@agentvault/agentvault 0.14.6 → 0.14.8

package/dist/crypto-helpers.js

@@ -0,0 +1,4 @@
+// Re-export transport utilities from shared @agentvault/crypto package.
+// Plugin code continues importing from ./crypto-helpers.js — no import changes needed.
+export { hexToBytes, bytesToHex, base64ToBytes, bytesToBase64, encryptedMessageToTransport, transportToEncryptedMessage, } from "@agentvault/crypto";
+//# sourceMappingURL=crypto-helpers.js.map

package/dist/crypto-helpers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto-helpers.js","sourceRoot":"","sources":["../src/crypto-helpers.ts"],"names":[],"mappings":"AAAA,wEAAwE;AACxE,uFAAuF;AACvF,OAAO,EACL,UAAU,EACV,UAAU,EACV,aAAa,EACb,aAAa,EACb,2BAA2B,EAC3B,2BAA2B,GAE5B,MAAM,oBAAoB,CAAC"}

package/dist/index.js

@@ -45102,6 +45102,22 @@ var init_scan_engine = __esm({
         /\bghp_[a-zA-Z0-9]{36,}\b/g,
         /\bglpat-[a-zA-Z0-9_-]{20,}\b/g,
         /\bxoxb-[0-9]+-[0-9]+-[a-zA-Z0-9]+\b/g
+      ],
+      prompt_injection: [
+        /\bignore\s+(?:all\s+)?(?:previous|above|prior)\s+instructions\b/gi,
+        /\byou\s+are\s+now\s+(?:a|an)\s+/gi,
+        /\bsystem\s*:\s*you\b/gi,
+        /\bDAN\s+mode\b/gi,
+        /\bdo\s+anything\s+now\b/gi,
+        /\bdo\s+not\s+follow\s+any\s+(?:other\s+)?rules\b/gi,
+        /\bjailbreak\b/gi
+      ],
+      shell_injection: [
+        /\bcurl\s+.*\|\s*(?:sh|bash|zsh)\b/gi,
+        /\beval\s*\(/gi,
+        /\bexec\s*\(/gi,
+        /\bchmod\s+\+x\b/gi,
+        /\brm\s+-rf\s+\//gi
       ]
     };
     ScanEngine = class {
@@ -45213,6 +45229,24 @@ var init_scan_engine = __esm({
           }
           return false;
         }
+        if (builtinId === "prompt_injection") {
+          const patterns = BUILTIN_PATTERNS.prompt_injection;
+          for (const p2 of patterns) {
+            const regex = new RegExp(p2.source, p2.flags);
+            if (regex.test(text))
+              return true;
+          }
+          return false;
+        }
+        if (builtinId === "shell_injection") {
+          const patterns = BUILTIN_PATTERNS.shell_injection;
+          for (const p2 of patterns) {
+            const regex = new RegExp(p2.source, p2.flags);
+            if (regex.test(text))
+              return true;
+          }
+          return false;
+        }
         return false;
       }
       _buildMatchSummary(rule) {
@@ -45232,6 +45266,48 @@ var init_scan_engine = __esm({
       _escapeRegex(str) {
         return str.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
       }
+      /**
+       * Scan a workspace file (e.g. SOUL.md) against all builtin patterns.
+       * Runs api_keys, pii_*, prompt_injection, and shell_injection checks
+       * regardless of rule direction.
+       */
+      static scanWorkspaceFile(content) {
+        const violations = [];
+        let blocked = false;
+        let flagged = false;
+        const checks = [
+          { id: "api_keys", action: "block" },
+          { id: "prompt_injection", action: "block" },
+          { id: "shell_injection", action: "block" },
+          { id: "pii_ssn", action: "flag" },
+          { id: "pii_credit_card", action: "flag" },
+          { id: "pii_email", action: "flag" }
+        ];
+        for (const check of checks) {
+          const patterns = BUILTIN_PATTERNS[check.id];
+          if (!patterns)
+            continue;
+          for (const p2 of patterns) {
+            const regex = new RegExp(p2.source, p2.flags);
+            if (regex.test(content)) {
+              violations.push({
+                rule_id: `workspace_${check.id}`,
+                rule_name: check.id,
+                action: check.action,
