@agentvault/agentvault 0.15.1 → 0.15.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/_cp.d.ts +6 -8
- package/dist/_cp.d.ts.map +1 -1
- package/dist/channel.d.ts.map +1 -1
- package/dist/cli.js +71 -9
- package/dist/cli.js.map +2 -2
- package/dist/index.js +64 -3
- package/dist/index.js.map +2 -2
- package/dist/openclaw-entry.d.ts.map +1 -1
- package/dist/openclaw-entry.js +28 -6
- package/dist/openclaw-entry.js.map +2 -2
- package/dist/types.d.ts +4 -0
- package/dist/types.d.ts.map +1 -1
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -45348,6 +45348,50 @@ var init_scan_engine = __esm({
|
|
|
45348
45348
|
* Runs api_keys, pii_*, prompt_injection, and shell_injection checks
|
|
45349
45349
|
* regardless of rule direction.
|
|
45350
45350
|
*/
|
|
45351
|
+
/**
|
|
45352
|
+
* Scan a SKILL.md file for policy violations.
|
|
45353
|
+
* Like scanWorkspaceFile but skips prompt_injection on instruction body
|
|
45354
|
+
* (skills legitimately describe AI behaviors that look like injection).
|
|
45355
|
+
* Checks: api_keys (block), shell_injection (block), pii (flag).
|
|
45356
|
+
*/
|
|
45357
|
+
static scanSkillMd(content) {
|
|
45358
|
+
const violations = [];
|
|
45359
|
+
let blocked = false;
|
|
45360
|
+
let flagged = false;
|
|
45361
|
+
const checks = [
|
|
45362
|
+
{ id: "api_keys", action: "block" },
|
|
45363
|
+
{ id: "shell_injection", action: "block" },
|
|
45364
|
+
{ id: "pii_ssn", action: "flag" },
|
|
45365
|
+
{ id: "pii_credit_card", action: "flag" },
|
|
45366
|
+
{ id: "pii_email", action: "flag" }
|
|
45367
|
+
// Intentionally omits prompt_injection — SKILL.md instruction body
|
|
45368
|
+
// legitimately contains phrases like "you are now a..."
|
|
45369
|
+
];
|
|
45370
|
+
for (const check2 of checks) {
|
|
45371
|
+
const patterns = BUILTIN_PATTERNS[check2.id];
|
|
45372
|
+
if (!patterns)
|
|
45373
|
+
continue;
|
|
45374
|
+
for (const p2 of patterns) {
|
|
45375
|
+
const regex = new RegExp(p2.source, p2.flags);
|
|
45376
|
+
if (regex.test(content)) {
|
|
45377
|
+
violations.push({
|
|
45378
|
+
rule_id: `skill_${check2.id}`,
|
|
45379
|
+
rule_name: check2.id,
|
|
45380
|
+
action: check2.action,
|
|
45381
|
+
scanner_type: "builtin",
|
|
45382
|
+
match_summary: `builtin:${check2.id}`
|
|
45383
|
+
});
|
|
45384
|
+
if (check2.action === "block")
|
|
45385
|
+
blocked = true;
|
|
45386
|
+
if (check2.action === "flag")
|
|
45387
|
+
flagged = true;
|
|
45388
|
+
break;
|
|
45389
|
+
}
|
|
45390
|
+
}
|
|
45391
|
+
}
|
|
45392
|
+
const status = blocked ? "blocked" : flagged ? "flagged" : "clean";
|
|
45393
|
+
return { status, violations };
|
|
45394
|
+
}
|
|
45351
45395
|
static scanWorkspaceFile(content) {
|
|
45352
45396
|
const violations = [];
|
|
45353
45397
|
let blocked = false;
|
|
