@goplus/agentguard 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +242 -0
- package/dist/action/detectors/exec.d.ts +21 -0
- package/dist/action/detectors/exec.d.ts.map +1 -0
- package/dist/action/detectors/exec.js +201 -0
- package/dist/action/detectors/exec.js.map +1 -0
- package/dist/action/detectors/index.d.ts +4 -0
- package/dist/action/detectors/index.d.ts.map +1 -0
- package/dist/action/detectors/index.js +20 -0
- package/dist/action/detectors/index.js.map +1 -0
- package/dist/action/detectors/network.d.ts +21 -0
- package/dist/action/detectors/network.d.ts.map +1 -0
- package/dist/action/detectors/network.js +152 -0
- package/dist/action/detectors/network.js.map +1 -0
- package/dist/action/detectors/secret-leak.d.ts +28 -0
- package/dist/action/detectors/secret-leak.d.ts.map +1 -0
- package/dist/action/detectors/secret-leak.js +94 -0
- package/dist/action/detectors/secret-leak.js.map +1 -0
- package/dist/action/goplus/client.d.ts +151 -0
- package/dist/action/goplus/client.d.ts.map +1 -0
- package/dist/action/goplus/client.js +187 -0
- package/dist/action/goplus/client.js.map +1 -0
- package/dist/action/index.d.ts +61 -0
- package/dist/action/index.d.ts.map +1 -0
- package/dist/action/index.js +643 -0
- package/dist/action/index.js.map +1 -0
- package/dist/index.d.ts +31 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +77 -0
- package/dist/index.js.map +1 -0
- package/dist/mcp-server.d.ts +3 -0
- package/dist/mcp-server.d.ts.map +1 -0
- package/dist/mcp-server.js +410 -0
- package/dist/mcp-server.js.map +1 -0
- package/dist/policy/default.d.ts +77 -0
- package/dist/policy/default.d.ts.map +1 -0
- package/dist/policy/default.js +94 -0
- package/dist/policy/default.js.map +1 -0
- package/dist/registry/index.d.ts +93 -0
- package/dist/registry/index.d.ts.map +1 -0
- package/dist/registry/index.js +280 -0
- package/dist/registry/index.js.map +1 -0
- package/dist/registry/storage.d.ts +69 -0
- package/dist/registry/storage.d.ts.map +1 -0
- package/dist/registry/storage.js +208 -0
- package/dist/registry/storage.js.map +1 -0
- package/dist/registry/trust.d.ts +41 -0
- package/dist/registry/trust.d.ts.map +1 -0
- package/dist/registry/trust.js +139 -0
- package/dist/registry/trust.js.map +1 -0
- package/dist/scanner/file-walker.d.ts +34 -0
- package/dist/scanner/file-walker.d.ts.map +1 -0
- package/dist/scanner/file-walker.js +134 -0
- package/dist/scanner/file-walker.js.map +1 -0
- package/dist/scanner/index.d.ts +67 -0
- package/dist/scanner/index.d.ts.map +1 -0
- package/dist/scanner/index.js +349 -0
- package/dist/scanner/index.js.map +1 -0
- package/dist/scanner/rules/exfiltration.d.ts +6 -0
- package/dist/scanner/rules/exfiltration.d.ts.map +1 -0
- package/dist/scanner/rules/exfiltration.js +48 -0
- package/dist/scanner/rules/exfiltration.js.map +1 -0
- package/dist/scanner/rules/index.d.ts +18 -0
- package/dist/scanner/rules/index.d.ts.map +1 -0
- package/dist/scanner/rules/index.js +54 -0
- package/dist/scanner/rules/index.js.map +1 -0
- package/dist/scanner/rules/obfuscation.d.ts +6 -0
- package/dist/scanner/rules/obfuscation.d.ts.map +1 -0
- package/dist/scanner/rules/obfuscation.js +37 -0
- package/dist/scanner/rules/obfuscation.js.map +1 -0
- package/dist/scanner/rules/prompt-injection.d.ts +6 -0
- package/dist/scanner/rules/prompt-injection.d.ts.map +1 -0
- package/dist/scanner/rules/prompt-injection.js +38 -0
- package/dist/scanner/rules/prompt-injection.js.map +1 -0
- package/dist/scanner/rules/remote-loader.d.ts +6 -0
- package/dist/scanner/rules/remote-loader.d.ts.map +1 -0
- package/dist/scanner/rules/remote-loader.js +31 -0
- package/dist/scanner/rules/remote-loader.js.map +1 -0
- package/dist/scanner/rules/secrets.d.ts +6 -0
- package/dist/scanner/rules/secrets.d.ts.map +1 -0
- package/dist/scanner/rules/secrets.js +68 -0
- package/dist/scanner/rules/secrets.js.map +1 -0
- package/dist/scanner/rules/shell-exec.d.ts +6 -0
- package/dist/scanner/rules/shell-exec.d.ts.map +1 -0
- package/dist/scanner/rules/shell-exec.js +52 -0
- package/dist/scanner/rules/shell-exec.js.map +1 -0
- package/dist/scanner/rules/web3.d.ts +6 -0
- package/dist/scanner/rules/web3.d.ts.map +1 -0
- package/dist/scanner/rules/web3.js +139 -0
- package/dist/scanner/rules/web3.js.map +1 -0
- package/dist/tests/action.test.d.ts +2 -0
- package/dist/tests/action.test.d.ts.map +1 -0
- package/dist/tests/action.test.js +127 -0
- package/dist/tests/action.test.js.map +1 -0
- package/dist/tests/registry.test.d.ts +2 -0
- package/dist/tests/registry.test.d.ts.map +1 -0
- package/dist/tests/registry.test.js +109 -0
- package/dist/tests/registry.test.js.map +1 -0
- package/dist/tests/scanner.test.d.ts +2 -0
- package/dist/tests/scanner.test.d.ts.map +1 -0
- package/dist/tests/scanner.test.js +57 -0
- package/dist/tests/scanner.test.js.map +1 -0
- package/dist/types/action.d.ts +198 -0
- package/dist/types/action.d.ts.map +1 -0
- package/dist/types/action.js +3 -0
- package/dist/types/action.js.map +1 -0
- package/dist/types/index.d.ts +5 -0
- package/dist/types/index.d.ts.map +1 -0
- package/dist/types/index.js +22 -0
- package/dist/types/index.js.map +1 -0
- package/dist/types/registry.d.ts +104 -0
- package/dist/types/registry.d.ts.map +1 -0
- package/dist/types/registry.js +21 -0
- package/dist/types/registry.js.map +1 -0
- package/dist/types/scanner.d.ts +88 -0
- package/dist/types/scanner.d.ts.map +1 -0
- package/dist/types/scanner.js +20 -0
- package/dist/types/scanner.js.map +1 -0
- package/dist/types/skill.d.ts +52 -0
- package/dist/types/skill.d.ts.map +1 -0
- package/dist/types/skill.js +33 -0
- package/dist/types/skill.js.map +1 -0
- package/dist/utils/hash.d.ts +21 -0
- package/dist/utils/hash.d.ts.map +1 -0
- package/dist/utils/hash.js +112 -0