+                scanner_type: "builtin",
+                match_summary: `builtin:${check.id}`
+              });
+              if (check.action === "block")
+                blocked = true;
+              if (check.action === "flag")
+                flagged = true;
+              break;
+            }
+          }
+        }
+        const status = blocked ? "blocked" : flagged ? "flagged" : "clean";
+        return { status, violations };
+      }
     };
   }
 });
@@ -46037,7 +46113,7 @@ __export(workspace_handlers_exports, {
   handleWorkspaceUpload: () => handleWorkspaceUpload,
   validateWorkspaceFilename: () => validateWorkspaceFilename
 });
-import { readdir, readFile as readFile2, writeFile as writeFile2, rename as rename2, stat, unlink } from "node:fs/promises";
+import { readdir, readFile as readFile2, writeFile as writeFile2, rename as rename2, stat, unlink, mkdir as mkdir2 } from "node:fs/promises";
 import { join as join2 } from "node:path";
 import { randomUUID } from "node:crypto";
 function validateWorkspaceFilename(filename) {
@@ -46092,6 +46168,7 @@ async function handleWorkspaceUpload(data, workspaceDir) {
   if (!verified) {
     return { status: "error", error: "Invalid signature \u2014 file may have been tampered with" };
   }
+  await mkdir2(workspaceDir, { recursive: true });
   const targetPath = join2(workspaceDir, data.filename);
   const tempPath = join2(workspaceDir, `.tmp_${randomUUID()}_${data.filename}`);
   try {
@@ -46172,7 +46249,7 @@ var init_workspace_handlers = __esm({
 import { EventEmitter } from "node:events";
 import { createServer } from "node:http";
 import { randomUUID as randomUUID2 } from "node:crypto";
-import { writeFile as writeFile3, mkdir as mkdir2 } from "node:fs/promises";
+import { writeFile as writeFile3, mkdir as mkdir3 } from "node:fs/promises";
 import { join as join3 } from "node:path";
 import { readFile as readFile3 } from "node:fs/promises";
 import WebSocket from "ws";
@@ -48097,7 +48174,7 @@ ${messageText}`;
        */
       async _downloadAndDecryptAttachment(info) {
         const attachDir = join3(this.config.dataDir, "attachments");
-        await mkdir2(attachDir, { recursive: true });
+        await mkdir3(attachDir, { recursive: true });
         const url = `${this.config.apiUrl}${info.blobUrl}`;
         const res = await fetch(url, {
           headers: { Authorization: `Bearer ${this._deviceJwt}` }
@@ -48232,22 +48309,23 @@ ${messageText}`;
        */
       _resolveWorkspaceDir() {
         const homedir = process.env.HOME ?? process.env.USERPROFILE ?? "/tmp";
+        const agentName = this.config.agentName;
         try {
           const configPath = join3(homedir, ".openclaw", "openclaw.json");
           const raw = __require("node:fs").readFileSync(configPath, "utf-8");
           const config = JSON.parse(raw);
           const agents = config?.agents?.list;
-          if (Array.isArray(agents)) {
+          if (Array.isArray(agents) && agentName) {
             for (const agent of agents) {
-              if (agent.workspace && typeof agent.workspace === "string") {
+              if ((agent.id === agentName || agent.name === agentName) && agent.workspace && typeof agent.workspace === "string") {
                 return agent.workspace;
               }
             }
           }
         } catch {
         }
-        if (this.config.dataDir) {
-          return join3(this.config.dataDir, "..", "workspace");
+        if (agentName && agentName !== "CLI Agent" && agentName !== "OpenClaw Agent") {
+          return join3(homedir, ".openclaw", `workspace-${agentName}`);
         }
         return join3(homedir, ".openclaw", "workspace");
       }