@clawdstrike/openclaw 0.1.2 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +88 -3
- package/dist/audit/adapter-logger.d.ts +3 -3
- package/dist/audit/adapter-logger.d.ts.map +1 -1
- package/dist/audit/adapter-logger.js +3 -3
- package/dist/audit/adapter-logger.js.map +1 -1
- package/dist/audit/store.d.ts +2 -2
- package/dist/audit/store.d.ts.map +1 -1
- package/dist/audit/store.js +13 -13
- package/dist/audit/store.js.map +1 -1
- package/dist/classification.d.ts +2 -2
- package/dist/classification.d.ts.map +1 -1
- package/dist/classification.js +96 -28
- package/dist/classification.js.map +1 -1
- package/dist/cli/bin.js +1 -1
- package/dist/cli/commands/audit.d.ts.map +1 -1
- package/dist/cli/commands/audit.js +29 -29
- package/dist/cli/commands/audit.js.map +1 -1
- package/dist/cli/commands/policy.d.ts.map +1 -1
- package/dist/cli/commands/policy.js +33 -33
- package/dist/cli/commands/policy.js.map +1 -1
- package/dist/cli/index.d.ts +1 -1
- package/dist/cli/index.d.ts.map +1 -1
- package/dist/cli/index.js +45 -56
- package/dist/cli/index.js.map +1 -1
- package/dist/config.d.ts +1 -1
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +9 -9
- package/dist/config.js.map +1 -1
- package/dist/e2e/openclaw-e2e.js +58 -49
- package/dist/e2e/openclaw-e2e.js.map +1 -1
- package/dist/engine-holder.d.ts +2 -2
- package/dist/engine-holder.js +1 -1
- package/dist/guards/egress.d.ts +2 -2
- package/dist/guards/egress.d.ts.map +1 -1
- package/dist/guards/egress.js +71 -73
- package/dist/guards/egress.js.map +1 -1
- package/dist/guards/forbidden-path.d.ts +2 -2
- package/dist/guards/forbidden-path.d.ts.map +1 -1
- package/dist/guards/forbidden-path.js +41 -43
- package/dist/guards/forbidden-path.js.map +1 -1
- package/dist/guards/index.d.ts +6 -6
- package/dist/guards/index.d.ts.map +1 -1
- package/dist/guards/index.js +5 -5
- package/dist/guards/index.js.map +1 -1
- package/dist/guards/patch-integrity.d.ts +2 -2
- package/dist/guards/patch-integrity.d.ts.map +1 -1
- package/dist/guards/patch-integrity.js +69 -70
- package/dist/guards/patch-integrity.js.map +1 -1
- package/dist/guards/secret-leak.d.ts +2 -2
- package/dist/guards/secret-leak.d.ts.map +1 -1
- package/dist/guards/secret-leak.js +81 -82
- package/dist/guards/secret-leak.js.map +1 -1
- package/dist/guards/types.d.ts +2 -2
- package/dist/guards/types.d.ts.map +1 -1
- package/dist/guards/types.js +4 -4
- package/dist/guards/types.js.map +1 -1
- package/dist/hooks/agent-bootstrap/handler.d.ts +1 -1
- package/dist/hooks/agent-bootstrap/handler.d.ts.map +1 -1
- package/dist/hooks/agent-bootstrap/handler.js +5 -5
- package/dist/hooks/agent-bootstrap/handler.js.map +1 -1
- package/dist/hooks/approval-state.d.ts +1 -1
- package/dist/hooks/approval-state.d.ts.map +1 -1
- package/dist/hooks/approval-state.js +15 -15
- package/dist/hooks/approval-state.js.map +1 -1
- package/dist/hooks/approval-utils.d.ts +1 -1
- package/dist/hooks/approval-utils.d.ts.map +1 -1
- package/dist/hooks/approval-utils.js +41 -20
- package/dist/hooks/approval-utils.js.map +1 -1
- package/dist/hooks/audit-logger/handler.d.ts +1 -1
- package/dist/hooks/audit-logger/handler.d.ts.map +1 -1
- package/dist/hooks/audit-logger/handler.js +9 -9
- package/dist/hooks/audit-logger/handler.js.map +1 -1
- package/dist/hooks/cua-bridge/handler.d.ts +4 -4
- package/dist/hooks/cua-bridge/handler.d.ts.map +1 -1
- package/dist/hooks/cua-bridge/handler.js +85 -70
- package/dist/hooks/cua-bridge/handler.js.map +1 -1
- package/dist/hooks/tool-guard/handler.d.ts +1 -1
- package/dist/hooks/tool-guard/handler.d.ts.map +1 -1
- package/dist/hooks/tool-guard/handler.js +112 -101
- package/dist/hooks/tool-guard/handler.js.map +1 -1
- package/dist/hooks/tool-preflight/handler.d.ts +2 -2
- package/dist/hooks/tool-preflight/handler.d.ts.map +1 -1
- package/dist/hooks/tool-preflight/handler.js +115 -91
- package/dist/hooks/tool-preflight/handler.js.map +1 -1
- package/dist/index.d.ts +16 -16
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +18 -18
- package/dist/index.js.map +1 -1
- package/dist/openclaw-adapter.d.ts +2 -2
- package/dist/openclaw-adapter.d.ts.map +1 -1
- package/dist/openclaw-adapter.js +4 -4
- package/dist/openclaw-adapter.js.map +1 -1
- package/dist/plugin.d.ts.map +1 -1
- package/dist/plugin.js +39 -40
- package/dist/plugin.js.map +1 -1
- package/dist/policy/engine.d.ts +1 -1
- package/dist/policy/engine.d.ts.map +1 -1
- package/dist/policy/engine.js +237 -221
- package/dist/policy/engine.js.map +1 -1
- package/dist/policy/index.d.ts +3 -3
- package/dist/policy/index.d.ts.map +1 -1
- package/dist/policy/index.js +3 -3
- package/dist/policy/index.js.map +1 -1
- package/dist/policy/loader.d.ts +1 -1
- package/dist/policy/loader.d.ts.map +1 -1
- package/dist/policy/loader.js +76 -63
- package/dist/policy/loader.js.map +1 -1
- package/dist/policy/validator.d.ts +1 -1
- package/dist/policy/validator.d.ts.map +1 -1
- package/dist/policy/validator.js +158 -151
- package/dist/policy/validator.js.map +1 -1
- package/dist/receipt/signer.d.ts +2 -2
- package/dist/receipt/signer.d.ts.map +1 -1
