@goplus/agentguard 1.1.5 → 1.1.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +9 -2
- package/dist/adapters/openclaw-plugin.d.ts +14 -7
- package/dist/adapters/openclaw-plugin.d.ts.map +1 -1
- package/dist/adapters/openclaw-plugin.js +43 -8
- package/dist/adapters/openclaw-plugin.js.map +1 -1
- package/dist/cli.js +62 -5
- package/dist/cli.js.map +1 -1
- package/dist/cloud/client.d.ts +11 -3
- package/dist/cloud/client.d.ts.map +1 -1
- package/dist/cloud/client.js +52 -14
- package/dist/cloud/client.js.map +1 -1
- package/dist/config.d.ts +1 -0
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +11 -0
- package/dist/config.js.map +1 -1
- package/dist/feed/types.d.ts +11 -1
- package/dist/feed/types.d.ts.map +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +2 -1
- package/dist/index.js.map +1 -1
- package/dist/installers.d.ts.map +1 -1
- package/dist/installers.js +94 -7
- package/dist/installers.js.map +1 -1
- package/dist/openclaw.d.ts +3 -0
- package/dist/openclaw.d.ts.map +1 -0
- package/dist/openclaw.js +13 -0
- package/dist/openclaw.js.map +1 -0
- package/dist/runtime/protect.d.ts +2 -2
- package/dist/runtime/protect.d.ts.map +1 -1
- package/dist/runtime/protect.js +50 -8
- package/dist/runtime/protect.js.map +1 -1
- package/dist/tests/cli-policy.test.d.ts +2 -0
- package/dist/tests/cli-policy.test.d.ts.map +1 -0
- package/dist/tests/cli-policy.test.js +66 -0
- package/dist/tests/cli-policy.test.js.map +1 -0
- package/dist/tests/cloud-live.test.js +0 -17
- package/dist/tests/cloud-live.test.js.map +1 -1
- package/dist/tests/feed-cloud.test.js +57 -2
- package/dist/tests/feed-cloud.test.js.map +1 -1
- package/dist/tests/installer.test.js +25 -3
- package/dist/tests/installer.test.js.map +1 -1
- package/dist/tests/integration.test.js +57 -3
- package/dist/tests/integration.test.js.map +1 -1
- package/dist/tests/runtime-cloud.test.js +59 -14
- package/dist/tests/runtime-cloud.test.js.map +1 -1
- package/docs/openclaw.md +2 -2
- package/openclaw.d.ts +6 -0
- package/openclaw.js +1 -0
- package/openclaw.plugin.json +1 -0
- package/package.json +7 -2
- package/skills/agentguard/SKILL.md +51 -6
package/dist/config.js
CHANGED
|
@@ -7,6 +7,7 @@ exports.ensureConfig = ensureConfig;
|
|
|
7
7
|
exports.loadConfig = loadConfig;
|
|
8
8
|
exports.saveConfig = saveConfig;
|
|
9
9
|
exports.connectCloud = connectCloud;
|
|
10
|
+
exports.disconnectCloud = disconnectCloud;
|
|
10
11
|
exports.maskApiKey = maskApiKey;
|
|
11
12
|
exports.validateApiKey = validateApiKey;
|
|
12
13
|
exports.normalizeCloudUrl = normalizeCloudUrl;
|
|
@@ -89,6 +90,16 @@ function connectCloud(options) {
|
|
|
89
90
|
saveConfig(next);
|
|
90
91
|
return next;
|
|
91
92
|
}
|
|
93
|
+
function disconnectCloud() {
|
|
94
|
+
const current = ensureConfig();
|
|
95
|
+
const next = { ...current };
|
|
96
|
+
delete next.apiKey;
|
|
97
|
+
delete next.connectedAt;
|
|
98
|
+
(0, node_fs_1.rmSync)(current.eventSpoolPath, { force: true });
|
|
99
|
+
(0, node_fs_1.rmSync)(current.policyCachePath, { force: true });
|
|
100
|
+
saveConfig(next);
|
|
101
|
+
return next;
|
|
102
|
+
}
|
|
92
103
|
function maskApiKey(apiKey) {
|
|
93
104
|
if (!apiKey)
|
|
94
105
|
return 'not configured';
|
package/dist/config.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":";;AA0BA,gDASC;AAED,sCAUC;AAED,oDAKC;AAED,oCAQC;AAED,gCAkBC;AAED,gCAKC;AAED,oCAWC;AAED,gCAIC;AAED,wCAIC;AAID,8CAeC;
