@clawdstrike/openclaw 0.1.2 → 0.2.1

package/dist/engine-holder.js

@@ -5,7 +5,7 @@
  * so that a single PolicyEngine instance is created and reused across
  * the entire plugin lifecycle.
  */
-import { PolicyEngine } from './policy/engine.js';
+import { PolicyEngine } from "./policy/engine.js";
 let sharedEngine = null;
 /**
  * Create (or replace) the shared PolicyEngine with the given config.

package/dist/guards/egress.d.ts

@@ -3,8 +3,8 @@
  *
  * Enforces network egress allowlist/denylist policies.
  */
-import type { PolicyEvent, Policy, GuardResult, EventType } from '../types.js';
-import { BaseGuard } from './types.js';
+import type { EventType, GuardResult, Policy, PolicyEvent } from "../types.js";
+import { BaseGuard } from "./types.js";
 /**
  * EgressGuard - enforces network egress policy
  */

package/dist/guards/egress.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"egress.d.ts","sourceRoot":"","sources":["../../src/guards/egress.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAC/E,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAoDvC;;GAEG;AACH,qBAAa,WAAY,SAAQ,SAAS;IACxC,IAAI,IAAI,MAAM;IAId,OAAO,IAAI,SAAS,EAAE;IAIhB,KAAK,CAAC,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAIrE,SAAS,CAAC,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,GAAG,WAAW;IAiD1D;;OAEG;IACH,OAAO,CAAC,aAAa;IAqCrB;;OAEG;IACH,OAAO,CAAC,WAAW;CA4BpB"}
+{"version":3,"file":"egress.d.ts","sourceRoot":"","sources":["../../src/guards/egress.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC/E,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAoDvC;;GAEG;AACH,qBAAa,WAAY,SAAQ,SAAS;IACxC,IAAI,IAAI,MAAM;IAId,OAAO,IAAI,SAAS,EAAE;IAIhB,KAAK,CAAC,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAIrE,SAAS,CAAC,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,GAAG,WAAW;IA2C1D;;OAEG;IACH,OAAO,CAAC,aAAa;IAmCrB;;OAEG;IACH,OAAO,CAAC,WAAW;CA4BpB"}

