npm - @getaegis/cli - Versions diffs - 0.8.0 → 0.9.0 - Mend

@getaegis/cli 0.8.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (242) hide show

package/README.md +43 -14
package/dist/agent/agent.d.ts +98 -0
package/dist/agent/agent.d.ts.map +1 -0
package/dist/agent/agent.js +212 -0
package/dist/agent/agent.js.map +1 -0
package/dist/agent/index.d.ts +3 -0
package/dist/agent/index.d.ts.map +1 -0
package/dist/agent/index.js +2 -0
package/dist/agent/index.js.map +1 -0
package/dist/cli/auth.d.ts +19 -0
package/dist/cli/auth.d.ts.map +1 -0
package/dist/cli/auth.js +44 -0
package/dist/cli/auth.js.map +1 -0
package/dist/cli/commands/agent.d.ts +6 -0
package/dist/cli/commands/agent.d.ts.map +1 -0
package/dist/cli/commands/agent.js +241 -0
package/dist/cli/commands/agent.js.map +1 -0
package/dist/cli/commands/config.d.ts +6 -0
package/dist/cli/commands/config.d.ts.map +1 -0
package/dist/cli/commands/config.js +125 -0
package/dist/cli/commands/config.js.map +1 -0
package/dist/cli/commands/dashboard.d.ts +6 -0
package/dist/cli/commands/dashboard.d.ts.map +1 -0
package/dist/cli/commands/dashboard.js +195 -0
package/dist/cli/commands/dashboard.js.map +1 -0
package/dist/cli/commands/db.d.ts +6 -0
package/dist/cli/commands/db.d.ts.map +1 -0
package/dist/cli/commands/db.js +139 -0
package/dist/cli/commands/db.js.map +1 -0
package/dist/cli/commands/doctor.d.ts +6 -0
package/dist/cli/commands/doctor.d.ts.map +1 -0
package/dist/cli/commands/doctor.js +39 -0
package/dist/cli/commands/doctor.js.map +1 -0
package/dist/cli/commands/gate.d.ts +6 -0
package/dist/cli/commands/gate.d.ts.map +1 -0
package/dist/cli/commands/gate.js +202 -0
package/dist/cli/commands/gate.js.map +1 -0
package/dist/cli/commands/init.d.ts +6 -0
package/dist/cli/commands/init.d.ts.map +1 -0
package/dist/cli/commands/init.js +175 -0
package/dist/cli/commands/init.js.map +1 -0
package/dist/cli/commands/key.d.ts +6 -0
package/dist/cli/commands/key.d.ts.map +1 -0
package/dist/cli/commands/key.js +49 -0
package/dist/cli/commands/key.js.map +1 -0
package/dist/cli/commands/ledger.d.ts +6 -0
package/dist/cli/commands/ledger.d.ts.map +1 -0
package/dist/cli/commands/ledger.js +140 -0
package/dist/cli/commands/ledger.js.map +1 -0
package/dist/cli/commands/mcp.d.ts +6 -0
package/dist/cli/commands/mcp.d.ts.map +1 -0
package/dist/cli/commands/mcp.js +224 -0
package/dist/cli/commands/mcp.js.map +1 -0
package/dist/cli/commands/policy.d.ts +6 -0
package/dist/cli/commands/policy.d.ts.map +1 -0
package/dist/cli/commands/policy.js +126 -0
package/dist/cli/commands/policy.js.map +1 -0
package/dist/cli/commands/user.d.ts +6 -0
package/dist/cli/commands/user.d.ts.map +1 -0
package/dist/cli/commands/user.js +150 -0
package/dist/cli/commands/user.js.map +1 -0
package/dist/cli/commands/vault-manager.d.ts +6 -0
package/dist/cli/commands/vault-manager.d.ts.map +1 -0
package/dist/cli/commands/vault-manager.js +240 -0
package/dist/cli/commands/vault-manager.js.map +1 -0
package/dist/cli/commands/vault.d.ts +6 -0
package/dist/cli/commands/vault.d.ts.map +1 -0
package/dist/cli/commands/vault.js +265 -0
package/dist/cli/commands/vault.js.map +1 -0
package/dist/cli/commands/webhook.d.ts +6 -0
package/dist/cli/commands/webhook.d.ts.map +1 -0
package/dist/cli/commands/webhook.js +151 -0
package/dist/cli/commands/webhook.js.map +1 -0
package/dist/cli/helpers.d.ts +12 -0
package/dist/cli/helpers.d.ts.map +1 -0
package/dist/cli/helpers.js +61 -0
package/dist/cli/helpers.js.map +1 -0
package/dist/cli/index.d.ts +19 -0
package/dist/cli/index.d.ts.map +1 -0
package/dist/cli/index.js +19 -0
package/dist/cli/index.js.map +1 -0
package/dist/cli/validation.d.ts +37 -0
package/dist/cli/validation.d.ts.map +1 -0
package/dist/cli/validation.js +104 -0
package/dist/cli/validation.js.map +1 -0
package/dist/cli.d.ts +3 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +37 -0
package/dist/cli.js.map +1 -0
package/dist/config.d.ts +120 -0
package/dist/config.d.ts.map +1 -0
package/dist/config.js +401 -0
package/dist/config.js.map +1 -0
package/dist/dashboard/dashboard-server.d.ts +95 -0
package/dist/dashboard/dashboard-server.d.ts.map +1 -0
package/dist/dashboard/dashboard-server.js +329 -0
package/dist/dashboard/dashboard-server.js.map +1 -0
package/dist/dashboard/index.d.ts +3 -0
package/dist/dashboard/index.d.ts.map +1 -0
package/dist/dashboard/index.js +2 -0
package/dist/dashboard/index.js.map +1 -0
package/dist/dashboard/public/assets/index-Cah0_BKk.js +148 -0
package/dist/dashboard/public/assets/index-CpMruPNh.css +1 -0
package/dist/dashboard/public/favicon.svg +6 -0
package/dist/dashboard/public/index.html +14 -0
package/dist/db.d.ts +27 -0
package/dist/db.d.ts.map +1 -0
package/dist/db.js +209 -0
package/dist/db.js.map +1 -0
package/dist/doctor.d.ts +37 -0
package/dist/doctor.d.ts.map +1 -0
package/dist/doctor.js +216 -0
package/dist/doctor.js.map +1 -0
package/dist/gate/body-inspector.d.ts +31 -0
package/dist/gate/body-inspector.d.ts.map +1 -0
package/dist/gate/body-inspector.js +193 -0
package/dist/gate/body-inspector.js.map +1 -0
package/dist/gate/gate.d.ts +190 -0