- package/dist/receipt/signer.js +12 -12
- package/dist/receipt/signer.js.map +1 -1
- package/dist/receipt/types.d.ts +2 -2
- package/dist/receipt/types.d.ts.map +1 -1
- package/dist/sanitizer/output-sanitizer.d.ts +1 -1
- package/dist/sanitizer/output-sanitizer.d.ts.map +1 -1
- package/dist/sanitizer/output-sanitizer.js +8 -8
- package/dist/sanitizer/output-sanitizer.js.map +1 -1
- package/dist/security-prompt.d.ts +1 -1
- package/dist/security-prompt.d.ts.map +1 -1
- package/dist/security-prompt.js +16 -12
- package/dist/security-prompt.js.map +1 -1
- package/dist/tools/policy-check.d.ts +3 -3
- package/dist/tools/policy-check.d.ts.map +1 -1
- package/dist/tools/policy-check.js +60 -52
- package/dist/tools/policy-check.js.map +1 -1
- package/dist/translator/openclaw-translator.d.ts +1 -1
- package/dist/translator/openclaw-translator.d.ts.map +1 -1
- package/dist/translator/openclaw-translator.js +100 -80
- package/dist/translator/openclaw-translator.js.map +1 -1
- package/dist/types.d.ts +11 -13
- package/dist/types.d.ts.map +1 -1
- package/package.json +9 -4
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/guards/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/guards/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE/E;;GAEG;AACH,MAAM,WAAW,KAAK;IACpB,gDAAgD;IAChD,IAAI,IAAI,MAAM,CAAC;IAEf,gDAAgD;IAChD,KAAK,CAAC,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;IAEhE,yDAAyD;IACzD,SAAS,CAAC,CAAC,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,GAAG,WAAW,CAAC;IAE5D,oCAAoC;IACpC,SAAS,IAAI,OAAO,CAAC;IAErB,mDAAmD;IACnD,OAAO,IAAI,SAAS,EAAE,CAAC;CACxB;AAED;;GAEG;AACH,8BAAsB,SAAU,YAAW,KAAK;IAC9C,SAAS,CAAC,OAAO,EAAE,OAAO,CAAQ;IAElC,QAAQ,CAAC,IAAI,IAAI,MAAM;IACvB,QAAQ,CAAC,KAAK,CAAC,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IACxE,QAAQ,CAAC,OAAO,IAAI,SAAS,EAAE;IAE/B,SAAS,CAAC,CAAC,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,GAAG,WAAW;IAE3D,SAAS,IAAI,OAAO;IAIpB,UAAU,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAIlC;;OAEG;IACH,SAAS,CAAC,KAAK,IAAI,WAAW;IAI9B;;OAEG;IACH,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,GAAE,WAAW,CAAC,UAAU,CAAU,GAAG,WAAW;IAIvF;;OAEG;IACH,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,GAAG,WAAW;CAG5C"}
|
package/dist/guards/types.js
CHANGED
|
@@ -18,19 +18,19 @@ export class BaseGuard {
|
|
|
18
18
|
* Helper to create an allow result
|
|
19
19
|
*/
|
|
20
20
|
allow() {
|
|
21
|
-
return { status:
|
|
21
|
+
return { status: "allow", guard: this.name() };
|
|
22
22
|
}
|
|
23
23
|
/**
|
|
24
24
|
* Helper to create a deny result
|
|
25
25
|
*/
|
|
26
|
-
deny(reason, severity =
|
|
27
|
-
return { status:
|
|
26
|
+
deny(reason, severity = "high") {
|
|
27
|
+
return { status: "deny", reason, severity, guard: this.name() };
|
|
28
28
|
}
|
|
29
29
|
/**
|
|
30
30
|
* Helper to create a warn result
|
|
31
31
|
*/
|
|
32
32
|
warn(reason) {
|
|
33
|
-
return { status:
|
|
33
|
+
return { status: "warn", reason, guard: this.name() };
|
|
34
34
|
}
|
|
35
35
|
}
|
|
36
36
|
//# sourceMappingURL=types.js.map
|
package/dist/guards/types.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/guards/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/guards/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAwBH;;GAEG;AACH,MAAM,OAAgB,SAAS;IACnB,OAAO,GAAY,IAAI,CAAC;IAQlC,SAAS;QACP,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,UAAU,CAAC,OAAgB;QACzB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED;;OAEG;IACO,KAAK;QACb,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;IACjD,CAAC;IAED;;OAEG;IACO,IAAI,CAAC,MAAc,EAAE,WAAoC,MAAM;QACvE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;IAClE,CAAC;IAED;;OAEG;IACO,IAAI,CAAC,MAAc;QAC3B,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;IACxD,CAAC;CACF"}
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
*
|
|
4
4
|
* Injects a SECURITY.md file into the agent bootstrap context.
|
|
5
5
|
*/
|
|
6
|
-
import type {
|
|
6
|
+
import type { ClawdstrikeConfig, HookHandler } from "../../types.js";
|
|
7
7
|
/**
|
|
8
8
|
* Initialize the hook with configuration.
|
|
9
9
|
* Delegates to the shared engine holder so all hooks share one PolicyEngine.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../src/hooks/agent-bootstrap/handler.ts"],"names":[],"mappings":"AAAA;;;;GAIG;
|
|
1
|
+
{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../src/hooks/agent-bootstrap/handler.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAEV,iBAAiB,EAEjB,WAAW,EACZ,MAAM,gBAAgB,CAAC;AAExB;;;GAGG;AACH,wBAAgB,UAAU,CAAC,MAAM,EAAE,iBAAiB,GAAG,IAAI,CAE1D;AAMD,QAAA,MAAM,OAAO,EAAE,WAmBd,CAAC;AAEF,eAAe,OAAO,CAAC"}
|
|
@@ -3,8 +3,8 @@
|
|
|
3
3
|
*
|
|
4
4
|
* Injects a SECURITY.md file into the agent bootstrap context.
|
|
5
5
|
*/
|
|
6
|
-
import {
|
|
7
|
-
import { generateSecurityPrompt } from
|
|
6
|
+
import { getSharedEngine, initializeEngine } from "../../engine-holder.js";
|
|
7
|
+
import { generateSecurityPrompt } from "../../security-prompt.js";
|
|
8
8
|
/**
|
|
9
9
|
* Initialize the hook with configuration.
|
|
10
10
|
* Delegates to the shared engine holder so all hooks share one PolicyEngine.