package/dist/guards/egress.js

@@ -3,65 +3,65 @@
  *
  * Enforces network egress allowlist/denylist policies.
  */
-import { minimatch } from 'minimatch';
-import { BaseGuard } from './types.js';
+import { minimatch } from "minimatch";
+import { BaseGuard } from "./types.js";
 /**
  * Default denied domains when no policy is specified
  */
 const DEFAULT_DENIED_DOMAINS = [
-    '*.onion',
-    'localhost',
-    '127.*',
-    '10.*',
-    '192.168.*',
-    '172.16.*',
-    '172.17.*',
-    '172.18.*',
-    '172.19.*',
-    '172.20.*',
-    '172.21.*',
-    '172.22.*',
-    '172.23.*',
-    '172.24.*',
-    '172.25.*',
-    '172.26.*',
-    '172.27.*',
-    '172.28.*',
-    '172.29.*',
-    '172.30.*',
-    '172.31.*',
-    '0.0.0.0',
-    '[::1]',
-    '[::0]',
-    '::1',
-    '::0',
-    '169.254.*',
-    'fe80:*',
-    'fc00:*',
-    'fd00:*',
-    'fd[0-9a-f][0-9a-f]:*',
+    "*.onion",
+    "localhost",
+    "127.*",
+    "10.*",
+    "192.168.*",
+    "172.16.*",
+    "172.17.*",
+    "172.18.*",
+    "172.19.*",
+    "172.20.*",
+    "172.21.*",
+    "172.22.*",
+    "172.23.*",
+    "172.24.*",
+    "172.25.*",
+    "172.26.*",
+    "172.27.*",
+    "172.28.*",
+    "172.29.*",
+    "172.30.*",
+    "172.31.*",
+    "0.0.0.0",
+    "[::1]",
+    "[::0]",
+    "::1",
+    "::0",
+    "169.254.*",
+    "fe80:*",
+    "fc00:*",
+    "fd00:*",
+    "fd[0-9a-f][0-9a-f]:*",
 ];
 /**
  * Default allowed domains for AI agent operations
  */
 const DEFAULT_ALLOWED_DOMAINS = [
-    'api.anthropic.com',
-    'api.openai.com',
-    'pypi.org',
-    'registry.npmjs.org',
-    'crates.io',
-    '*.github.com',
-    '*.githubusercontent.com',
+    "api.anthropic.com",
+    "api.openai.com",
+    "pypi.org",
+    "registry.npmjs.org",
+    "crates.io",
+    "*.github.com",
+    "*.githubusercontent.com",
 ];
 /**
  * EgressGuard - enforces network egress policy
  */
 export class EgressGuard extends BaseGuard {
     name() {
-        return 'egress';
+        return "egress";
     }
     handles() {
-        return ['network_egress'];
+        return ["network_egress"];
     }
     async check(event, policy) {
         return this.checkSync(event, policy);
@@ -69,7 +69,7 @@ export class EgressGuard extends BaseGuard {
     checkSync(event, policy) {
         const data = event.data;
         // Only handle network events
-        if (data.type !== 'network') {
+        if (data.type !== "network") {
             return this.allow();
         }
         const host = data.host.toLowerCase();
@@ -77,27 +77,27 @@ export class EgressGuard extends BaseGuard {
         // Get configured lists or defaults
         const deniedDomains = egressPolicy?.denied_domains ?? DEFAULT_DENIED_DOMAINS;
         const allowedDomains = egressPolicy?.allowed_domains ?? DEFAULT_ALLOWED_DOMAINS;
-        const mode = egressPolicy?.mode ?? 'allowlist';
+        const mode = egressPolicy?.mode ?? "allowlist";
         // Always check denied domains first (takes precedence)
         if (this.matchesDomain(host, deniedDomains)) {
             return this.deny(`Egress to denied domain: ${host}`, this.getSeverity(host));
         }
         // Handle different modes
         switch (mode) {
-            case 'deny_all':
-                return this.deny(`Egress denied (deny_all mode): ${host}`, 'high');
-            case 'open':
+            case "deny_all":
+                return this.deny(`Egress denied (deny_all mode): ${host}`, "high");
+            case "open":
                 return this.allow();
-            case 'denylist':
+            case "denylist":
                 // In denylist mode, only deny explicitly listed domains
                 return this.allow();
-            case 'allowlist':
+            case "allowlist":
             default:
                 // In allowlist mode, only allow explicitly listed domains
                 if (this.matchesDomain(host, allowedDomains)) {
                     return this.allow();
                 }
-                return this.deny(`Egress to non-allowlisted domain: ${host}`, 'medium');
+                return this.deny(`Egress to non-allowlisted domain: ${host}`, "medium");
         }
     }
     /**
@@ -111,17 +111,15 @@ export class EgressGuard extends BaseGuard {
                 return true;
             }
             // Wildcard subdomain match (*.example.com)
-            if (normalizedPattern.startsWith('*.')) {
+            if (normalizedPattern.startsWith("*.")) {
                 const baseDomain = normalizedPattern.slice(2);
-                if (host === baseDomain || host.endsWith('.' + baseDomain)) {
+                if (host === baseDomain || host.endsWith("." + baseDomain)) {
                     return true;
                 }
             }
             // IP range match (e.g., 192.168.*)
-            if (normalizedPattern.includes('*')) {
-                const regexPattern = normalizedPattern
-                    .replace(/\./g, '\\.')
-                    .replace(/\*/g, '.*');
+            if (normalizedPattern.includes("*")) {
+                const regexPattern = normalizedPattern.replace(/\./g, "\\.").replace(/\*/g, ".*");
                 const regex = new RegExp(`^${regexPattern}$`);
                 if (regex.test(host)) {
                     return true;
@@ -139,27 +137,27 @@ export class EgressGuard extends BaseGuard {
      */
     getSeverity(host) {
         // Tor/onion domains are critical
-        if (host.endsWith('.onion')) {
-            return 'critical';
+        if (host.endsWith(".onion")) {
+            return "critical";
         }
         // Localhost/private IPs are high
-        if (host === 'localhost' ||
-            host === '0.0.0.0' ||
-            host === '[::1]' ||
-            host === '::1' ||
-            host === '[::0]' ||
-            host === '::0' ||
-            host.startsWith('127.') ||
-            host.startsWith('10.') ||
-            host.startsWith('192.168.') ||
-            host.startsWith('172.') ||
-            host.startsWith('169.254.') ||
-            host.startsWith('fe80:') ||
-            host.startsWith('fc00:') ||
+        if (host === "localhost" ||
+            host === "0.0.0.0" ||
+            host === "[::1]" ||
+            host === "::1" ||
+            host === "[::0]" ||
+            host === "::0" ||
+            host.startsWith("127.") ||
+            host.startsWith("10.") ||
+            host.startsWith("192.168.") ||
+            host.startsWith("172.") ||
+            host.startsWith("169.254.") ||
+            host.startsWith("fe80:") ||
+            host.startsWith("fc00:") ||
             /^fd[0-9a-f]{2}:/.test(host)) {
-            return 'high';
+            return "high";
         }
-        return 'medium';
+        return "medium";
     }
 }
 //# sourceMappingURL=egress.js.map

