@frontmcp/plugins 0.4.0 → 0.5.0

package/src/codecall/services/audit-logger.service.d.ts

@@ -0,0 +1,186 @@
+/**
+ * Audit event types for CodeCall operations.
+ */
+export declare const AUDIT_EVENT_TYPES: {
+    /** Script execution started */
+    readonly EXECUTION_START: "codecall:execution:start";
+    /** Script execution completed successfully */
+    readonly EXECUTION_SUCCESS: "codecall:execution:success";
+    /** Script execution failed */
+    readonly EXECUTION_FAILURE: "codecall:execution:failure";
+    /** Script execution timed out */
+    readonly EXECUTION_TIMEOUT: "codecall:execution:timeout";
+    /** Tool call initiated from script */
+    readonly TOOL_CALL_START: "codecall:tool:call:start";
+    /** Tool call completed successfully */
+    readonly TOOL_CALL_SUCCESS: "codecall:tool:call:success";
+    /** Tool call failed */
+    readonly TOOL_CALL_FAILURE: "codecall:tool:call:failure";
+    /** Self-reference attack blocked */
+    readonly SECURITY_SELF_REFERENCE: "codecall:security:self-reference";
+    /** Tool access denied */
+    readonly SECURITY_ACCESS_DENIED: "codecall:security:access-denied";
+    /** AST validation failed (blocked code pattern) */
+    readonly SECURITY_AST_BLOCKED: "codecall:security:ast-blocked";
+    /** Search performed */
+    readonly SEARCH_PERFORMED: "codecall:search:performed";
+    /** Tool described */
+    readonly DESCRIBE_PERFORMED: "codecall:describe:performed";
+    /** Direct invoke performed */
+    readonly INVOKE_PERFORMED: "codecall:invoke:performed";
+};
+export type AuditEventType = (typeof AUDIT_EVENT_TYPES)[keyof typeof AUDIT_EVENT_TYPES];
+/**
+ * Base audit event structure.
+ */
+export interface AuditEvent {
+    /** Event type */
+    type: AuditEventType;
+    /** ISO timestamp */
+    timestamp: string;
+    /** Unique execution ID for correlation */
+    executionId: string;
+    /** Duration in milliseconds (if applicable) */
+    durationMs?: number;
+    /** Additional event-specific data */
+    data?: Record<string, unknown>;
+}
+/**
+ * Execution audit event with script details.
+ */
+export interface ExecutionAuditEvent extends AuditEvent {
+    type: typeof AUDIT_EVENT_TYPES.EXECUTION_START | typeof AUDIT_EVENT_TYPES.EXECUTION_SUCCESS | typeof AUDIT_EVENT_TYPES.EXECUTION_FAILURE | typeof AUDIT_EVENT_TYPES.EXECUTION_TIMEOUT;
+    data: {
+        /** Script hash (NOT the full script - security!) */
+        scriptHash: string;
+        /** Script length in characters */
+        scriptLength: number;
+        /** Number of tool calls made */
+        toolCallCount?: number;
+        /** Error message (sanitized) if failed */
+        error?: string;
+    };
+}
+/**
+ * Tool call audit event.
+ */
+export interface ToolCallAuditEvent extends AuditEvent {
+    type: typeof AUDIT_EVENT_TYPES.TOOL_CALL_START | typeof AUDIT_EVENT_TYPES.TOOL_CALL_SUCCESS | typeof AUDIT_EVENT_TYPES.TOOL_CALL_FAILURE;
+    data: {
+        /** Tool name */
+        toolName: string;
+        /** Call depth (nested calls) */
+        callDepth: number;
+        /** Error code if failed */
+        errorCode?: string;
+    };
+}
+/**
+ * Security audit event.
+ */
+export interface SecurityAuditEvent extends AuditEvent {
+    type: typeof AUDIT_EVENT_TYPES.SECURITY_SELF_REFERENCE | typeof AUDIT_EVENT_TYPES.SECURITY_ACCESS_DENIED | typeof AUDIT_EVENT_TYPES.SECURITY_AST_BLOCKED;
+    data: {
+        /** What was blocked */
+        blocked: string;
+        /** Reason for blocking */
+        reason: string;
+    };
+}
+/**
+ * Audit event listener function type.
+ */
+export type AuditEventListener = (event: AuditEvent) => void;
+/**
+ * Audit Logger Service
+ *
+ * Provides centralized audit logging for all CodeCall operations.
+ * Uses the SDK event emitter pattern for integration with external systems.
+ *
+ * Security considerations:
+ * - NEVER logs full scripts (only hashes)
+ * - NEVER logs tool inputs/outputs (only metadata)
+ * - NEVER logs sensitive error details (only sanitized messages)
+ * - All events include execution ID for correlation
+ */
+export declare class AuditLoggerService {
+    private listeners;
+    private executionCounter;
+    /**
+     * Subscribe to audit events.
+     *
+     * @param listener - Function to call when events occur
+     * @returns Unsubscribe function
+     */
+    subscribe(listener: AuditEventListener): () => void;
+    /**
+     * Generate a unique execution ID.
+     */
+    generateExecutionId(): string;
+    /**
+     * Log execution start.
+     */
+    logExecutionStart(executionId: string, script: string): void;
+    /**
+     * Log execution success.
+     */
+    logExecutionSuccess(executionId: string, script: string, durationMs: number, toolCallCount: number): void;
+    /**
+     * Log execution failure.