package/dist/gate/gate.d.ts.map +1 -0
package/dist/gate/gate.js +1243 -0
package/dist/gate/gate.js.map +1 -0
package/dist/gate/index.d.ts +7 -0
package/dist/gate/index.d.ts.map +1 -0
package/dist/gate/index.js +4 -0
package/dist/gate/index.js.map +1 -0
package/dist/gate/rate-limiter.d.ts +59 -0
package/dist/gate/rate-limiter.d.ts.map +1 -0
package/dist/gate/rate-limiter.js +120 -0
package/dist/gate/rate-limiter.js.map +1 -0
package/dist/index.d.ts +28 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +17 -0
package/dist/index.js.map +1 -0
package/dist/key-storage/credential-manager-windows.d.ts +19 -0
package/dist/key-storage/credential-manager-windows.d.ts.map +1 -0
package/dist/key-storage/credential-manager-windows.js +87 -0
package/dist/key-storage/credential-manager-windows.js.map +1 -0
package/dist/key-storage/file-fallback.d.ts +21 -0
package/dist/key-storage/file-fallback.d.ts.map +1 -0
package/dist/key-storage/file-fallback.js +62 -0
package/dist/key-storage/file-fallback.js.map +1 -0
package/dist/key-storage/index.d.ts +6 -0
package/dist/key-storage/index.d.ts.map +1 -0
package/dist/key-storage/index.js +6 -0
package/dist/key-storage/index.js.map +1 -0
package/dist/key-storage/key-storage.d.ts +41 -0
package/dist/key-storage/key-storage.d.ts.map +1 -0
package/dist/key-storage/key-storage.js +70 -0
package/dist/key-storage/key-storage.js.map +1 -0
package/dist/key-storage/keychain-macos.d.ts +19 -0
package/dist/key-storage/keychain-macos.d.ts.map +1 -0
package/dist/key-storage/keychain-macos.js +51 -0
package/dist/key-storage/keychain-macos.js.map +1 -0
package/dist/key-storage/secret-service-linux.d.ts +19 -0
package/dist/key-storage/secret-service-linux.d.ts.map +1 -0
package/dist/key-storage/secret-service-linux.js +55 -0
package/dist/key-storage/secret-service-linux.js.map +1 -0
package/dist/ledger/index.d.ts +3 -0
package/dist/ledger/index.d.ts.map +1 -0
package/dist/ledger/index.js +2 -0
package/dist/ledger/index.js.map +1 -0
package/dist/ledger/ledger.d.ts +98 -0
package/dist/ledger/ledger.d.ts.map +1 -0
package/dist/ledger/ledger.js +145 -0
package/dist/ledger/ledger.js.map +1 -0
package/dist/logger/index.d.ts +3 -0
package/dist/logger/index.d.ts.map +1 -0
package/dist/logger/index.js +2 -0
package/dist/logger/index.js.map +1 -0
package/dist/logger/logger.d.ts +58 -0
package/dist/logger/logger.d.ts.map +1 -0
package/dist/logger/logger.js +201 -0
package/dist/logger/logger.js.map +1 -0
package/dist/mcp/index.d.ts +3 -0
package/dist/mcp/index.d.ts.map +1 -0
package/dist/mcp/index.js +2 -0
package/dist/mcp/index.js.map +1 -0
package/dist/mcp/mcp-server.d.ts +130 -0
package/dist/mcp/mcp-server.d.ts.map +1 -0
package/dist/mcp/mcp-server.js +775 -0
package/dist/mcp/mcp-server.js.map +1 -0
package/dist/metrics/index.d.ts +3 -0
package/dist/metrics/index.d.ts.map +1 -0
package/dist/metrics/index.js +2 -0
package/dist/metrics/index.js.map +1 -0
package/dist/metrics/metrics.d.ts +88 -0
package/dist/metrics/metrics.d.ts.map +1 -0
package/dist/metrics/metrics.js +179 -0
package/dist/metrics/metrics.js.map +1 -0
package/dist/policy/index.d.ts +3 -0
package/dist/policy/index.d.ts.map +1 -0
package/dist/policy/index.js +2 -0
package/dist/policy/index.js.map +1 -0
package/dist/policy/policy.d.ts +119 -0
package/dist/policy/policy.d.ts.map +1 -0
package/dist/policy/policy.js +426 -0
package/dist/policy/policy.js.map +1 -0
package/dist/user/index.d.ts +3 -0
package/dist/user/index.d.ts.map +1 -0
package/dist/user/index.js +2 -0
package/dist/user/index.js.map +1 -0
package/dist/user/user.d.ts +102 -0
package/dist/user/user.d.ts.map +1 -0
package/dist/user/user.js +216 -0
package/dist/user/user.js.map +1 -0
package/dist/vault/crypto.d.ts +28 -0
package/dist/vault/crypto.d.ts.map +1 -0
package/dist/vault/crypto.js +44 -0
package/dist/vault/crypto.js.map +1 -0
package/dist/vault/index.d.ts +10 -0
package/dist/vault/index.d.ts.map +1 -0
package/dist/vault/index.js +6 -0
package/dist/vault/index.js.map +1 -0
package/dist/vault/seal.d.ts +68 -0
package/dist/vault/seal.d.ts.map +1 -0
package/dist/vault/seal.js +110 -0
package/dist/vault/seal.js.map +1 -0
package/dist/vault/shamir.d.ts +33 -0
package/dist/vault/shamir.d.ts.map +1 -0
package/dist/vault/shamir.js +174 -0
package/dist/vault/shamir.js.map +1 -0
package/dist/vault/vault-manager.d.ts +62 -0
package/dist/vault/vault-manager.d.ts.map +1 -0
package/dist/vault/vault-manager.js +151 -0
package/dist/vault/vault-manager.js.map +1 -0
package/dist/vault/vault.d.ts +104 -0
package/dist/vault/vault.d.ts.map +1 -0
package/dist/vault/vault.js +259 -0
package/dist/vault/vault.js.map +1 -0
package/dist/version.d.ts +3 -0
package/dist/version.d.ts.map +1 -0
package/dist/version.js +18 -0
package/dist/version.js.map +1 -0
package/dist/webhook/index.d.ts +3 -0
package/dist/webhook/index.d.ts.map +1 -0
package/dist/webhook/index.js +2 -0
package/dist/webhook/index.js.map +1 -0
package/dist/webhook/webhook.d.ts +114 -0
package/dist/webhook/webhook.d.ts.map +1 -0
package/dist/webhook/webhook.js +269 -0
package/dist/webhook/webhook.js.map +1 -0
package/package.json +12 -6