package/dist/guards/egress.js.map

@@ -1 +1 @@
-{"version":3,"file":"egress.js","sourceRoot":"","sources":["../../src/guards/egress.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAEtC,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEvC;;GAEG;AACH,MAAM,sBAAsB,GAAG;IAC7B,SAAS;IACT,WAAW;IACX,OAAO;IACP,MAAM;IACN,WAAW;IACX,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,SAAS;IACT,OAAO;IACP,OAAO;IACP,KAAK;IACL,KAAK;IACL,WAAW;IACX,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,sBAAsB;CACvB,CAAC;AAEF;;GAEG;AACH,MAAM,uBAAuB,GAAG;IAC9B,mBAAmB;IACnB,gBAAgB;IAChB,UAAU;IACV,oBAAoB;IACpB,WAAW;IACX,cAAc;IACd,yBAAyB;CAC1B,CAAC;AAEF;;GAEG;AACH,MAAM,OAAO,WAAY,SAAQ,SAAS;IACxC,IAAI;QACF,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,OAAO;QACL,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,KAAkB,EAAE,MAAc;QAC5C,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IACvC,CAAC;IAED,SAAS,CAAC,KAAkB,EAAE,MAAc;QAC1C,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC;QAExB,6BAA6B;QAC7B,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC;QACtB,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;QACrC,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC;QAEnC,mCAAmC;QACnC,MAAM,aAAa,GAAG,YAAY,EAAE,cAAc,IAAI,sBAAsB,CAAC;QAC7E,MAAM,cAAc,GAAG,YAAY,EAAE,eAAe,IAAI,uBAAuB,CAAC;QAChF,MAAM,IAAI,GAAG,YAAY,EAAE,IAAI,IAAI,WAAW,CAAC;QAE/C,uDAAuD;QACvD,IAAI,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,aAAa,CAAC,EAAE,CAAC;YAC5C,OAAO,IAAI,CAAC,IAAI,CACd,4BAA4B,IAAI,EAAE,EAClC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CACvB,CAAC;QACJ,CAAC;QAED,yBAAyB;QACzB,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,UAAU;gBACb,OAAO,IAAI,CAAC,IAAI,CAAC,kCAAkC,IAAI,EAAE,EAAE,MAAM,CAAC,CAAC;YAErE,KAAK,MAAM;gBACT,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC;YAEtB,KAAK,UAAU;gBACb,wDAAwD;gBACxD,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC;YAEtB,KAAK,WAAW,CAAC;YACjB;gBACE,0DAA0D;gBAC1D,IAAI,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,CAAC;oBAC7C,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC;gBACtB,CAAC;gBACD,OAAO,IAAI,CAAC,IAAI,CACd,qCAAqC,IAAI,EAAE,EAC3C,QAAQ,CACT,CAAC;QACN,CAAC;IACH,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,IAAY,EAAE,QAAkB;QACpD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,iBAAiB,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;YAEhD,cAAc;YACd,IAAI,IAAI,KAAK,iBAAiB,EAAE,CAAC;gBAC/B,OAAO,IAAI,CAAC;YACd,CAAC;YAED,2CAA2C;YAC3C,IAAI,iBAAiB,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvC,MAAM,UAAU,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC9C,IAAI,IAAI,KAAK,UAAU,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,GAAG,UAAU,CAAC,EAAE,CAAC;oBAC3D,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAED,mCAAmC;YACnC,IAAI,iBAAiB,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACpC,MAAM,YAAY,GAAG,iBAAiB;qBACnC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC;qBACrB,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;gBACxB,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,YAAY,GAAG,CAAC,CAAC;gBAC9C,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACrB,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAED,qCAAqC;YACrC,IAAI,SAAS,CAAC,IAAI,EAAE,iBAAiB,CAAC,EAAE,CAAC;gBACvC,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACK,WAAW,CAAC,IAAY;QAC9B,iCAAiC;QACjC,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5B,OAAO,UAAU,CAAC;QACpB,CAAC;QAED,iCAAiC;QACjC,IACE,IAAI,KAAK,WAAW;YACpB,IAAI,KAAK,SAAS;YAClB,IAAI,KAAK,OAAO;YAChB,IAAI,KAAK,KAAK;YACd,IAAI,KAAK,OAAO;YAChB,IAAI,KAAK,KAAK;YACd,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC;YACvB,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;YACtB,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;YAC3B,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC;YACvB,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;YAC3B,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;YACxB,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;YACxB,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAC5B,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}