+     */
+    logExecutionFailure(executionId: string, script: string, durationMs: number, error: string): void;
+    /**
+     * Log execution timeout.
+     */
+    logExecutionTimeout(executionId: string, script: string, durationMs: number): void;
+    /**
+     * Log tool call start.
+     */
+    logToolCallStart(executionId: string, toolName: string, callDepth: number): void;
+    /**
+     * Log tool call success.
+     */
+    logToolCallSuccess(executionId: string, toolName: string, callDepth: number, durationMs: number): void;
+    /**
+     * Log tool call failure.
+     */
+    logToolCallFailure(executionId: string, toolName: string, callDepth: number, durationMs: number, errorCode: string): void;
+    /**
+     * Log security event: self-reference blocked.
+     */
+    logSecuritySelfReference(executionId: string, toolName: string): void;
+    /**
+     * Log security event: access denied.
+     */
+    logSecurityAccessDenied(executionId: string, toolName: string, reason: string): void;
+    /**
+     * Log security event: AST validation blocked.
+     */
+    logSecurityAstBlocked(executionId: string, pattern: string, reason: string): void;
+    /**
+     * Log search operation.
+     */
+    logSearch(executionId: string, query: string, resultCount: number, durationMs: number): void;
+    /**
+     * Log describe operation.
+     */
+    logDescribe(executionId: string, toolNames: string[], durationMs: number): void;
+    /**
+     * Log invoke operation.
+     */
+    logInvoke(executionId: string, toolName: string, success: boolean, durationMs: number): void;
+    /**
+     * Emit an audit event to all listeners.
+     */
+    private emit;
+    /**
+     * Create a simple hash of the script for identification.
+     * Uses a fast, non-cryptographic hash for performance.
+     */
+    private hashScript;
+    /**
+     * Sanitize error messages to remove sensitive information.
+     */
+    private sanitizeError;
+}
+export default AuditLoggerService;

package/src/codecall/services/audit-logger.service.js

@@ -0,0 +1,322 @@
+"use strict";
+// file: libs/plugins/src/codecall/services/audit-logger.service.ts
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuditLoggerService = exports.AUDIT_EVENT_TYPES = void 0;
+const tslib_1 = require("tslib");
+const sdk_1 = require("@frontmcp/sdk");
+/**
+ * Audit event types for CodeCall operations.
+ */
+exports.AUDIT_EVENT_TYPES = {
+    /** Script execution started */
+    EXECUTION_START: 'codecall:execution:start',
+    /** Script execution completed successfully */
+    EXECUTION_SUCCESS: 'codecall:execution:success',
+    /** Script execution failed */
+    EXECUTION_FAILURE: 'codecall:execution:failure',
+    /** Script execution timed out */
+    EXECUTION_TIMEOUT: 'codecall:execution:timeout',
+    /** Tool call initiated from script */
+    TOOL_CALL_START: 'codecall:tool:call:start',
+    /** Tool call completed successfully */
+    TOOL_CALL_SUCCESS: 'codecall:tool:call:success',
+    /** Tool call failed */
+    TOOL_CALL_FAILURE: 'codecall:tool:call:failure',
+    /** Self-reference attack blocked */
+    SECURITY_SELF_REFERENCE: 'codecall:security:self-reference',
+    /** Tool access denied */
+    SECURITY_ACCESS_DENIED: 'codecall:security:access-denied',
+    /** AST validation failed (blocked code pattern) */
+    SECURITY_AST_BLOCKED: 'codecall:security:ast-blocked',
+    /** Search performed */
+    SEARCH_PERFORMED: 'codecall:search:performed',
+    /** Tool described */
+    DESCRIBE_PERFORMED: 'codecall:describe:performed',
+    /** Direct invoke performed */
+    INVOKE_PERFORMED: 'codecall:invoke:performed',
+};
+/**
+ * Audit Logger Service
+ *
+ * Provides centralized audit logging for all CodeCall operations.
+ * Uses the SDK event emitter pattern for integration with external systems.
+ *
+ * Security considerations:
+ * - NEVER logs full scripts (only hashes)
+ * - NEVER logs tool inputs/outputs (only metadata)
+ * - NEVER logs sensitive error details (only sanitized messages)
+ * - All events include execution ID for correlation
+ */
+let AuditLoggerService = class AuditLoggerService {
+    listeners = new Set();
+    executionCounter = 0;
+    /**
+     * Subscribe to audit events.
+     *
+     * @param listener - Function to call when events occur
+     * @returns Unsubscribe function
+     */
+    subscribe(listener) {
+        this.listeners.add(listener);
+        return () => {
+            this.listeners.delete(listener);
+        };
+    }
+    /**
+     * Generate a unique execution ID.
+     */
+    generateExecutionId() {
+        const timestamp = Date.now().toString(36);
+        const counter = (++this.executionCounter).toString(36).padStart(4, '0');
+        const random = Math.random().toString(36).substring(2, 8);
+        return `exec_${timestamp}_${counter}_${random}`;
+    }
+    /**
+     * Log execution start.
+     */
+    logExecutionStart(executionId, script) {
+        this.emit({
+            type: exports.AUDIT_EVENT_TYPES.EXECUTION_START,
+            timestamp: new Date().toISOString(),
+            executionId,
+            data: {
+                scriptHash: this.hashScript(script),
+                scriptLength: script.length,
+            },
+        });
+    }
+    /**
+     * Log execution success.