package/dist/dashboard/public/assets/index-CpMruPNh.css ADDED Viewed

@@ -0,0 +1 @@

+ /*! tailwindcss v4.2.1 | MIT License | https://tailwindcss.com */@layer properties{@supports (((-webkit-hyphens:none)) and (not (margin-trim:inline))) or ((-moz-orient:inline) and (not (color:rgb(from red r g b)))){*,:before,:after,::backdrop{--tw-border-style:solid;--tw-leading:initial;--tw-font-weight:initial;--tw-tracking:initial;--tw-blur:initial;--tw-brightness:initial;--tw-contrast:initial;--tw-grayscale:initial;--tw-hue-rotate:initial;--tw-invert:initial;--tw-opacity:initial;--tw-saturate:initial;--tw-sepia:initial;--tw-drop-shadow:initial;--tw-drop-shadow-color:initial;--tw-drop-shadow-alpha:100%;--tw-drop-shadow-size:initial;--tw-duration:initial;--tw-ease:initial}}}@layer theme{:root,:host{--spacing:.25rem;--font-weight-normal:400;--font-weight-medium:500;--font-weight-semibold:600;--tracking-wide:.025em;--tracking-wider:.05em;--radius-sm:4px;--ease-in:cubic-bezier(.4, 0, 1, 1);--default-transition-duration:.15s;--default-transition-timing-function:cubic-bezier(.4, 0, .2, 1);--default-font-family:"Inter", -apple-system, BlinkMacSystemFont, "Segoe UI", system-ui, sans-serif;--default-mono-font-family:"JetBrains Mono", "Fira Code", "SF Mono", "Cascadia Code", monospace;--color-surface-0:#12161b;--color-surface-3:#2e3640;--color-border:#333b45;--sidebar-width:220px;--content-max-width:1400px;--header-height:52px}}@layer base{*,:after,:before,::backdrop{box-sizing:border-box;border:0 solid;margin:0;padding:0}::file-selector-button{box-sizing:border-box;border:0 solid;margin:0;padding:0}html,:host{-webkit-text-size-adjust:100%;-moz-tab-size:4;tab-size:4;line-height:1.5;font-family:var(--default-font-family,ui-sans-serif, system-ui, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji");font-feature-settings:var(--default-font-feature-settings,normal);font-variation-settings:var(--default-font-variation-settings,normal);-webkit-tap-highlight-color:transparent}hr{height:0;color:inherit;border-top-width:1px}abbr:where([title]){-webkit-text-decoration:underline dotted;text-decoration:underline dotted}h1,h2,h3,h4,h5,h6{font-size:inherit;font-weight:inherit}a{color:inherit;-webkit-text-decoration:inherit;text-decoration:inherit}b,strong{font-weight:bolder}code,kbd,samp,pre{font-family:var(--default-mono-font-family,ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace);font-feature-settings:var(--default-mono-font-feature-settings,normal);font-variation-settings:var(--default-mono-font-variation-settings,normal);font-size:1em}small{font-size:80%}sub,sup{vertical-align:baseline;font-size:75%;line-height:0;position:relative}sub{bottom:-.25em}sup{top:-.5em}table{text-indent:0;border-color:inherit;border-collapse:collapse}:-moz-focusring{outline:auto}progress{vertical-align:baseline}summary{display:list-item}ol,ul,menu{list-style:none}img,svg,video,canvas,audio,iframe,embed,object{vertical-align:middle;display:block}img,video{max-width:100%;height:auto}button,input,select,optgroup,textarea{font:inherit;font-feature-settings:inherit;font-variation-settings:inherit;letter-spacing:inherit;color:inherit;opacity:1;background-color:#0000;border-radius:0}::file-selector-button{font:inherit;font-feature-settings:inherit;font-variation-settings:inherit;letter-spacing:inherit;color:inherit;opacity:1;background-color:#0000;border-radius:0}:where(select:is([multiple],[size])) optgroup{font-weight:bolder}:where(select:is([multiple],[size])) optgroup option{padding-inline-start:20px}::file-selector-button{margin-inline-end:4px}::placeholder{opacity:1}@supports (not ((-webkit-appearance:-apple-pay-button))) or (contain-intrinsic-size:1px){::placeholder{color:currentColor}@supports (color:color-mix(in lab,red,red)){::placeholder{color:color-mix(in oklab,currentcolor 50%,transparent)}}}textarea{resize:vertical}::-webkit-search-decoration{-webkit-appearance:none}::-webkit-date-and-time-value{min-height:1lh;text-align:inherit}::-webkit-datetime-edit{display:inline-flex}::-webkit-datetime-edit-fields-wrapper{padding:0}::-webkit-datetime-edit{padding-block:0}::-webkit-datetime-edit-year-field{padding-block:0}::-webkit-datetime-edit-month-field{padding-block:0}::-webkit-datetime-edit-day-field{padding-block:0}::-webkit-datetime-edit-hour-field{padding-block:0}::-webkit-datetime-edit-minute-field{padding-block:0}::-webkit-datetime-edit-second-field{padding-block:0}::-webkit-datetime-edit-millisecond-field{padding-block:0}::-webkit-datetime-edit-meridiem-field{padding-block:0}::-webkit-calendar-picker-indicator{line-height:1}:-moz-ui-invalid{box-shadow:none}button,input:where([type=button],[type=reset],[type=submit]){-webkit-appearance:button;-moz-appearance:button;appearance:button}::file-selector-button{-webkit-appearance:button;-moz-appearance:button;appearance:button}::-webkit-inner-spin-button{height:auto}::-webkit-outer-spin-button{height:auto}[hidden]:where(:not([hidden=until-found])){display:none!important}}@layer components;@layer utilities{.relative{position:relative}.sticky{position:sticky}.top-0{top:calc(var(--spacing) * 0)}.z-10{z-index:10}.col-span-2{grid-column:span 2/span 2}.container{width:100%}@media(min-width:40rem){.container{max-width:40rem}}@media(min-width:48rem){.container{max-width:48rem}}@media(min-width:64rem){.container{max-width:64rem}}@media(min-width:80rem){.container{max-width:80rem}}@media(min-width:96rem){.container{max-width:96rem}}.mx-auto{margin-inline:auto}.mt-0\.5{margin-top:calc(var(--spacing) * .5)}.mt-1{margin-top:4px}.mt-2{margin-top:8px}.mt-3{margin-top:12px}.mt-4{margin-top:16px}.mb-2{margin-bottom:8px}.mb-3{margin-bottom:12px}.mb-4{margin-bottom:16px}.ml-1{margin-left:4px}.ml-1\.5{margin-left:calc(var(--spacing) * 1.5)}.ml-4{margin-left:16px}.ml-auto{margin-left:auto}.block{display:block}.flex{display:flex}.grid{display:grid}.inline-block{display:inline-block}.table{display:table}.h-2{height:8px}.h-3{height:12px}.h-5{height:20px}.h-full{height:100%}.h-screen{height:100vh}.max-h-\[calc\(100vh-240px\)\]{max-height:calc(100vh - 240px)}.w-2{width:8px}.w-12{width:48px}.w-24{width:calc(var(--spacing) * 24)}.w-\[60px\]{width:60px}.w-\[80px\]{width:80px}.w-\[90px\]{width:90px}.w-\[100px\]{width:100px}.w-\[110px\]{width:110px}.w-\[120px\]{width:120px}.w-\[140px\]{width:140px}.w-\[160px\]{width:160px}.w-\[180px\]{width:180px}.w-full{width:100%}.flex-1{flex:1}.flex-shrink-0{flex-shrink:0}.table-fixed{table-layout:fixed}.border-collapse{border-collapse:collapse}.cursor-pointer{cursor:pointer}.appearance-none{-webkit-appearance:none;-moz-appearance:none;appearance:none}.grid-cols-1{grid-template-columns:repeat(1,minmax(0,1fr))}.grid-cols-2{grid-template-columns:repeat(2,minmax(0,1fr))}.grid-cols-\[repeat\(auto-fit\,minmax\(200px\,1fr\)\)\]{grid-template-columns:repeat(auto-fit,minmax(200px,1fr))}.grid-cols-\[repeat\(auto-fit\,minmax\(320px\,1fr\)\)\]{grid-template-columns:repeat(auto-fit,minmax(320px,1fr))}.flex-col{flex-direction:column}.flex-wrap{flex-wrap:wrap}.items-center{align-items:center}.items-start{align-items:flex-start}.justify-between{justify-content:space-between}.justify-center{justify-content:center}.gap-0\.5{gap:calc(var(--spacing) * .5)}.gap-1{gap:4px}.gap-1\.5{gap:calc(var(--spacing) * 