+{"version":3,"file":"egress.js","sourceRoot":"","sources":["../../src/guards/egress.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAEtC,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEvC;;GAEG;AACH,MAAM,sBAAsB,GAAG;IAC7B,SAAS;IACT,WAAW;IACX,OAAO;IACP,MAAM;IACN,WAAW;IACX,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,SAAS;IACT,OAAO;IACP,OAAO;IACP,KAAK;IACL,KAAK;IACL,WAAW;IACX,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,sBAAsB;CACvB,CAAC;AAEF;;GAEG;AACH,MAAM,uBAAuB,GAAG;IAC9B,mBAAmB;IACnB,gBAAgB;IAChB,UAAU;IACV,oBAAoB;IACpB,WAAW;IACX,cAAc;IACd,yBAAyB;CAC1B,CAAC;AAEF;;GAEG;AACH,MAAM,OAAO,WAAY,SAAQ,SAAS;IACxC,IAAI;QACF,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,OAAO;QACL,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,KAAkB,EAAE,MAAc;QAC5C,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IACvC,CAAC;IAED,SAAS,CAAC,KAAkB,EAAE,MAAc;QAC1C,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC;QAExB,6BAA6B;QAC7B,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC;QACtB,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;QACrC,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC;QAEnC,mCAAmC;QACnC,MAAM,aAAa,GAAG,YAAY,EAAE,cAAc,IAAI,sBAAsB,CAAC;QAC7E,MAAM,cAAc,GAAG,YAAY,EAAE,eAAe,IAAI,uBAAuB,CAAC;QAChF,MAAM,IAAI,GAAG,YAAY,EAAE,IAAI,IAAI,WAAW,CAAC;QAE/C,uDAAuD;QACvD,IAAI,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,aAAa,CAAC,EAAE,CAAC;YAC5C,OAAO,IAAI,CAAC,IAAI,CAAC,4BAA4B,IAAI,EAAE,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC;QAC/E,CAAC;QAED,yBAAyB;QACzB,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,UAAU;gBACb,OAAO,IAAI,CAAC,IAAI,CAAC,kCAAkC,IAAI,EAAE,EAAE,MAAM,CAAC,CAAC;YAErE,KAAK,MAAM;gBACT,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC;YAEtB,KAAK,UAAU;gBACb,wDAAwD;gBACxD,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC;YAEtB,KAAK,WAAW,CAAC;YACjB;gBACE,0DAA0D;gBAC1D,IAAI,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,CAAC;oBAC7C,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC;gBACtB,CAAC;gBACD,OAAO,IAAI,CAAC,IAAI,CAAC,qCAAqC,IAAI,EAAE,EAAE,QAAQ,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,IAAY,EAAE,QAAkB;QACpD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,iBAAiB,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;YAEhD,cAAc;YACd,IAAI,IAAI,KAAK,iBAAiB,EAAE,CAAC;gBAC/B,OAAO,IAAI,CAAC;YACd,CAAC;YAED,2CAA2C;YAC3C,IAAI,iBAAiB,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvC,MAAM,UAAU,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC9C,IAAI,IAAI,KAAK,UAAU,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,GAAG,UAAU,CAAC,EAAE,CAAC;oBAC3D,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAED,mCAAmC;YACnC,IAAI,iBAAiB,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACpC,MAAM,YAAY,GAAG,iBAAiB,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;gBAClF,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,YAAY,GAAG,CAAC,CAAC;gBAC9C,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACrB,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAED,qCAAqC;YACrC,IAAI,SAAS,CAAC,IAAI,EAAE,iBAAiB,CAAC,EAAE,CAAC;gBACvC,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACK,WAAW,CAAC,IAAY;QAC9B,iCAAiC;QACjC,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5B,OAAO,UAAU,CAAC;QACpB,CAAC;QAED,iCAAiC;QACjC,IACE,IAAI,KAAK,WAAW;YACpB,IAAI,KAAK,SAAS;YAClB,IAAI,KAAK,OAAO;YAChB,IAAI,KAAK,KAAK;YACd,IAAI,KAAK,OAAO;YAChB,IAAI,KAAK,KAAK;YACd,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC;YACvB,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;YACtB,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;YAC3B,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC;YACvB,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;YAC3B,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;YACxB,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;YACxB,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAC5B,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}