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":";;AA0BA,gDASC;AAED,sCAUC;AAED,oDAKC;AAED,oCAQC;AAED,gCAkBC;AAED,gCAKC;AAED,oCAWC;AAED,0CASC;AAED,gCAIC;AAED,wCAIC;AAID,8CAeC;AAlJD,qCAAgG;AAChG,yCAA0C;AAC1C,qCAAkC;AAqBlC,MAAM,iBAAiB,GAAG,kCAAkC,CAAC;AAC7D,MAAM,eAAe,GAAG,6BAA6B,CAAC;AAEtD,SAAgB,kBAAkB;IAChC,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,IAAA,gBAAI,EAAC,IAAA,iBAAO,GAAE,EAAE,aAAa,CAAC,CAAC;IAC3E,OAAO;QACL,IAAI;QACJ,UAAU,EAAE,IAAA,gBAAI,EAAC,IAAI,EAAE,aAAa,CAAC;QACrC,eAAe,EAAE,IAAA,gBAAI,EAAC,IAAI,EAAE,mBAAmB,CAAC;QAChD,SAAS,EAAE,IAAA,gBAAI,EAAC,IAAI,EAAE,aAAa,CAAC;QACpC,cAAc,EAAE,IAAA,gBAAI,EAAC,IAAI,EAAE,oBAAoB,CAAC;KACjD,CAAC;AACJ,CAAC;AAED,SAAgB,aAAa;IAC3B,MAAM,KAAK,GAAG,kBAAkB,EAAE,CAAC;IACnC,OAAO;QACL,OAAO,EAAE,CAAC;QACV,KAAK,EAAE,UAAU;QACjB,QAAQ,EAAE,iBAAiB;QAC3B,eAAe,EAAE,KAAK,CAAC,eAAe;QACtC,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,cAAc,EAAE,KAAK,CAAC,cAAc;KACrC,CAAC;AACJ,CAAC;AAED,SAAgB,oBAAoB;IAClC,MAAM,KAAK,GAAG,kBAAkB,EAAE,CAAC;IACnC,IAAA,mBAAS,EAAC,KAAK,CAAC,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACxD,eAAe,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACnC,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAgB,YAAY;IAC1B,MAAM,KAAK,GAAG,oBAAoB,EAAE,CAAC;IACrC,IAAI,CAAC,IAAA,oBAAU,EAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC;QAClC,MAAM,MAAM,GAAG,aAAa,EAAE,CAAC;QAC/B,UAAU,CAAC,MAAM,CAAC,CAAC;QACnB,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,OAAO,UAAU,EAAE,CAAC;AACtB,CAAC;AAED,SAAgB,UAAU;IACxB,MAAM,QAAQ,GAAG,aAAa,EAAE,CAAC;IACjC,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,kBAAkB,EAAE,CAAC;QACnC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,sBAAY,EAAC,KAAK,CAAC,UAAU,EAAE,MAAM,CAAC,CAA8B,CAAC;QAC/F,OAAO;YACL,GAAG,QAAQ;YACX,GAAG,MAAM;YACT,OAAO,EAAE,CAAC;YACV,KAAK,EAAE,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,QAAQ,CAAC,KAAK;YACrD,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,QAAQ,CAAC,QAAQ;YAC9C,eAAe,EAAE,MAAM,CAAC,eAAe,IAAI,QAAQ,CAAC,eAAe;YACnE,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,QAAQ,CAAC,SAAS;YACjD,cAAc,EAAE,MAAM,CAAC,cAAc,IAAI,QAAQ,CAAC,cAAc;SACjE,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,QAAQ,CAAC;IAClB,CAAC;AACH,CAAC;AAED,SAAgB,UAAU,CAAC,MAAwB;IACjD,MAAM,KAAK,GAAG,oBAAoB,EAAE,CAAC;IACrC,IAAA,mBAAS,EAAC,IAAA,mBAAO,EAAC,KAAK,CAAC,UAAU,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1D,IAAA,uBAAa,EAAC,KAAK,CAAC,UAAU,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACzF,eAAe,CAAC,KAAK,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;AAC3C,CAAC;AAED,SAAgB,YAAY,CAAC,OAA8C;IACzE,MAAM,OAAO,GAAG,YAAY,EAAE,CAAC;IAC/B,cAAc,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAC/B,MAAM,IAAI,GAAqB;QAC7B,GAAG,OAAO;QACV,QAAQ,EAAE,iBAAiB,CAAC,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,QAAQ,IAAI,iBAAiB,CAAC;QACtF,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACtC,CAAC;IACF,UAAU,CAAC,IAAI,CAAC,CAAC;IACjB,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAgB,eAAe;IAC7B,MAAM,OAAO,GAAG,YAAY,EAAE,CAAC;IAC/B,MAAM,IAAI,GAAqB,EAAE,GAAG,OAAO,EAAE,CAAC;IAC9C,OAAO,IAAI,CAAC,MAAM,CAAC;IACnB,OAAO,IAAI,CAAC,WAAW,CAAC;IACxB,IAAA,gBAAM,EAAC,OAAO,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAChD,IAAA,gBAAM,EAAC,OAAO,CAAC,eAAe,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACjD,UAAU,CAAC,IAAI,CAAC,CAAC;IACjB,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAgB,UAAU,CAAC,MAAe;IACxC,IAAI,CAAC,MAAM;QAAE,OAAO,gBAAgB,CAAC;IACrC,IAAI,MAAM,CAAC,MAAM,IAAI,EAAE;QAAE,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC;IACzD,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;AACrD,CAAC;AAED,SAAgB,cAAc,CAAC,MAAc;IAC3C,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,8DAA8D,CAAC,CAAC;IAClF,CAAC;AACH,CAAC;AAED,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,WAAW,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC,CAAC;AAE7E,SAAgB,iBAAiB,CAAC,KAAa;IAC7C,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAC7C,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACxC,CAAC;IACD,MAAM,UAAU,GAAG,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACvD,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,CAAC,QAAQ,KAAK,OAAO,IAAI,UAAU,CAAC,EAAE,CAAC;QACjF,MAAM,IAAI,KAAK,CACb,uGAAuG,CACxG,CAAC;IACJ,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,UAAU,IAAI,KAAK,KAAK,YAAY;QACzE,CAAC,CAAC,KAAK;QACP,CAAC,CAAC,IAAI,CAAC;AACX,CAAC;AAED,SAAS,eAAe,CAAC,IAAY,EAAE,IAAY;IACjD,IAAI,CAAC;QACH,IAAA,mBAAS,EAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,sEAAsE;IACxE,CAAC;AACH,CAAC"}
|
package/dist/feed/types.d.ts
CHANGED
|
@@ -11,7 +11,7 @@
|
|
|
11
11
|
* federated with OSV and OSS Insight.
|
|
12
12
|
*/
|
|
13
13
|
/** Supply-chain ecosystem an advisory targets. */
|
|
14
|
-
export type AdvisoryEcosystem = 'skill' | 'plugin' | 'mcp_server';
|
|
14
|
+
export type AdvisoryEcosystem = 'skill' | 'plugin' | 'mcp_server' | 'supply_chain' | 'url' | 'prompt_injection';
|
|
15
15
|
export type AdvisorySeverity = 'low' | 'medium' | 'high' | 'critical';
|
|
16
16
|
/**
|
|
17
17
|
* One matcher inside `Advisory.affected[]`. A local artifact matches the
|
|
@@ -43,6 +43,10 @@ export interface AdvisoryAffected {
|
|
|
43
43
|
* a code/text pattern rather than a known hash.
|
|
44
44
|
*/
|
|
45
45
|
bodyRegex?: string;
|
|
46
|
+
/** Optional URL glob/regex-style pattern for URL-focused advisories. */
|
|
47
|
+
urlPattern?: string;
|
|
48
|
+
/** Optional exact domain match for URL/domain-focused advisories. */
|
|
49
|
+
domainExact?: string;
|
|
46
50
|
}
|
|
47
51
|
export interface Advisory {
|
|
48
52
|
/** Stable identifier, e.g. `AGS-2026-0042`. */
|
|
@@ -67,6 +71,12 @@ export interface Advisory {
|
|
|
67
71
|
signature?: string;
|
|
68
72
|
/** External references — Snyk, NVD, GHSA, blog posts. */
|
|
69
73
|
references?: string[];
|
|
74
|
+
selfCheck?: {
|
|
75
|
+
inspectPaths?: string[];
|
|
76
|
+
matchers: unknown[];
|
|
77
|
+
remediationAction?: 'quarantine' | 'uninstall' | 'block_url' | 'revoke_token' | 'notify_only';
|
|
78
|
+
remediationMd?: string;
|
|
79
|
+
};
|
|
70
80
|
}
|
|
71
81
|
/**
|
|
72
82
|
* Local feed-subscription state. Persisted between `subscribe` runs so the
|
package/dist/feed/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/feed/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,kDAAkD;AAClD,MAAM,MAAM,iBAAiB,
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/feed/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,kDAAkD;AAClD,MAAM,MAAM,iBAAiB,GACzB,OAAO,GACP,QAAQ,GACR,YAAY,GACZ,cAAc,GACd,KAAK,GACL,kBAAkB,CAAC;AAEvB,MAAM,MAAM,gBAAgB,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAEtE;;;;GAIG;AACH,MAAM,WAAW,gBAAgB;IAC/B;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;;;OAIG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;;OAIG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;;OAIG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,wEAAwE;IACxE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,qEAAqE;IACrE,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,QAAQ;IACvB,+CAA+C;IAC/C,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,iBAAiB,CAAC;IAC7B,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,oCAAoC;IACpC,OAAO,EAAE,MAAM,CAAC;IAChB,8DAA8D;IAC9D,SAAS,EAAE,MAAM,CAAC;IAClB,2EAA2E;IAC3E,QAAQ,EAAE,gBAAgB,EAAE,CAAC;IAC7B,yCAAyC;IACzC,WAAW,EAAE,MAAM,CAAC;IACpB,0EAA0E;IAC1E,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B;;;;OAIG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