQ;AAAA,UAAQ;AAAA,UAAQ;AAAA,UAAO;AAAA,UAAQ;AAAA,UACnD;AAAA,UAAU;AAAA,UAAM;AAAA,UAAS;AAAA,UAAU;AAAA,UAAQ;AAAA,UAAQ;AAAA,UACnD;AAAA,UAAS;AAAA,UAAM;AAAA,UAAM;AAAA,UAAM;AAAA,UAAS;AAAA,UAAS;AAAA,UAAM;AAAA,UACnD;AAAA,UAAO;AAAA,UAAO;AAAA,UAAO;AAAA,UAAS;AAAA,UAAY;AAAA,UAAW;AAAA,UACrD;AAAA,UAAU;AAAA,UAAU;AAAA,UAAa;AAAA,UAAO;AAAA,UAAQ;AAAA,QAClD;AAAA,MACF;AAAA;AAAA,MAEA;AAAA,QACE,OAAO;AAAA,UACL;AAAA,UAAO;AAAA,UAAQ;AAAA,UAAO;AAAA,UAAO;AAAA,UAAQ;AAAA,UAAQ;AAAA,UAC7C;AAAA,UAAU;AAAA,UAAW;AAAA,UAAO;AAAA,UAC5B;AAAA,UAAS;AAAA,UAAS;AAAA,UAAM;AAAA,UAAQ;AAAA,QAClC;AAAA,MACF;AAAA;AAAA,MAEA,EAAE,MAAM,CAAC,OAAO,YAAY,QAAQ,MAAM,MAAM,EAAE;AAAA,MAClD,EAAE,MAAM,CAAC,YAAY,UAAU,QAAQ,UAAU,EAAE;AAAA,MACnD,EAAE,MAAM,CAAC,MAAM,QAAQ,UAAU,SAAS,QAAQ,EAAE;AAAA,MACpD,EAAE,MAAM,CAAC,oBAAoB,kBAAkB,EAAE;AAAA,MACjD;AAAA,QACE,UAAU,CAAC,QAAQ,MAAM;AAAA,QACzB,IAAI,EAAE,KAAK,iBAAiB,MAAM,CAAC,SAAS,EAAE;AAAA,MAChD;AAAA,IACF;AAAA,EACF;AACA,SAAO,aAAa,MAAM,MAAM,UAAU,IAAI;AAChD;AAOO,SAAS,QACd,YACkB;AAClB,QAAM,OAAyB;AAAA,IAC7B,MAAM;AAAA,MACJ,EAAE,OAAO,iBAAiB,KAAK,CAAC,QAAQ,SAAS,QAAQ,EAAE;AAAA,MAC3D,EAAE,MAAM,CAAC,WAAW,aAAa,mBAAmB,YAAY,UAAU,EAAE;AAAA,MAC5E,EAAE,MAAM,CAAC,aAAa,iBAAiB,EAAE;AAAA,MACzC,EAAE,MAAM,CAAC,aAAa,aAAa,eAAe,qBAAqB,EAAE;AAAA,MACzE,EAAE,MAAM,CAAC,aAAa,YAAY,cAAc,iBAAiB,EAAE;AAAA,MACnE,EAAE,MAAM,CAAC,gBAAgB,YAAY,aAAa,WAAW,EAAE;AAAA,IACjE;AAAA,IACA,SAAS;AAAA,MACP;AAAA,QACE,OAAO,CAAC,sBAAsB,sBAAsB;AAAA,QACpD,OAAO,CAAC,GAAG;AAAA,MACb;AAAA,IACF;AAAA,IACA,UAAU,CAAC,EAAE,MAAM,CAAC,OAAO,YAAY,YAAY,QAAQ,EAAE,CAAC;AAAA,EAChE;AACA,SAAO,aAAa,MAAM,MAAM,UAAU,IAAI;AAChD;AAOO,SAAS,SACd,YACkB;AAClB,QAAM,OAAyB;AAAA,IAC7B,MAAM;AAAA,MACJ,EAAE,OAAO,gBAAgB;AAAA,MACzB,EAAE,MAAM,CAAC,WAAW,aAAa,mBAAmB,YAAY,UAAU,EAAE;AAAA,MAC5E,EAAE,MAAM,CAAC,aAAa,aAAa,eAAe,qBAAqB,EAAE;AAAA,MACzE,EAAE,MAAM,MAAM;AAAA,IAChB;AAAA,IACA,SAAS;AAAA,MACP;AAAA,QACE,OAAO;AAAA,UACL;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,QACA,OAAO,CAAC,GAAG;AAAA,MACb;AAAA,MACA,EAAE,MAAM,IAAI;AAAA,IACd;AAAA,IACA,UAAU;AAAA,MACR,EAAE,MAAM,CAAC,OAAO,YAAY,YAAY,UAAU