package/dist/guards/forbidden-path.d.ts

@@ -3,8 +3,8 @@
  *
  * Blocks access to sensitive filesystem paths.
  */
-import type { PolicyEvent, Policy, GuardResult, EventType } from '../types.js';
-import { BaseGuard } from './types.js';
+import type { EventType, GuardResult, Policy, PolicyEvent } from "../types.js";
+import { BaseGuard } from "./types.js";
 /**
  * ForbiddenPathGuard - blocks access to sensitive paths
  */

package/dist/guards/forbidden-path.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"forbidden-path.d.ts","sourceRoot":"","sources":["../../src/guards/forbidden-path.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAC/E,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AA4BvC;;GAEG;AACH,qBAAa,kBAAmB,SAAQ,SAAS;IAC/C,IAAI,IAAI,MAAM;IAId,OAAO,IAAI,SAAS,EAAE;IAIhB,KAAK,CAAC,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAIrE,SAAS,CAAC,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,GAAG,WAAW;IAiC1D;;;OAGG;IACH,OAAO,CAAC,gBAAgB;CAuDzB"}
+{"version":3,"file":"forbidden-path.d.ts","sourceRoot":"","sources":["../../src/guards/forbidden-path.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,OAAO,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC/E,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AA4BvC;;GAEG;AACH,qBAAa,kBAAmB,SAAQ,SAAS;IAC/C,IAAI,IAAI,MAAM;IAId,OAAO,IAAI,SAAS,EAAE;IAIhB,KAAK,CAAC,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAIrE,SAAS,CAAC,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,GAAG,WAAW;IA8B1D;;;OAGG;IACH,OAAO,CAAC,gBAAgB;CAqDzB"}