- package/dist/utils/hash.js.map +1 -0
- package/dist/utils/patterns.d.ts +74 -0
- package/dist/utils/patterns.d.ts.map +1 -0
- package/dist/utils/patterns.js +157 -0
- package/dist/utils/patterns.js.map +1 -0
- package/package.json +60 -0
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* GoPlus AgentGuard - Security guard for AI agents
|
|
3
|
+
*
|
|
4
|
+
* Three-module security framework:
|
|
5
|
+
* - Skill Scanner: Static analysis of skill code
|
|
6
|
+
* - Skill Registry: Trust level and capability management
|
|
7
|
+
* - Action Scanner: Runtime action decision engine
|
|
8
|
+
*/
|
|
9
|
+
export * from './types/index.js';
|
|
10
|
+
export { SkillScanner, type ScannerOptions } from './scanner/index.js';
|
|
11
|
+
export { SkillRegistry, RegistryStorage, type RegistryOptions, type StorageOptions, type LookupResult, type AttestResult, } from './registry/index.js';
|
|
12
|
+
export { ActionScanner, GoPlusClient, type ActionScannerOptions, } from './action/index.js';
|
|
13
|
+
export { DEFAULT_POLICIES, RESTRICTIVE_CAPABILITY, PERMISSIVE_CAPABILITY, CAPABILITY_PRESETS, type PolicyConfig, } from './policy/default.js';
|
|
14
|
+
export { containsSensitiveData, maskSensitiveData, extractDomain, isDomainAllowed, SENSITIVE_PATTERNS, } from './utils/patterns.js';
|
|
15
|
+
import { SkillScanner } from './scanner/index.js';
|
|
16
|
+
import { SkillRegistry } from './registry/index.js';
|
|
17
|
+
import { ActionScanner } from './action/index.js';
|
|
18
|
+
/**
|
|
19
|
+
* Create a complete AgentGuard instance with all modules
|
|
20
|
+
*/
|
|
21
|
+
export declare function createAgentGuard(options?: {
|
|
22
|
+
registryPath?: string;
|
|
23
|
+
useExternalScanner?: boolean;
|
|
24
|
+
}): {
|
|
25
|
+
scanner: SkillScanner;
|
|
26
|
+
registry: SkillRegistry;
|
|
27
|
+
actionScanner: ActionScanner;
|
|
28
|
+
};
|
|
29
|
+
export declare const createGuardSkills: typeof createAgentGuard;
|
|
30
|
+
export default createAgentGuard;
|
|
31
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,cAAc,kBAAkB,CAAC;AAGjC,OAAO,EAAE,YAAY,EAAE,KAAK,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACvE,OAAO,EACL,aAAa,EACb,eAAe,EACf,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,KAAK,YAAY,EACjB,KAAK,YAAY,GAClB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,aAAa,EACb,YAAY,EACZ,KAAK,oBAAoB,GAC1B,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,gBAAgB,EAChB,sBAAsB,EACtB,qBAAqB,EACrB,kBAAkB,EAClB,KAAK,YAAY,GAClB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,aAAa,EACb,eAAe,EACf,kBAAkB,GACnB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAElD;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,CAAC,EAAE;IACzC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B;;;;EAgBA;AAID,eAAO,MAAM,iBAAiB,yBAAmB,CAAC;AAGlD,eAAe,gBAAgB,CAAC"}
|
package/dist/index.js
ADDED
|
@@ -0,0 +1,77 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* GoPlus AgentGuard - Security guard for AI agents
|
|
4
|
+
*
|
|
5
|
+
* Three-module security framework:
|
|
6
|
+
* - Skill Scanner: Static analysis of skill code
|
|
7
|
+
* - Skill Registry: Trust level and capability management
|
|
8
|
+
* - Action Scanner: Runtime action decision engine
|
|
9
|
+
*/
|
|
10
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
11
|
+
if (k2 === undefined) k2 = k;
|
|
12
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
13
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
14
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
15
|
+
}
|
|
16
|
+
Object.defineProperty(o, k2, desc);
|
|
17
|
+
}) : (function(o, m, k, k2) {
|
|
18
|
+
if (k2 === undefined) k2 = k;
|
|
19
|
+
o[k2] = m[k];
|
|
20
|
+
}));
|
|
21
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
22
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
23
|
+
};
|
|
24
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
25
|
+
exports.createGuardSkills = exports.SENSITIVE_PATTERNS = exports.isDomainAllowed = exports.extractDomain = exports.maskSensitiveData = exports.containsSensitiveData = exports.CAPABILITY_PRESETS = exports.PERMISSIVE_CAPABILITY = exports.RESTRICTIVE_CAPABILITY = exports.DEFAULT_POLICIES = exports.GoPlusClient = exports.ActionScanner = exports.RegistryStorage = exports.SkillRegistry = exports.SkillScanner = void 0;
|
|
26
|
+
exports.createAgentGuard = createAgentGuard;
|
|
27
|
+
// Export types
|
|
28
|
+
__exportStar(require("./types/index.js"), exports);
|
|
29
|
+
// Export modules
|
|
30
|
+
var index_js_1 = require("./scanner/index.js");
|
|
31
|
+
Object.defineProperty(exports, "SkillScanner", { enumerable: true, get: function () { return index_js_1.SkillScanner; } });
|
|
32
|
+
var index_js_2 = require("./registry/index.js");
|
|
33
|
+
Object.defineProperty(exports, "SkillRegistry", { enumerable: true, get: function () { return index_js_2.SkillRegistry; } });
|
|
34
|
+
Object.defineProperty(exports, "RegistryStorage", { enumerable: true, get: function () { return index_js_2.RegistryStorage; } });
|
|
35
|
+
var index_js_3 = require("./action/index.js");
|
|
36
|
+
Object.defineProperty(exports, "ActionScanner", { enumerable: true, get: function () { return index_js_3.ActionScanner; } });
|
|
37
|
+
Object.defineProperty(exports, "GoPlusClient", { enumerable: true, get: function () { return index_js_3.GoPlusClient; } });
|
|
38
|
+
// Export policy presets
|
|
39
|
+
var default_js_1 = require("./policy/default.js");
|
|
40
|
+
Object.defineProperty(exports, "DEFAULT_POLICIES", { enumerable: true, get: function () { return default_js_1.DEFAULT_POLICIES; } });
|
|
41
|
+
Object.defineProperty(exports, "RESTRICTIVE_CAPABILITY", { enumerable: true, get: function () { return default_js_1.RESTRICTIVE_CAPABILITY; } });
|
|
42
|
+