1.5)}.gap-2{gap:8px}.gap-3{gap:12px}.gap-4{gap:16px}.gap-x-6{column-gap:24px}.gap-y-1{row-gap:4px}.truncate{text-overflow:ellipsis;white-space:nowrap;overflow:hidden}.overflow-hidden{overflow:hidden}.overflow-x-auto{overflow-x:auto}.overflow-y-auto{overflow-y:auto}.rounded{border-radius:.25rem}.rounded-full{border-radius:3.40282e38px}.rounded-md{border-radius:6px}.rounded-sm{border-radius:4px}.border{border-style:var(--tw-border-style);border-width:1px}.border-t{border-top-style:var(--tw-border-style);border-top-width:1px}.border-r{border-right-style:var(--tw-border-style);border-right-width:1px}.border-b{border-bottom-style:var(--tw-border-style);border-bottom-width:1px}.border-l-2{border-left-style:var(--tw-border-style);border-left-width:2px}.border-border{border-color:#333b45}.border-border-sub{border-color:#272e37}.border-gold{border-color:#c8973e}.border-transparent{border-color:#0000}.border-warning\/30{border-color:#e8a3174d}.bg-allowed{background-color:#34a853}.bg-allowed-bg{background-color:#34a85315}.bg-blocked{background-color:#d93025}.bg-blocked-bg{background-color:#d9302515}.bg-gold-muted,.bg-gold\/15{background-color:#c8973e26}.bg-info-bg{background-color:#4a90d915}.bg-surface-0{background-color:#12161b}.bg-surface-1{background-color:#1a1f26}.bg-surface-2{background-color:#242a33}.bg-surface-3{background-color:#2e3640}.bg-warning{background-color:#e8a317}.bg-warning-bg{background-color:#e8a31715}.bg-\[url\(\'data\:image\/svg\+xml\;charset\=utf-8\,\%3Csvg\%20xmlns\%3D\%22http\%3A\%2F\%2Fwww\.w3\.org\%2F2000\%2Fsvg\%22\%20width\%3D\%2212\%22\%20height\%3D\%2212\%22\%20viewBox\%3D\%220\%200\%2024\%2024\%22\%20fill\%3D\%22none\%22\%20stroke\%3D\%22\%239ca3af\%22\%20stroke-width\%3D\%222\.5\%22\%20stroke-linecap\%3D\%22round\%22\%20stroke-linejoin\%3D\%22round\%22\%3E\%3Cpath\%20d\%3D\%22m6\%209\%206\%206\%206-6\%22\%2F\%3E\%3C\%2Fsvg\%3E\'\)\]{background-image:url(data:image/svg+xml;charset=utf-8,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20width%3D%2212%22%20height%3D%2212%22%20viewBox%3D%220%200%2024%2024%22%20fill%3D%22none%22%20stroke%3D%22%239ca3af%22%20stroke-width%3D%222.5%22%20stroke-linecap%3D%22round%22%20stroke-linejoin%3D%22round%22%3E%3Cpath%20d%3D%22m6%209%206%206%206-6%22%2F%3E%3C%2Fsvg%3E)}.bg-\[length\:12px\]{background-size:12px}.bg-\[right_8px_center\]{background-position:right 8px center}.bg-no-repeat{background-repeat:no-repeat}.p-0{padding:calc(var(--spacing) * 0)}.p-0\.5{padding:calc(var(--spacing) * .5)}.p-2{padding:8px}.p-5{padding:20px}.p-6{padding:24px}.px-1{padding-inline:4px}.px-1\.5{padding-inline:calc(var(--spacing) * 1.5)}.px-2{padding-inline:8px}.px-3{padding-inline:12px}.px-4{padding-inline:16px}.px-5{padding-inline:20px}.px-6{padding-inline:24px}.py-0\.5{padding-block:calc(var(--spacing) * .5)}.py-1\.5{padding-block:calc(var(--spacing) * 1.5)}.py-2{padding-block:8px}.py-3{padding-block:12px}.py-4{padding-block:16px}.py-16{padding-block:64px}.pr-8{padding-right:32px}.pl-3{padding-left:12px}.text-center{text-align:center}.text-left{text-align:left}.text-right{text-align:right}.font-mono{font-family:JetBrains Mono,Fira Code,SF Mono,Cascadia Code,monospace}.text-\[10px\]{font-size:10px}.text-\[11px\]{font-size:11px}.text-\[12px\]{font-size:12px}.text-\[13px\]{font-size:13px}.text-\[14px\]{font-size:14px}.text-\[15px\]{font-size:15px}.text-\[24px\]{font-size:24px}.leading-8{--tw-leading:32px;line-height:32px}.font-medium{--tw-font-weight:var(--font-weight-medium);font-weight:var(--font-weight-medium)}.font-normal{--tw-font-weight:var(--font-weight-normal);font-weight:var(--font-weight-normal)}.font-semibold{--tw-font-weight:var(--font-weight-semibold);font-weight:var(--font-weight-semibold)}.tracking-wide{--tw-tracking:var(--tracking-wide);letter-spacing:var(--tracking-wide)}.tracking-wider{--tw-tracking:var(--tracking-wider);letter-spacing:var(--tracking-wider)}.whitespace-nowrap{white-space:nowrap}.text-allowed{color:#34a853}.text-blocked{color:#d93025}.text-gold{color:#c8973e}.text-info{color:#4a90d9}.text-primary{color:#e8ecef}.text-secondary{color:#9ba3ae}.text-tertiary{color:#6b7685}.text-warning{color:#e8a317}.uppercase{text-transform:uppercase}.antialiased{-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.opacity-60{opacity:.6}.filter{filter:var(--tw-blur,) var(--tw-brightness,) var(--tw-contrast,) var(--tw-grayscale,) var(--tw-hue-rotate,) var(--tw-invert,) var(--tw-saturate,) var(--tw-sepia,) var(--tw-drop-shadow,)}.transition{transition-property:color,background-color,border-color,outline-color,text-decoration-color,fill,stroke,--tw-gradient-from,--tw-gradient-via,--tw-gradient-to,opacity,box-shadow,transform,translate,scale,rotate,filter,-webkit-backdrop-filter,backdrop-filter,display,content-visibility,overlay,pointer-events;transition-timing-function:var(--tw-ease,var(--default-transition-timing-function));transition-duration:var(--tw-duration,var(--default-transition-duration))}.transition-\[color\,background-color\,border-color\]{transition-property:color,background-color,border-color;transition-timing-function:var(--tw-ease,var(--default-transition-timing-function));transition-duration:var(--tw-duration,var(--default-transition-duration))}.transition-all{transition-property:all;transition-timing-function:var(--tw-ease,var(--default-transition-timing-function));transition-duration:var(--tw-duration,var(--default-transition-duration))}.transition-colors{transition-property:color,background-color,border-color,outline-color,text-decoration-color,fill,stroke,--tw-gradient-from,--tw-gradient-via,--tw-gradient-to;transition-timing-function:var(--tw-ease,var(--default-transition-timing-function));transition-duration:var(--tw-duration,var(--default-transition-duration))}.duration-100{--tw-duration:.1s;transition-duration:.1s}.duration-150{--tw-duration:.15s;transition-duration:.15s}.ease-in{--tw-ease:var(--ease-in);transition-timing-function:var(--ease-in)}.placeholder\:text-tertiary::placeholder{color:#6b7685}.first\:border-t-0:first-child{border-top-style:var(--tw-border-style);border-top-width:0}@media(hover:hover){.hover\:bg-surface-3:hover{background-color:#2e3640}.hover\:bg-warning\/10:hover{background-color:#e8a3171a}.hover\:text-primary:hover{color:#e8ecef}}.focus\:border-gold:focus{border-color:#c8973e}.focus\:outline-none:focus{--tw-outline-style:none;outline-style:none}.disabled\:text-disabled:disabled{color:#4a5260}@media(hover:hover){.disabled\:hover\:bg-transparent:disabled:hover{background-color:#0000}}@media(min-width:64rem){.lg\:grid-cols-2{grid-template-columns:repeat(2,minmax(0,1fr))}}}body{min-height:100vh;margin:0;padding:0}#root{min-height:100vh}::-webkit-scrollbar{width:8px;height:8px}::-webkit-scrollbar-track{background:var(--color-surface-0)}::-webkit-scrollbar-thumb{background:var(--color-border);border-radius:var(--radius-sm)}::-webkit-scrollbar-thumb:hover{background:var(--color-surface-3)}@property --tw-border-style{syntax:"*";inherits:false;initial-value:solid}@property --tw-leading{syntax:"*";inherits:false}@property --tw-font-weight{syntax:"*";inherits:false}@property --tw-tracking{syntax:"*";inherits:false}@property --tw-blur{syntax:"*";inherits:false}@property --tw-brightness{syntax:"*";inherits:false}@property --tw-contrast{syntax:"*";inherits:false}@property --tw-grayscale{syntax:"*";inherits:false}@property --tw-hue-rotate{syntax:"*";inherits:false}@property --tw-invert{syntax:"*";inherits:false}@property --tw-opacity{syntax:"*";inherits:false}@property --tw-saturate{syntax:"*";inherits:false}@property --tw-sepia{syntax:"*";inherits:false}@property --tw-drop-shadow{syntax:"*";inherits:false}@property --tw-drop-shadow-color{syntax:"*";inherits:false}@property --tw-drop-shadow-alpha{syntax:"<percentage>";inherits:false;initial-value:100%}@property --tw-drop-shadow-size{syntax:"*";inherits:false}@property --tw-duration{syntax:"*";inherits:false}@property --tw-ease{syntax:"*";inherits:false}