|
|
@@ -16,7 +16,7 @@ function getEngine(config) {
|
|
|
16
16
|
return getSharedEngine(config);
|
|
17
17
|
}
|
|
18
18
|
const handler = async (event) => {
|
|
19
|
-
if (event.type !==
|
|
19
|
+
if (event.type !== "agent:bootstrap")
|
|
20
20
|
return;
|
|
21
21
|
const bootstrap = event;
|
|
22
22
|
const cfg = bootstrap.context.cfg;
|
|
@@ -25,9 +25,9 @@ const handler = async (event) => {
|
|
|
25
25
|
const enabledGuards = policyEngine.enabledGuards();
|
|
26
26
|
const securityPrompt = generateSecurityPrompt(policy) +
|
|
27
27
|
`\n\n## Enabled Guards\n` +
|
|
28
|
-
enabledGuards.map((g) => `- ${g}`).join(
|
|
28
|
+
enabledGuards.map((g) => `- ${g}`).join("\n");
|
|
29
29
|
bootstrap.context.bootstrapFiles.push({
|
|
30
|
-
path:
|
|
30
|
+
path: "SECURITY.md",
|
|
31
31
|
content: securityPrompt,
|
|
32
32
|
});
|
|
33
33
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"handler.js","sourceRoot":"","sources":["../../../src/hooks/agent-bootstrap/handler.ts"],"names":[],"mappings":"AAAA;;;;GAIG;
|
|
1
|
+
{"version":3,"file":"handler.js","sourceRoot":"","sources":["../../../src/hooks/agent-bootstrap/handler.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC3E,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAQlE;;;GAGG;AACH,MAAM,UAAU,UAAU,CAAC,MAAyB;IAClD,gBAAgB,CAAC,MAAM,CAAC,CAAC;AAC3B,CAAC;AAED,SAAS,SAAS,CAAC,MAA0B;IAC3C,OAAO,eAAe,CAAC,MAAM,CAAC,CAAC;AACjC,CAAC;AAED,MAAM,OAAO,GAAgB,KAAK,EAAE,KAAgB,EAAiB,EAAE;IACrE,IAAI,KAAK,CAAC,IAAI,KAAK,iBAAiB;QAAE,OAAO;IAE7C,MAAM,SAAS,GAAG,KAA4B,CAAC;IAC/C,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC;IAClC,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;IAEpC,MAAM,MAAM,GAAG,YAAY,CAAC,SAAS,EAAE,CAAC;IACxC,MAAM,aAAa,GAAG,YAAY,CAAC,aAAa,EAAE,CAAC;IAEnD,MAAM,cAAc,GAClB,sBAAsB,CAAC,MAAM,CAAC;QAC9B,yBAAyB;QACzB,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEhD,SAAS,CAAC,OAAO,CAAC,cAAc,CAAC,IAAI,CAAC;QACpC,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,cAAc;KACxB,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,eAAe,OAAO,CAAC"}
|
|
@@ -8,7 +8,7 @@
|
|
|
8
8
|
* - Keys are hashed to avoid embedding potentially sensitive resource strings.
|
|
9
9
|
* - TTL + LRU eviction prevents unbounded growth.
|
|
10
10
|
*/
|
|
11
|
-
export type ApprovalResolutionType =
|
|
11
|
+
export type ApprovalResolutionType = "allow-once" | "allow-session" | "allow-always";
|
|
12
12
|
export interface ApprovalRecord {
|
|
13
13
|
resolution: ApprovalResolutionType;
|
|
14
14
|
createdAt: number;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"approval-state.d.ts","sourceRoot":"","sources":["../../src/hooks/approval-state.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH,MAAM,MAAM,sBAAsB,GAAG,YAAY,GAAG,eAAe,GAAG,cAAc,CAAC;AAErF,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,sBAAsB,CAAC;IACnC,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AA2CD,wBAAgB,cAAc,CAC5B,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,sBAAsB,GACjC,IAAI,CAuBN;
|
|
1
|
+
{"version":3,"file":"approval-state.d.ts","sourceRoot":"","sources":["../../src/hooks/approval-state.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH,MAAM,MAAM,sBAAsB,GAAG,YAAY,GAAG,eAAe,GAAG,cAAc,CAAC;AAErF,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,sBAAsB,CAAC;IACnC,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AA2CD,wBAAgB,cAAc,CAC5B,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,sBAAsB,GACjC,IAAI,CAuBN;AAgFD;;;GAGG;AACH,wBAAgB,YAAY,CAC1B,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,GACf,cAAc,GAAG,IAAI,CAkBvB;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CACrC,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,GACf,cAAc,GAAG,IAAI,CAwBvB;AAED,wBAAgB,qBAAqB,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAE7D;AAED,wBAAgB,iBAAiB,IAAI,IAAI,CAGxC"}
|
|
@@ -8,7 +8,7 @@
|
|
|
8
8
|
* - Keys are hashed to avoid embedding potentially sensitive resource strings.
|
|
9
9
|
* - TTL + LRU eviction prevents unbounded growth.
|
|
10
10
|
*/
|
|
11
|
-
import { createHash } from
|
|
11
|
+
import { createHash } from "node:crypto";
|
|
12
12
|
const MAX_SESSION_APPROVALS = 256;
|
|
13
13
|
const MAX_ALWAYS_APPROVALS = 256;
|
|
14
14
|
const TTL_ALLOW_ONCE_MS = 10 * 60 * 1000; // 10 minutes (covers slow tool runs)
|
|
@@ -27,19 +27,19 @@ function normalizeResource(resource) {
|
|
|
27
27
|
function hashKey(toolName, resource) {
|
|
28
28
|
// Avoid embedding raw resource strings in keys (resource may contain secrets).
|
|
29
29
|
// Include a separator that cannot appear in JS strings.
|
|
30
|
-
return createHash(
|
|
30
|
+
return createHash("sha256")
|
|
31
31
|
.update(normalizeToolName(toolName))
|
|
32
|
-
.update(
|
|
32
|
+
.update("\0")
|
|
33
33
|
.update(normalizeResource(resource))
|
|
34
|
-
.digest(
|
|
34
|
+
.digest("hex");
|
|
35
35
|
}
|
|
36
36
|
function ttlFor(resolution) {
|
|
37
37
|
switch (resolution) {
|
|
38
|
-
case
|
|
38
|
+
case "allow-once":
|
|
39
39
|
return TTL_ALLOW_ONCE_MS;
|
|
40
|
-
case
|
|
40
|
+
case "allow-session":
|
|
41
41
|
return TTL_ALLOW_SESSION_MS;
|
|
42
|
-
case
|
|
42
|
+
case "allow-always":
|
|
43
43
|
return TTL_ALLOW_ALWAYS_MS;
|
|
44
44
|
}
|
|
45
45
|
}
|
|
@@ -53,7 +53,7 @@ export function recordApproval(sessionId, toolName, resource, resolution) {
|
|
|
53
53
|
lastUsedAt: now,
|
|
54
54
|
expiresAt: now + ttlFor(resolution),
|
|
55
55
|
};
|
|
56
|
-
if (resolution ===
|
|
56
|
+
if (resolution === "allow-always") {
|
|
57
57
|
setLru(alwaysApprovals, key, record, MAX_ALWAYS_APPROVALS);
|
|
58
58
|
return;
|
|
59
59
|
}
|
|
@@ -83,7 +83,7 @@ function touch(m, key, rec, now) {
|
|
|
83
83
|
m.delete(key);
|
|
84
84
|
rec.lastUsedAt = now;
|
|
85
85
|
// Sliding expiration for session/always approvals.
