@aion0/bastion 0.1.11 → 0.1.13

package/dist/tool-guard/taint-tracker.js

@@ -0,0 +1,70 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TaintTracker = void 0;
+const node_crypto_1 = __importDefault(require("node:crypto"));
+class TaintTracker {
+    sessionTaints = new Map();
+    ttlMs;
+    constructor(ttlMinutes = 60) {
+        this.ttlMs = ttlMinutes * 60 * 1000;
+    }
+    /** Create a fingerprint from matched content: SHA256 first 16 hex chars */
+    static fingerprint(content) {
+        return node_crypto_1.default.createHash('sha256').update(content).digest('hex').slice(0, 16);
+    }
+    markTaint(sessionId, requestId, patternName, matchedContent) {
+        const fingerprint = TaintTracker.fingerprint(matchedContent);
+        let taints = this.sessionTaints.get(sessionId);
+        if (!taints) {
+            taints = [];
+            this.sessionTaints.set(sessionId, taints);
+        }
+        taints.push({
+            sessionId,
+            requestId,
+            patternName,
+            fingerprint,
+            timestamp: Date.now(),
+        });
+        return fingerprint;
+    }
+    /** Check if tool input contains any tainted content fingerprints */
+    checkToolInput(sessionId, toolInput) {
+        const taints = this.getActiveTaints(sessionId);
+        if (taints.length === 0)
+            return null;
+        // Generate sliding-window fingerprints from tool input and check against taints
+        // For efficiency, we check if any taint fingerprint appears as a substring hash
+        for (const taint of taints) {
+            // Check if the fingerprinted content appears in tool input by re-hashing substrings
+            // This is a simplified approach: we hash various substrings of the input
+            // For practical use, we check if the original matched content reappears
+            // by comparing fingerprints of input chunks
+            const inputFingerprint = TaintTracker.fingerprint(toolInput);
+            if (inputFingerprint === taint.fingerprint) {
+                return { patternName: taint.patternName, fingerprint: taint.fingerprint };
+            }
+        }
+        return null;
+    }
+    getActiveTaints(sessionId) {
+        const taints = this.sessionTaints.get(sessionId);
+        if (!taints)
+            return [];
+        const cutoff = Date.now() - this.ttlMs;
+        // Remove expired taints
+        const active = taints.filter(t => t.timestamp > cutoff);
+        if (active.length !== taints.length) {
+            this.sessionTaints.set(sessionId, active);
+        }
+        return active;
+    }
+    cleanup(sessionId) {
+        this.sessionTaints.delete(sessionId);
+    }
+}
+exports.TaintTracker = TaintTracker;
+//# sourceMappingURL=taint-tracker.js.map

package/dist/tool-guard/taint-tracker.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"taint-tracker.js","sourceRoot":"","sources":["../../src/tool-guard/taint-tracker.ts"],"names":[],"mappings":";;;;;;AAAA,8DAAiC;AAejC,MAAa,YAAY;IACf,aAAa,GAAG,IAAI,GAAG,EAAuB,CAAC;IAC/C,KAAK,CAAS;IAEtB,YAAY,aAAqB,EAAE;QACjC,IAAI,CAAC,KAAK,GAAG,UAAU,GAAG,EAAE,GAAG,IAAI,CAAC;IACtC,CAAC;IAED,2EAA2E;IAC3E,MAAM,CAAC,WAAW,CAAC,OAAe;QAChC,OAAO,qBAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAChF,CAAC;IAED,SAAS,CAAC,SAAiB,EAAE,SAAiB,EAAE,WAAmB,EAAE,cAAsB;QACzF,MAAM,WAAW,GAAG,YAAY,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;QAC7D,IAAI,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC/C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,GAAG,EAAE,CAAC;YACZ,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAC5C,CAAC;QACD,MAAM,CAAC,IAAI,CAAC;YACV,SAAS;YACT,SAAS;YACT,WAAW;YACX,WAAW;YACX,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACtB,CAAC,CAAC;QACH,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,oEAAoE;IACpE,cAAc,CAAC,SAAiB,EAAE,SAAiB;QACjD,MAAM,MAAM,GAAG,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;QAC/C,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAErC,gFAAgF;QAChF,gFAAgF;QAChF,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,oFAAoF;YACpF,yEAAyE;YACzE,wEAAwE;YACxE,4CAA4C;YAC5C,MAAM,gBAAgB,GAAG,YAAY,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;YAC7D,IAAI,gBAAgB,KAAK,KAAK,CAAC,WAAW,EAAE,CAAC;gBAC3C,OAAO,EAAE,WAAW,EAAE,KAAK,CAAC,WAAW,EAAE,WAAW,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;YAC5E,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,eAAe,CAAC,SAAiB;QAC/B,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACjD,IAAI,CAAC,MAAM;YAAE,OAAO,EAAE,CAAC;QAEvB,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC;QACvC,wBAAwB;QACxB,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,GAAG,MAAM,CAAC,CAAC;QACxD,IAAI,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,EAAE,CAAC;YACpC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAC5C,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,OAAO,CAAC,SAAiB;QACvB,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACvC,CAAC;CACF;AAnED,oCAmEC"}