+     */
+    logExecutionSuccess(executionId, script, durationMs, toolCallCount) {
+        this.emit({
+            type: exports.AUDIT_EVENT_TYPES.EXECUTION_SUCCESS,
+            timestamp: new Date().toISOString(),
+            executionId,
+            durationMs,
+            data: {
+                scriptHash: this.hashScript(script),
+                scriptLength: script.length,
+                toolCallCount,
+            },
+        });
+    }
+    /**
+     * Log execution failure.
+     */
+    logExecutionFailure(executionId, script, durationMs, error) {
+        this.emit({
+            type: exports.AUDIT_EVENT_TYPES.EXECUTION_FAILURE,
+            timestamp: new Date().toISOString(),
+            executionId,
+            durationMs,
+            data: {
+                scriptHash: this.hashScript(script),
+                scriptLength: script.length,
+                error: this.sanitizeError(error),
+            },
+        });
+    }
+    /**
+     * Log execution timeout.
+     */
+    logExecutionTimeout(executionId, script, durationMs) {
+        this.emit({
+            type: exports.AUDIT_EVENT_TYPES.EXECUTION_TIMEOUT,
+            timestamp: new Date().toISOString(),
+            executionId,
+            durationMs,
+            data: {
+                scriptHash: this.hashScript(script),
+                scriptLength: script.length,
+            },
+        });
+    }
+    /**
+     * Log tool call start.
+     */
+    logToolCallStart(executionId, toolName, callDepth) {
+        this.emit({
+            type: exports.AUDIT_EVENT_TYPES.TOOL_CALL_START,
+            timestamp: new Date().toISOString(),
+            executionId,
+            data: {
+                toolName,
+                callDepth,
+            },
+        });
+    }
+    /**
+     * Log tool call success.
+     */
+    logToolCallSuccess(executionId, toolName, callDepth, durationMs) {
+        this.emit({
+            type: exports.AUDIT_EVENT_TYPES.TOOL_CALL_SUCCESS,
+            timestamp: new Date().toISOString(),
+            executionId,
+            durationMs,
+            data: {
+                toolName,
+                callDepth,
+            },
+        });
+    }
+    /**
+     * Log tool call failure.
+     */
+    logToolCallFailure(executionId, toolName, callDepth, durationMs, errorCode) {
+        this.emit({
+            type: exports.AUDIT_EVENT_TYPES.TOOL_CALL_FAILURE,
+            timestamp: new Date().toISOString(),
+            executionId,
+            durationMs,
+            data: {
+                toolName,
+                callDepth,
+                errorCode,
+            },
+        });
+    }
+    /**
+     * Log security event: self-reference blocked.
+     */
+    logSecuritySelfReference(executionId, toolName) {
+        this.emit({
+            type: exports.AUDIT_EVENT_TYPES.SECURITY_SELF_REFERENCE,
+            timestamp: new Date().toISOString(),
+            executionId,
+            data: {
+                blocked: toolName,
+                reason: 'Self-reference attack: attempted to call CodeCall tool from within AgentScript',
+            },
+        });
+    }
+    /**
+     * Log security event: access denied.
+     */
+    logSecurityAccessDenied(executionId, toolName, reason) {
+        this.emit({
+            type: exports.AUDIT_EVENT_TYPES.SECURITY_ACCESS_DENIED,
+            timestamp: new Date().toISOString(),
+            executionId,
+            data: {
+                blocked: toolName,
+                reason: this.sanitizeError(reason),
+            },
+        });
+    }
+    /**
+     * Log security event: AST validation blocked.
+     */
+    logSecurityAstBlocked(executionId, pattern, reason) {
+        this.emit({
+            type: exports.AUDIT_EVENT_TYPES.SECURITY_AST_BLOCKED,
+            timestamp: new Date().toISOString(),
+            executionId,
+            data: {
+                blocked: pattern,
+                reason: this.sanitizeError(reason),
+            },
+        });
+    }
+    /**
+     * Log search operation.
+     */
+    logSearch(executionId, query, resultCount, durationMs) {
+        this.emit({
+            type: exports.AUDIT_EVENT_TYPES.SEARCH_PERFORMED,
+            timestamp: new Date().toISOString(),
+            executionId,
+            durationMs,
+            data: {
+                queryLength: query.length,
+                resultCount,
+            },
+        });
+    }
+    /**
+     * Log describe operation.
+     */
+    logDescribe(executionId, toolNames, durationMs) {
+        this.emit({
+            type: exports.AUDIT_EVENT_TYPES.DESCRIBE_PERFORMED,
+            timestamp: new Date().toISOString(),
+            executionId,
+            durationMs,
+            data: {
+                toolCount: toolNames.length,
+                toolNames: toolNames.slice(0, 10), // Limit to first 10 for audit
+            },
+        });
+    }
+    /**
+     * Log invoke operation.
+     */
+    logInvoke(executionId, toolName, success, durationMs) {
+        this.emit({
+            type: exports.AUDIT_EVENT_TYPES.INVOKE_PERFORMED,
+            timestamp: new Date().toISOString(),
+            executionId,
+            durationMs,
+            data: {
+                toolName,
+                success,
+            },
+        });
+    }
+    /**
+     * Emit an audit event to all listeners.