package/dist/dashboard/public/favicon.svg ADDED Viewed

@@ -0,0 +1,6 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 64 64" fill="none">
+  <circle cx="32" cy="32" r="30" stroke="#C8973E" stroke-width="2.5"/>
+  <circle cx="32" cy="32" r="23" stroke="#C8973E" stroke-width="1.5"/>
+  <circle cx="32" cy="32" r="10" stroke="#C8973E" stroke-width="2"/>
+  <circle cx="32" cy="32" r="3" fill="#C8973E"/>
+</svg>

package/dist/dashboard/public/index.html ADDED Viewed

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>Aegis Dashboard</title>
+    <link rel="icon" type="image/svg+xml" href="/favicon.svg" />
+    <script type="module" crossorigin src="/assets/index-Cah0_BKk.js"></script>
+    <link rel="stylesheet" crossorigin href="/assets/index-CpMruPNh.css">
+  </head>
+  <body class="bg-surface-0 text-primary antialiased">
+    <div id="root"></div>
+  </body>
+</html>

package/dist/db.d.ts ADDED Viewed

@@ -0,0 +1,27 @@
+import Database from 'better-sqlite3-multiple-ciphers';
+import type { AegisConfig } from './config.js';
+/**
+ * Derive a 256-bit database encryption key from the master key and salt.
+ * Uses a separate derivation context ("-db" suffix on salt) so the DB key
+ * is independent from the credential encryption key, even though both
+ * originate from the same master secret.
+ */
+export declare function deriveDbKey(masterKey: string, salt: string): Buffer;
+/**
+ * Open the SQLite database for the active vault.
+ * Uses VaultManager to resolve vault name → database path.
+ * Falls back to `.aegis/aegis.db` only if no vaults exist (pre-init state).
+ *
+ * When a master key is available, the database is encrypted at rest using
+ * ChaCha20-Poly1305 (sqleet cipher via SQLite3MultipleCiphers). The encryption
+ * key is derived from the master key using PBKDF2-SHA512 with a separate
+ * salt context ("-db") to isolate it from credential encryption keys.
+ */
+export declare function getDb(config: AegisConfig): Database.Database;
+/**
+ * Get the salt for the active vault.
+ * Returns the vault-specific salt from the registry, or the env salt for fallback.
+ */
+export declare function getVaultSalt(config: AegisConfig): string;
+export declare function migrate(db: Database.Database): void;
+//# sourceMappingURL=db.d.ts.map

package/dist/db.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"db.d.ts","sourceRoot":"","sources":["../src/db.ts"],"names":[],"mappings":"AAGA,OAAO,QAAQ,MAAM,iCAAiC,CAAC;AACvD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAM/C;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAEnE;AAED;;;;;;;;;GASG;AACH,wBAAgB,KAAK,CAAC,MAAM,EAAE,WAAW,GAAG,QAAQ,CAAC,QAAQ,CAyC5D;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,WAAW,GAAG,MAAM,CAIxD;AAED,wBAAgB,OAAO,CAAC,EAAE,EAAE,QAAQ,CAAC,QAAQ,GAAG,IAAI,CA2BnD"}

package/dist/db.js ADDED Viewed

@@ -0,0 +1,209 @@
+import * as crypto from 'node:crypto';
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import Database from 'better-sqlite3-multiple-ciphers';
+import { VaultManager } from './vault/vault-manager.js';
+const DB_KEY_LENGTH = 32;
+const DB_KEY_ITERATIONS = 210_000;
+/**
+ * Derive a 256-bit database encryption key from the master key and salt.
+ * Uses a separate derivation context ("-db" suffix on salt) so the DB key
+ * is independent from the credential encryption key, even though both
+ * originate from the same master secret.
+ */
+export function deriveDbKey(masterKey, salt) {
+    return crypto.pbkdf2Sync(masterKey, `${salt}-db`, DB_KEY_ITERATIONS, DB_KEY_LENGTH, 'sha512');
+}
+/**
+ * Open the SQLite database for the active vault.
+ * Uses VaultManager to resolve vault name → database path.
+ * Falls back to `.aegis/aegis.db` only if no vaults exist (pre-init state).
+ *
+ * When a master key is available, the database is encrypted at rest using
+ * ChaCha20-Poly1305 (sqleet cipher via SQLite3MultipleCiphers). The encryption
+ * key is derived from the master key using PBKDF2-SHA512 with a separate
+ * salt context ("-db") to isolate it from credential encryption keys.
+ */
+export function getDb(config) {
+    const manager = new VaultManager(config.dataDir);
+    const info = manager.getVaultInfo(config.vaultName);
+    let dbPath;
+    if (info) {
+        dbPath = path.join(config.dataDir, info.dbPath);
+    }
+    else {
+        // Fallback for commands that run before vault creation (e.g. doctor, init)
+        dbPath = path.join(config.dataDir, 'aegis.db');
+    }
+    const dir = path.dirname(dbPath);
+    if (!fs.existsSync(dir)) {
+        fs.mkdirSync(dir, { recursive: true });
+    }
+    try {
+        const db = new Database(dbPath);
+        // Encrypt the database when a master key is available.
+        // Pre-init commands (doctor, init) run without a master key — those
+        // databases remain unencrypted (and are replaced during init anyway).
+        if (config.masterKey) {
+            const salt = info ? info.salt : config.salt;
+            const dbKey = deriveDbKey(config.masterKey, salt);
+            db.pragma(`key="x'${dbKey.toString('hex')}'"`);
+        }
+        db.pragma('journal_mode = WAL');
+        return db;
+    }
+    catch (err) {
+        const sqliteErr = err;
+        if (sqliteErr.code === 'SQLITE_NOTADB') {
+            throw new Error(`Database file is corrupted or not a valid SQLite database: ${dbPath}\n` +
+                `  Back up the file and reinitialize with: aegis init`);
+        }
+        throw err;
+    }
+}
+/**
+ * Get the salt for the active vault.
+ * Returns the vault-specific salt from the registry, or the env salt for fallback.
+ */
+export function getVaultSalt(config) {
+    const manager = new VaultManager(config.dataDir);
+    const info = manager.getVaultInfo(config.vaultName);
+    return info ? info.salt : config.salt;
+}
+export function migrate(db) {
+    // ── Schema versioning ────────────────────────────────────────────
+    // Create the version table if it doesn't exist. This is always safe
+    // because CREATE TABLE IF NOT EXISTS is idempotent.
+    db.exec(`
+    CREATE TABLE IF NOT EXISTS schema_version (
+      version     INTEGER PRIMARY KEY,
+      applied_at  TEXT NOT NULL DEFAULT (datetime('now'))
+    );
+  `);
+    const currentVersion = db.prepare('SELECT COALESCE(MAX(version), 0) AS v FROM schema_version').get().v;
+    // Run all migrations that haven't been applied yet
+    const pending = MIGRATIONS.filter((m) => m.version > currentVersion);
+    if (pending.length === 0)
+        return;
+    const runMigrations = db.transaction(() => {
+        for (const migration of pending) {
+            db.exec(migration.sql);
+            db.prepare('INSERT INTO schema_version (version) VALUES (?)').run(migration.version);
+        }
+    });
+    runMigrations();
+}
+/**
+ * Ordered list of schema migrations. Each migration is applied exactly once.
+ * The version number must be strictly increasing.
+ *
+ * To add a new migration:
+ * 1. Add a new entry with the next version number
+ * 2. Write the SQL (ALTER TABLE, CREATE TABLE, CREATE INDEX, etc.)
+ * 3. Run `yarn build && yarn test` to verify
+ */
+const MIGRATIONS = [
+    {
+        // v1: Baseline schema — all tables from v0.1 through v0.8
+        version: 1,
+        sql: `
+    CREATE TABLE IF NOT EXISTS credentials (
+      id          TEXT PRIMARY KEY,
+      name        TEXT NOT NULL UNIQUE,
+      service     TEXT NOT NULL,
+      encrypted   BLOB NOT NULL,
+      iv          BLOB NOT NULL,
+      auth_tag    BLOB NOT NULL,
+      auth_type   TEXT NOT NULL DEFAULT 'bearer',
+      header_name TEXT,
+      domains     TEXT NOT NULL,
+      scopes      TEXT NOT NULL DEFAULT '*',
+      expires_at  TEXT,
+      rate_limit  TEXT,
+      body_inspection TEXT NOT NULL DEFAULT 'block',
+      created_at  TEXT NOT NULL DEFAULT (datetime('now')),
+      updated_at  TEXT NOT NULL DEFAULT (datetime('now'))
+    );
+    CREATE TABLE IF NOT EXISTS credential_history (
+      id              INTEGER PRIMARY KEY AUTOINCREMENT,
+      credential_id   TEXT NOT NULL,
+      encrypted       BLOB NOT NULL,
+      iv              BLOB NOT NULL,
+      auth_tag        BLOB NOT NULL,
+      rotated_at      TEXT NOT NULL DEFAULT (datetime('now')),
+      grace_expires   TEXT,
+      FOREIGN KEY (credential_id) REFERENCES credentials(id) ON DELETE CASCADE
+    );
+    CREATE TABLE IF NOT EXISTS audit_log (
+      id            INTEGER PRIMARY KEY AUTOINCREMENT,
+      timestamp     TEXT NOT NULL DEFAULT (datetime('now')),
+      credential_id TEXT,
+      credential_name TEXT,
+      service       TEXT NOT NULL,
+      target_domain TEXT NOT NULL,
+      method        TEXT NOT NULL,
+      path          TEXT NOT NULL,
+      status        TEXT NOT NULL DEFAULT 'allowed',
+      blocked_reason TEXT,
+      response_code INTEGER,
+      agent_name    TEXT,
+      agent_token_prefix TEXT,
+      channel       TEXT NOT NULL DEFAULT 'gate'
+    );
+    CREATE INDEX IF NOT EXISTS idx_audit_timestamp ON audit_log(timestamp);
+    CREATE INDEX IF NOT EXISTS idx_audit_credential ON audit_log(credential_id);
+    CREATE INDEX IF NOT EXISTS idx_audit_service ON audit_log(service);
+    CREATE INDEX IF NOT EXISTS idx_history_credential ON credential_history(credential_id);
+    CREATE TABLE IF NOT EXISTS agents (
+      id              TEXT PRIMARY KEY,
+      name            TEXT NOT NULL UNIQUE,
+      token_hash      TEXT NOT NULL,
+      token_prefix    TEXT NOT NULL,
+      rate_limit      TEXT,
+      created_at      TEXT NOT NULL DEFAULT (datetime('now')),
+      updated_at      TEXT NOT NULL DEFAULT (datetime('now'))
+    );
+    CREATE TABLE IF NOT EXISTS agent_credentials (
+      agent_id        TEXT NOT NULL,
+      credential_id   TEXT NOT NULL,
+      granted_at      TEXT NOT NULL DEFAULT (datetime('now')),
+      PRIMARY KEY (agent_id, credential_id),
+      FOREIGN KEY (agent_id) REFERENCES agents(id) ON DELETE CASCADE,
+      FOREIGN KEY (credential_id) REFERENCES credentials(id) ON DELETE CASCADE
+    );
+    CREATE INDEX IF NOT EXISTS idx_agents_token_hash ON agents(token_hash);
+    CREATE INDEX IF NOT EXISTS idx_agent_creds_agent ON agent_credentials(agent_id);
+    CREATE INDEX IF NOT EXISTS idx_agent_creds_cred ON agent_credentials(credential_id);
+    CREATE TABLE IF NOT EXISTS webhooks (
+      id          TEXT PRIMARY KEY,
+      url         TEXT NOT NULL,
+      events      TEXT NOT NULL,
+      label       TEXT,
+      secret      TEXT NOT NULL,
+      created_at  TEXT NOT NULL DEFAULT (datetime('now'))
+    );
+    CREATE TABLE IF NOT EXISTS users (
+      id              TEXT PRIMARY KEY,
+      name            TEXT NOT NULL UNIQUE,
+      role            TEXT NOT NULL DEFAULT 'viewer',
+      token_hash      TEXT NOT NULL,
+      token_prefix    TEXT NOT NULL,
+      created_at      TEXT NOT NULL DEFAULT (datetime('now')),
+      updated_at      TEXT NOT NULL DEFAULT (datetime('now'))
+    );
+    CREATE INDEX IF NOT EXISTS idx_users_token_hash ON users(token_hash);
+    `,
+    },
+    // Future migrations go here:
+    // { version: 2, sql: `ALTER TABLE ...` },
+];
+//# sourceMappingURL=db.js.map