,MAAM,EAAE;AAAA,IAC5D;AAAA,EACF;AACA,SAAO,aAAa,MAAM,MAAM,UAAU,IAAI;AAChD;AAOO,SAAS,aACd,YACkB;AAClB,QAAM,OAAyB;AAAA,IAC7B,MAAM;AAAA,MACJ,EAAE,OAAO,iBAAiB,KAAK,CAAC,MAAM,EAAE;AAAA,MACxC,EAAE,MAAM,MAAM;AAAA,IAChB;AAAA,IACA,SAAS,CAAC,EAAE,MAAM,IAAI,CAAC;AAAA,IACvB,UAAU;AAAA,MACR,EAAE,MAAM,CAAC,OAAO,YAAY,QAAQ,MAAM,YAAY,QAAQ,EAAE;AAAA,IAClE;AAAA,EACF;AACA,SAAO,aAAa,MAAM,MAAM,UAAU,IAAI;AAChD;;;AC3KA,OAAO,UAAU;AAcjB,SAAS,QAAQ,OAAoC;AACnD,SAAO,MAAM,QAAQ,KAAK,IAAI,QAAQ,CAAC,KAAK;AAC9C;AAKA,IAAM,qBAAoC;AAAA,EACxC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEA,IAAM,uBAAsC,CAAC,SAAS,QAAQ,UAAU;AAExE,SAAS,aACP,MACA,MACsC;AACtC,aAAW,KAAK,MAAM;AACpB,QAAI,KAAK,MAAM;AACb,aAAO,EAAE,KAAK,GAAG,OAAO,KAAK,CAAC,EAAE;AAAA,IAClC;AAAA,EACF;AACA,QAAM,IAAI,MAAM,kCAAkC,KAAK,UAAU,IAAI,CAAC,EAAE;AAC1E;AAGA,SAAS,aAAa,KAA0B;AAC9C,SAAO,QAAQ,eAAe,gBAAgB;AAChD;AAIA,SAAS,mBAAmB,OAA8C;AACxE,SAAO,MAAM,IAAI,CAAC,MAAM,MAAM;AAC5B,UAAM,IAAI;AACV,UAAM,EAAE,KAAK,MAAM,IAAI,aAAa,GAAG,kBAAkB;AACzD,UAAM,QAAQ,QAAQ,KAA0B;AAEhD,UAAM,MAA+B;AAAA,MACnC,MAAM,aAAa,CAAC;AAAA,MACpB;AAAA,IACF;AAEA,QAAI,SAAS,KAAK,EAAE,KAAK;AACvB,UAAI,aAAa,EAAE;AAAA,IACrB;AAEA,QAAI,WAAW,aAAa,GAAG;AAE/B,QAAI,QAAQ,cAAc,QAAQ,GAAG;AACnC,UAAI,cAAc,EAAE;AAAA,IACtB;AAEA,WAAO;AAAA,EACT,CAAC;AACH;AAIA,SAAS,sBACP,OAC2B;AAC3B,SAAO,MAAM,IAAI,CAAC,MAAM,MAAM;AAC5B,UAAM,IAAI;AACV,UAAM,EAAE,KAAK,MAAM,IAAI,aAAa,GAAG,oBAAoB;AAC3D,UAAM,UAAU,QAAQ,KAA0B;AAElD,UAAM,MAA+B;AAAA,MACnC,MAAM,gBAAgB,CAAC;AAAA,MACvB;AAAA,MACA,UAAU;AAAA,IACZ;AAEA,QAAI,WAAW,KAAK,EAAE,OAAO;AAC3B,UAAI,QAAQ,EAAE;AAAA,IAChB;AAEA,QAAI,QAAQ,cAAc,QAAQ,GAAG;AACnC,UAAI,cAAc,EAAE;AAAA,IACtB;AAEA,WAAO;AAAA,EACT,CAAC;AACH;AAIA,SAAS,sBACP,OAC2B;AAC3B,SAAO,MAAM,IAAI,CAAC,MAAM,MAAM;AAC5B,UAAM,IAAI;AACV,UAAM,EAAE,KAAK,MAAM,IAAI,aAAa,GAAG,oBAAoB;AAC3D,UAAM,WAAW,QAAQ,KAA0B;AAEnD,UAAM,MAA+B;AAAA,MACnC,MAAM,gBAAgB,CAAC;AAAA,MACvB;AAAA,MACA,UAAU;AAAA,IACZ;AAEA,QAAI,QAAQ,cAAc,QAAQ,GAAG;AACnC,YAAM,KAAK,EAAE;AACb,UAAI,OAAO,OAAO,UAAU;AAC1B,YAAI,cAAc;AAAA,MACpB,WAAW,OAAO,OAAO,YAAY,OAAO,MAAM;AAChD,cAAM,SAAS;