package/dist/guards/forbidden-path.js

@@ -3,44 +3,44 @@
  *
  * Blocks access to sensitive filesystem paths.
  */
-import { minimatch } from 'minimatch';
-import { homedir } from 'os';
-import { resolve, normalize } from 'path';
-import { BaseGuard } from './types.js';
+import { minimatch } from "minimatch";
+import { homedir } from "os";
+import { normalize, resolve } from "path";
+import { BaseGuard } from "./types.js";
 /**
  * Default forbidden paths when no policy is specified
  */
 const DEFAULT_FORBIDDEN_PATHS = [
-    '~/.ssh',
-    '~/.ssh/*',
-    '~/.aws',
-    '~/.aws/*',
-    '~/.gnupg',
-    '~/.gnupg/*',
-    '~/.config/gcloud',
-    '~/.config/gcloud/*',
-    '/etc/shadow',
-    '/etc/passwd',
-    '.env',
-    '**/.env',
-    '**/.env.*',
-    '*.pem',
-    '**/*.pem',
-    '*.key',
-    '**/*.key',
-    '**/id_rsa',
-    '**/id_ed25519',
-    '**/id_ecdsa',
+    "~/.ssh",
+    "~/.ssh/*",
+    "~/.aws",
+    "~/.aws/*",
+    "~/.gnupg",
+    "~/.gnupg/*",
+    "~/.config/gcloud",
+    "~/.config/gcloud/*",
+    "/etc/shadow",
+    "/etc/passwd",
+    ".env",
+    "**/.env",
+    "**/.env.*",
+    "*.pem",
+    "**/*.pem",
+    "*.key",
+    "**/*.key",
+    "**/id_rsa",
+    "**/id_ed25519",
+    "**/id_ecdsa",
 ];
 /**
  * ForbiddenPathGuard - blocks access to sensitive paths
  */
 export class ForbiddenPathGuard extends BaseGuard {
     name() {
-        return 'forbidden_path';
+        return "forbidden_path";
     }
     handles() {
-        return ['file_read', 'file_write'];
+        return ["file_read", "file_write"];
     }
     async check(event, policy) {
         return this.checkSync(event, policy);
@@ -48,20 +48,20 @@ export class ForbiddenPathGuard extends BaseGuard {
     checkSync(event, policy) {
         const data = event.data;
         // Only handle file events
-        if (data.type !== 'file') {
+        if (data.type !== "file") {
             return this.allow();
         }
         const path = data.path;
         // Reject paths containing null bytes (path injection attack)
-        if (path.includes('\0')) {
-            return this.deny('Path contains null byte: null_byte_injection', 'critical');
+        if (path.includes("\0")) {
+            return this.deny("Path contains null byte: null_byte_injection", "critical");
         }
         const forbiddenPaths = policy.filesystem?.forbidden_paths ?? DEFAULT_FORBIDDEN_PATHS;
         // Check against forbidden paths
         const normalizedPath = normalizePath(path);
         const matchedPattern = this.matchesForbidden(normalizedPath, forbiddenPaths);
         if (matchedPattern) {
-            return this.deny(`Access to forbidden path: ${path} (matches pattern: ${matchedPattern})`, 'critical');
+            return this.deny(`Access to forbidden path: ${path} (matches pattern: ${matchedPattern})`, "critical");
         }
         return this.allow();
     }
@@ -73,17 +73,15 @@ export class ForbiddenPathGuard extends BaseGuard {
         const home = homedir();
         for (const pattern of patterns) {
             // Expand ~ in pattern to actual home directory
-            const expandedPattern = pattern.startsWith('~')
-                ? pattern.replace(/^~/, home)
-                : pattern;
+            const expandedPattern = pattern.startsWith("~") ? pattern.replace(/^~/, home) : pattern;
             // Check exact match
             if (path === expandedPattern) {
                 return pattern;
             }
             // Check if path is inside a forbidden directory
             // e.g., ~/.ssh should match /Users/test/.ssh/id_rsa
-            if (!expandedPattern.includes('*') && !expandedPattern.includes('?')) {
-                if (path.startsWith(expandedPattern + '/') || path === expandedPattern) {
+            if (!expandedPattern.includes("*") && !expandedPattern.includes("?")) {
+                if (path.startsWith(expandedPattern + "/") || path === expandedPattern) {
                     return pattern;
                 }
             }
@@ -92,23 +90,23 @@ export class ForbiddenPathGuard extends BaseGuard {
                 return pattern;
             }
             // Check basename match for patterns like ".env" or "*.pem"
-            const basename = path.split('/').pop() ?? '';
+            const basename = path.split("/").pop() ?? "";
             // Only apply basename matching for patterns without slashes
-            if (!pattern.includes('/')) {
+            if (!pattern.includes("/")) {
                 if (minimatch(basename, pattern, { dot: true })) {
                     return pattern;
                 }
             }
             // For patterns starting with **/, match anywhere in path
-            if (pattern.startsWith('**/')) {
+            if (pattern.startsWith("**/")) {
                 const patternSuffix = pattern.slice(3);
                 if (minimatch(basename, patternSuffix, { dot: true })) {
                     return pattern;
                 }
                 // Also try matching from any path component
-                const pathParts = path.split('/');
+                const pathParts = path.split("/");
                 for (let i = 0; i < pathParts.length; i++) {
-                    const subPath = pathParts.slice(i).join('/');
+                    const subPath = pathParts.slice(i).join("/");
                     if (minimatch(subPath, patternSuffix, { dot: true })) {
                         return pattern;
                     }
@@ -123,13 +121,13 @@ export class ForbiddenPathGuard extends BaseGuard {
  */
 function normalizePath(path) {
     // Strip null bytes to prevent path injection
-    path = path.replace(/\0/g, '');
+    path = path.replace(/\0/g, "");
     // Expand ~
-    if (path.startsWith('~')) {
+    if (path.startsWith("~")) {
         path = path.replace(/^~/, homedir());
     }
     // Resolve to absolute if not a glob pattern
-    if (!path.includes('*') && !path.includes('?')) {
+    if (!path.includes("*") && !path.includes("?")) {
         path = resolve(path);
     }
     // Normalize slashes