Object.defineProperty(exports, "PERMISSIVE_CAPABILITY", { enumerable: true, get: function () { return default_js_1.PERMISSIVE_CAPABILITY; } });
|
|
43
|
+
Object.defineProperty(exports, "CAPABILITY_PRESETS", { enumerable: true, get: function () { return default_js_1.CAPABILITY_PRESETS; } });
|
|
44
|
+
// Export utility functions
|
|
45
|
+
var patterns_js_1 = require("./utils/patterns.js");
|
|
46
|
+
Object.defineProperty(exports, "containsSensitiveData", { enumerable: true, get: function () { return patterns_js_1.containsSensitiveData; } });
|
|
47
|
+
Object.defineProperty(exports, "maskSensitiveData", { enumerable: true, get: function () { return patterns_js_1.maskSensitiveData; } });
|
|
48
|
+
Object.defineProperty(exports, "extractDomain", { enumerable: true, get: function () { return patterns_js_1.extractDomain; } });
|
|
49
|
+
Object.defineProperty(exports, "isDomainAllowed", { enumerable: true, get: function () { return patterns_js_1.isDomainAllowed; } });
|
|
50
|
+
Object.defineProperty(exports, "SENSITIVE_PATTERNS", { enumerable: true, get: function () { return patterns_js_1.SENSITIVE_PATTERNS; } });
|
|
51
|
+
// Convenience factory functions
|
|
52
|
+
const index_js_4 = require("./scanner/index.js");
|
|
53
|
+
const index_js_5 = require("./registry/index.js");
|
|
54
|
+
const index_js_6 = require("./action/index.js");
|
|
55
|
+
/**
|
|
56
|
+
* Create a complete AgentGuard instance with all modules
|
|
57
|
+
*/
|
|
58
|
+
function createAgentGuard(options) {
|
|
59
|
+
const registry = new index_js_5.SkillRegistry({
|
|
60
|
+
filePath: options?.registryPath,
|
|
61
|
+
});
|
|
62
|
+
const scanner = new index_js_4.SkillScanner({
|
|
63
|
+
useExternalScanner: options?.useExternalScanner ?? true,
|
|
64
|
+
});
|
|
65
|
+
const actionScanner = new index_js_6.ActionScanner({ registry });
|
|
66
|
+
return {
|
|
67
|
+
scanner,
|
|
68
|
+
registry,
|
|
69
|
+
actionScanner,
|
|
70
|
+
};
|
|
71
|
+
}
|
|
72
|
+
// Default export
|
|
73
|
+
// Backwards compatibility alias
|
|
74
|
+
exports.createGuardSkills = createAgentGuard;
|
|
75
|
+
// Default export
|
|
76
|
+
exports.default = createAgentGuard;
|
|
77
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;;;;;;;;;;;;;;;AA+CH,4CAmBC;AAhED,eAAe;AACf,mDAAiC;AAEjC,iBAAiB;AACjB,+CAAuE;AAA9D,wGAAA,YAAY,OAAA;AACrB,gDAO6B;AAN3B,yGAAA,aAAa,OAAA;AACb,2GAAA,eAAe,OAAA;AAMjB,8CAI2B;AAHzB,yGAAA,aAAa,OAAA;AACb,wGAAA,YAAY,OAAA;AAId,wBAAwB;AACxB,kDAM6B;AAL3B,8GAAA,gBAAgB,OAAA;AAChB,oHAAA,sBAAsB,OAAA;AACtB,mHAAA,qBAAqB,OAAA;AACrB,gHAAA,kBAAkB,OAAA;AAIpB,2BAA2B;AAC3B,mDAM6B;AAL3B,oHAAA,qBAAqB,OAAA;AACrB,gHAAA,iBAAiB,OAAA;AACjB,4GAAA,aAAa,OAAA;AACb,8GAAA,eAAe,OAAA;AACf,iHAAA,kBAAkB,OAAA;AAGpB,gCAAgC;AAChC,iDAAkD;AAClD,kDAAoD;AACpD,gDAAkD;AAElD;;GAEG;AACH,SAAgB,gBAAgB,CAAC,OAGhC;IACC,MAAM,QAAQ,GAAG,IAAI,wBAAa,CAAC;QACjC,QAAQ,EAAE,OAAO,EAAE,YAAY;KAChC,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,IAAI,uBAAY,CAAC;QAC/B,kBAAkB,EAAE,OAAO,EAAE,kBAAkB,IAAI,IAAI;KACxD,CAAC,CAAC;IAEH,MAAM,aAAa,GAAG,IAAI,wBAAa,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;IAEtD,OAAO;QACL,OAAO;QACP,QAAQ;QACR,aAAa;KACd,CAAC;AACJ,CAAC;AAED,iBAAiB;AACjB,gCAAgC;AACnB,QAAA,iBAAiB,GAAG,gBAAgB,CAAC;AAElD,iBAAiB;AACjB,kBAAe,gBAAgB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"mcp-server.d.ts","sourceRoot":"","sources":["../src/mcp-server.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,410 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
"use strict";
|
|
3
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
4
|
+
const index_js_1 = require("@modelcontextprotocol/sdk/server/index.js");
|
|
5
|
+
const stdio_js_1 = require("@modelcontextprotocol/sdk/server/stdio.js");
|
|
6
|
+
const types_js_1 = require("@modelcontextprotocol/sdk/types.js");
|
|
7
|
+
const zod_1 = require("zod");
|
|
8
|
+
const commander_1 = require("commander");
|
|
9
|
+
const index_js_2 = require("./scanner/index.js");
|
|
10
|
+
const index_js_3 = require("./registry/index.js");
|
|
11
|
+
const index_js_4 = require("./action/index.js");
|
|
12
|
+
// Module instances (initialized in createServer)
|
|
13
|
+
let scanner;
|
|
14
|
+
let registry;
|
|
15
|
+
let actionScanner;
|
|
16
|
+
// Zod schemas for validation
|
|
17
|
+
const SkillIdentitySchema = zod_1.z.object({
|
|
18
|
+
id: zod_1.z.string(),
|
|
19
|
+
source: zod_1.z.string(),
|
|
20
|
+
version_ref: zod_1.z.string(),
|
|
21
|
+
artifact_hash: zod_1.z.string(),
|
|
22
|
+
});
|
|
23
|
+
const CapabilityModelSchema = zod_1.z.object({
|
|
24
|
+
network_allowlist: zod_1.z.array(zod_1.z.string()),
|
|
25
|
+
filesystem_allowlist: zod_1.z.array(zod_1.z.string()),
|
|
26
|
+
exec: zod_1.z.enum(['allow', 'deny']),
|
|
27
|
+
secrets_allowlist: zod_1.z.array(zod_1.z.string()),
|
|
28
|
+
web3: zod_1.z.object({
|
|
29
|
+
chains_allowlist: zod_1.z.array(zod_1.z.number()),
|
|
30
|
+
rpc_allowlist: zod_1.z.array(zod_1.z.string()),
|
|
31
|
+
tx_policy: zod_1.z.enum(['allow', 'confirm_high_risk', 'deny']),
|
|
32
|
+
}).optional(),
|
|
33
|
+
});
|
|
34
|
+
/**
|
|
35
|
+
* Create and configure the MCP server
|
|
36
|
+
*/
|
|
37
|
+
function createServer(options) {
|
|
38
|
+
scanner = new index_js_2.SkillScanner();
|
|
39
|
+
registry = new index_js_3.SkillRegistry({ filePath: options?.registryPath });
|
|
40
|
+
actionScanner = new index_js_4.ActionScanner({ registry });
|
|
41
|
+
const server = new index_js_1.Server({
|
|
42
|
+
name: 'agentguard',
|
|
43
|
+
version: '1.0.0',
|
|
44
|
+
}, {
|
|
45
|
+
capabilities: {
|
|
46
|
+
tools: {},
|
|
47
|
+
},
|
|
48
|
+
});
|
|
49
|
+
// List all available tools
|
|
50
|
+
server.setRequestHandler(types_js_1.ListToolsRequestSchema, async () => {
|
|
51
|
+
return {
|
|
52
|
+
tools: [
|
|
53
|
+
// Scanner tools
|
|
54
|
+
{
|
|
55
|
+
name: 'skill_scanner_scan',
|
|
56
|
+