+     */
+    emit(event) {
+        // Freeze the event to prevent modification
+        const frozenEvent = Object.freeze({ ...event, data: Object.freeze({ ...event.data }) });
+        for (const listener of this.listeners) {
+            try {
+                listener(frozenEvent);
+            }
+            catch {
+                // Never let listener errors propagate
+            }
+        }
+    }
+    /**
+     * Create a simple hash of the script for identification.
+     * Uses a fast, non-cryptographic hash for performance.
+     */
+    hashScript(script) {
+        let hash = 0;
+        for (let i = 0; i < script.length; i++) {
+            const char = script.charCodeAt(i);
+            hash = (hash << 5) - hash + char;
+            hash = hash & hash; // Convert to 32bit integer
+        }
+        return `sh_${(hash >>> 0).toString(16).padStart(8, '0')}`;
+    }
+    /**
+     * Sanitize error messages to remove sensitive information.
+     */
+    sanitizeError(error) {
+        if (!error)
+            return 'Unknown error';
+        // Remove file paths
+        let sanitized = error.replace(/(?:\/[\w.-]+)+|(?:[A-Za-z]:\\[\w\\.-]+)+/g, '[path]');
+        // Remove line numbers
+        sanitized = sanitized.replace(/:\d+:\d+/g, '');
+        // Remove stack traces
+        sanitized = sanitized.replace(/\n\s*at .*/g, '');
+        // Truncate
+        if (sanitized.length > 200) {
+            sanitized = sanitized.substring(0, 200) + '...';
+        }
+        return sanitized.trim();
+    }
+};
+exports.AuditLoggerService = AuditLoggerService;
+exports.AuditLoggerService = AuditLoggerService = tslib_1.__decorate([
+    (0, sdk_1.Provider)({
+        name: 'codecall:audit-logger',
+        scope: sdk_1.ProviderScope.GLOBAL,
+    })
+], AuditLoggerService);
+exports.default = AuditLoggerService;
+//# sourceMappingURL=audit-logger.service.js.map

package/src/codecall/services/audit-logger.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit-logger.service.js","sourceRoot":"","sources":["../../../../src/codecall/services/audit-logger.service.ts"],"names":[],"mappings":";AAAA,mEAAmE;;;;AAEnE,uCAAwD;AAExD;;GAEG;AACU,QAAA,iBAAiB,GAAG;IAC/B,+BAA+B;IAC/B,eAAe,EAAE,0BAA0B;IAC3C,8CAA8C;IAC9C,iBAAiB,EAAE,4BAA4B;IAC/C,8BAA8B;IAC9B,iBAAiB,EAAE,4BAA4B;IAC/C,iCAAiC;IACjC,iBAAiB,EAAE,4BAA4B;IAE/C,sCAAsC;IACtC,eAAe,EAAE,0BAA0B;IAC3C,uCAAuC;IACvC,iBAAiB,EAAE,4BAA4B;IAC/C,uBAAuB;IACvB,iBAAiB,EAAE,4BAA4B;IAE/C,oCAAoC;IACpC,uBAAuB,EAAE,kCAAkC;IAC3D,yBAAyB;IACzB,sBAAsB,EAAE,iCAAiC;IACzD,mDAAmD;IACnD,oBAAoB,EAAE,+BAA+B;IAErD,uBAAuB;IACvB,gBAAgB,EAAE,2BAA2B;IAC7C,qBAAqB;IACrB,kBAAkB,EAAE,6BAA6B;IACjD,8BAA8B;IAC9B,gBAAgB,EAAE,2BAA2B;CACrC,CAAC;AAgFX;;;;;;;;;;;GAWG;AAKI,IAAM,kBAAkB,GAAxB,MAAM,kBAAkB;IACrB,SAAS,GAA4B,IAAI,GAAG,EAAE,CAAC;IAC/C,gBAAgB,GAAG,CAAC,CAAC;IAE7B;;;;;OAKG;IACH,SAAS,CAAC,QAA4B;QACpC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC7B,OAAO,GAAG,EAAE;YACV,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAClC,CAAC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,mBAAmB;QACjB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QAC1C,MAAM,OAAO,GAAG,CAAC,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACxE,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC1D,OAAO,QAAQ,SAAS,IAAI,OAAO,IAAI,MAAM,EAAE,CAAC;IAClD,CAAC;IAED;;OAEG;IACH,iBAAiB,CAAC,WAAmB,EAAE,MAAc;QACnD,IAAI,CAAC,IAAI,CAAC;YACR,IAAI,EAAE,yBAAiB,CAAC,eAAe;YACvC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW;YACX,IAAI,EAAE;gBACJ,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC;gBACnC,YAAY,EAAE,MAAM,CAAC,MAAM;aAC5B;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,WAAmB,EAAE,MAAc,EAAE,UAAkB,EAAE,aAAqB;QAChG,IAAI,CAAC,IAAI,CAAC;YACR,IAAI,EAAE,yBAAiB,CAAC,iBAAiB;YACzC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW;YACX,UAAU;YACV,IAAI,EAAE;gBACJ,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC;gBACnC,YAAY,EAAE,MAAM,CAAC,MAAM;gBAC3B,aAAa;aACd;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,WAAmB,EAAE,MAAc,EAAE,UAAkB,EAAE,KAAa;QACxF,IAAI,CAAC,IAAI,CAAC;YACR,IAAI,EAAE,yBAAiB,CAAC,iBAAiB;YACzC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW;YACX,UAAU;YACV,IAAI,EAAE;gBACJ,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC;gBACnC,YAAY,EAAE,MAAM,CAAC,MAAM;gBAC3B,KAAK,EAAE,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC;aACjC;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,WAAmB,EAAE,MAAc,EAAE,UAAkB;QACzE,IAAI,CAAC,IAAI,CAAC;YACR,IAAI,EAAE,yBAAiB,CAAC,iBAAiB;YACzC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW;YACX,UAAU;YACV,IAAI,EAAE;gBACJ,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC;gBACnC,YAAY,EAAE,MAAM,CAAC,MAAM;aAC5B;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,WAAmB,EAAE,QAAgB,EAAE,SAAiB;QACvE,IAAI,CAAC,IAAI,CAAC;YACR,IAAI,EAAE,yBAAiB,CAAC,eAAe;YACvC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW;YACX,IAAI,EAAE;gBACJ,QAAQ;gBACR,SAAS;aACV;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,kBAAkB,CAAC,WAAmB,EAAE,QAAgB,EAAE,SAAiB,EAAE,UAAkB;QAC7F,IAAI,CAAC,IAAI,CAAC;YACR,IAAI,EAAE,yBAAiB,CAAC,iBAAiB;YACzC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW;YACX,UAAU;YACV,IAAI,EAAE;gBACJ,QAAQ;gBACR,SAAS;aACV;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,kBAAkB,CAChB,WAAmB,EACnB,QAAgB,EAChB,SAAiB,EACjB,UAAkB,EAClB,SAAiB;QAEjB,IAAI,CAAC,IAAI,CAAC;YACR,IAAI,EAAE,yBAAiB,CAAC,iBAAiB;YACzC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW;YACX,UAAU;YACV,IAAI,EAAE;gBACJ,QAAQ;gBACR,SAAS;gBACT,SAAS;aACV;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,wBAAwB,CAAC,WAAmB,EAAE,QAAgB;QAC5D,IAAI,CAAC,IAAI,CAAC;YACR,IAAI,EAAE,yBAAiB,CAAC,uBAAuB;YAC/C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW;YACX,IAAI,EAAE;gBACJ,OAAO,EAAE,QAAQ;gBACjB,MAAM,EAAE,gFAAgF;aACzF;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,uBAAuB,CAAC,WAAmB,EAAE,QAAgB,EAAE,MAAc;QAC3E,IAAI,CAAC,IAAI,CAAC;YACR,IAAI,EAAE,yBAAiB,CAAC,sBAAsB;YAC9C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW;YACX,IAAI,EAAE;gBACJ,OAAO,EAAE,QAAQ;gBACjB,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC;aACnC;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,qBAAqB,CAAC,WAAmB,EAAE,OAAe,EAAE,MAAc;QACxE,IAAI,CAAC,IAAI,CAAC;YACR,IAAI,EAAE,yBAAiB,CAAC,oBAAoB;YAC5C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW;YACX,IAAI,EAAE;gBACJ,OAAO,EAAE,OAAO;gBAChB,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC;aACnC;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,WAAmB,EAAE,KAAa,EAAE,WAAmB,EAAE,UAAkB;QACnF,IAAI,CAAC,IAAI,CAAC;YACR,IAAI,EAAE,yBAAiB,CAAC,gBAAgB;YACxC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW;YACX,UAAU;YACV,IAAI,EAAE;gBACJ,WAAW,EAAE,KAAK,CAAC,MAAM;gBACzB,WAAW;aACZ;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,WAAmB,EAAE,SAAmB,EAAE,UAAkB;QACtE,IAAI,CAAC,IAAI,CAAC;YACR,IAAI,EAAE,yBAAiB,CAAC,kBAAkB;YAC1C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW;YACX,UAAU;YACV,IAAI,EAAE;gBACJ,SAAS,EAAE,SAAS,CAAC,MAAM;gBAC3B,SAAS,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,8BAA8B;aAClE;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,WAAmB,EAAE,QAAgB,EAAE,OAAgB,EAAE,UAAkB;QACnF,IAAI,CAAC,IAAI,CAAC;YACR,IAAI,EAAE,yBAAiB,CAAC,gBAAgB;YACxC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW;YACX,UAAU;YACV,IAAI,EAAE;gBACJ,QAAQ;gBACR,OAAO;aACR;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,IAAI,CAAC,KAAiB;QAC5B,2CAA2C;QAC3C,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,GAAG,KAAK,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;QAExF,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACtC,IAAI,CAAC;gBACH,QAAQ,CAAC,WAAW,CAAC,CAAC;YACxB,CAAC;YAAC,MAAM,CAAC;gBACP,sCAAsC;YACxC,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,UAAU,CAAC,MAAc;QAC/B,IAAI,IAAI,GAAG,CAAC,CAAC;QACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACvC,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YAClC,IAAI,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC;YACjC,IAAI,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,2BAA2B;QACjD,CAAC;QACD,OAAO,MAAM,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC;IAC5D,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,KAAa;QACjC,IAAI,CAAC,KAAK;YAAE,OAAO,eAAe,CAAC;QAEnC,oBAAoB;QACpB,IAAI,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,2CAA2C,EAAE,QAAQ,CAAC,CAAC;QAErF,sBAAsB;QACtB,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QAE/C,sBAAsB;QACtB,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QAEjD,WAAW;QACX,IAAI,SAAS,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YAC3B,SAAS,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC;QAClD,CAAC;QAED,OAAO,SAAS,CAAC,IAAI,EAAE,CAAC;IAC1B,CAAC;CACF,CAAA;AAnSY,gDAAkB;6BAAlB,kBAAkB;IAJ9B,IAAA,cAAQ,EAAC;QACR,IAAI,EAAE,uBAAuB;QAC7B,KAAK,EAAE,mBAAa,CAAC,MAAM;KAC5B,CAAC;GACW,kBAAkB,CAmS9B;AAED,kBAAe,kBAAkB,CAAC","sourcesContent":["// file: libs/plugins/src/codecall/services/audit-logger.service.ts\n\nimport { Provider, ProviderScope } from '@frontmcp/sdk';\n\n/**\n * Audit event types for CodeCall operations.