AACf,YAAI,cAAc,EAAE,SAAS,OAAO,KAAK,MAAM,OAAO,KAAK;AAAA,MAC7D;AAAA,IACF;AAEA,WAAO;AAAA,EACT,CAAC;AACH;AAIA,SAAS,kBAAkB,OAA6C;AACtE,SAAO,MAAM,IAAI,CAAC,MAAM,MAAM;AAC5B,UAAM,MAA+B;AAAA,MACnC,MAAM,YAAY,CAAC;AAAA,MACnB,UAAU,KAAK;AAAA,IACjB;AACA,QAAI,KAAK,OAAO;AACd,UAAI,QAAQ,KAAK;AAAA,IACnB;AACA,QAAI,KAAK,MAAM;AACb,UAAI,OAAO,KAAK;AAAA,IAClB;AACA,WAAO;AAAA,EACT,CAAC;AACH;AAIA,SAAS,sBACP,WAC2B;AAC3B,SAAO,UAAU,IAAI,CAAC,OAAO;AAAA,IAC3B,OAAO,EAAE;AAAA,IACT,YAAY,EAAE;AAAA,EAChB,EAAE;AACJ;AAIA,SAAS,0BACP,WAC2B;AAC3B,SAAO,UAAU,IAAI,CAAC,OAAO;AAAA,IAC3B,OAAO,EAAE;AAAA,IACT,aAAa,EAAE;AAAA,EACjB,EAAE;AACJ;AASO,SAAS,gBAAgB,QAAkC;AAChE,QAAM,MAA+B;AAAA,IACnC,SAAS;AAAA,IACT,MAAM;AAAA,EACR;AAEA,MAAI,OAAO,QAAQ,OAAO,KAAK,SAAS,GAAG;AACzC,QAAI,aAAa,mBAAmB,OAAO,IAAI;AAAA,EACjD;AAEA,MAAI,OAAO,WAAW,OAAO,QAAQ,SAAS,GAAG;AAC/C,QAAI,gBAAgB,sBAAsB,OAAO,OAAO;AAAA,EAC1D;AAEA,MAAI,OAAO,YAAY,OAAO,SAAS,SAAS,GAAG;AACjD,QAAI,gBAAgB,sBAAsB,OAAO,QAAQ;AAAA,EAC3D;AAEA,MAAI,OAAO,OAAO,OAAO,IAAI,SAAS,GAAG;AACvC,QAAI,YAAY,kBAAkB,OAAO,GAAG;AAAA,EAC9C;AAEA,MAAI,OAAO,OAAO,OAAO,IAAI,SAAS,GAAG;AACvC,QAAI,gBAAgB,sBAAsB,OAAO,GAAG;AAAA,EACtD;AAEA,MAAI,OAAO,WAAW,OAAO,QAAQ,SAAS,GAAG;AAC/C,QAAI,oBAAoB,0BAA0B,OAAO,OAAO;AAAA,EAClE;AAEA,SAAO,KAAK,KAAK,KAAK,EAAE,WAAW,GAAG,CAAC;AACzC;AASO,SAAS,mBAA2B;AACzC,QAAM,MAAM;AAAA,IACV,SAAS;AAAA,IACT,MAAM;AAAA,IACN,YAAY;AAAA,MACV;AAAA,QACE,MAAM;AAAA,QACN,OAAO,CAAC,iBAAiB;AAAA,QACzB,YAAY,CAAC,SAAS,UAAU,QAAQ;AAAA,QACxC,UAAU;AAAA,QACV,SAAS;AAAA,MACX;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,OAAO,CAAC,2BAA2B,mBAAmB;AAAA,QACtD,YAAY,CAAC,SAAS,UAAU,QAAQ;AAAA,QACxC,UAAU;AAAA,QACV,SAAS;AAAA,MACX;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,OAAO,CAAC,+BAA+B,aAAa,SAAS;AAAA,QAC7D,YAAY,CAAC,SAAS,UAAU,QAAQ;AAAA,QACxC,UAAU;AAAA,QACV,SAAS;AAAA,MACX;AAAA,IACF;AAAA,IACA,eAAe;AAAA,MACb;AAAA,QACE,MAAM;AAAA,QACN,UAAU,CAAC,QAAQ,WAAW,OAAO;AAAA,QACrC,YAAY,CAAC,SAAS;AAAA,QACtB,UAAU;AAAA,QACV,SAAS;AAAA,MACX;AAAA,IACF;AAAA,EACF;AAEA,SAAO,KAAK,KAAK,KAAK,EAAE,WAAW,GAAG,CAAC;AACzC;","names":[]}
|