package/integration/openclaw-docker/fix-issues/not-install-brew/Dockerfile.patch

@@ -0,0 +1,31 @@
+--- Dockerfile.upstream	2026-03-02 00:45:51
++++ Dockerfile	2026-03-02 00:11:32
+@@ -89,6 +89,28 @@
+       rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*; \
+     fi
+ 
++# Optional: Install Linuxbrew for skill dependency management.
++# Build with: docker build --build-arg OPENCLAW_INSTALL_BREW=1 ...
++# Adds ~500MB but enables brew-based skill installation (uv, go, signal-cli, etc.)
++ARG OPENCLAW_INSTALL_BREW=""
++RUN if [ -n "$OPENCLAW_INSTALL_BREW" ]; then \
++      apt-get update && \
++      DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends build-essential curl file git procps && \
++      if ! id -u linuxbrew >/dev/null 2>&1; then useradd -m -s /bin/bash linuxbrew; fi && \
++      mkdir -p /home/linuxbrew/.linuxbrew && \
++      chown -R linuxbrew:linuxbrew /home/linuxbrew && \
++      su - linuxbrew -c "NONINTERACTIVE=1 CI=1 /bin/bash -c '$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)'" && \
++      if [ ! -e /home/linuxbrew/.linuxbrew/Library ]; then ln -s /home/linuxbrew/.linuxbrew/Homebrew/Library /home/linuxbrew/.linuxbrew/Library; fi && \
++      if [ ! -x /home/linuxbrew/.linuxbrew/bin/brew ]; then echo "brew install failed"; exit 1; fi && \
++      chown -R node:node /home/linuxbrew/.linuxbrew && \
++      apt-get clean && \
++      rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*; \
++    fi
++ENV HOMEBREW_PREFIX=/home/linuxbrew/.linuxbrew
++ENV HOMEBREW_CELLAR=/home/linuxbrew/.linuxbrew/Cellar
++ENV HOMEBREW_REPOSITORY=/home/linuxbrew/.linuxbrew/Homebrew
++ENV PATH="/home/linuxbrew/.linuxbrew/bin:/home/linuxbrew/.linuxbrew/sbin:${PATH}"
++
+ USER node
+ COPY --chown=node:node . .
+ # Normalize copied plugin/agent paths so plugin safety checks do not reject

package/integration/openclaw-docker/fix-issues/not-install-brew/docker-setup.sh.patch