|
|
86
|
-
if (rec.resolution ===
|
|
86
|
+
if (rec.resolution === "allow-session" || rec.resolution === "allow-always") {
|
|
87
87
|
rec.expiresAt = now + ttlFor(rec.resolution);
|
|
88
88
|
}
|
|
89
89
|
m.set(key, rec);
|
|
@@ -109,7 +109,7 @@ function getRecord(sessionId, toolName, resource, now) {
|
|
|
109
109
|
m.delete(key);
|
|
110
110
|
}
|
|
111
111
|
else {
|
|
112
|
-
return { scope:
|
|
112
|
+
return { scope: "session", key, record: rec };
|
|
113
113
|
}
|
|
114
114
|
}
|
|
115
115
|
if (m.size === 0)
|
|
@@ -121,7 +121,7 @@ function getRecord(sessionId, toolName, resource, now) {
|
|
|
121
121
|
alwaysApprovals.delete(key);
|
|
122
122
|
}
|
|
123
123
|
else {
|
|
124
|
-
return { scope:
|
|
124
|
+
return { scope: "always", key, record: rec };
|
|
125
125
|
}
|
|
126
126
|
}
|
|
127
127
|
return null;
|
|
@@ -137,9 +137,9 @@ export function peekApproval(sessionId, toolName, resource) {
|
|
|
137
137
|
if (!found)
|
|
138
138
|
return null;
|
|
139
139
|
const { scope, key, record } = found;
|
|
140
|
-
if (record.resolution ===
|
|
140
|
+
if (record.resolution === "allow-once")
|
|
141
141
|
return null;
|
|
142
|
-
if (scope ===
|
|
142
|
+
if (scope === "session") {
|
|
143
143
|
const m = sessionApprovals.get(sessionId);
|
|
144
144
|
if (m)
|
|
145
145
|
touch(m, key, record, now);
|
|
@@ -160,10 +160,10 @@ export function checkAndConsumeApproval(sessionId, toolName, resource) {
|
|
|
160
160
|
if (!found)
|
|
161
161
|
return null;
|
|
162
162
|
const { scope, key, record } = found;
|
|
163
|
-
if (scope ===
|
|
163
|
+
if (scope === "session") {
|
|
164
164
|
const m = sessionApprovals.get(sessionId);
|
|
165
165
|
if (m) {
|
|
166
|
-
if (record.resolution ===
|
|
166
|
+
if (record.resolution === "allow-once") {
|
|
167
167
|
m.delete(key);
|
|
168
168
|
}
|
|
169
169
|
else {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"approval-state.js","sourceRoot":"","sources":["../../src/hooks/approval-state.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAWzC,MAAM,qBAAqB,GAAG,GAAG,CAAC;AAClC,MAAM,oBAAoB,GAAG,GAAG,CAAC;AAEjC,MAAM,iBAAiB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,qCAAqC;AAC/E,MAAM,oBAAoB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,UAAU;AAC3D,MAAM,mBAAmB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,6BAA6B;AAElF,mEAAmE;AACnE,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAuC,CAAC;AACxE,+DAA+D;AAC/D,MAAM,eAAe,GAAG,IAAI,GAAG,EAA0B,CAAC;AAE1D,SAAS,iBAAiB,CAAC,QAAgB;IACzC,OAAO,QAAQ,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;AACvC,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAgB;IACzC,OAAO,QAAQ,CAAC,IAAI,EAAE,CAAC;AACzB,CAAC;AAED,SAAS,OAAO,CAAC,QAAgB,EAAE,QAAgB;IACjD,+EAA+E;IAC/E,wDAAwD;IACxD,OAAO,UAAU,CAAC,QAAQ,CAAC;SACxB,MAAM,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;SACnC,MAAM,CAAC,IAAI,CAAC;SACZ,MAAM,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;SACnC,MAAM,CAAC,KAAK,CAAC,CAAC;AACnB,CAAC;AAED,SAAS,MAAM,CAAC,UAAkC;IAChD,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,YAAY;YACf,OAAO,iBAAiB,CAAC;QAC3B,KAAK,eAAe;YAClB,OAAO,oBAAoB,CAAC;QAC9B,KAAK,cAAc;YACjB,OAAO,mBAAmB,CAAC;IAC/B,CAAC;AACH,CAAC;AAED,MAAM,UAAU,cAAc,CAC5B,SAAiB,EACjB,QAAgB,EAChB,QAAgB,EAChB,UAAkC;IAElC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,cAAc,CAAC,GAAG,CAAC,CAAC;IAEpB,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACxC,MAAM,MAAM,GAAmB;QAC7B,UAAU;QACV,SAAS,EAAE,GAAG;QACd,UAAU,EAAE,GAAG;QACf,SAAS,EAAE,GAAG,GAAG,MAAM,CAAC,UAAU,CAAC;KACpC,CAAC;IAEF,IAAI,UAAU,KAAK,cAAc,EAAE,CAAC;QAClC,MAAM,CAAC,eAAe,EAAE,GAAG,EAAE,MAAM,EAAE,oBAAoB,CAAC,CAAC;QAC3D,OAAO;IACT,CAAC;IAED,IAAI,CAAC,GAAG,gBAAgB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACxC,IAAI,CAAC,CAAC,EAAE,CAAC;QACP,CAAC,GAAG,IAAI,GAAG,EAA0B,CAAC;QACtC,gBAAgB,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;IACrC,CAAC;IACD,MAAM,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,qBAAqB,CAAC,CAAC;AAChD,CAAC;AAED,SAAS,cAAc,CAAC,GAAW;IACjC,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,eAAe,CAAC,OAAO,EAAE,EAAE,CAAC;QACnD,IAAI,GAAG,GAAG,GAAG,CAAC,SAAS;YAAE,eAAe,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACvD,CAAC;IAED,KAAK,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,gBAAgB,CAAC,OAAO,EAAE,EAAE,CAAC;QAClD,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC;YACrC,IAAI,GAAG,GAAG,GAAG,CAAC,SAAS;gBAAE,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACzC,CAAC;QACD,IAAI,CAAC,CAAC,IAAI,KAAK,CAAC;YAAE,gBAAgB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACjD,CAAC;AACH,CAAC;AAED,SAAS,KAAK,
|
|
1
|
+
{"version":3,"file":"approval-state.js","sourceRoot":"","sources":["../../src/hooks/approval-state.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAWzC,MAAM,qBAAqB,GAAG,GAAG,CAAC;AAClC,MAAM,oBAAoB,GAAG,GAAG,CAAC;AAEjC,MAAM,iBAAiB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,qCAAqC;AAC/E,MAAM,oBAAoB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,UAAU;AAC3D,MAAM,mBAAmB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,6BAA6B;AAElF,mEAAmE;AACnE,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAuC,CAAC;AACxE,+DAA+D;AAC/D,MAAM,eAAe,GAAG,IAAI,GAAG,EAA0B,CAAC;AAE1D,SAAS,iBAAiB,CAAC,QAAgB;IACzC,OAAO,QAAQ,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;AACvC,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAgB;IACzC,OAAO,QAAQ,CAAC,IAAI,EAAE,CAAC;AACzB,CAAC;AAED,SAAS,OAAO,CAAC,QAAgB,EAAE,QAAgB;IACjD,+EAA+E;IAC/E,wDAAwD;IACxD,OAAO,UAAU,CAAC,QAAQ,CAAC;SACxB,MAAM,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;SACnC,MAAM,CAAC,IAAI,CAAC;SACZ,MAAM,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;SACnC,MAAM,CAAC,KAAK,CAAC,CAAC;AACnB,CAAC;AAED,SAAS,MAAM,CAAC,UAAkC;IAChD,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,YAAY;YACf,OAAO,iBAAiB,CAAC;QAC3B,KAAK,eAAe;YAClB,OAAO,oBAAoB,CAAC;QAC9B,KAAK,cAAc;YACjB,OAAO,mBAAmB,CAAC;IAC/B,CAAC;AACH,CAAC;AAED,MAAM,UAAU,cAAc,CAC5B,SAAiB,EACjB,QAAgB,EAChB,QAAgB,EAChB,UAAkC;IAElC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,cAAc,CAAC,GAAG,CAAC,CAAC;IAEpB,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACxC,MAAM,MAAM,GAAmB;QAC7B,UAAU;QACV,SAAS,EAAE,GAAG;QACd,UAAU,EAAE,GAAG;QACf,SAAS,EAAE,GAAG,GAAG,MAAM,CAAC,UAAU,CAAC;KACpC,CAAC;IAEF,IAAI,UAAU,KAAK,cAAc,EAAE,CAAC;QAClC,MAAM,CAAC,eAAe,EAAE,GAAG,EAAE,MAAM,EAAE,oBAAoB,CAAC,CAAC;QAC3D,OAAO;IACT,CAAC;IAED,IAAI,CAAC,GAAG,gBAAgB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACxC,IAAI,CAAC,CAAC,EAAE,CAAC;QACP,CAAC,GAAG,IAAI,GAAG,EAA0B,CAAC;QACtC,gBAAgB,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;IACrC,CAAC;IACD,MAAM,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,qBAAqB,CAAC,CAAC;AAChD,CAAC;AAED,SAAS,cAAc,CAAC,GAAW;IACjC,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,eAAe,CAAC,OAAO,EAAE,EAAE,CAAC;QACnD,IAAI,GAAG,GAAG,GAAG,CAAC,SAAS;YAAE,eAAe,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACvD,CAAC;IAED,KAAK,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,gBAAgB,CAAC,OAAO,EAAE,EAAE,CAAC;QAClD,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC;YACrC,IAAI,GAAG,GAAG,GAAG,CAAC,SAAS;gBAAE,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACzC,CAAC;QACD,IAAI,CAAC,CAAC,IAAI,KAAK,CAAC;YAAE,gBAAgB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACjD,CAAC;AACH,CAAC;AAED,SAAS,KAAK,CACZ,CAA8B,EAC9B,GAAW,EACX,GAAmB,EACnB,GAAW;IAEX,+CAA+C;IAC/C,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACd,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC;IAErB,mDAAmD;IACnD,IAAI,GAAG,CAAC,UAAU,KAAK,eAAe,IAAI,GAAG,CAAC,UAAU,KAAK,cAAc,EAAE,CAAC;QAC5E,GAAG,CAAC,SAAS,GAAG,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC/C,CAAC;IACD,CAAC,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;AAClB,CAAC;AAED,SAAS,MAAM,CACb,CAA8B,EAC9B,GAAW,EACX,GAAmB,EACnB,OAAe;IAEf,IAAI,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;QAAE,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC9B,CAAC,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAChB,OAAO,CAAC,CAAC,IAAI,GAAG,OAAO,EAAE,CAAC;QACxB,MAAM,MAAM,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC;QACrC,IAAI,MAAM,KAAK,SAAS;YAAE,MAAM;QAChC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,SAAS,CAChB,SAAiB,EACjB,QAAgB,EAChB,QAAgB,EAChB,GAAW;IAEX,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAExC,MAAM,CAAC,GAAG,gBAAgB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAC1C,IAAI,CAAC,EAAE,CAAC;QACN,MAAM,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACvB,IAAI,GAAG,EAAE,CAAC;YACR,IAAI,GAAG,GAAG,GAAG,CAAC,SAAS,EAAE,CAAC;gBACxB,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAChB,CAAC;iBAAM,CAAC;gBACN,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;YAChD,CAAC;QACH,CAAC;QACD,IAAI,CAAC,CAAC,IAAI,KAAK,CAAC;YAAE,gBAAgB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACvD,CAAC;IAED,MAAM,GAAG,GAAG,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACrC,IAAI,GAAG,EAAE,CAAC;QACR,IAAI,GAAG,GAAG,GAAG,CAAC,SAAS,EAAE,CAAC;YACxB,eAAe,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC9B,CAAC;aAAM,CAAC;YACN,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;QAC/C,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAC1B,SAAiB,EACjB,QAAgB,EAChB,QAAgB;IAEhB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,cAAc,CAAC,GAAG,CAAC,CAAC;IAEpB,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC;IAC5D,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAExB,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,KAAK,CAAC;IACrC,IAAI,MAAM,CAAC,UAAU,KAAK,YAAY;QAAE,OAAO,IAAI,CAAC;IAEpD,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,MAAM,CAAC,GAAG,gBAAgB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC1C,IAAI,CAAC;YAAE,KAAK,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC;IACpC,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,eAAe,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC;IAC3C,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,uBAAuB,CACrC,SAAiB,EACjB,QAAgB,EAChB,QAAgB;IAEhB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,cAAc,CAAC,GAAG,CAAC,CAAC;IAEpB,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC;IAC5D,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAExB,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,KAAK,CAAC;IACrC,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,MAAM,CAAC,GAAG,gBAAgB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC1C,IAAI,CAAC,EAAE,CAAC;YACN,IAAI,MAAM,CAAC,UAAU,KAAK,YAAY,EAAE,CAAC;gBACvC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAChB,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC;YAC7B,CAAC;YACD,IAAI,CAAC,CAAC,IAAI,KAAK,CAAC;gBAAE,gBAAgB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;SAAM,CAAC;QACN,oBAAoB;QACpB,KAAK,CAAC,eAAe,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC;IAC3C,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,SAAiB;IACrD,gBAAgB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;AACrC,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,gBAAgB,CAAC,KAAK,EAAE,CAAC;IACzB,eAAe,CAAC,KAAK,EAAE,CAAC;AAC1B,CAAC"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type { PolicyEngine } from
|
|
1
|
+
import type { PolicyEngine } from "../policy/engine.js";
|
|
2
2
|
export declare function extractPath(params: Record<string, unknown>): string | undefined;
|
|
3
3
|
export declare function extractNetworkTarget(params: Record<string, unknown>): string | undefined;
|
|
4
4
|
export declare function normalizeApprovalResource(policyEngine: PolicyEngine, toolName: string, params: Record<string, unknown>): string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"approval-utils.d.ts","sourceRoot":"","sources":["../../src/hooks/approval-utils.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAExD,wBAAgB,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,GAAG,SAAS,
|
|
1
|
+
{"version":3,"file":"approval-utils.d.ts","sourceRoot":"","sources":["../../src/hooks/approval-utils.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAExD,wBAAgB,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,GAAG,SAAS,CAsB/E;AAiBD,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,GAAG,SAAS,CAmDxF;AAED,wBAAgB,yBAAyB,CACvC,YAAY,EAAE,YAAY,EAC1B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC9B,MAAM,CAeR"}
|
|
@@ -1,13 +1,17 @@
|
|
|
1
1
|
export function extractPath(params) {
|
|
2
|
-
const pathKeys = [
|
|
2
|
+
const pathKeys = ["path", "file", "file_path", "filepath", "filename", "target"];
|
|
3
3
|
for (const key of pathKeys) {
|
|
4
4
|
const value = params[key];
|
|
5
|
-
if (typeof value ===
|
|
5
|
+
if (typeof value === "string") {
|
|
6
6
|
return value;
|
|
7
7
|
}
|
|
8
8
|
}
|
|
9
9
|
// Best-effort extraction from a command string (e.g., "cat /path/to/file").