\n */\nexport const AUDIT_EVENT_TYPES = {\n  /** Script execution started */\n  EXECUTION_START: 'codecall:execution:start',\n  /** Script execution completed successfully */\n  EXECUTION_SUCCESS: 'codecall:execution:success',\n  /** Script execution failed */\n  EXECUTION_FAILURE: 'codecall:execution:failure',\n  /** Script execution timed out */\n  EXECUTION_TIMEOUT: 'codecall:execution:timeout',\n\n  /** Tool call initiated from script */\n  TOOL_CALL_START: 'codecall:tool:call:start',\n  /** Tool call completed successfully */\n  TOOL_CALL_SUCCESS: 'codecall:tool:call:success',\n  /** Tool call failed */\n  TOOL_CALL_FAILURE: 'codecall:tool:call:failure',\n\n  /** Self-reference attack blocked */\n  SECURITY_SELF_REFERENCE: 'codecall:security:self-reference',\n  /** Tool access denied */\n  SECURITY_ACCESS_DENIED: 'codecall:security:access-denied',\n  /** AST validation failed (blocked code pattern) */\n  SECURITY_AST_BLOCKED: 'codecall:security:ast-blocked',\n\n  /** Search performed */\n  SEARCH_PERFORMED: 'codecall:search:performed',\n  /** Tool described */\n  DESCRIBE_PERFORMED: 'codecall:describe:performed',\n  /** Direct invoke performed */\n  INVOKE_PERFORMED: 'codecall:invoke:performed',\n} as const;\n\nexport type AuditEventType = (typeof AUDIT_EVENT_TYPES)[keyof typeof AUDIT_EVENT_TYPES];\n\n/**\n * Base audit event structure.\n */\nexport interface AuditEvent {\n  /** Event type */\n  type: AuditEventType;\n  /** ISO timestamp */\n  timestamp: string;\n  /** Unique execution ID for correlation */\n  executionId: string;\n  /** Duration in milliseconds (if applicable) */\n  durationMs?: number;\n  /** Additional event-specific data */\n  data?: Record<string, unknown>;\n}\n\n/**\n * Execution audit event with script details.\n */\nexport interface ExecutionAuditEvent extends AuditEvent {\n  type:\n    | typeof AUDIT_EVENT_TYPES.EXECUTION_START\n    | typeof AUDIT_EVENT_TYPES.EXECUTION_SUCCESS\n    | typeof AUDIT_EVENT_TYPES.EXECUTION_FAILURE\n    | typeof AUDIT_EVENT_TYPES.EXECUTION_TIMEOUT;\n  data: {\n    /** Script hash (NOT the full script - security!) */\n    scriptHash: string;\n    /** Script length in characters */\n    scriptLength: number;\n    /** Number of tool calls made */\n    toolCallCount?: number;\n    /** Error message (sanitized) if failed */\n    error?: string;\n  };\n}\n\n/**\n * Tool call audit event.\n */\nexport interface ToolCallAuditEvent extends AuditEvent {\n  type:\n    | typeof AUDIT_EVENT_TYPES.TOOL_CALL_START\n    | typeof AUDIT_EVENT_TYPES.TOOL_CALL_SUCCESS\n    | typeof AUDIT_EVENT_TYPES.TOOL_CALL_FAILURE;\n  data: {\n    /** Tool name */\n    toolName: string;\n    /** Call depth (nested calls) */\n    callDepth: number;\n    /** Error code if failed */\n    errorCode?: string;\n  };\n}\n\n/**\n * Security audit event.\n */\nexport interface SecurityAuditEvent extends AuditEvent {\n  type:\n    | typeof AUDIT_EVENT_TYPES.SECURITY_SELF_REFERENCE\n    | typeof AUDIT_EVENT_TYPES.SECURITY_ACCESS_DENIED\n    | typeof AUDIT_EVENT_TYPES.SECURITY_AST_BLOCKED;\n  data: {\n    /** What was blocked */\n    blocked: string;\n    /** Reason for blocking */\n    reason: string;\n  };\n}\n\n/**\n * Audit event listener function type.\n */\nexport type AuditEventListener = (event: AuditEvent) => void;\n\n/**\n * Audit Logger Service\n *\n * Provides centralized audit logging for all CodeCall operations.\n * Uses the SDK event emitter pattern for integration with external systems.\n *\n * Security considerations:\n * - NEVER logs full scripts (only hashes)\n * - NEVER logs tool inputs/outputs (only metadata)\n * - NEVER logs sensitive error details (only sanitized messages)\n * - All events include execution ID for correlation\n */\n@Provider({\n  name: 'codecall:audit-logger',\n  scope: ProviderScope.GLOBAL,\n})\nexport class AuditLoggerService {\n  private listeners: Set<AuditEventListener> = new Set();\n  private executionCounter = 0;\n\n  /**\n   * Subscribe to audit events.\n   *\n   * @param listener - Function to call when events occur\n   * @returns Unsubscribe function\n   */\n  subscribe(listener: AuditEventListener): () => void {\n    this.listeners.add(listener);\n    return () => {\n      this.listeners.delete(listener);\n    };\n  }\n\n  /**\n   * Generate a unique execution ID.\n   */\n  generateExecutionId(): string {\n    const timestamp = Date.now().toString(36);\n    const counter = (++this.executionCounter).toString(36).padStart(4, '0');\n    const random = Math.random().toString(36).substring(2, 8);\n    return `exec_${timestamp}_${counter}_${random}`;\n  }\n\n  /**\n   * Log execution start.