package/dist/db.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"db.js","sourceRoot":"","sources":["../src/db.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AACtC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,QAAQ,MAAM,iCAAiC,CAAC;AAEvD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAExD,MAAM,aAAa,GAAG,EAAE,CAAC;AACzB,MAAM,iBAAiB,GAAG,OAAO,CAAC;AAElC;;;;;GAKG;AACH,MAAM,UAAU,WAAW,CAAC,SAAiB,EAAE,IAAY;IACzD,OAAO,MAAM,CAAC,UAAU,CAAC,SAAS,EAAE,GAAG,IAAI,KAAK,EAAE,iBAAiB,EAAE,aAAa,EAAE,QAAQ,CAAC,CAAC;AAChG,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,KAAK,CAAC,MAAmB;IACvC,MAAM,OAAO,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACjD,MAAM,IAAI,GAAG,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAEpD,IAAI,MAAc,CAAC;IACnB,IAAI,IAAI,EAAE,CAAC;QACT,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;IAClD,CAAC;SAAM,CAAC;QACN,2EAA2E;QAC3E,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACxB,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,CAAC;IAED,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC;QAEhC,uDAAuD;QACvD,oEAAoE;QACpE,sEAAsE;QACtE,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACrB,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC;YAC5C,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;YAClD,EAAE,CAAC,MAAM,CAAC,UAAU,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACjD,CAAC;QAED,EAAE,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;QAChC,OAAO,EAAE,CAAC;IACZ,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,SAAS,GAAG,GAA0C,CAAC;QAC7D,IAAI,SAAS,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CACb,8DAA8D,MAAM,IAAI;gBACtE,sDAAsD,CACzD,CAAC;QACJ,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,MAAmB;IAC9C,MAAM,OAAO,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACjD,MAAM,IAAI,GAAG,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpD,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC;AACxC,CAAC;AAED,MAAM,UAAU,OAAO,CAAC,EAAqB;IAC3C,oEAAoE;IACpE,oEAAoE;IACpE,oDAAoD;IACpD,EAAE,CAAC,IAAI,CAAC;;;;;GAKP,CAAC,CAAC;IAEH,MAAM,cAAc,GAClB,EAAE,CAAC,OAAO,CAAC,2DAA2D,CAAC,CAAC,GAAG,EAC5E,CAAC,CAAC,CAAC;IAEJ,mDAAmD;IACnD,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,GAAG,cAAc,CAAC,CAAC;IACrE,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO;IAEjC,MAAM,aAAa,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,EAAE;QACxC,KAAK,MAAM,SAAS,IAAI,OAAO,EAAE,CAAC;YAChC,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACvB,EAAE,CAAC,OAAO,CAAC,iDAAiD,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACvF,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,aAAa,EAAE,CAAC;AAClB,CAAC;AASD;;;;;;;;GAQG;AACH,MAAM,UAAU,GAAgB;IAC9B;QACE,0DAA0D;QAC1D,OAAO,EAAE,CAAC;QACV,GAAG,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KA+FJ;KACF;IACD,6BAA6B;IAC7B,0CAA0C;CAC3C,CAAC"}

package/dist/doctor.d.ts ADDED Viewed

@@ -0,0 +1,37 @@
+/**
+ * Aegis Doctor — health check diagnostics.
+ *
+ * Validates the Aegis installation by checking:
+ *   1. Config file and configuration
+ *   2. Database accessibility and schema
+ *   3. Credential decryption (master key correctness)
+ *   4. Expired / expiring-soon credentials
+ *
+ * Returns a structured list of check results that the CLI can render.
+ */
+import type Database from 'better-sqlite3-multiple-ciphers';
+import type { AegisConfig } from './config.js';
+export interface CheckResult {
+    label: string;
+    status: 'pass' | 'warn' | 'fail';
+    detail: string;
+}
+export interface DoctorReport {
+    checks: CheckResult[];
+    overall: 'pass' | 'warn' | 'fail';
+}
+export interface DoctorOptions {
+    /** Resolved Aegis configuration */
+    config: AegisConfig;
+    /** An open better-sqlite3 database, or null if no DB is available */
+    db: Database.Database | null;
+}
+/**
+ * Run all Aegis health checks and return a structured report.
+ */
+export declare function runDoctor(opts: DoctorOptions): DoctorReport;
+/**
+ * Render a DoctorReport to the console with coloured output.
+ */
+export declare function printDoctorReport(report: DoctorReport): void;
+//# sourceMappingURL=doctor.d.ts.map

package/dist/doctor.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"doctor.d.ts","sourceRoot":"","sources":["../src/doctor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,QAAQ,MAAM,iCAAiC,CAAC;AAC5D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAK/C,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;IACjC,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,WAAW,EAAE,CAAC;IACtB,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;CACnC;AAED,MAAM,WAAW,aAAa;IAC5B,mCAAmC;IACnC,MAAM,EAAE,WAAW,CAAC;IACpB,qEAAqE;IACrE,EAAE,EAAE,QAAQ,CAAC,QAAQ,GAAG,IAAI,CAAC;CAC9B;AAED;;GAEG;AACH,wBAAgB,SAAS,CAAC,IAAI,EAAE,aAAa,GAAG,YAAY,CA4L3D;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,YAAY,GAAG,IAAI,CAiB5D"}