|
|
10
|
-
const cmdLine = typeof params.command ===
|
|
10
|
+
const cmdLine = typeof params.command === "string"
|
|
11
|
+
? params.command
|
|
12
|
+
: typeof params.cmd === "string"
|
|
13
|
+
? params.cmd
|
|
14
|
+
: undefined;
|
|
11
15
|
if (cmdLine) {
|
|
12
16
|
const match = cmdLine.match(/(?:cat|head|tail|less|more|vim|nano|read)\s+([^\s|><]+)/);
|
|
13
17
|
if (match)
|
|
@@ -18,20 +22,23 @@ export function extractPath(params) {
|
|
|
18
22
|
function formatHostPort(hostRaw, port) {
|
|
19
23
|
const trimmed = hostRaw.trim();
|
|
20
24
|
if (!trimmed)
|
|
21
|
-
return
|
|
25
|
+
return "";
|
|
22
26
|
// If the host already looks like `host:port`, prefer leaving it as-is to avoid
|
|
23
27
|
// producing invalid forms like `[example.com:8080]:443`.
|
|
24
|
-
const unbracketed = trimmed.replace(/^\[|\]$/g,
|
|
28
|
+
const unbracketed = trimmed.replace(/^\[|\]$/g, "");
|
|
25
29
|
const colonCount = (unbracketed.match(/:/g) ?? []).length;
|
|
26
|
-
if (colonCount === 1 && !trimmed.startsWith(
|
|
30
|
+
if (colonCount === 1 && !trimmed.startsWith("[")) {
|
|
27
31
|
return trimmed;
|
|
28
32
|
}
|
|
29
33
|
return colonCount >= 2 ? `[${unbracketed}]:${port}` : `${unbracketed}:${port}`;
|
|
30
34
|
}
|
|
31
35
|
export function extractNetworkTarget(params) {
|
|
32
|
-
const url = typeof params.url ===
|
|
33
|
-
|
|
34
|
-
|
|
36
|
+
const url = typeof params.url === "string"
|
|
37
|
+
? params.url
|
|
38
|
+
: typeof params.endpoint === "string"
|
|
39
|
+
? params.endpoint
|
|
40
|
+
: typeof params.href === "string"
|
|
41
|
+
? params.href
|
|
35
42
|
: undefined;
|
|
36
43
|
if (url) {
|
|
37
44
|
try {
|
|
@@ -40,8 +47,12 @@ export function extractNetworkTarget(params) {
|
|
|
40
47
|
if (host) {
|
|
41
48
|
const port = parsed.port
|
|
42
49
|
? parseInt(parsed.port, 10)
|
|
43
|
-
: parsed.protocol ===
|
|
44
|
-
|
|
50
|
+
: parsed.protocol === "https:"
|
|
51
|
+
? 443
|
|
52
|
+
: parsed.protocol === "http:"
|
|
53
|
+
? 80
|
|
54
|
+
: undefined;
|
|
55
|
+
if (typeof port === "number" && Number.isFinite(port)) {
|
|
45
56
|
return formatHostPort(host, port);
|
|
46
57
|
}
|
|
47
58
|
return host;
|
|
@@ -51,27 +62,37 @@ export function extractNetworkTarget(params) {
|
|
|
51
62
|
// Not a valid URL; fall through to host/port keys.
|
|
52
63
|
}
|
|
53
64
|
}
|
|
54
|
-
const host = typeof params.host ===
|
|
55
|
-
|
|
65
|
+
const host = typeof params.host === "string"
|
|
66
|
+
? params.host
|
|
67
|
+
: typeof params.hostname === "string"
|
|
68
|
+
? params.hostname
|
|
56
69
|
: undefined;
|
|
57
70
|
if (!host || !host.trim())
|
|
58
71
|
return undefined;
|
|
59
72
|
const portRaw = params.port;
|
|
60
|
-
const port = typeof portRaw ===
|
|
61
|
-
|
|
73
|
+
const port = typeof portRaw === "number"
|
|
74
|
+
? portRaw
|
|
75
|
+
: typeof portRaw === "string"
|
|
76
|
+
? parseInt(portRaw, 10)
|
|
77
|
+
: undefined;
|
|
78
|
+
if (typeof port === "number" && Number.isFinite(port)) {
|
|
62
79
|
return formatHostPort(host, port);
|
|
63
80
|
}
|
|
64
81
|
return host.trim();
|
|
65
82
|
}
|
|
66
83
|
export function normalizeApprovalResource(policyEngine, toolName, params) {
|
|
67
|
-
const raw = extractPath(params)
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
84
|
+
const raw = extractPath(params) ??
|
|
85
|
+
extractNetworkTarget(params) ??
|
|
86
|
+
(typeof params.command === "string"
|
|
87
|
+
? params.command
|
|
88
|
+
: typeof params.cmd === "string"
|
|
89
|
+
? params.cmd
|
|
90
|
+
: undefined) ??