package/dist/guards/forbidden-path.js.map

@@ -1 +1 @@
-{"version":3,"file":"forbidden-path.js","sourceRoot":"","sources":["../../src/guards/forbidden-path.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAC7B,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAE1C,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEvC;;GAEG;AACH,MAAM,uBAAuB,GAAG;IAC9B,QAAQ;IACR,UAAU;IACV,QAAQ;IACR,UAAU;IACV,UAAU;IACV,YAAY;IACZ,kBAAkB;IAClB,oBAAoB;IACpB,aAAa;IACb,aAAa;IACb,MAAM;IACN,SAAS;IACT,WAAW;IACX,OAAO;IACP,UAAU;IACV,OAAO;IACP,UAAU;IACV,WAAW;IACX,eAAe;IACf,aAAa;CACd,CAAC;AAEF;;GAEG;AACH,MAAM,OAAO,kBAAmB,SAAQ,SAAS;IAC/C,IAAI;QACF,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IAED,OAAO;QACL,OAAO,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;IACrC,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,KAAkB,EAAE,MAAc;QAC5C,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IACvC,CAAC;IAED,SAAS,CAAC,KAAkB,EAAE,MAAc;QAC1C,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC;QAExB,0BAA0B;QAC1B,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC;QACtB,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;QAEvB,6DAA6D;QAC7D,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC,IAAI,CACd,8CAA8C,EAC9C,UAAU,CACX,CAAC;QACJ,CAAC;QACD,MAAM,cAAc,GAAG,MAAM,CAAC,UAAU,EAAE,eAAe,IAAI,uBAAuB,CAAC;QAErF,gCAAgC;QAChC,MAAM,cAAc,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;QAC3C,MAAM,cAAc,GAAG,IAAI,CAAC,gBAAgB,CAAC,cAAc,EAAE,cAAc,CAAC,CAAC;QAE7E,IAAI,cAAc,EAAE,CAAC;YACnB,OAAO,IAAI,CAAC,IAAI,CACd,6BAA6B,IAAI,sBAAsB,cAAc,GAAG,EACxE,UAAU,CACX,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC;IACtB,CAAC;IAED;;;OAGG;IACK,gBAAgB,CAAC,IAAY,EAAE,QAAkB;QACvD,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;QAEvB,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,+CAA+C;YAC/C,MAAM,eAAe,GAAG,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;gBAC7C,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC;gBAC7B,CAAC,CAAC,OAAO,CAAC;YAEZ,oBAAoB;YACpB,IAAI,IAAI,KAAK,eAAe,EAAE,CAAC;gBAC7B,OAAO,OAAO,CAAC;YACjB,CAAC;YAED,gDAAgD;YAChD,oDAAoD;YACpD,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACrE,IAAI,IAAI,CAAC,UAAU,CAAC,eAAe,GAAG,GAAG,CAAC,IAAI,IAAI,KAAK,eAAe,EAAE,CAAC;oBACvE,OAAO,OAAO,CAAC;gBACjB,CAAC;YACH,CAAC;YAED,0CAA0C;YAC1C,IAAI,SAAS,CAAC,IAAI,EAAE,eAAe,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;gBACtE,OAAO,OAAO,CAAC;YACjB,CAAC;YAED,2DAA2D;YAC3D,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;YAC7C,4DAA4D;YAC5D,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC3B,IAAI,SAAS,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;oBAChD,OAAO,OAAO,CAAC;gBACjB,CAAC;YACH,CAAC;YAED,yDAAyD;YACzD,IAAI,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC9B,MAAM,aAAa,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBACvC,IAAI,SAAS,CAAC,QAAQ,EAAE,aAAa,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;oBACtD,OAAO,OAAO,CAAC;gBACjB,CAAC;gBACD,4CAA4C;gBAC5C,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC1C,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;oBAC7C,IAAI,SAAS,CAAC,OAAO,EAAE,aAAa,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;wBACrD,OAAO,OAAO,CAAC;oBACjB,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,IAAY;IACjC,6CAA6C;IAC7C,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAE/B,WAAW;IACX,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACzB,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;IACvC,CAAC;IAED,4CAA4C;IAC5C,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACvB,CAAC;IAED,oBAAoB;IACpB,OAAO,SAAS,CAAC,IAAI,CAAC,CAAC;AACzB,CAAC"}
+{"version":3,"file":"forbidden-path.js","sourceRoot":"","sources":["../../src/guards/forbidden-path.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAC7B,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAE1C,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEvC;;GAEG;AACH,MAAM,uBAAuB,GAAG;IAC9B,QAAQ;IACR,UAAU;IACV,QAAQ;IACR,UAAU;IACV,UAAU;IACV,YAAY;IACZ,kBAAkB;IAClB,oBAAoB;IACpB,aAAa;IACb,aAAa;IACb,MAAM;IACN,SAAS;IACT,WAAW;IACX,OAAO;IACP,UAAU;IACV,OAAO;IACP,UAAU;IACV,WAAW;IACX,eAAe;IACf,aAAa;CACd,CAAC;AAEF;;GAEG;AACH,MAAM,OAAO,kBAAmB,SAAQ,SAAS;IAC/C,IAAI;QACF,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IAED,OAAO;QACL,OAAO,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;IACrC,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,KAAkB,EAAE,MAAc;QAC5C,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IACvC,CAAC;IAED,SAAS,CAAC,KAAkB,EAAE,MAAc;QAC1C,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC;QAExB,0BAA0B;QAC1B,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC;QACtB,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;QAEvB,6DAA6D;QAC7D,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC,IAAI,CAAC,8CAA8C,EAAE,UAAU,CAAC,CAAC;QAC/E,CAAC;QACD,MAAM,cAAc,GAAG,MAAM,CAAC,UAAU,EAAE,eAAe,IAAI,uBAAuB,CAAC;QAErF,gCAAgC;QAChC,MAAM,cAAc,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;QAC3C,MAAM,cAAc,GAAG,IAAI,CAAC,gBAAgB,CAAC,cAAc,EAAE,cAAc,CAAC,CAAC;QAE7E,IAAI,cAAc,EAAE,CAAC;YACnB,OAAO,IAAI,CAAC,IAAI,CACd,6BAA6B,IAAI,sBAAsB,cAAc,GAAG,EACxE,UAAU,CACX,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC;IACtB,CAAC;IAED;;;OAGG;IACK,gBAAgB,CAAC,IAAY,EAAE,QAAkB;QACvD,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;QAEvB,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,+CAA+C;YAC/C,MAAM,eAAe,GAAG,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;YAExF,oBAAoB;YACpB,IAAI,IAAI,KAAK,eAAe,EAAE,CAAC;gBAC7B,OAAO,OAAO,CAAC;YACjB,CAAC;YAED,gDAAgD;YAChD,oDAAoD;YACpD,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACrE,IAAI,IAAI,CAAC,UAAU,CAAC,eAAe,GAAG,GAAG,CAAC,IAAI,IAAI,KAAK,eAAe,EAAE,CAAC;oBACvE,OAAO,OAAO,CAAC;gBACjB,CAAC;YACH,CAAC;YAED,0CAA0C;YAC1C,IAAI,SAAS,CAAC,IAAI,EAAE,eAAe,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;gBACtE,OAAO,OAAO,CAAC;YACjB,CAAC;YAED,2DAA2D;YAC3D,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;YAC7C,4DAA4D;YAC5D,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC3B,IAAI,SAAS,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;oBAChD,OAAO,OAAO,CAAC;gBACjB,CAAC;YACH,CAAC;YAED,yDAAyD;YACzD,IAAI,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC9B,MAAM,aAAa,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBACvC,IAAI,SAAS,CAAC,QAAQ,EAAE,aAAa,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;oBACtD,OAAO,OAAO,CAAC;gBACjB,CAAC;gBACD,4CAA4C;gBAC5C,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC1C,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;oBAC7C,IAAI,SAAS,CAAC,OAAO,EAAE,aAAa,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;wBACrD,OAAO,OAAO,CAAC;oBACjB,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,IAAY;IACjC,6CAA6C;IAC7C,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAE/B,WAAW;IACX,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACzB,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;IACvC,CAAC;IAED,4CAA4C;IAC5C,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACvB,CAAC;IAED,oBAAoB;IACpB,OAAO,SAAS,CAAC,IAAI,CAAC,CAAC;AACzB,CAAC"}