,yDAAyD;IACzD,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,SAAS,CAAC,EAAE;QACV,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;QACxB,QAAQ,EAAE,OAAO,EAAE,CAAC;QACpB,iBAAiB,CAAC,EAAE,YAAY,GAAG,WAAW,GAAG,WAAW,GAAG,cAAc,GAAG,aAAa,CAAC;QAC9F,aAAa,CAAC,EAAE,MAAM,CAAC;KACxB,CAAC;CACH;AAED;;;GAGG;AACH,MAAM,WAAW,SAAS;IACxB,+EAA+E;IAC/E,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,+DAA+D;IAC/D,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,+EAA+E;IAC/E,gBAAgB,EAAE,cAAc,EAAE,CAAC;IACnC,2CAA2C;IAC3C,SAAS,EAAE,MAAM,CAAC;IAClB,wEAAwE;IACxE,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,MAAM,WAAW,cAAc;IAC7B;6DACyD;IACzD,IAAI,EAAE,MAAM,CAAC;IACb,kEAAkE;IAClE,SAAS,EAAE,aAAa,GAAG,QAAQ,GAAG,WAAW,CAAC;IAClD,iFAAiF;IACjF,IAAI,CAAC,EAAE,MAAM,CAAC;CACf"}
|
package/dist/index.d.ts
CHANGED
|
@@ -13,7 +13,7 @@ export { ActionScanner, GoPlusClient, type ActionScannerOptions, } from './actio
|
|
|
13
13
|
export { DEFAULT_POLICIES, RESTRICTIVE_CAPABILITY, PERMISSIVE_CAPABILITY, CAPABILITY_PRESETS, type PolicyConfig, } from './policy/default.js';
|
|
14
14
|
export { containsSensitiveData, maskSensitiveData, extractDomain, isDomainAllowed, SENSITIVE_PATTERNS, } from './utils/patterns.js';
|
|
15
15
|
export { ClaudeCodeAdapter, OpenClawAdapter, HermesAdapter, evaluateHook, registerOpenClawPlugin, loadConfig, type HookAdapter, type HookInput, type HookOutput, type EngineOptions, } from './adapters/index.js';
|
|
16
|
-
export { ensureConfig, loadConfig as loadAgentGuardConfig, saveConfig as saveAgentGuardConfig, connectCloud, getAgentGuardPaths, type AgentGuardConfig, } from './config.js';
|
|
16
|
+
export { ensureConfig, loadConfig as loadAgentGuardConfig, saveConfig as saveAgentGuardConfig, connectCloud, disconnectCloud, getAgentGuardPaths, type AgentGuardConfig, } from './config.js';
|
|
17
17
|
export { AgentGuardCloudClient } from './cloud/client.js';
|
|
18
18
|
export { evaluateLocalAction } from './runtime/evaluator.js';
|
|
19
19
|
export { protectAction, formatProtectResult, exitCodeForDecision, type ProtectOptions, type ProtectResult, } from './runtime/protect.js';
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,cAAc,kBAAkB,CAAC;AAGjC,OAAO,EAAE,YAAY,EAAE,KAAK,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACvE,OAAO,EACL,aAAa,EACb,eAAe,EACf,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,KAAK,YAAY,EACjB,KAAK,YAAY,GAClB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,aAAa,EACb,YAAY,EACZ,KAAK,oBAAoB,GAC1B,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,gBAAgB,EAChB,sBAAsB,EACtB,qBAAqB,EACrB,kBAAkB,EAClB,KAAK,YAAY,GAClB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,aAAa,EACb,eAAe,EACf,kBAAkB,GACnB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,iBAAiB,EACjB,eAAe,EACf,aAAa,EACb,YAAY,EACZ,sBAAsB,EACtB,UAAU,EACV,KAAK,WAAW,EAChB,KAAK,SAAS,EACd,KAAK,UAAU,EACf,KAAK,aAAa,GACnB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,YAAY,EACZ,UAAU,IAAI,oBAAoB,EAClC,UAAU,IAAI,oBAAoB,EAClC,YAAY,EACZ,kBAAkB,EAClB,KAAK,gBAAgB,GACtB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAC1D,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,EACL,aAAa,EACb,mBAAmB,EACnB,mBAAmB,EACnB,KAAK,cAAc,EACnB,KAAK,aAAa,GACnB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,UAAU,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAClF,OAAO,EACL,gCAAgC,EAChC,gBAAgB,EAChB,gBAAgB,EAChB,oBAAoB,GACrB,MAAM,qBAAqB,CAAC;AAC7B,YAAY,EACV,sBAAsB,EACtB,aAAa,EACb,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,gBAAgB,EAChB,mBAAmB,GACpB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAExD;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