|
|
91
|
+
toolName;
|
|
71
92
|
const redacted = policyEngine.redactSecrets(raw).trim();
|
|
72
93
|
const maxChars = 1024;
|
|
73
94
|
if (redacted.length <= maxChars)
|
|
74
95
|
return redacted;
|
|
75
|
-
return redacted.slice(0, maxChars) +
|
|
96
|
+
return redacted.slice(0, maxChars) + "...[truncated]";
|
|
76
97
|
}
|
|
77
98
|
//# sourceMappingURL=approval-utils.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"approval-utils.js","sourceRoot":"","sources":["../../src/hooks/approval-utils.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,WAAW,CAAC,MAA+B;IACzD,MAAM,QAAQ,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC;IACjF,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;QAC1B,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,MAAM,OAAO,
|
|
1
|
+
{"version":3,"file":"approval-utils.js","sourceRoot":"","sources":["../../src/hooks/approval-utils.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,WAAW,CAAC,MAA+B;IACzD,MAAM,QAAQ,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC;IACjF,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;QAC1B,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,MAAM,OAAO,GACX,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ;QAChC,CAAC,CAAC,MAAM,CAAC,OAAO;QAChB,CAAC,CAAC,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ;YAC9B,CAAC,CAAC,MAAM,CAAC,GAAG;YACZ,CAAC,CAAC,SAAS,CAAC;IAClB,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,yDAAyD,CAAC,CAAC;QACvF,IAAI,KAAK;YAAE,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,cAAc,CAAC,OAAe,EAAE,IAAY;IACnD,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAC/B,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,CAAC;IAExB,+EAA+E;IAC/E,yDAAyD;IACzD,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;IACpD,MAAM,UAAU,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;IAC1D,IAAI,UAAU,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACjD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,OAAO,UAAU,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,WAAW,IAAI,IAAI,EAAE,CAAC;AACjF,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,MAA+B;IAClE,MAAM,GAAG,GACP,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ;QAC5B,CAAC,CAAC,MAAM,CAAC,GAAG;QACZ,CAAC,CAAC,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ;YACnC,CAAC,CAAC,MAAM,CAAC,QAAQ;YACjB,CAAC,CAAC,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ;gBAC/B,CAAC,CAAC,MAAM,CAAC,IAAI;gBACb,CAAC,CAAC,SAAS,CAAC;IAEpB,IAAI,GAAG,EAAE,CAAC;QACR,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;YAC5B,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC;YAC7B,IAAI,IAAI,EAAE,CAAC;gBACT,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI;oBACtB,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;oBAC3B,CAAC,CAAC,MAAM,CAAC,QAAQ,KAAK,QAAQ;wBAC5B,CAAC,CAAC,GAAG;wBACL,CAAC,CAAC,MAAM,CAAC,QAAQ,KAAK,OAAO;4BAC3B,CAAC,CAAC,EAAE;4BACJ,CAAC,CAAC,SAAS,CAAC;gBAClB,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;oBACtD,OAAO,cAAc,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;gBACpC,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,mDAAmD;QACrD,CAAC;IACH,CAAC;IAED,MAAM,IAAI,GACR,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ;QAC7B,CAAC,CAAC,MAAM,CAAC,IAAI;QACb,CAAC,CAAC,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ;YACnC,CAAC,CAAC,MAAM,CAAC,QAAQ;YACjB,CAAC,CAAC,SAAS,CAAC;IAClB,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;QAAE,OAAO,SAAS,CAAC;IAE5C,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC;IAC5B,MAAM,IAAI,GACR,OAAO,OAAO,KAAK,QAAQ;QACzB,CAAC,CAAC,OAAO;QACT,CAAC,CAAC,OAAO,OAAO,KAAK,QAAQ;YAC3B,CAAC,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC;YACvB,CAAC,CAAC,SAAS,CAAC;IAClB,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACtD,OAAO,cAAc,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACpC,CAAC;IACD,OAAO,IAAI,CAAC,IAAI,EAAE,CAAC;AACrB,CAAC;AAED,MAAM,UAAU,yBAAyB,CACvC,YAA0B,EAC1B,QAAgB,EAChB,MAA+B;IAE/B,MAAM,GAAG,GACP,WAAW,CAAC,MAAM,CAAC;QACnB,oBAAoB,CAAC,MAAM,CAAC;QAC5B,CAAC,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ;YACjC,CAAC,CAAC,MAAM,CAAC,OAAO;YAChB,CAAC,CAAC,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ;gBAC9B,CAAC,CAAC,MAAM,CAAC,GAAG;gBACZ,CAAC,CAAC,SAAS,CAAC;QAChB,QAAQ,CAAC;IACX,MAAM,QAAQ,GAAG,YAAY,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IAExD,MAAM,QAAQ,GAAG,IAAI,CAAC;IACtB,IAAI,QAAQ,CAAC,MAAM,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IACjD,OAAO,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,GAAG,gBAAgB,CAAC;AACxD,CAAC"}
|
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
* redesigned to capture structured policy decisions (not just console output)
|
|
8
8
|
* before it can be connected end-to-end. See docs/audits/2026-02-25-openclaw-correctness-findings.md#C6.
|
|
9
9
|
*/
|
|
10
|
-
import type {
|
|
10
|
+
import type { ClawdstrikeConfig, HookHandler } from "../../types.js";
|
|
11
11
|
/**
|
|
12
12
|
* Initialize the hook with configuration
|
|
13
13
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../src/hooks/audit-logger/handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;
|
|
1
|
+
{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../src/hooks/audit-logger/handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,KAAK,EACV,iBAAiB,EAEjB,WAAW,EAGZ,MAAM,gBAAgB,CAAC;AAKxB;;GAEG;AACH,wBAAgB,UAAU,CAAC,MAAM,EAAE,iBAAiB,GAAG,IAAI,CAG1D;AAED;;GAEG;AACH,QAAA,MAAM,OAAO,EAAE,WAyBd,CAAC;AAyBF,eAAe,OAAO,CAAC"}
|
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
* redesigned to capture structured policy decisions (not just console output)
|
|
8
8
|
* before it can be connected end-to-end. See docs/audits/2026-02-25-openclaw-correctness-findings.md#C6.
|
|
9
9
|
*/
|
|
10
|
-
import { mergeConfig } from
|
|
10
|
+
import { mergeConfig } from "../../config.js";
|
|
11
11
|
/** Logger instance */
|
|
12
12
|
let logger = null;
|
|
13
13
|
/**
|
|
@@ -21,14 +21,14 @@ export function initialize(config) {
|
|
|
21
21
|
* Hook handler for audit logging
|
|
22
22
|
*/
|
|
23
23
|
const handler = async (event) => {
|
|
24
|
-
if (event.type !==
|
|
24
|
+
if (event.type !== "tool_result_persist") {
|
|
25
25
|
return;
|
|
26
26
|
}
|
|
27
27
|
const toolEvent = event;
|
|
28
|
-
const log = logger ?? createAuditLogger(
|
|
28
|
+
const log = logger ?? createAuditLogger("info");
|
|
29
29
|
const auditEntry = {
|
|
30
30
|
timestamp: new Date().toISOString(),
|
|
31
|
-