package/dist/guards/index.d.ts

@@ -3,10 +3,10 @@
  *
  * Security guards for policy enforcement.
  */
-export type { Guard } from './types.js';
-export { BaseGuard } from './types.js';
-export { ForbiddenPathGuard } from './forbidden-path.js';
-export { EgressGuard } from './egress.js';
-export { SecretLeakGuard } from './secret-leak.js';
-export { PatchIntegrityGuard } from './patch-integrity.js';
+export { EgressGuard } from "./egress.js";
+export { ForbiddenPathGuard } from "./forbidden-path.js";
+export { PatchIntegrityGuard } from "./patch-integrity.js";
+export { SecretLeakGuard } from "./secret-leak.js";
+export type { Guard } from "./types.js";
+export { BaseGuard } from "./types.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/guards/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/guards/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,YAAY,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AACxC,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/guards/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,YAAY,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AACxC,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC"}

package/dist/guards/index.js

@@ -3,9 +3,9 @@
  *
  * Security guards for policy enforcement.
  */
-export { BaseGuard } from './types.js';
-export { ForbiddenPathGuard } from './forbidden-path.js';
-export { EgressGuard } from './egress.js';
-export { SecretLeakGuard } from './secret-leak.js';
-export { PatchIntegrityGuard } from './patch-integrity.js';
+export { EgressGuard } from "./egress.js";
+export { ForbiddenPathGuard } from "./forbidden-path.js";
+export { PatchIntegrityGuard } from "./patch-integrity.js";
+export { SecretLeakGuard } from "./secret-leak.js";
+export { BaseGuard } from "./types.js";
 //# sourceMappingURL=index.js.map

package/dist/guards/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/guards/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/guards/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAEnD,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC"}

package/dist/guards/patch-integrity.d.ts

@@ -3,8 +3,8 @@
  *
  * Detects dangerous code patterns in patches and file writes.
  */
-import type { PolicyEvent, Policy, GuardResult, EventType, DangerousPattern } from '../types.js';
-import { BaseGuard } from './types.js';
+import type { DangerousPattern, EventType, GuardResult, Policy, PolicyEvent } from "../types.js";
+import { BaseGuard } from "./types.js";
 /**
  * PatchIntegrityGuard - detects dangerous patterns in patches
  */

package/dist/guards/patch-integrity.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"patch-integrity.d.ts","sourceRoot":"","sources":["../../src/guards/patch-integrity.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EACV,WAAW,EACX,MAAM,EACN,WAAW,EACX,SAAS,EACT,gBAAgB,EACjB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AA2IvC;;GAEG;AACH,qBAAa,mBAAoB,SAAQ,SAAS;IAChD,OAAO,CAAC,QAAQ,CAAqB;gBAEzB,kBAAkB,GAAE,gBAAgB,EAAO;IAKvD,IAAI,IAAI,MAAM;IAId,OAAO,IAAI,SAAS,EAAE;IAIhB,KAAK,CAAC,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAIrE,SAAS,CAAC,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,GAAG,WAAW;IA+C1D;;OAEG;IACH,uBAAuB,CAAC,OAAO,EAAE,MAAM,GAAG,gBAAgB,EAAE;IAkB5D;;OAEG;IACH,OAAO,CAAC,kBAAkB;CAkB3B"}
+{"version":3,"file":"patch-integrity.d.ts","sourceRoot":"","sources":["../../src/guards/patch-integrity.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AACjG,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AA2IvC;;GAEG;AACH,qBAAa,mBAAoB,SAAQ,SAAS;IAChD,OAAO,CAAC,QAAQ,CAAqB;gBAEzB,kBAAkB,GAAE,gBAAgB,EAAO;IAKvD,IAAI,IAAI,MAAM;IAId,OAAO,IAAI,SAAS,EAAE;IAIhB,KAAK,CAAC,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAIrE,SAAS,CAAC,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,GAAG,WAAW;IAyC1D;;OAEG;IACH,uBAAuB,CAAC,OAAO,EAAE,MAAM,GAAG,gBAAgB,EAAE;IAkB5D;;OAEG;IACH,OAAO,CAAC,kBAAkB;CAa3B"}