,CAAC,EAAE;IACzC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,8EAA8E;IAC9E,mBAAmB,CAAC,EAAE,eAAe,CAAC;CACvC;;;;EAmBA;AAGD,eAAe,gBAAgB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,cAAc,kBAAkB,CAAC;AAGjC,OAAO,EAAE,YAAY,EAAE,KAAK,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACvE,OAAO,EACL,aAAa,EACb,eAAe,EACf,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,KAAK,YAAY,EACjB,KAAK,YAAY,GAClB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,aAAa,EACb,YAAY,EACZ,KAAK,oBAAoB,GAC1B,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,gBAAgB,EAChB,sBAAsB,EACtB,qBAAqB,EACrB,kBAAkB,EAClB,KAAK,YAAY,GAClB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,aAAa,EACb,eAAe,EACf,kBAAkB,GACnB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,iBAAiB,EACjB,eAAe,EACf,aAAa,EACb,YAAY,EACZ,sBAAsB,EACtB,UAAU,EACV,KAAK,WAAW,EAChB,KAAK,SAAS,EACd,KAAK,UAAU,EACf,KAAK,aAAa,GACnB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,YAAY,EACZ,UAAU,IAAI,oBAAoB,EAClC,UAAU,IAAI,oBAAoB,EAClC,YAAY,EACZ,eAAe,EACf,kBAAkB,EAClB,KAAK,gBAAgB,GACtB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAC1D,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,EACL,aAAa,EACb,mBAAmB,EACnB,mBAAmB,EACnB,KAAK,cAAc,EACnB,KAAK,aAAa,GACnB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,UAAU,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAClF,OAAO,EACL,gCAAgC,EAChC,gBAAgB,EAChB,gBAAgB,EAChB,oBAAoB,GACrB,MAAM,qBAAqB,CAAC;AAC7B,YAAY,EACV,sBAAsB,EACtB,aAAa,EACb,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,gBAAgB,EAChB,mBAAmB,GACpB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAExD;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,CAAC,EAAE;IACzC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,8EAA8E;IAC9E,mBAAmB,CAAC,EAAE,eAAe,CAAC;CACvC;;;;EAmBA;AAGD,eAAe,gBAAgB,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -22,7 +22,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
22
22
|
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
23
23
|
};
|
|
24
24
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
25
|
-
exports.resolveRuntimePolicy = exports.saveCachedPolicy = exports.loadCachedPolicy = exports.getDefaultEffectiveRuntimePolicy = exports.redactReasons = exports.redactPreview = exports.redactText = exports.exitCodeForDecision = exports.formatProtectResult = exports.protectAction = exports.evaluateLocalAction = exports.AgentGuardCloudClient = exports.getAgentGuardPaths = exports.connectCloud = exports.saveAgentGuardConfig = exports.loadAgentGuardConfig = exports.ensureConfig = exports.loadConfig = exports.registerOpenClawPlugin = exports.evaluateHook = exports.HermesAdapter = exports.OpenClawAdapter = exports.ClaudeCodeAdapter = exports.SENSITIVE_PATTERNS = exports.isDomainAllowed = exports.extractDomain = exports.maskSensitiveData = exports.containsSensitiveData = exports.CAPABILITY_PRESETS = exports.PERMISSIVE_CAPABILITY = exports.RESTRICTIVE_CAPABILITY = exports.DEFAULT_POLICIES = exports.GoPlusClient = exports.ActionScanner = exports.RegistryStorage = exports.SkillRegistry = exports.SkillScanner = void 0;
|
|
25
|
+