package/dist/doctor.js ADDED Viewed

@@ -0,0 +1,216 @@
+/**
+ * Aegis Doctor — health check diagnostics.
+ *
+ * Validates the Aegis installation by checking:
+ *   1. Config file and configuration
+ *   2. Database accessibility and schema
+ *   3. Credential decryption (master key correctness)
+ *   4. Expired / expiring-soon credentials
+ *
+ * Returns a structured list of check results that the CLI can render.
+ */
+import { getVaultSalt, migrate } from './db.js';
+import { getKeyStorage } from './key-storage/index.js';
+import { Vault } from './vault/index.js';
+/**
+ * Run all Aegis health checks and return a structured report.
+ */
+export function runDoctor(opts) {
+    const checks = [];
+    // ── 1. Validate config file and configuration ──────────────────
+    const { config } = opts;
+    if (config.configFilePath) {
+        checks.push({
+            label: 'Config file',
+            status: 'pass',
+            detail: `Found at ${config.configFilePath}`,
+        });
+    }
+    else {
+        checks.push({
+            label: 'Config file',
+            status: 'warn',
+            detail: 'No aegis.config.yaml found — using environment variables or defaults',
+        });
+    }
+    if (!config.masterKey) {
+        checks.push({
+            label: 'Master key',
+            status: 'fail',
+            detail: 'AEGIS_MASTER_KEY is not set. Run: aegis init',
+        });
+    }
+    else {
+        checks.push({ label: 'Master key', status: 'pass', detail: 'AEGIS_MASTER_KEY is set' });
+    }
+    // ── 1b. Key storage backend ────────────────────────────────────
+    try {
+        const keyStorage = getKeyStorage(config.dataDir);
+        const hasKeyInStore = keyStorage.getKey() !== undefined;
+        checks.push({
+            label: 'Key storage',
+            status: hasKeyInStore ? 'pass' : 'warn',
+            detail: hasKeyInStore
+                ? `Backend: ${keyStorage.name} (${keyStorage.backend}) — key present`
+                : `Backend: ${keyStorage.name} (${keyStorage.backend}) — no key stored`,
+        });
+    }
+    catch {
+        checks.push({
+            label: 'Key storage',
+            status: 'warn',
+            detail: 'Could not detect key storage backend',
+        });
+    }
+    // ── 2. Verify database accessibility and schema ────────────────
+    const { db } = opts;
+    const effectiveSalt = db ? getVaultSalt(config) : config.salt;
+    if (effectiveSalt === 'aegis-vault-v1') {
+        checks.push({
+            label: 'Salt',
+            status: 'warn',
+            detail: 'AEGIS_SALT is using the default value — run: aegis init to generate a random salt',
+        });
+    }
+    else {
+        checks.push({ label: 'Salt', status: 'pass', detail: 'AEGIS_SALT is set (custom)' });
+    }
+    if (!db) {
+        checks.push({
+            label: 'Database',
+            status: 'fail',
+            detail: 'Database is not available. Run: aegis init',
+        });
+    }
+    else {
+        try {
+            migrate(db);
+            checks.push({ label: 'Database', status: 'pass', detail: 'SQLite accessible' });
+            const tables = db
+                .prepare("SELECT name FROM sqlite_master WHERE type='table'")
+                .all();
+            const tableNames = tables.map((t) => t.name);
+            const requiredTables = ['credentials', 'credential_history', 'audit_log'];
+            const missingTables = requiredTables.filter((t) => !tableNames.includes(t));
+            if (missingTables.length > 0) {
+                checks.push({
+                    label: 'Schema',
+                    status: 'fail',
+                    detail: `Missing tables: ${missingTables.join(', ')}`,
+                });
+            }
+            else {
+                checks.push({
+                    label: 'Schema',
+                    status: 'pass',
+                    detail: 'All required tables present (credentials, credential_history, audit_log)',
+                });
+            }
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            checks.push({
+                label: 'Database',
+                status: 'fail',
+                detail: `Cannot access database: ${message}`,
+            });
+        }
+    }
+    // ── 3. Test-decrypt a credential ───────────────────────────────
+    if (db && config.masterKey) {
+        try {
+            const vault = new Vault(db, config.masterKey, effectiveSalt);
+            const creds = vault.list();
+            if (creds.length === 0) {
+                checks.push({
+                    label: 'Decrypt test',
+                    status: 'warn',
+                    detail: 'No credentials stored — cannot verify decryption. Add one with: aegis vault add',
+                });
+            }
+            else {
+                // Key verification already passed in constructor — confirm with explicit decrypt
+                checks.push({
+                    label: 'Decrypt test',
+                    status: 'pass',
+                    detail: `Successfully decrypted credential "${creds[0].name}"`,
+                });
+            }
+            // ── 4. Expired / expiring-soon credentials ──────────────────
+            const expired = creds.filter((c) => vault.isExpired(c));
+            const expiringSoon = creds.filter((c) => {
+                if (!c.expiresAt || vault.isExpired(c))
+                    return false;
+                const expiryDate = new Date(c.expiresAt);
+                const now = new Date();
+                const daysLeft = (expiryDate.getTime() - now.getTime()) / (1000 * 60 * 60 * 24);
+                return daysLeft <= 7;
+            });
+            if (expired.length > 0) {
+                checks.push({
+                    label: 'Expired creds',
+                    status: 'warn',
+                    detail: `${expired.length} expired: ${expired.map((c) => c.name).join(', ')}`,
+                });
+            }
+            else {
+                checks.push({
+                    label: 'Expired creds',
+                    status: 'pass',
+                    detail: 'No expired credentials',
+                });
+            }
+            if (expiringSoon.length > 0) {
+                checks.push({
+                    label: 'Expiring soon',
+                    status: 'warn',
+                    detail: `${expiringSoon.length} expiring within 7 days: ${expiringSoon.map((c) => c.name).join(', ')}`,
+                });
+            }
+            // Summary stats
+            checks.push({
+                label: 'Credentials',
+                status: 'pass',
+                detail: `${creds.length} stored (${creds.length - expired.length} active, ${expired.length} expired)`,
+            });
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            const isKeyError = message.includes('Invalid master key');
+            checks.push({
+                label: isKeyError ? 'Decrypt test' : 'Vault',
+                status: 'fail',
+                detail: isKeyError
+                    ? 'Decryption failed — master key or salt may be incorrect'
+                    : `Cannot initialize vault: ${message}`,
+            });
+        }
+    }
+    // ── Compute overall status ─────────────────────────────────────
+    const hasFailure = checks.some((c) => c.status === 'fail');
+    const hasWarning = checks.some((c) => c.status === 'warn');
+    const overall = hasFailure ? 'fail' : hasWarning ? 'warn' : 'pass';
+    return { checks, overall };
+}
+/**
+ * Render a DoctorReport to the console with coloured output.
+ */
+export function printDoctorReport(report) {
+    for (const check of report.checks) {
+        const icon = check.status === 'pass' ? '✓' : check.status === 'warn' ? '⚠' : '✗';
+        const color = check.status === 'pass' ? '\x1b[32m' : check.status === 'warn' ? '\x1b[33m' : '\x1b[31m';
+        const reset = '\x1b[0m';
+        console.log(`  ${color}${icon}${reset} ${check.label}: ${check.detail}`);
+    }
+    console.log();
+    if (report.overall === 'fail') {
+        console.log('  Overall: ✗ Issues found — fix the failures above\n');
+    }
+    else if (report.overall === 'warn') {
+        console.log('  Overall: ⚠ Healthy with warnings\n');
+    }
+    else {
+        console.log('  Overall: ✓ All checks passed\n');
+    }
+}
+//# sourceMappingURL=doctor.js.map