description: 'Scan a skill directory for security risks. Returns risk level, tags, and evidence.',
|
|
57
|
+
inputSchema: {
|
|
58
|
+
type: 'object',
|
|
59
|
+
properties: {
|
|
60
|
+
skill: {
|
|
61
|
+
type: 'object',
|
|
62
|
+
properties: {
|
|
63
|
+
id: { type: 'string', description: 'Skill identifier' },
|
|
64
|
+
source: { type: 'string', description: 'Source repository' },
|
|
65
|
+
version_ref: { type: 'string', description: 'Version reference' },
|
|
66
|
+
artifact_hash: { type: 'string', description: 'Artifact hash' },
|
|
67
|
+
},
|
|
68
|
+
required: ['id', 'source', 'version_ref', 'artifact_hash'],
|
|
69
|
+
},
|
|
70
|
+
path: { type: 'string', description: 'Path to skill directory' },
|
|
71
|
+
deep: { type: 'boolean', description: 'Enable deep analysis', default: false },
|
|
72
|
+
},
|
|
73
|
+
required: ['skill', 'path'],
|
|
74
|
+
},
|
|
75
|
+
},
|
|
76
|
+
// Registry tools
|
|
77
|
+
{
|
|
78
|
+
name: 'registry_lookup',
|
|
79
|
+
description: 'Look up a skill\'s trust record in the registry.',
|
|
80
|
+
inputSchema: {
|
|
81
|
+
type: 'object',
|
|
82
|
+
properties: {
|
|
83
|
+
skill: {
|
|
84
|
+
type: 'object',
|
|
85
|
+
properties: {
|
|
86
|
+
id: { type: 'string' },
|
|
87
|
+
source: { type: 'string' },
|
|
88
|
+
version_ref: { type: 'string' },
|
|
89
|
+
artifact_hash: { type: 'string' },
|
|
90
|
+
},
|
|
91
|
+
required: ['id', 'source', 'version_ref', 'artifact_hash'],
|
|
92
|
+
},
|
|
93
|
+
},
|
|
94
|
+
required: ['skill'],
|
|
95
|
+
},
|
|
96
|
+
},
|
|
97
|
+
{
|
|
98
|
+
name: 'registry_attest',
|
|
99
|
+
description: 'Add or update a skill\'s trust record. May require confirmation for upgrades.',
|
|
100
|
+
inputSchema: {
|
|
101
|
+
type: 'object',
|
|
102
|
+
properties: {
|
|
103
|
+
skill: {
|
|
104
|
+
type: 'object',
|
|
105
|
+
properties: {
|
|
106
|
+
id: { type: 'string' },
|
|
107
|
+
source: { type: 'string' },
|
|
108
|
+
version_ref: { type: 'string' },
|
|
109
|
+
artifact_hash: { type: 'string' },
|
|
110
|
+
},
|
|
111
|
+
required: ['id', 'source', 'version_ref', 'artifact_hash'],
|
|
112
|
+
},
|
|
113
|
+
trust_level: {
|
|
114
|
+
type: 'string',
|
|
115
|
+
enum: ['untrusted', 'restricted', 'trusted'],
|
|
116
|
+
},
|
|
117
|
+
capabilities: {
|
|
118
|
+
type: 'object',
|
|
119
|
+
properties: {
|
|
120
|
+
network_allowlist: { type: 'array', items: { type: 'string' } },
|
|
121
|
+
filesystem_allowlist: { type: 'array', items: { type: 'string' } },
|
|
122
|
+
exec: { type: 'string', enum: ['allow', 'deny'] },
|
|
123
|
+
secrets_allowlist: { type: 'array', items: { type: 'string' } },
|
|
124
|
+
},
|
|
125
|
+
required: ['network_allowlist', 'filesystem_allowlist', 'exec', 'secrets_allowlist'],
|
|
126
|
+
},
|
|
127
|
+
reviewed_by: { type: 'string', description: 'Reviewer identifier' },
|
|
128
|
+
notes: { type: 'string', description: 'Review notes' },
|
|
129
|
+
expires_at: { type: 'string', description: 'Expiration date (ISO 8601)' },
|
|
130
|
+
force: { type: 'boolean', description: 'Force attest without confirmation', default: false },
|
|
131
|
+
},
|
|
132
|
+
required: ['skill', 'trust_level', 'capabilities', 'reviewed_by', 'notes'],
|
|
133
|
+
},
|
|
134
|
+
},
|
|
135
|
+
{
|
|
136
|
+
name: 'registry_revoke',
|
|
137
|
+
description: 'Revoke trust for skills matching the criteria.',
|
|
138
|
+
inputSchema: {
|
|
139
|
+
type: 'object',
|
|
140
|
+
properties: {
|
|
141
|
+
source: { type: 'string', description: 'Source pattern (supports wildcards)' },
|
|
142
|
+
version_ref: { type: 'string', description: 'Version to revoke' },
|
|
143
|
+
record_key: { type: 'string', description: 'Specific record key' },
|
|
144
|
+
reason: { type: 'string', description: 'Revocation reason' },
|
|
145
|
+
},
|
|
146
|
+
required: ['reason'],
|
|
147
|
+
},
|
|
148
|
+
},
|
|
149
|
+
{
|
|
150
|
+
name: 'registry_list',
|
|
151
|
+
description: 'List trust records with optional filters.',
|
|
152
|
+
inputSchema: {
|
|
153
|
+
type: 'object',
|
|
154
|
+
properties: {
|
|
155
|
+
trust_level: { type: 'string', enum: ['untrusted', 'restricted', 'trusted'] },
|
|
156
|
+
status: { type: 'string', enum: ['active', 'revoked'] },
|
|
157
|
+
source_pattern: { type: 'string', description: 'Filter by source pattern' },
|
|
158
|
+
include_expired: { type: 'boolean', default: false },
|
|
159
|
+
},
|
|
160
|
+
},
|
|
161
|
+
},
|
|
162
|
+
// Action scanner tools
|
|
163
|
+
{
|
|
164
|
+
name: 'action_scanner_decide',
|
|
165
|
+
description: 'Evaluate a runtime action and return allow/deny/confirm decision.',
|
|
166
|
+
inputSchema: {
|
|
167
|
+
type: 'object',
|
|
168
|
+
properties: {
|
|
169
|
+
actor: {
|
|
170
|
+
type: 'object',
|
|
171
|
+
properties: {
|
|
172
|
+
skill: {
|
|
173
|
+
type: 'object',
|
|
174
|
+
properties: {
|
|
175
|
+
id: { type: 'string' },
|
|
176
|
+
source: { type: 'string' },
|
|
177
|
+
version_ref: { type: 'string' },
|
|
178
|
+
artifact_hash: { type: 'string' },
|
|
179
|
+
},
|
|
180
|
+
required: ['id', 'source', 'version_ref', 'artifact_hash'],
|
|
181
|
+
},
|
|
182
|
+
},
|
|
183
|
+
required: ['skill'],
|
|
184
|
+
},
|
|
185
|
+
action: {
|
|
186
|
+
type: 'object',
|
|
187
|
+
properties: {
|
|
188
|
+
type: {
|
|
189
|
+
type: 'string',
|
|
190
|
+
enum: ['network_request', 'exec_command', 'read_file', 'write_file', 'secret_access', 'web3_tx', 'web3_sign'],
|
|
191
|
+
},
|
|
192
|
+
data: { type: 'object', description: 'Action-specific data' },
|
|
193
|
+
},
|
|
194
|
+
required: ['type', 'data'],
|
|
195
|
+
},
|
|
196
|
+
context: {
|
|
197
|
+
type: 'object',
|
|
198
|
+
properties: {
|
|
199
|
+
session_id: { type: 'string' },
|
|
200
|
+
user_present: { type: 'boolean' },
|
|
201
|
+
env: { type: 'string', enum: ['prod', 'dev', 'test'] },