\n   */\n  logExecutionStart(executionId: string, script: string): void {\n    this.emit({\n      type: AUDIT_EVENT_TYPES.EXECUTION_START,\n      timestamp: new Date().toISOString(),\n      executionId,\n      data: {\n        scriptHash: this.hashScript(script),\n        scriptLength: script.length,\n      },\n    });\n  }\n\n  /**\n   * Log execution success.\n   */\n  logExecutionSuccess(executionId: string, script: string, durationMs: number, toolCallCount: number): void {\n    this.emit({\n      type: AUDIT_EVENT_TYPES.EXECUTION_SUCCESS,\n      timestamp: new Date().toISOString(),\n      executionId,\n      durationMs,\n      data: {\n        scriptHash: this.hashScript(script),\n        scriptLength: script.length,\n        toolCallCount,\n      },\n    });\n  }\n\n  /**\n   * Log execution failure.\n   */\n  logExecutionFailure(executionId: string, script: string, durationMs: number, error: string): void {\n    this.emit({\n      type: AUDIT_EVENT_TYPES.EXECUTION_FAILURE,\n      timestamp: new Date().toISOString(),\n      executionId,\n      durationMs,\n      data: {\n        scriptHash: this.hashScript(script),\n        scriptLength: script.length,\n        error: this.sanitizeError(error),\n      },\n    });\n  }\n\n  /**\n   * Log execution timeout.\n   */\n  logExecutionTimeout(executionId: string, script: string, durationMs: number): void {\n    this.emit({\n      type: AUDIT_EVENT_TYPES.EXECUTION_TIMEOUT,\n      timestamp: new Date().toISOString(),\n      executionId,\n      durationMs,\n      data: {\n        scriptHash: this.hashScript(script),\n        scriptLength: script.length,\n      },\n    });\n  }\n\n  /**\n   * Log tool call start.\n   */\n  logToolCallStart(executionId: string, toolName: string, callDepth: number): void {\n    this.emit({\n      type: AUDIT_EVENT_TYPES.TOOL_CALL_START,\n      timestamp: new Date().toISOString(),\n      executionId,\n      data: {\n        toolName,\n        callDepth,\n      },\n    });\n  }\n\n  /**\n   * Log tool call success.\n   */\n  logToolCallSuccess(executionId: string, toolName: string, callDepth: number, durationMs: number): void {\n    this.emit({\n      type: AUDIT_EVENT_TYPES.TOOL_CALL_SUCCESS,\n      timestamp: new Date().toISOString(),\n      executionId,\n      durationMs,\n      data: {\n        toolName,\n        callDepth,\n      },\n    });\n  }\n\n  /**\n   * Log tool call failure.\n   */\n  logToolCallFailure(\n    executionId: string,\n    toolName: string,\n    callDepth: number,\n    durationMs: number,\n    errorCode: string,\n  ): void {\n    this.emit({\n      type: AUDIT_EVENT_TYPES.TOOL_CALL_FAILURE,\n      timestamp: new Date().toISOString(),\n      executionId,\n      durationMs,\n      data: {\n        toolName,\n        callDepth,\n        errorCode,\n      },\n    });\n  }\n\n  /**\n   * Log security event: self-reference blocked.\n   */\n  logSecuritySelfReference(executionId: string, toolName: string): void {\n    this.emit({\n      type: AUDIT_EVENT_TYPES.SECURITY_SELF_REFERENCE,\n      timestamp: new Date().toISOString(),\n      executionId,\n      data: {\n        blocked: toolName,\n        reason: 'Self-reference attack: attempted to call CodeCall tool from within AgentScript',\n      },\n    });\n  }\n\n  /**\n   * Log security event: access denied.\n   */\n  logSecurityAccessDenied(executionId: string, toolName: string, reason: string): void {\n    this.emit({\n      type: AUDIT_EVENT_TYPES.SECURITY_ACCESS_DENIED,\n      timestamp: new Date().toISOString(),\n      executionId,\n      data: {\n        blocked: toolName,\n        reason: this.sanitizeError(reason),\n      },\n    });\n  }\n\n  /**\n   * Log security event: AST validation blocked.\n   */\n  logSecurityAstBlocked(executionId: string, pattern: string, reason: string): void {\n    this.emit({\n      type: AUDIT_EVENT_TYPES.SECURITY_AST_BLOCKED,\n      timestamp: new Date().toISOString(),\n      executionId,\n      data: {\n        blocked: pattern,\n        reason: this.sanitizeError(reason),\n      },\n    });\n  }\n\n  /**\n   * Log search operation.\n   */\n  logSearch(executionId: string, query: string, resultCount: number, durationMs: number): void {\n    this.emit({\n      type: AUDIT_EVENT_TYPES.SEARCH_PERFORMED,\n      timestamp: new Date().toISOString(),\n      executionId,\n      durationMs,\n      data: {\n        queryLength: query.length,\n        resultCount,\n      },\n    });\n  }\n\n  /**\n   * Log describe operation.