exports.resolveRuntimePolicy = exports.saveCachedPolicy = exports.loadCachedPolicy = exports.getDefaultEffectiveRuntimePolicy = exports.redactReasons = exports.redactPreview = exports.redactText = exports.exitCodeForDecision = exports.formatProtectResult = exports.protectAction = exports.evaluateLocalAction = exports.AgentGuardCloudClient = exports.getAgentGuardPaths = exports.disconnectCloud = exports.connectCloud = exports.saveAgentGuardConfig = exports.loadAgentGuardConfig = exports.ensureConfig = exports.loadConfig = exports.registerOpenClawPlugin = exports.evaluateHook = exports.HermesAdapter = exports.OpenClawAdapter = exports.ClaudeCodeAdapter = exports.SENSITIVE_PATTERNS = exports.isDomainAllowed = exports.extractDomain = exports.maskSensitiveData = exports.containsSensitiveData = exports.CAPABILITY_PRESETS = exports.PERMISSIVE_CAPABILITY = exports.RESTRICTIVE_CAPABILITY = exports.DEFAULT_POLICIES = exports.GoPlusClient = exports.ActionScanner = exports.RegistryStorage = exports.SkillRegistry = exports.SkillScanner = void 0;
|
|
26
26
|
exports.createAgentGuard = createAgentGuard;
|
|
27
27
|
// Export types
|
|
28
28
|
__exportStar(require("./types/index.js"), exports);
|
|
@@ -62,6 +62,7 @@ Object.defineProperty(exports, "ensureConfig", { enumerable: true, get: function
|
|
|
62
62
|
Object.defineProperty(exports, "loadAgentGuardConfig", { enumerable: true, get: function () { return config_js_1.loadConfig; } });
|
|
63
63
|
Object.defineProperty(exports, "saveAgentGuardConfig", { enumerable: true, get: function () { return config_js_1.saveConfig; } });
|
|
64
64
|
Object.defineProperty(exports, "connectCloud", { enumerable: true, get: function () { return config_js_1.connectCloud; } });
|
|
65
|
+
Object.defineProperty(exports, "disconnectCloud", { enumerable: true, get: function () { return config_js_1.disconnectCloud; } });
|
|
65
66
|
Object.defineProperty(exports, "getAgentGuardPaths", { enumerable: true, get: function () { return config_js_1.getAgentGuardPaths; } });
|
|
66
67
|
var client_js_1 = require("./cloud/client.js");
|
|
67
68
|
Object.defineProperty(exports, "AgentGuardCloudClient", { enumerable: true, get: function () { return client_js_1.AgentGuardCloudClient; } });
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;;;;;;;;;;;;;;;AAkGH,4CAwBC;AAxHD,eAAe;AACf,mDAAiC;AAEjC,iBAAiB;AACjB,+CAAuE;AAA9D,wGAAA,YAAY,OAAA;AACrB,gDAO6B;AAN3B,yGAAA,aAAa,OAAA;AACb,2GAAA,eAAe,OAAA;AAMjB,8CAI2B;AAHzB,yGAAA,aAAa,OAAA;AACb,wGAAA,YAAY,OAAA;AAId,wBAAwB;AACxB,kDAM6B;AAL3B,8GAAA,gBAAgB,OAAA;AAChB,oHAAA,sBAAsB,OAAA;AACtB,mHAAA,qBAAqB,OAAA;AACrB,gHAAA,kBAAkB,OAAA;AAIpB,2BAA2B;AAC3B,mDAM6B;AAL3B,oHAAA,qBAAqB,OAAA;AACrB,gHAAA,iBAAiB,OAAA;AACjB,4GAAA,aAAa,OAAA;AACb,8GAAA,eAAe,OAAA;AACf,iHAAA,kBAAkB,OAAA;AAGpB,gDAAgD;AAChD,gDAW6B;AAV3B,6GAAA,iBAAiB,OAAA;AACjB,2GAAA,eAAe,OAAA;AACf,yGAAA,aAAa,OAAA;AACb,wGAAA,YAAY,OAAA;AACZ,kHAAA,sBAAsB,OAAA;AACtB,sGAAA,UAAU,OAAA;AAOZ,uDAAuD;AACvD,yCAQqB;AAPnB,yGAAA,YAAY,OAAA;AACZ,iHAAA,UAAU,OAAwB;AAClC,iHAAA,UAAU,OAAwB;AAClC,yGAAA,YAAY,OAAA;AACZ,4GAAA,eAAe,OAAA;AACf,+GAAA,kBAAkB,OAAA;AAGpB,+CAA0D;AAAjD,kHAAA,qBAAqB,OAAA;AAC9B,uDAA6D;AAApD,mHAAA,mBAAmB,OAAA;AAC5B,mDAM8B;AAL5B,2GAAA,aAAa,OAAA;AACb,iHAAA,mBAAmB,OAAA;AACnB,iHAAA,mBAAmB,OAAA;AAIrB,uDAAkF;AAAzE,0GAAA,UAAU,OAAA;AAAE,6GAAA,aAAa,OAAA;AAAE,6GAAA,aAAa,OAAA;AACjD,iDAK6B;AAJ3B,6HAAA,gCAAgC,OAAA;AAChC,6GAAA,gBAAgB,OAAA;AAChB,6GAAA,gBAAgB,OAAA;AAChB,iHAAA,oBAAoB,OAAA;AAYtB,gCAAgC;AAChC,iDAAkD;AAClD,kDAAoD;AACpD,gDAAkD;AAGlD;;GAEG;AACH,SAAgB,gBAAgB,CAAC,OAKhC;IACC,MAAM,QAAQ,GAAG,IAAI,wBAAa,CAAC;QACjC,QAAQ,EAAE,OAAO,EAAE,YAAY;KAChC,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,IAAI,uBAAY,CAAC;QAC/B,kBAAkB,EAAE,OAAO,EAAE,kBAAkB,IAAI,IAAI;KACxD,CAAC,CAAC;IAEH,MAAM,aAAa,GAAG,IAAI,wBAAa,CAAC;QACtC,QAAQ;QACR,mBAAmB,EAAE,OAAO,EAAE,mBAAmB;KAClD,CAAC,CAAC;IAEH,OAAO;QACL,OAAO;QACP,QAAQ;QACR,aAAa;KACd,CAAC;AACJ,CAAC;AAED,iBAAiB;AACjB,kBAAe,gBAAgB,CAAC"}
|