|
|
202
|
+
},
|
|
203
|
+
required: ['session_id', 'user_present', 'env'],
|
|
204
|
+
},
|
|
205
|
+
},
|
|
206
|
+
required: ['actor', 'action', 'context'],
|
|
207
|
+
},
|
|
208
|
+
},
|
|
209
|
+
{
|
|
210
|
+
name: 'action_scanner_simulate_web3',
|
|
211
|
+
description: 'Simulate a Web3 transaction using GoPlus API. Returns risk analysis.',
|
|
212
|
+
inputSchema: {
|
|
213
|
+
type: 'object',
|
|
214
|
+
properties: {
|
|
215
|
+
chain_id: { type: 'number', description: 'Chain ID (e.g., 1 for Ethereum)' },
|
|
216
|
+
from: { type: 'string', description: 'Sender address' },
|
|
217
|
+
to: { type: 'string', description: 'Target address' },
|
|
218
|
+
value: { type: 'string', description: 'Value in wei' },
|
|
219
|
+
data: { type: 'string', description: 'Transaction calldata' },
|
|
220
|
+
origin: { type: 'string', description: 'DApp origin URL' },
|
|
221
|
+
},
|
|
222
|
+
required: ['chain_id', 'from', 'to', 'value'],
|
|
223
|
+
},
|
|
224
|
+
},
|
|
225
|
+
],
|
|
226
|
+
};
|
|
227
|
+
});
|
|
228
|
+
// Handle tool calls
|
|
229
|
+
server.setRequestHandler(types_js_1.CallToolRequestSchema, async (request) => {
|
|
230
|
+
const { name, arguments: args } = request.params;
|
|
231
|
+
try {
|
|
232
|
+
switch (name) {
|
|
233
|
+
// Scanner: scan
|
|
234
|
+
case 'skill_scanner_scan': {
|
|
235
|
+
const skill = SkillIdentitySchema.parse(args?.skill);
|
|
236
|
+
const path = args?.path;
|
|
237
|
+
const deep = args?.deep || false;
|
|
238
|
+
const result = await scanner.scan({
|
|
239
|
+
skill,
|
|
240
|
+
payload: { type: 'dir', ref: path },
|
|
241
|
+
options: { deep },
|
|
242
|
+
});
|
|
243
|
+
return {
|
|
244
|
+
content: [
|
|
245
|
+
{
|
|
246
|
+
type: 'text',
|
|
247
|
+
text: JSON.stringify(result, null, 2),
|
|
248
|
+
},
|
|
249
|
+
],
|
|
250
|
+
};
|
|
251
|
+
}
|
|
252
|
+
// Registry: lookup
|
|
253
|
+
case 'registry_lookup': {
|
|
254
|
+
const skill = SkillIdentitySchema.parse(args?.skill);
|
|
255
|
+
const result = await registry.lookup(skill);
|
|
256
|
+
return {
|
|
257
|
+
content: [
|
|
258
|
+
{
|
|
259
|
+
type: 'text',
|
|
260
|
+
text: JSON.stringify(result, null, 2),
|
|
261
|
+
},
|
|
262
|
+
],
|
|
263
|
+
};
|
|
264
|
+
}
|
|
265
|
+
// Registry: attest
|
|
266
|
+
case 'registry_attest': {
|
|
267
|
+
const skill = SkillIdentitySchema.parse(args?.skill);
|
|
268
|
+
const trustLevel = args?.trust_level;
|
|
269
|
+
const capabilities = CapabilityModelSchema.parse(args?.capabilities);
|
|
270
|
+
const reviewedBy = args?.reviewed_by;
|
|
271
|
+
const notes = args?.notes;
|
|
272
|
+
const expiresAt = args?.expires_at;
|
|
273
|
+
const force = args?.force || false;
|
|
274
|
+
const attestFn = force ? registry.forceAttest.bind(registry) : registry.attest.bind(registry);
|
|
275
|
+
const result = await attestFn({
|
|
276
|
+
skill,
|
|
277
|
+
trust_level: trustLevel,
|
|
278
|
+
capabilities,
|
|
279
|
+
expires_at: expiresAt,
|
|
280
|
+
review: {
|
|
281
|
+
reviewed_by: reviewedBy,
|
|
282
|
+
evidence_refs: [],
|
|
283
|
+
notes,
|
|
284
|
+
},
|
|
285
|
+
});
|
|
286
|
+
return {
|
|
287
|
+
content: [
|
|
288
|
+
{
|
|
289
|
+
type: 'text',
|
|
290
|
+
text: JSON.stringify(result, null, 2),
|
|
291
|
+
},
|
|
292
|
+
],
|
|
293
|
+
};
|
|
294
|
+
}
|
|
295
|
+
// Registry: revoke
|
|
296
|
+
case 'registry_revoke': {
|
|
297
|
+
const source = args?.source;
|
|
298
|
+
const versionRef = args?.version_ref;
|
|
299
|
+
const recordKey = args?.record_key;
|
|
300
|
+
const reason = args?.reason;
|
|
301
|
+
const count = await registry.revoke({ source, version_ref: versionRef, record_key: recordKey }, reason);
|
|
302
|
+
return {
|
|
303
|
+
content: [
|
|
304
|
+
{
|
|
305
|
+
type: 'text',
|
|
306
|
+
text: JSON.stringify({ revoked_count: count }, null, 2),
|
|
307
|
+
},
|
|
308
|
+
],
|
|
309
|
+
};
|
|
310
|
+
}
|
|
311
|
+
// Registry: list
|
|
312
|
+
case 'registry_list': {
|
|
313
|
+
const filters = {
|
|
314
|
+
trust_level: args?.trust_level,
|
|
315
|
+
status: args?.status,
|
|
316
|
+
source_pattern: args?.source_pattern,
|
|
317
|
+
include_expired: args?.include_expired || false,
|
|
318
|
+
};
|
|
319
|
+
const records = await registry.list(filters);
|
|
320
|
+
return {
|
|
321
|
+
content: [
|
|
322
|
+
{
|
|
323
|
+
type: 'text',
|
|
324
|
+
text: JSON.stringify({ count: records.length, records }, null, 2),
|
|
325
|
+
},
|
|
326
|
+
],
|
|
327
|
+
};
|
|
328
|
+
}
|
|
329
|
+
// Action scanner: decide
|
|
330
|
+
case 'action_scanner_decide': {
|
|
331
|
+
const envelope = args;
|
|
332
|
+
envelope.context.time = new Date().toISOString();
|
|
333
|
+
const result = await actionScanner.decide(envelope);
|
|
334
|
+
return {
|
|
335
|
+
content: [
|
|
336
|
+
{
|
|
337
|
+
type: 'text',
|
|
338
|
+
text: JSON.stringify(result, null, 2),
|
|
339
|
+
},
|
|
340
|
+
],
|
|
341
|
+
};
|
|
342
|
+
}
|
|
343
|
+
// Action scanner: simulate_web3
|
|
344
|
+
case 'action_scanner_simulate_web3': {
|
|
345
|
+
const intent = {
|
|
346
|
+
chain_id: args?.chain_id,
|
|
347
|
+
from: args?.from,
|
|
348
|
+
to: args?.to,
|
|
349
|
+
value: args?.value,
|
|
350
|
+
data: args?.data,
|
|
351
|
+
origin: args?.origin,
|
|
352
|
+
kind: 'tx',
|
|
353
|
+
};
|
|
354
|
+
const result = await actionScanner.simulateWeb3(intent);
|
|
355
|
+
return {
|
|
356
|
+
content: [
|
|
357
|
+
{
|
|
358
|
+
type: 'text',
|
|
359
|
+
text: JSON.stringify(result, null, 2),
|
|
360
|
+
},
|
|
361
|
+
],
|
|
362
|
+
};
|
|
363
|
+
}
|
|
364
|
+
default:
|
|
365
|
+
throw new Error(`Unknown tool: ${name}`);
|
|
366
|
+
}
|
|
367
|
+
}
|
|
368
|
+
catch (error) {
|
|
369
|
+
const errorMessage = error instanceof Error ? error.message : 'Unknown error';
|
|
370
|
+
return {
|
|
371
|
+
content: [
|
|
372
|
+