@@ -0,0 +1,33 @@
+--- docker-setup.sh.upstream	2026-03-02 00:47:22
++++ docker-setup.sh	2026-03-02 00:31:55
+@@ -200,6 +200,7 @@
+ export OPENCLAW_GATEWAY_BIND="${OPENCLAW_GATEWAY_BIND:-lan}"
+ export OPENCLAW_IMAGE="$IMAGE_NAME"
+ export OPENCLAW_DOCKER_APT_PACKAGES="${OPENCLAW_DOCKER_APT_PACKAGES:-}"
++export OPENCLAW_INSTALL_BREW="${OPENCLAW_INSTALL_BREW:-}"
+ export OPENCLAW_EXTRA_MOUNTS="$EXTRA_MOUNTS"
+ export OPENCLAW_HOME_VOLUME="$HOME_VOLUME_NAME"
+ export OPENCLAW_ALLOW_INSECURE_PRIVATE_WS="${OPENCLAW_ALLOW_INSECURE_PRIVATE_WS:-}"
+@@ -382,13 +383,20 @@
+   OPENCLAW_DOCKER_SOCKET \
+   DOCKER_GID \
+   OPENCLAW_INSTALL_DOCKER_CLI \
+-  OPENCLAW_ALLOW_INSECURE_PRIVATE_WS
++  OPENCLAW_ALLOW_INSECURE_PRIVATE_WS \
++  OPENCLAW_INSTALL_BREW
+ 
+-if [[ "$IMAGE_NAME" == "openclaw:local" ]]; then
++if [[ -n "${OPENCLAW_SKIP_BUILD:-}" ]]; then
++  echo "==> Skipping image build/pull (OPENCLAW_SKIP_BUILD is set)"
++  if ! docker image inspect "$IMAGE_NAME" >/dev/null 2>&1; then
++    fail "Image '$IMAGE_NAME' not found locally. Run 'bastion openclaw build' first."
++  fi
++elif [[ "$IMAGE_NAME" == "openclaw:local" ]]; then
+   echo "==> Building Docker image: $IMAGE_NAME"
+   docker build \
+     --build-arg "OPENCLAW_DOCKER_APT_PACKAGES=${OPENCLAW_DOCKER_APT_PACKAGES}" \
+     --build-arg "OPENCLAW_INSTALL_DOCKER_CLI=${OPENCLAW_INSTALL_DOCKER_CLI:-}" \
++    --build-arg "OPENCLAW_INSTALL_BREW=${OPENCLAW_INSTALL_BREW}" \
+     -t "$IMAGE_NAME" \
+     -f "$ROOT_DIR/Dockerfile" \
+     "$ROOT_DIR"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aion0/bastion",
-  "version": "0.1.11",
+  "version": "0.1.13",
   "description": "Local-first AI gateway for proxying and securing LLM provider requests",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/dist/license/verify.d.ts

@@ -1,18 +0,0 @@
-export interface LicensePayload {
-    plan: string;
-    expiresAt: string;
-    features: string[];
-}
-export interface LicenseResult {
-    valid: boolean;
-    payload?: LicensePayload;
-    reason?: string;
-}
-/**
- * Verify a signed license token.
- *
- * Returns { valid: true, payload } on success,
- * or { valid: false, reason } on failure.
- */
-export declare function verifyLicenseToken(token: unknown): LicenseResult;
-//# sourceMappingURL=verify.d.ts.map

package/dist/license/verify.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../../src/license/verify.ts"],"names":[],"mappings":"AAiBA,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,OAAO,CAAC;IACf,OAAO,CAAC,EAAE,cAAc,CAAC;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,OAAO,GAAG,aAAa,CAmDhE"}