package/dist/doctor.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"doctor.js","sourceRoot":"","sources":["../src/doctor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAIH,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAoBzC;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,IAAmB;IAC3C,MAAM,MAAM,GAAkB,EAAE,CAAC;IAEjC,kEAAkE;IAElE,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IAExB,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;QAC1B,MAAM,CAAC,IAAI,CAAC;YACV,KAAK,EAAE,aAAa;YACpB,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,YAAY,MAAM,CAAC,cAAc,EAAE;SAC5C,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC;YACV,KAAK,EAAE,aAAa;YACpB,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,sEAAsE;SAC/E,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;QACtB,MAAM,CAAC,IAAI,CAAC;YACV,KAAK,EAAE,YAAY;YACnB,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,8CAA8C;SACvD,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC,CAAC;IAC1F,CAAC;IAED,kEAAkE;IAElE,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACjD,MAAM,aAAa,GAAG,UAAU,CAAC,MAAM,EAAE,KAAK,SAAS,CAAC;QACxD,MAAM,CAAC,IAAI,CAAC;YACV,KAAK,EAAE,aAAa;YACpB,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;YACvC,MAAM,EAAE,aAAa;gBACnB,CAAC,CAAC,YAAY,UAAU,CAAC,IAAI,KAAK,UAAU,CAAC,OAAO,iBAAiB;gBACrE,CAAC,CAAC,YAAY,UAAU,CAAC,IAAI,KAAK,UAAU,CAAC,OAAO,mBAAmB;SAC1E,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,CAAC,IAAI,CAAC;YACV,KAAK,EAAE,aAAa;YACpB,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,sCAAsC;SAC/C,CAAC,CAAC;IACL,CAAC;IAED,kEAAkE;IAElE,MAAM,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC;IAEpB,MAAM,aAAa,GAAG,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC;IAC9D,IAAI,aAAa,KAAK,gBAAgB,EAAE,CAAC;QACvC,MAAM,CAAC,IAAI,CAAC;YACV,KAAK,EAAE,MAAM;YACb,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,mFAAmF;SAC5F,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,4BAA4B,EAAE,CAAC,CAAC;IACvF,CAAC;IAED,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,MAAM,CAAC,IAAI,CAAC;YACV,KAAK,EAAE,UAAU;YACjB,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,4CAA4C;SACrD,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,IAAI,CAAC;YACH,OAAO,CAAC,EAAE,CAAC,CAAC;YACZ,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC,CAAC;YAEhF,MAAM,MAAM,GAAG,EAAE;iBACd,OAAO,CAAC,mDAAmD,CAAC;iBAC5D,GAAG,EAA6B,CAAC;YACpC,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAC7C,MAAM,cAAc,GAAG,CAAC,aAAa,EAAE,oBAAoB,EAAE,WAAW,CAAC,CAAC;YAC1E,MAAM,aAAa,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YAE5E,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC7B,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK,EAAE,QAAQ;oBACf,MAAM,EAAE,MAAM;oBACd,MAAM,EAAE,mBAAmB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;iBACtD,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK,EAAE,QAAQ;oBACf,MAAM,EAAE,MAAM;oBACd,MAAM,EAAE,0EAA0E;iBACnF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,MAAM,CAAC,IAAI,CAAC;gBACV,KAAK,EAAE,UAAU;gBACjB,MAAM,EAAE,MAAM;gBACd,MAAM,EAAE,2BAA2B,OAAO,EAAE;aAC7C,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,kEAAkE;IAElE,IAAI,EAAE,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QAC3B,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,EAAE,EAAE,MAAM,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;YAC7D,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;YAE3B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACvB,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK,EAAE,cAAc;oBACrB,MAAM,EAAE,MAAM;oBACd,MAAM,EAAE,iFAAiF;iBAC1F,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,iFAAiF;gBACjF,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK,EAAE,cAAc;oBACrB,MAAM,EAAE,MAAM;oBACd,MAAM,EAAE,sCAAsC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG;iBAC/D,CAAC,CAAC;YACL,CAAC;YAED,+DAA+D;YAE/D,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;YACxD,MAAM,YAAY,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;gBACtC,IAAI,CAAC,CAAC,CAAC,SAAS,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;oBAAE,OAAO,KAAK,CAAC;gBACrD,MAAM,UAAU,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;gBACzC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;gBACvB,MAAM,QAAQ,GAAG,CAAC,UAAU,CAAC,OAAO,EAAE,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;gBAChF,OAAO,QAAQ,IAAI,CAAC,CAAC;YACvB,CAAC,CAAC,CAAC;YAEH,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACvB,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK,EAAE,eAAe;oBACtB,MAAM,EAAE,MAAM;oBACd,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,aAAa,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;iBAC9E,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK,EAAE,eAAe;oBACtB,MAAM,EAAE,MAAM;oBACd,MAAM,EAAE,wBAAwB;iBACjC,CAAC,CAAC;YACL,CAAC;YAED,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC5B,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK,EAAE,eAAe;oBACtB,MAAM,EAAE,MAAM;oBACd,MAAM,EAAE,GAAG,YAAY,CAAC,MAAM,4BAA4B,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;iBACvG,CAAC,CAAC;YACL,CAAC;YAED,gBAAgB;YAChB,MAAM,CAAC,IAAI,CAAC;gBACV,KAAK,EAAE,aAAa;gBACpB,MAAM,EAAE,MAAM;gBACd,MAAM,EAAE,GAAG,KAAK,CAAC,MAAM,YAAY,KAAK,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,YAAY,OAAO,CAAC,MAAM,WAAW;aACtG,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,MAAM,UAAU,GAAG,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAC;YAC1D,MAAM,CAAC,IAAI,CAAC;gBACV,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,OAAO;gBAC5C,MAAM,EAAE,MAAM;gBACd,MAAM,EAAE,UAAU;oBAChB,CAAC,CAAC,yDAAyD;oBAC3D,CAAC,CAAC,4BAA4B,OAAO,EAAE;aAC1C,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,kEAAkE;IAElE,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;IAC3D,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;IAC3D,MAAM,OAAO,GAAG,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;IAEnE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;AAC7B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAoB;IACpD,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClC,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QACjF,MAAM,KAAK,GACT,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC;QAC3F,MAAM,KAAK,GAAG,SAAS,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,GAAG,IAAI,GAAG,KAAK,IAAI,KAAK,CAAC,KAAK,KAAK,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3E,CAAC;IAED,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,IAAI,MAAM,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;IACtE,CAAC;SAAM,IAAI,MAAM,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;IACtD,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAC;IAClD,CAAC;AACH,CAAC"}

package/dist/gate/body-inspector.d.ts ADDED Viewed

@@ -0,0 +1,31 @@
+/**
+ * Request Body Inspector — scans outbound request bodies for credential-like
+ * patterns that may indicate an agent is trying to exfiltrate secrets.
+ *
+ * This is a defence-in-depth measure. Even though the agent never sees
+ * decrypted credentials directly, an agent could attempt to send previously
+ * obtained secrets (e.g. from environment variables, config files) through
+ * Gate to an attacker-controlled domain. The body inspector catches this.
+ *
+ * Sensitivity modes:
+ *   - "off"   — no scanning (fastest, least secure)
+ *   - "warn"  — scan and log matches but allow the request through
+ *   - "block" — scan and block requests containing credential patterns (default)
+ */
+export type BodyInspectionMode = 'off' | 'warn' | 'block';
+export interface InspectionResult {
+    /** Whether any credential-like patterns were found */
+    suspicious: boolean;
+    /** Human-readable descriptions of what was found */
+    matches: string[];
+}
+export declare class BodyInspector {
+    /**
+     * Scan a request body string for credential-like patterns.
+     *
+     * @param body The raw request body as a string
+     * @returns An InspectionResult indicating whether suspicious patterns were found
+     */
+    inspect(body: string): InspectionResult;
+}
+//# sourceMappingURL=body-inspector.d.ts.map

package/dist/gate/body-inspector.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"body-inspector.d.ts","sourceRoot":"","sources":["../../src/gate/body-inspector.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,MAAM,MAAM,kBAAkB,GAAG,KAAK,GAAG,MAAM,GAAG,OAAO,CAAC;AAE1D,MAAM,WAAW,gBAAgB;IAC/B,sDAAsD;IACtD,UAAU,EAAE,OAAO,CAAC;IACpB,oDAAoD;IACpD,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AA4KD,qBAAa,aAAa;IACxB;;;;;OAKG;IACH,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,gBAAgB;CA0BxC"}