@@ -46727,7 +46771,7 @@ function migratePersistedState(raw) {
|
|
|
46727
46771
|
messageHistory: []
|
|
46728
46772
|
};
|
|
46729
46773
|
}
|
|
46730
|
-
var POLL_INTERVAL_MS, RECONNECT_BASE_MS, RECONNECT_MAX_MS, PENDING_POLL_INTERVAL_MS, SecureChannel;
|
|
46774
|
+
var ROOM_AGENT_TYPES, POLL_INTERVAL_MS, RECONNECT_BASE_MS, RECONNECT_MAX_MS, PENDING_POLL_INTERVAL_MS, SecureChannel;
|
|
46731
46775
|
var init_channel = __esm({
|
|
46732
46776
|
async "src/channel.ts"() {
|
|
46733
46777
|
"use strict";
|
|
@@ -46736,6 +46780,13 @@ var init_channel = __esm({
|
|
|
46736
46780
|
await init_crypto_helpers();
|
|
46737
46781
|
await init_state();
|
|
46738
46782
|
init_transport2();
|
|
46783
|
+
ROOM_AGENT_TYPES = /* @__PURE__ */ new Set([
|
|
46784
|
+
"message",
|
|
46785
|
+
"text",
|
|
46786
|
+
"decision_request",
|
|
46787
|
+
"decision_response",
|
|
46788
|
+
"artifact_share"
|
|
46789
|
+
]);
|
|
46739
46790
|
POLL_INTERVAL_MS = 6e3;
|
|
46740
46791
|
RECONNECT_BASE_MS = 1e3;
|
|
46741
46792
|
RECONNECT_MAX_MS = 3e4;
|
|
@@ -49279,6 +49330,9 @@ ${messageText}`;
|
|
|
49279
49330
|
messageType = "message";
|
|
49280
49331
|
messageText = plaintext;
|
|
49281
49332
|
}
|
|
49333
|
+
if (!ROOM_AGENT_TYPES.has(messageType)) {
|
|
49334
|
+
return;
|
|
49335
|
+
}
|
|
49282
49336
|
if (!session.activated) {
|
|
49283
49337
|
session.activated = true;
|
|
49284
49338
|
console.log(
|
|
@@ -49297,7 +49351,9 @@ ${messageText}`;
|
|
|
49297
49351
|
conversationId: convId,
|
|
49298
49352
|
timestamp: msgData.created_at ?? (/* @__PURE__ */ new Date()).toISOString(),
|
|
49299
49353
|
messageType,
|
|
49300
|
-
roomId: msgData.room_id
|
|
49354
|
+
roomId: msgData.room_id,
|
|
49355
|
+
senderDeviceId: msgData.sender_device_id,
|
|
49356
|
+
roomName: this._persisted?.rooms?.[msgData.room_id]?.name
|
|
49301
49357
|
};
|
|
49302
49358
|
this.emit("room_message", {
|
|
49303
49359
|
roomId: msgData.room_id,
|
|
@@ -49472,6 +49528,9 @@ ${messageText}`;
|
|
|
49472
49528
|
messageType = "message";
|
|
49473
49529
|
messageText = plaintext;
|
|
49474
49530
|
}
|
|
49531
|
+
if (!ROOM_AGENT_TYPES.has(messageType)) {
|
|
49532
|
+
return;
|
|
49533
|
+
}
|
|
49475
49534
|
if (msgData.message_id) {
|
|
49476
49535
|
this._sendAck(msgData.message_id);
|
|
49477
49536
|
}
|
|
@@ -49484,7 +49543,9 @@ ${messageText}`;
|
|
|
49484
49543
|
conversationId: "",
|
|
49485
49544
|
timestamp: msgData.created_at ?? (/* @__PURE__ */ new Date()).toISOString(),
|
|
49486
49545
|
messageType,
|
|
49487
|
-
roomId: msgData.room_id
|
|
49546
|
+
roomId: msgData.room_id,
|
|
49547
|
+
senderDeviceId: msgData.sender_device_id,
|
|
49548
|
+
roomName: this._persisted?.rooms?.[msgData.room_id]?.name
|
|
49488
49549
|
};
|
|
49489
49550
|
this.emit("room_message", {
|
|
49490
49551
|
roomId: msgData.room_id,
|