package/dist/installers.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"installers.d.ts","sourceRoot":"","sources":["../src/installers.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"installers.d.ts","sourceRoot":"","sources":["../src/installers.ts"],"names":[],"mappings":"AAIA,MAAM,MAAM,cAAc,GAAG,aAAa,GAAG,OAAO,GAAG,UAAU,CAAC;AAElE,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,cAAc,CAAC;IACtB,KAAK,EAAE,MAAM,EAAE,CAAC;CACjB;AAED,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,cAAc,EAAE,OAAO,GAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,OAAO,CAAA;CAAO,GAAG,aAAa,CAM3H"}
|
package/dist/installers.js
CHANGED
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.installAgentTemplates = installAgentTemplates;
|
|
4
4
|
const node_fs_1 = require("node:fs");
|
|
5
|
+
const node_os_1 = require("node:os");
|
|
5
6
|
const node_path_1 = require("node:path");
|
|
6
7
|
function installAgentTemplates(agent, options = {}) {
|
|
7
8
|
const root = options.cwd || process.cwd();
|
|
@@ -10,7 +11,7 @@ function installAgentTemplates(agent, options = {}) {
|
|
|
10
11
|
if (agent === 'codex')
|
|
11
12
|
return installCodex(root, Boolean(options.force));
|
|
12
13
|
if (agent === 'openclaw')
|
|
13
|
-
return installOpenClaw(
|
|
14
|
+
return installOpenClaw(options.cwd, Boolean(options.force));
|
|
14
15
|
throw new Error(`Unsupported agent installer: ${agent}`);
|
|
15
16
|
}
|
|
16
17
|
function installClaudeCode(root, force) {
|
|
@@ -31,10 +32,22 @@ function installCodex(root, force) {
|
|
|
31
32
|
writeIfAllowed(hookPath, JSON.stringify(codexHookTemplate(), null, 2) + '\n', force);
|
|
32
33
|
return { agent: 'codex', files: [skillPath, hookPath] };
|
|
33
34
|
}
|
|
34
|
-
function installOpenClaw(
|
|
35
|
-
const
|
|
35
|
+
function installOpenClaw(cwd, force) {
|
|
36
|
+
const openClawRoot = cwd
|
|
37
|
+
? (0, node_path_1.join)(cwd, '.openclaw')
|
|
38
|
+
: process.env.OPENCLAW_STATE_DIR || (0, node_path_1.join)((0, node_os_1.homedir)(), '.openclaw');
|
|
39
|
+
const pluginDir = (0, node_path_1.join)(openClawRoot, 'plugins', 'agentguard');
|
|
40
|
+
const packagePath = (0, node_path_1.join)(pluginDir, 'package.json');
|
|
41
|
+
const pluginPath = (0, node_path_1.join)(pluginDir, 'index.js');
|
|
42
|
+
const manifestPath = (0, node_path_1.join)(pluginDir, 'openclaw.plugin.json');
|
|
43
|
+
const configPath = cwd
|
|
44
|
+
? (0, node_path_1.join)(openClawRoot, 'openclaw.json')
|
|
45
|
+
: process.env.OPENCLAW_CONFIG_PATH || (0, node_path_1.join)(openClawRoot, 'openclaw.json');
|
|
46
|
+
writeIfAllowed(packagePath, JSON.stringify(openClawPackageManifest(), null, 2) + '\n', force);
|
|
36
47
|
writeIfAllowed(pluginPath, openClawPluginTemplate(), force);
|
|
37
|
-
|
|
48
|
+
writeIfAllowed(manifestPath, JSON.stringify(openClawPluginManifest(), null, 2) + '\n', force);
|
|
49
|
+
enableOpenClawPlugin(configPath, pluginDir);
|
|
50
|
+
return { agent: 'openclaw', files: [packagePath, pluginPath, manifestPath, configPath] };
|
|
38
51
|
}
|
|
39
52
|
function writeIfAllowed(path, content, force) {
|
|
40
53
|
if ((0, node_fs_1.existsSync)(path) && !force)
|
|
@@ -106,7 +119,7 @@ Expected decisions:
|
|
|
106
119
|
|
|
107
120
|
- \`allow\`: continue
|
|
108
121
|
- \`warn\`: show warning and continue
|
|
109
|
-
- \`confirm\`: ask for approval before continuing
|
|
122
|
+
- \`confirm\`: ask for approval in the agent channel before continuing
|
|
110
123
|
- \`block\`: stop the action
|
|
111
124
|
`;
|
|
112
125
|
}
|
|
@@ -124,13 +137,87 @@ function codexHookTemplate() {
|
|
|
124
137
|
};
|
|
125
138
|
}
|
|
126
139
|
function openClawPluginTemplate() {
|
|
127
|
-
return `
|
|
140
|
+
return `const { registerOpenClawPlugin } = require('@goplus/agentguard');
|
|
128
141
|
|
|
129
|
-
|
|
142
|
+
function register(api) {
|
|
130
143
|
registerOpenClawPlugin(api, {
|
|
131