{
|
|
373
|
+
type: 'text',
|
|
374
|
+
text: JSON.stringify({ error: errorMessage }),
|
|
375
|
+
},
|
|
376
|
+
],
|
|
377
|
+
isError: true,
|
|
378
|
+
};
|
|
379
|
+
}
|
|
380
|
+
});
|
|
381
|
+
return server;
|
|
382
|
+
}
|
|
383
|
+
/**
|
|
384
|
+
* Main entry point
|
|
385
|
+
*/
|
|
386
|
+
async function main() {
|
|
387
|
+
const program = new commander_1.Command();
|
|
388
|
+
program
|
|
389
|
+
.name('agentguard')
|
|
390
|
+
.description('Security skill MCP server for AI agents')
|
|
391
|
+
.version('1.0.0')
|
|
392
|
+
.option('--registry-path <path>', 'Path to registry file')
|
|
393
|
+
.action(async (options) => {
|
|
394
|
+
// Create server
|
|
395
|
+
const server = createServer({
|
|
396
|
+
registryPath: options.registryPath,
|
|
397
|
+
});
|
|
398
|
+
// Connect via stdio
|
|
399
|
+
const transport = new stdio_js_1.StdioServerTransport();
|
|
400
|
+
await server.connect(transport);
|
|
401
|
+
console.error('GoPlus AgentGuard MCP server started');
|
|
402
|
+
});
|
|
403
|
+
await program.parseAsync(process.argv);
|
|
404
|
+
}
|
|
405
|
+
// Run if executed directly
|
|
406
|
+
main().catch((error) => {
|
|
407
|
+
console.error('Fatal error:', error);
|
|
408
|
+
process.exit(1);
|
|
409
|
+
});
|
|
410
|
+
//# sourceMappingURL=mcp-server.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"mcp-server.js","sourceRoot":"","sources":["../src/mcp-server.ts"],"names":[],"mappings":";;;AAEA,wEAAmE;AACnE,wEAAiF;AACjF,iEAG4C;AAC5C,6BAAwB;AACxB,yCAAoC;AAEpC,iDAAkD;AAClD,kDAAoD;AACpD,gDAAkD;AAKlD,iDAAiD;AACjD,IAAI,OAAqB,CAAC;AAC1B,IAAI,QAAuB,CAAC;AAC5B,IAAI,aAA4B,CAAC;AAEjC,6BAA6B;AAC7B,MAAM,mBAAmB,GAAG,OAAC,CAAC,MAAM,CAAC;IACnC,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE;IACd,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE;IAClB,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE;IACvB,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE;CAC1B,CAAC,CAAC;AAEH,MAAM,qBAAqB,GAAG,OAAC,CAAC,MAAM,CAAC;IACrC,iBAAiB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;IACtC,oBAAoB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;IACzC,IAAI,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC/B,iBAAiB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;IACtC,IAAI,EAAE,OAAC,CAAC,MAAM,CAAC;QACb,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;QACrC,aAAa,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;QAClC,SAAS,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,mBAAmB,EAAE,MAAM,CAAC,CAAC;KAC1D,CAAC,CAAC,QAAQ,EAAE;CACd,CAAC,CAAC;AAEH;;GAEG;AACH,SAAS,YAAY,CAAC,OAAmC;IACvD,OAAO,GAAG,IAAI,uBAAY,EAAE,CAAC;IAC7B,QAAQ,GAAG,IAAI,wBAAa,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,YAAY,EAAE,CAAC,CAAC;IAClE,aAAa,GAAG,IAAI,wBAAa,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;IAEhD,MAAM,MAAM,GAAG,IAAI,iBAAM,CACvB;QACE,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,OAAO;KACjB,EACD;QACE,YAAY,EAAE;YACZ,KAAK,EAAE,EAAE;SACV;KACF,CACF,CAAC;IAEF,2BAA2B;IAC3B,MAAM,CAAC,iBAAiB,CAAC,iCAAsB,EAAE,KAAK,IAAI,EAAE;QAC1D,OAAO;YACL,KAAK,EAAE;gBACL,gBAAgB;gBAChB;oBACE,IAAI,EAAE,oBAAoB;oBAC1B,WAAW,EAAE,oFAAoF;oBACjG,WAAW,EAAE;wBACX,IAAI,EAAE,QAAQ;wBACd,UAAU,EAAE;4BACV,KAAK,EAAE;gCACL,IAAI,EAAE,QAAQ;gCACd,UAAU,EAAE;oCACV,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,kBAAkB,EAAE;oCACvD,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,mBAAmB,EAAE;oCAC5D,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,mBAAmB,EAAE;oCACjE,aAAa,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE;iCAChE;gCACD,QAAQ,EAAE,CAAC,IAAI,EAAE,QAAQ,EAAE,aAAa,EAAE,eAAe,CAAC;6BAC3D;4BACD,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,yBAAyB,EAAE;4BAChE,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,sBAAsB,EAAE,OAAO,EAAE,KAAK,EAAE;yBAC/E;wBACD,QAAQ,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC;qBAC5B;iBACF;gBAED,iBAAiB;gBACjB;oBACE,IAAI,EAAE,iBAAiB;oBACvB,WAAW,EAAE,kDAAkD;oBAC/D,WAAW,EAAE;wBACX,IAAI,EAAE,QAAQ;wBACd,UAAU,EAAE;4BACV,KAAK,EAAE;gCACL,IAAI,EAAE,QAAQ;gCACd,UAAU,EAAE;oCACV,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oCACtB,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oCAC1B,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oCAC/B,aAAa,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;iCAClC;gCACD,QAAQ,EAAE,CAAC,IAAI,EAAE,QAAQ,EAAE,aAAa,EAAE,eAAe,CAAC;6BAC3D;yBACF;wBACD,QAAQ,EAAE,CAAC,OAAO,CAAC;qBACpB;iBACF;gBACD;oBACE,IAAI,EAAE,iBAAiB;oBACvB,WAAW,EAAE,+EAA+E;oBAC5F,WAAW,EAAE;wBACX,IAAI,EAAE,QAAQ;wBACd,UAAU,EAAE;4BACV,KAAK,EAAE;gCACL,IAAI,EAAE,QAAQ;gCACd,UAAU,EAAE;oCACV,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oCACtB,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oCAC1B,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oCAC/B,aAAa,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;iCAClC;gCACD,QAAQ,EAAE,CAAC,IAAI,EAAE,QAAQ,EAAE,aAAa,EAAE,eAAe,CAAC;6BAC3D;4BACD,WAAW,EAAE;gCACX,IAAI,EAAE,QAAQ;gCACd,IAAI,EAAE,CAAC,WAAW,EAAE,YAAY,EAAE,SAAS,CAAC;6BAC7C;4BACD,YAAY,EAAE;gCACZ,IAAI,EAAE,QAAQ;gCACd,UAAU,EAAE;oCACV,iBAAiB,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;oCAC/D,oBAAoB,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;oCAClE,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,EAAE;oCACjD,iBAAiB,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;iCAChE;gCACD,QAAQ,EAAE,CAAC,mBAAmB,EAAE,sBAAsB,EAAE,MAAM,EAAE,mBAAmB,CAAC;6BACrF;4BACD,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,qBAAqB,EAAE;4BACnE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE;4BACtD,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,4BAA4B,EAAE;4BACzE,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,mCAAmC,EAAE,OAAO,EAAE,KAAK,EAAE;yBAC7F;wBACD,QAAQ,EAAE,CAAC,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,aAAa,EAAE,OAAO,CAAC;qBAC3E;iBACF;gBACD;oBACE,IAAI,EAAE,iBAAiB;oBACvB,WAAW,EAAE,gDAAgD;oBAC7D,WAAW,EAAE;wBACX,IAAI,EAAE,QAAQ;wBACd,UAAU,EAAE;4BACV,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,qCAAqC,EAAE;4BAC9E,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,mBAAmB,EAAE;4BACjE,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,qBAAqB,EAAE;4BAClE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,mBAAmB,EAAE;yBAC7D;wBACD,QAAQ,EAAE,CAAC,QAAQ,CAAC;qBACrB;iBACF;gBACD;oBACE,IAAI,EAAE,eAAe;oBACrB,WAAW,EAAE,2CAA2C;oBACxD,WAAW,EAAE;wBACX,IAAI,EAAE,QAAQ;wBACd,UAAU,EAAE;4BACV,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,WAAW,EAAE,YAAY,EAAE,SAAS,CAAC,EAAE;4BAC7E,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC,EAAE;4BACvD,cAAc,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,0BAA0B,EAAE;4BAC3E,eAAe,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE;yBACrD;qBACF;iBACF;gBAED,uBAAuB;gBACvB;oBACE,IAAI,EAAE,uBAAuB;oBAC7B,WAAW,EAAE,mEAAmE;oBAChF,WAAW,EAAE;wBACX,IAAI,EAAE,QAAQ;wBACd,UAAU,EAAE;4BACV,KAAK,EAAE;gCACL,IAAI,EAAE,QAAQ;gCACd,UAAU,EAAE;oCACV,KAAK,EAAE;wCACL,IAAI,EAAE,QAAQ;wCACd,UAAU,EAAE;4CACV,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;4CACtB,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;4CAC1B,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;4CAC/B,aAAa,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;yCAClC;wCACD,QAAQ,EAAE,CAAC,IAAI,EAAE,QAAQ,EAAE,aAAa,EAAE,eAAe,CAAC;qCAC3D;iCACF;gCACD,QAAQ,EAAE,CAAC,OAAO,CAAC;6BACpB;4BACD,MAAM,EAAE;gCACN,IAAI,EAAE,QAAQ;gCACd,UAAU,EAAE;oCACV,IAAI,EAAE;wCACJ,IAAI,EAAE,QAAQ;wCACd,IAAI,EAAE,CAAC,iBAAiB,EAAE,cAAc,EAAE,WAAW,EAAE,YAAY,EAAE,eAAe,EAAE,SAAS,EAAE,WAAW,CAAC;qCAC9G;oCACD,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,sBAAsB,EAAE;iCAC9D;gCACD,QAAQ,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC;6BAC3B;4BACD,OAAO,EAAE;gCACP,IAAI,EAAE,QAAQ;gCACd,UAAU,EAAE;oCACV,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oCAC9B,YAAY,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;oCACjC,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,EAAE;iCACvD;gCACD,QAAQ,EAAE,CAAC,YAAY,EAAE,cAAc,EAAE,KAAK,CAAC;6BAChD;yBACF;wBACD,QAAQ,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,SAAS,CAAC;qBACzC;iBACF;gBACD;oBACE,IAAI,EAAE,8BAA8B;oBACpC,WAAW,EAAE,sEAAsE;oBACnF,WAAW,EAAE;wBACX,IAAI,EAAE,QAAQ;wBACd,UAAU,EAAE;4BACV,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iCAAiC,EAAE;4BAC5E,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,gBAAgB,EAAE;4BACvD,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,gBAAgB,EAAE;4BACrD,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE;4BACtD,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,sBAAsB,EAAE;4BAC7D,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iBAAiB,EAAE;yBAC3D;wBACD,QAAQ,EAAE,CAAC,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC;qBAC9C;iBACF;aACF;SACF,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,oBAAoB;IACpB,MAAM,CAAC,iBAAiB,CAAC,gCAAqB,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;QAChE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;QAEjD,IAAI,CAAC;YACH,QAAQ,IAAI,EAAE,CAAC;gBACb,gBAAgB;gBAChB,KAAK,oBAAoB,CAAC,CAAC,CAAC;oBAC1B,MAAM,KAAK,GAAG,mBAAmB,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;oBACrD,MAAM,IAAI,GAAG,IAAI,EAAE,IAAc,CAAC;oBAClC,MAAM,IAAI,GAAG,IAAI,EAAE,IAAe,IAAI,KAAK,CAAC;oBAE5C,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;wBAChC,KAAK;wBACL,OAAO,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE;wBACnC,OAAO,EAAE,EAAE,IAAI,EAAE;qBAClB,CAAC,CAAC;oBAEH,OAAO;wBACL,OAAO,EAAE;4BACP;gCACE,IAAI,EAAE,MAAM;gCACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;6BACtC;yBACF;qBACF,CAAC;gBACJ,CAAC;gBAED,mBAAmB;gBACnB,KAAK,iBAAiB,CAAC,CAAC,CAAC;oBACvB,MAAM,KAAK,GAAG,mBAAmB,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;oBACrD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;oBAE5C,OAAO;wBACL,OAAO,EAAE;4BACP;gCACE,IAAI,EAAE,MAAM;gCACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;6BACtC;yBACF;qBACF,CAAC;gBACJ,CAAC;gBAED,mBAAmB;gBACnB,KAAK,iBAAiB,CAAC,CAAC,CAAC;oBACvB,MAAM,KAAK,GAAG,mBAAmB,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;oBACrD,MAAM,UAAU,GAAG,IAAI,EAAE,WAAyB,CAAC;oBACnD,MAAM,YAAY,GAAG,qBAAqB,CAAC,KAAK,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;oBACrE,MAAM,UAAU,GAAG,IAAI,EAAE,WAAqB,CAAC;oBAC/C,MAAM,KAAK,GAAG,IAAI,EAAE,KAAe,CAAC;oBACpC,MAAM,SAAS,GAAG,IAAI,EAAE,UAAgC,CAAC;oBACzD,MAAM,KAAK,GAAG,IAAI,EAAE,KAAgB,IAAI,KAAK,CAAC;oBAE9C,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBAE9F,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC;wBAC5B,KAAK;wBACL,WAAW,EAAE,UAAU;wBACvB,YAAY;wBACZ,UAAU,EAAE,SAAS;wBACrB,MAAM,EAAE;4BACN,WAAW,EAAE,UAAU;4BACvB,aAAa,EAAE,EAAE;4BACjB,KAAK;yBACN;qBACF,CAAC,CAAC;oBAEH,OAAO;wBACL,OAAO,EAAE;4BACP;gCACE,IAAI,EAAE,MAAM;gCACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;6BACtC;yBACF;qBACF,CAAC;gBACJ,CAAC;gBAED,mBAAmB;gBACnB,KAAK,iBAAiB,CAAC,CAAC,CAAC;oBACvB,MAAM,MAAM,GAAG,IAAI,EAAE,MAA4B,CAAC;oBAClD,MAAM,UAAU,GAAG,IAAI,EAAE,WAAiC,CAAC;oBAC3D,MAAM,SAAS,GAAG,IAAI,EAAE,UAAgC,CAAC;oBACzD,MAAM,MAAM,GAAG,IAAI,EAAE,MAAgB,CAAC;oBAEtC,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,MAAM,CACjC,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,UAAU,EAAE,SAAS,EAAE,EAC1D,MAAM,CACP,CAAC;oBAEF,OAAO;wBACL,OAAO,EAAE;4BACP;gCACE,IAAI,EAAE,MAAM;gCACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,aAAa,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;6BACxD;yBACF;qBACF,CAAC;gBACJ,CAAC;gBAED,iBAAiB;gBACjB,KAAK,eAAe,CAAC,CAAC,CAAC;oBACrB,MAAM,OAAO,GAAG;wBACd,WAAW,EAAE,IAAI,EAAE,WAAqC;wBACxD,MAAM,EAAE,IAAI,EAAE,MAA0C;wBACxD,cAAc,EAAE,IAAI,EAAE,cAAoC;wBAC1D,eAAe,EAAE,IAAI,EAAE,eAA0B,IAAI,KAAK;qBAC3D,CAAC;oBAEF,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;oBAE7C,OAAO;wBACL,OAAO,EAAE;4BACP;gCACE,IAAI,EAAE,MAAM;gCACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;6BAClE;yBACF;qBACF,CAAC;gBACJ,CAAC;gBAED,yBAAyB;gBACzB,KAAK,uBAAuB,CAAC,CAAC,CAAC;oBAC7B,MAAM,QAAQ,GAAG,IAAiC,CAAC;oBACnD,QAAQ,CAAC,OAAO,CAAC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;oBAEjD,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;oBAEpD,OAAO;wBACL,OAAO,EAAE;4BACP;gCACE,IAAI,EAAE,MAAM;gCACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;6BACtC;yBACF;qBACF,CAAC;gBACJ,CAAC;gBAED,gCAAgC;gBAChC,KAAK,8BAA8B,CAAC,CAAC,CAAC;oBACpC,MAAM,MAAM,GAAe;wBACzB,QAAQ,EAAE,IAAI,EAAE,QAAkB;wBAClC,IAAI,EAAE,IAAI,EAAE,IAAc;wBAC1B,EAAE,EAAE,IAAI,EAAE,EAAY;wBACtB,KAAK,EAAE,IAAI,EAAE,KAAe;wBAC5B,IAAI,EAAE,IAAI,EAAE,IAA0B;wBACtC,MAAM,EAAE,IAAI,EAAE,MAA4B;wBAC1C,IAAI,EAAE,IAAI;qBACX,CAAC;oBAEF,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;oBAExD,OAAO;wBACL,OAAO,EAAE;4BACP;gCACE,IAAI,EAAE,MAAM;gCACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;6BACtC;yBACF;qBACF,CAAC;gBACJ,CAAC;gBAED;oBACE,MAAM,IAAI,KAAK,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YAC9E,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC;qBAC9C;iBACF;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,IAAI;IACjB,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;IAE9B,OAAO;SACJ,IAAI,CAAC,YAAY,CAAC;SAClB,WAAW,CAAC,yCAAyC,CAAC;SACtD,OAAO,CAAC,OAAO,CAAC;SAChB,MAAM,CAAC,wBAAwB,EAAE,uBAAuB,CAAC;SACzD,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;QACxB,gBAAgB;QAChB,MAAM,MAAM,GAAG,YAAY,CAAC;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;SACnC,CAAC,CAAC;QAEH,oBAAoB;QACpB,MAAM,SAAS,GAAG,IAAI,+BAAoB,EAAE,CAAC;QAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAEhC,OAAO,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEL,MAAM,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;AACzC,CAAC;AAED,2BAA2B;AAC3B,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;IACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1,77 @@
|
|
|
1
|
+
import type { CapabilityModel } from '../types/skill.js';
|
|
2
|
+
/**
|
|
3
|
+
* Default policy configuration
|
|
4
|
+
*/
|
|
5
|
+
export interface PolicyConfig {
|
|
6
|
+
/** Default action for secret exfiltration */
|
|
7
|
+
secret_exfil: {
|
|
8
|
+
private_key: 'deny' | 'confirm';
|
|
9
|
+
mnemonic: 'deny' | 'confirm';
|
|
10
|
+
api_secret: 'deny' | 'confirm';
|
|
11
|
+
};
|
|
12
|
+
/** Default action for command execution */
|
|
13
|
+
exec_command: 'allow' | 'deny' | 'confirm';
|
|
14
|
+
/** Web3 policies */
|
|
15
|
+
web3: {
|
|
16
|
+
unlimited_approval: 'allow' | 'deny' | 'confirm';
|
|
17
|
+
unknown_spender: 'allow' | 'deny' | 'confirm';
|
|
18
|
+
user_not_present: 'allow' | 'deny' | 'confirm';
|
|
19
|
+
};
|
|
20
|
+
/** Network policies */
|
|
21
|
+
network: {
|
|
22
|
+
untrusted_domain: 'allow' | 'deny' | 'confirm';
|
|
23
|
+
body_contains_secret: 'allow' | 'deny' | 'confirm';
|
|
24
|
+
};
|
|
25
|
+
}
|
|
26
|
+
/**
|
|
27
|
+
* Default policies - most restrictive
|
|
28
|
+
*/
|
|
29
|
+
export declare const DEFAULT_POLICIES: PolicyConfig;
|
|
30
|
+
/**
|
|
31
|
+
* Restrictive capability model
|
|
32
|
+
*/
|
|
33
|
+
export declare const RESTRICTIVE_CAPABILITY: CapabilityModel;
|
|
34
|
+
/**
|
|
35
|
+
* Permissive capability model (for trusted skills)
|
|
36
|
+
*/
|
|
37
|
+
export declare const PERMISSIVE_CAPABILITY: CapabilityModel;
|
|
38
|
+
/**
|
|
39
|
+
* Common capability presets
|
|
40
|
+
*/
|
|
41
|
+
export declare const CAPABILITY_PRESETS: {
|
|
42
|
+
/** No capabilities */
|
|
43
|
+
none: CapabilityModel;
|
|
44
|
+
/** Read-only local access */
|
|
45
|
+
read_only: {
|
|
46
|
+
filesystem_allowlist: string[];
|
|
47
|
+
network_allowlist: string[];
|
|
48
|
+
exec: "allow" | "deny";
|
|
49
|
+
secrets_allowlist: string[];
|
|
50
|
+
web3?: import("../types/skill.js").Web3Capability;
|
|
51
|
+
};
|
|
52
|
+
/** Trading bot preset */
|
|
53
|
+
trading_bot: {
|
|
54
|
+
network_allowlist: string[];
|
|
55
|
+
filesystem_allowlist: string[];
|
|
56
|
+
exec: "deny";
|
|
57
|
+
secrets_allowlist: string[];
|
|
58
|
+
web3: {
|
|
59
|
+
chains_allowlist: number[];
|
|
60
|
+
rpc_allowlist: string[];
|
|
61
|
+
tx_policy: "confirm_high_risk";
|
|
62
|
+
};
|
|
63
|
+
};
|
|
64
|
+
/** DeFi interaction preset */
|
|
65
|
+
defi: {
|
|
66
|
+
network_allowlist: string[];
|
|
67
|
+
filesystem_allowlist: never[];
|
|
68
|
+
exec: "deny";
|
|
69
|
+
secrets_allowlist: never[];
|
|
70
|
+
web3: {
|
|
71
|
+
chains_allowlist: number[];
|
|
72
|
+
rpc_allowlist: string[];
|
|
73
|
+
tx_policy: "confirm_high_risk";
|
|
74
|
+
};
|
|
75
|
+
};
|
|
76
|
+
};
|
|
77
|
+
//# sourceMappingURL=default.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"default.d.ts","sourceRoot":"","sources":["../../src/policy/default.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEzD;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,6CAA6C;IAC7C,YAAY,EAAE;QACZ,WAAW,EAAE,MAAM,GAAG,SAAS,CAAC;QAChC,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAC;QAC7B,UAAU,EAAE,MAAM,GAAG,SAAS,CAAC;KAChC,CAAC;IACF,2CAA2C;IAC3C,YAAY,EAAE,OAAO,GAAG,MAAM,GAAG,SAAS,CAAC;IAC3C,oBAAoB;IACpB,IAAI,EAAE;QACJ,kBAAkB,EAAE,OAAO,GAAG,MAAM,GAAG,SAAS,CAAC;QACjD,eAAe,EAAE,OAAO,GAAG,MAAM,GAAG,SAAS,CAAC;QAC9C,gBAAgB,EAAE,OAAO,GAAG,MAAM,GAAG,SAAS,CAAC;KAChD,CAAC;IACF,uBAAuB;IACvB,OAAO,EAAE;QACP,gBAAgB,EAAE,OAAO,GAAG,MAAM,GAAG,SAAS,CAAC;QAC/C,oBAAoB,EAAE,OAAO,GAAG,MAAM,GAAG,SAAS,CAAC;KACpD,CAAC;CACH;AAED;;GAEG;AACH,eAAO,MAAM,gBAAgB,EAAE,YAuB9B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,sBAAsB,EAAE,eAKpC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,EAAE,eAUnC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,kBAAkB;IAC7B,sBAAsB;;IAGtB,6BAA6B;;;;;;;;IAM7B,yBAAyB;;;;;;;;;;;;IAoBzB,8BAA8B;;;;;;;;;;;;CAY/B,CAAC"}
|