eventType:
|
|
31
|
+
eventType: "tool_result_persist",
|
|
32
32
|
sessionId: toolEvent.context.sessionId,
|
|
33
33
|
toolName: toolEvent.context.toolResult.toolName,
|
|
34
34
|
hasError: !!toolEvent.context.toolResult.error,
|
|
@@ -36,20 +36,20 @@ const handler = async (event) => {
|
|
|
36
36
|
};
|
|
37
37
|
// Log based on outcome
|
|
38
38
|
if (toolEvent.context.toolResult.error) {
|
|
39
|
-
log.warn(
|
|
39
|
+
log.warn("[AUDIT] Tool blocked", auditEntry);
|
|
40
40
|
}
|
|
41
|
-
else if (toolEvent.messages.some((m) => m.includes(
|
|
42
|
-
log.info(
|
|
41
|
+
else if (toolEvent.messages.some((m) => m.includes("Warning"))) {
|
|
42
|
+
log.info("[AUDIT] Tool executed with warnings", auditEntry);
|
|
43
43
|
}
|
|
44
44
|
else {
|
|
45
|
-
log.debug(
|
|
45
|
+
log.debug("[AUDIT] Tool executed", auditEntry);
|
|
46
46
|
}
|
|
47
47
|
};
|
|
48
48
|
/**
|
|
49
49
|
* Create audit logger with appropriate level filtering
|
|
50
50
|
*/
|
|
51
51
|
function createAuditLogger(level) {
|
|
52
|
-
const levels = [
|
|
52
|
+
const levels = ["debug", "info", "warn", "error"];
|
|
53
53
|
const minLevel = levels.indexOf(level);
|
|
54
54
|
return {
|
|
55
55
|
debug: (...args) => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"handler.js","sourceRoot":"","sources":["../../../src/hooks/audit-logger/handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;
|
|
1
|
+
{"version":3,"file":"handler.js","sourceRoot":"","sources":["../../../src/hooks/audit-logger/handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAS9C,sBAAsB;AACtB,IAAI,MAAM,GAAkB,IAAI,CAAC;AAEjC;;GAEG;AACH,MAAM,UAAU,UAAU,CAAC,MAAyB;IAClD,MAAM,YAAY,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IACzC,MAAM,GAAG,iBAAiB,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;AACpD,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,GAAgB,KAAK,EAAE,KAAgB,EAAiB,EAAE;IACrE,IAAI,KAAK,CAAC,IAAI,KAAK,qBAAqB,EAAE,CAAC;QACzC,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,KAA+B,CAAC;IAClD,MAAM,GAAG,GAAG,MAAM,IAAI,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAEhD,MAAM,UAAU,GAAG;QACjB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,SAAS,EAAE,qBAAqB;QAChC,SAAS,EAAE,SAAS,CAAC,OAAO,CAAC,SAAS;QACtC,QAAQ,EAAE,SAAS,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ;QAC/C,QAAQ,EAAE,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK;QAC9C,YAAY,EAAE,SAAS,CAAC,QAAQ,CAAC,MAAM;KACxC,CAAC;IAEF,uBAAuB;IACvB,IAAI,SAAS,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;QACvC,GAAG,CAAC,IAAI,CAAC,sBAAsB,EAAE,UAAU,CAAC,CAAC;IAC/C,CAAC;SAAM,IAAI,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;QACjE,GAAG,CAAC,IAAI,CAAC,qCAAqC,EAAE,UAAU,CAAC,CAAC;IAC9D,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,KAAK,CAAC,uBAAuB,EAAE,UAAU,CAAC,CAAC;IACjD,CAAC;AACH,CAAC,CAAC;AAEF;;GAEG;AACH,SAAS,iBAAiB,CAAC,KAAa;IACtC,MAAM,MAAM,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IAClD,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAEvC,OAAO;QACL,KAAK,EAAE,CAAC,GAAG,IAAI,EAAE,EAAE;YACjB,IAAI,QAAQ,IAAI,CAAC;gBAAE,OAAO,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,CAAC;QAC5C,CAAC;QACD,IAAI,EAAE,CAAC,GAAG,IAAI,EAAE,EAAE;YAChB,IAAI,QAAQ,IAAI,CAAC;gBAAE,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;QAC3C,CAAC;QACD,IAAI,EAAE,CAAC,GAAG,IAAI,EAAE,EAAE;YAChB,IAAI,QAAQ,IAAI,CAAC;gBAAE,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;QAC3C,CAAC;QACD,KAAK,EAAE,CAAC,GAAG,IAAI,EAAE,EAAE;YACjB,IAAI,QAAQ,IAAI,CAAC;gBAAE,OAAO,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,CAAC;QAC5C,CAAC;KACF,CAAC;AACJ,CAAC;AAED,eAAe,OAAO,CAAC"}
|
|
@@ -11,15 +11,15 @@
|
|
|
11
11
|
* Design: fail-closed on unknown CUA action types. Non-CUA tool calls are
|
|
12
12
|
* passed through unchanged (no regression on existing behavior).
|
|
13
13
|
*/
|
|
14
|
-
import { type PolicyEvent } from
|
|
15
|
-
import type {
|
|
14
|
+
import { type PolicyEvent } from "@clawdstrike/adapter-core";
|
|
15
|
+
import type { ClawdstrikeConfig, HookHandler } from "../../types.js";
|
|
16
16
|
export declare const CUA_ERROR_CODES: {
|
|
17
17
|
readonly UNKNOWN_ACTION: "OCLAW_CUA_UNKNOWN_ACTION";
|
|
18
18
|
readonly MISSING_METADATA: "OCLAW_CUA_MISSING_METADATA";
|
|
19
19
|
readonly SESSION_MISSING: "OCLAW_CUA_SESSION_MISSING";
|
|
20
20
|
};
|
|
21
21
|
/** Maps recognized CUA action tokens to factory method selectors. */
|
|
22
|
-
type CuaActionKind =
|
|
22
|
+
type CuaActionKind = "connect" | "disconnect" | "reconnect" | "input_inject" | "clipboard_read" | "clipboard_write" | "file_upload" | "file_download" | "session_share" | "audio" | "drive_mapping" | "printing";
|
|
23
23
|
/**
|
|
24
24
|
* Initialize the hook with configuration.
|
|
25
25
|
* Delegates to the shared engine holder so all hooks share one PolicyEngine.
|
|
@@ -53,5 +53,5 @@ export declare function buildCuaEvent(sessionId: string, kind: CuaActionKind, pa
|
|
|
53
53
|
*/
|
|
54
54
|
declare const handler: HookHandler;
|
|
55
55
|
export default handler;
|
|
56
|
-
export { classifyCuaAction, extractActionToken, type CuaActionKind
|
|
56
|
+
export { classifyCuaAction, extractActionToken, type CuaActionKind };
|
|
57
57
|
//# sourceMappingURL=handler.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../src/hooks/cua-bridge/handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,
|
|
1
|
+
{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../src/hooks/cua-bridge/handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAGL,KAAK,WAAW,EAGjB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,KAAK,EAGV,iBAAiB,EAEjB,WAAW,EAGZ,MAAM,gBAAgB,CAAC;AAMxB,eAAO,MAAM,eAAe;;;;CAIlB,CAAC;AAiBX,qEAAqE;AACrE,KAAK,aAAa,GACd,SAAS,GACT,YAAY,GACZ,WAAW,GACX,cAAc,GACd,gBAAgB,GAChB,iBAAiB,GACjB,aAAa,GACb,eAAe,GACf,eAAe,GACf,OAAO,GACP,eAAe,GACf,UAAU,CAAC;AA8Bf;;;GAGG;AACH,wBAAgB,UAAU,CAAC,MAAM,EAAE,iBAAiB,GAAG,IAAI,CAE1D;AAeD;;GAEG;AACH,wBAAgB,aAAa,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAYxF;AAED;;GAEG;AACH,iBAAS,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,GAAG,IAAI,CAsB5F;AAED;;;GAGG;AACH,iBAAS,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI,CAO9D;AAID;;GAEG;AACH,wBAAgB,aAAa,CAC3B,SAAS,EAAE,MAAM,EACjB,IAAI,EAAE,aAAa,EACnB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC9B,WAAW,CAsDb;AAkBD;;;;;;;;GAQG;AACH,QAAA,MAAM,OAAO,EAAE,WA0Hd,CAAC;AAEF,eAAe,OAAO,CAAC;AAGvB,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,KAAK,aAAa,EAAE,CAAC"}
|