\n   */\n  logDescribe(executionId: string, toolNames: string[], durationMs: number): void {\n    this.emit({\n      type: AUDIT_EVENT_TYPES.DESCRIBE_PERFORMED,\n      timestamp: new Date().toISOString(),\n      executionId,\n      durationMs,\n      data: {\n        toolCount: toolNames.length,\n        toolNames: toolNames.slice(0, 10), // Limit to first 10 for audit\n      },\n    });\n  }\n\n  /**\n   * Log invoke operation.\n   */\n  logInvoke(executionId: string, toolName: string, success: boolean, durationMs: number): void {\n    this.emit({\n      type: AUDIT_EVENT_TYPES.INVOKE_PERFORMED,\n      timestamp: new Date().toISOString(),\n      executionId,\n      durationMs,\n      data: {\n        toolName,\n        success,\n      },\n    });\n  }\n\n  /**\n   * Emit an audit event to all listeners.\n   */\n  private emit(event: AuditEvent): void {\n    // Freeze the event to prevent modification\n    const frozenEvent = Object.freeze({ ...event, data: Object.freeze({ ...event.data }) });\n\n    for (const listener of this.listeners) {\n      try {\n        listener(frozenEvent);\n      } catch {\n        // Never let listener errors propagate\n      }\n    }\n  }\n\n  /**\n   * Create a simple hash of the script for identification.\n   * Uses a fast, non-cryptographic hash for performance.\n   */\n  private hashScript(script: string): string {\n    let hash = 0;\n    for (let i = 0; i < script.length; i++) {\n      const char = script.charCodeAt(i);\n      hash = (hash << 5) - hash + char;\n      hash = hash & hash; // Convert to 32bit integer\n    }\n    return `sh_${(hash >>> 0).toString(16).padStart(8, '0')}`;\n  }\n\n  /**\n   * Sanitize error messages to remove sensitive information.\n   */\n  private sanitizeError(error: string): string {\n    if (!error) return 'Unknown error';\n\n    // Remove file paths\n    let sanitized = error.replace(/(?:\\/[\\w.-]+)+|(?:[A-Za-z]:\\\\[\\w\\\\.-]+)+/g, '[path]');\n\n    // Remove line numbers\n    sanitized = sanitized.replace(/:\\d+:\\d+/g, '');\n\n    // Remove stack traces\n    sanitized = sanitized.replace(/\\n\\s*at .*/g, '');\n\n    // Truncate\n    if (sanitized.length > 200) {\n      sanitized = sanitized.substring(0, 200) + '...';\n    }\n\n    return sanitized.trim();\n  }\n}\n\nexport default AuditLoggerService;\n"]}

package/src/codecall/services/enclave.service.d.ts

@@ -0,0 +1,62 @@
+import type CodeCallConfig from '../providers/code-call.config';
+import type { CodeCallVmEnvironment } from '../codecall.symbol';
+/**
+ * Result from enclave execution - maps to existing VmExecutionResult interface
+ */
+export interface EnclaveExecutionResult {
+    success: boolean;
+    result?: unknown;
+    error?: {
+        message: string;
+        name: string;
+        stack?: string;
+        code?: string;
+        toolName?: string;
+        toolInput?: unknown;
+        details?: unknown;
+        [key: string]: unknown;
+    };
+    logs: string[];
+    timedOut: boolean;
+    stats?: {
+        duration: number;
+        toolCallCount: number;
+        iterationCount: number;
+    };
+}
+/**
+ * Service for executing AgentScript code using enclave-vm
+ *
+ * This service wraps the Enclave class and provides:
+ * - Safe AgentScript execution with AST validation
+ * - Automatic code transformation (callTool -> __safe_callTool)
+ * - Runtime limits (timeout, iterations, tool calls)
+ * - Tool call integration with FrontMCP pipeline
+ */
+/**
+ * Error thrown when script exceeds maximum length and sidecar is disabled
+ */
+export declare class ScriptTooLargeError extends Error {
+    readonly code = "SCRIPT_TOO_LARGE";
+    readonly scriptLength: number;
+    readonly maxLength: number;
+    constructor(scriptLength: number, maxLength: number);
+}
+export default class EnclaveService {
+    private readonly vmOptions;
+    private readonly sidecarOptions;
+    constructor(config: CodeCallConfig);
+    /**
+     * Execute AgentScript code in the enclave
+     *
+     * @param code - The AgentScript code to execute (raw, not transformed)
+     * @param environment - The VM environment with callTool, getTool, etc.
+     * @returns Execution result with success/error and logs
+     * @throws ScriptTooLargeError if script exceeds max length and sidecar is disabled
+     */
+    execute(code: string, environment: CodeCallVmEnvironment): Promise<EnclaveExecutionResult>;
+    /**
+     * Map Enclave ExecutionResult to EnclaveExecutionResult
+     */
+    private mapEnclaveResult;
+}