package/dist/license/verify.js

@@ -1,71 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.verifyLicenseToken = verifyLicenseToken;
-const node_crypto_1 = __importDefault(require("node:crypto"));
-/**
- * Bastion Pro license verification.
- *
- * License token format: base64(JSON payload) + '.' + base64(Ed25519 signature)
- *
- * The Pro plugin sets a signed token; we verify it here with the embedded
- * public key so a forged plugin cannot simply claim `valid: true`.
- */
-// Ed25519 public key (PEM) — only Bastion can sign with the corresponding private key.
-// Replace this with the real production key before shipping.
-const LICENSE_PUBLIC_KEY = `-----BEGIN PUBLIC KEY-----
-MCowBQYDK2VwAyEAPlr2YjKxlMzVGOZ2WFmYOFCT3JHaFz8rECPFwbzVSXg=
------END PUBLIC KEY-----`;
-/**
- * Verify a signed license token.
- *
- * Returns { valid: true, payload } on success,
- * or { valid: false, reason } on failure.
- */
-function verifyLicenseToken(token) {
-    if (typeof token !== 'string' || !token.includes('.')) {
-        return { valid: false, reason: 'malformed token' };
-    }
-    const dotIndex = token.lastIndexOf('.');
-    const payloadB64 = token.slice(0, dotIndex);
-    const signatureB64 = token.slice(dotIndex + 1);
-    // Verify signature
-    let signatureValid;
-    try {
-        const key = node_crypto_1.default.createPublicKey(LICENSE_PUBLIC_KEY);
-        signatureValid = node_crypto_1.default.verify(null, // Ed25519 does not use a separate hash algorithm
-        Buffer.from(payloadB64, 'base64'), key, Buffer.from(signatureB64, 'base64'));
-    }
-    catch {
-        return { valid: false, reason: 'signature verification error' };
-    }
-    if (!signatureValid) {
-        return { valid: false, reason: 'invalid signature' };
-    }
-    // Decode payload
-    let payload;
-    try {
-        payload = JSON.parse(Buffer.from(payloadB64, 'base64').toString('utf-8'));
-    }
-    catch {
-        return { valid: false, reason: 'invalid payload' };
-    }
-    // Check expiry
-    if (typeof payload.expiresAt === 'string') {
-        const exp = new Date(payload.expiresAt);
-        if (exp.getTime() < Date.now()) {
-            return { valid: false, reason: 'license expired' };
-        }
-    }
-    return {
-        valid: true,
-        payload: {
-            plan: payload.plan ?? 'pro',
-            expiresAt: payload.expiresAt ?? '',
-            features: payload.features ?? [],
-        },
-    };
-}
-//# sourceMappingURL=verify.js.map

package/dist/license/verify.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"verify.js","sourceRoot":"","sources":["../../src/license/verify.ts"],"names":[],"mappings":";;;;;AAmCA,gDAmDC;AAtFD,8DAAiC;AAEjC;;;;;;;GAOG;AAEH,uFAAuF;AACvF,6DAA6D;AAC7D,MAAM,kBAAkB,GAAG;;yBAEF,CAAC;AAc1B;;;;;GAKG;AACH,SAAgB,kBAAkB,CAAC,KAAc;IAC/C,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACtD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;IACrD,CAAC;IAED,MAAM,QAAQ,GAAG,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IAC5C,MAAM,YAAY,GAAG,KAAK,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;IAE/C,mBAAmB;IACnB,IAAI,cAAuB,CAAC;IAC5B,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,qBAAM,CAAC,eAAe,CAAC,kBAAkB,CAAC,CAAC;QACvD,cAAc,GAAG,qBAAM,CAAC,MAAM,CAC5B,IAAI,EAAE,iDAAiD;QACvD,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,EACjC,GAAG,EACH,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,CACpC,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,8BAA8B,EAAE,CAAC;IAClE,CAAC;IAED,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;IACvD,CAAC;IAED,iBAAiB;IACjB,IAAI,OAAgC,CAAC;IACrC,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAC5E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;IACrD,CAAC;IAED,eAAe;IACf,IAAI,OAAO,OAAO,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;QAC1C,MAAM,GAAG,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACxC,IAAI,GAAG,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAC/B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;QACrD,CAAC;IACH,CAAC;IAED,OAAO;QACL,KAAK,EAAE,IAAI;QACX,OAAO,EAAE;YACP,IAAI,EAAG,OAAO,CAAC,IAAe,IAAI,KAAK;YACvC,SAAS,EAAG,OAAO,CAAC,SAAoB,IAAI,EAAE;YAC9C,QAAQ,EAAG,OAAO,CAAC,QAAqB,IAAI,EAAE;SAC/C;KACF,CAAC;AACJ,CAAC"}