144
|
skipAutoScan: false,
|
|
132
145
|
});
|
|
133
146
|
}
|
|
147
|
+
|
|
148
|
+
module.exports = Object.defineProperties(register, {
|
|
149
|
+
id: { enumerable: true, value: 'agentguard' },
|
|
150
|
+
name: { enumerable: true, value: 'GoPlus AgentGuard' },
|
|
151
|
+
description: {
|
|
152
|
+
enumerable: true,
|
|
153
|
+
value: 'AI agent security framework - blocks dangerous commands, prevents data leaks, and protects secrets',
|
|
154
|
+
},
|
|
155
|
+
register: { enumerable: true, value: register },
|
|
156
|
+
});
|
|
134
157
|
`;
|
|
135
158
|
}
|
|
159
|
+
function openClawPackageManifest() {
|
|
160
|
+
return {
|
|
161
|
+
name: 'agentguard-openclaw-local',
|
|
162
|
+
private: true,
|
|
163
|
+
type: 'commonjs',
|
|
164
|
+
openclaw: {
|
|
165
|
+
extensions: ['./index.js'],
|
|
166
|
+
runtimeExtensions: ['./index.js'],
|
|
167
|
+
},
|
|
168
|
+
};
|
|
169
|
+
}
|
|
170
|
+
function openClawPluginManifest() {
|
|
171
|
+
return {
|
|
172
|
+
id: 'agentguard',
|
|
173
|
+
name: 'GoPlus AgentGuard',
|
|
174
|
+
description: 'AI agent security framework - blocks dangerous commands, prevents data leaks, and protects secrets',
|
|
175
|
+
configSchema: {
|
|
176
|
+
type: 'object',
|
|
177
|
+
properties: {
|
|
178
|
+
level: {
|
|
179
|
+
type: 'string',
|
|
180
|
+
enum: ['strict', 'balanced', 'permissive'],
|
|
181
|
+
default: 'balanced',
|
|
182
|
+
description: 'Protection level: strict (block all risky), balanced (block dangerous, confirm risky), permissive (only block critical)',
|
|
183
|
+
},
|
|
184
|
+
},
|
|
185
|
+
},
|
|
186
|
+
};
|
|
187
|
+
}
|
|
188
|
+
function enableOpenClawPlugin(configPath, pluginDir) {
|
|
189
|
+
let config = {};
|
|
190
|
+
if ((0, node_fs_1.existsSync)(configPath)) {
|
|
191
|
+
const raw = (0, node_fs_1.readFileSync)(configPath, 'utf8').trim();
|
|
192
|
+
config = raw ? JSON.parse(raw) : {};
|
|
193
|
+
}
|
|
194
|
+
const plugins = ensureRecord(config, 'plugins');
|
|
195
|
+
const load = ensureRecord(plugins, 'load');
|
|
196
|
+
const entries = ensureRecord(plugins, 'entries');
|
|
197
|
+
const agentguard = ensureRecord(entries, 'agentguard');
|
|
198
|
+
agentguard.enabled = true;
|
|
199
|
+
const paths = Array.isArray(load.paths) ? load.paths.filter((p) => typeof p === 'string') : [];
|
|
200
|
+
if (!paths.includes(pluginDir)) {
|
|
201
|
+
paths.push(pluginDir);
|
|
202
|
+
}
|
|
203
|
+
load.paths = paths;
|
|
204
|
+
if (Array.isArray(plugins.allow)) {
|
|
205
|
+
const allow = plugins.allow.filter((id) => typeof id === 'string');
|
|
206
|
+
if (!allow.includes('agentguard')) {
|
|
207
|
+
allow.push('agentguard');
|
|
208
|
+
}
|
|
209
|
+
plugins.allow = allow;
|
|
210
|
+
}
|
|
211
|
+
(0, node_fs_1.mkdirSync)((0, node_path_1.dirname)(configPath), { recursive: true });
|
|
212
|
+
(0, node_fs_1.writeFileSync)(configPath, JSON.stringify(config, null, 2) + '\n');
|
|
213
|
+
}
|
|
214
|
+
function ensureRecord(parent, key) {
|
|
215
|
+
const existing = parent[key];
|
|
216
|
+
if (existing && typeof existing === 'object' && !Array.isArray(existing)) {
|
|
217
|
+
return existing;
|
|
218
|
+
}
|
|
219
|
+
const next = {};
|
|
220
|
+
parent[key] = next;
|
|
221
|
+
return next;
|
|
222
|
+
}
|
|
136
223
|
//# sourceMappingURL=installers.js.map
|
package/dist/installers.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"installers.js","sourceRoot":"","sources":["../src/installers.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"installers.js","sourceRoot":"","sources":["../src/installers.ts"],"names":[],"mappings":";;AAWA,sDAMC;AAjBD,qCAA6E;AAC7E,qCAAkC;AAClC,yCAA0C;AAS1C,SAAgB,qBAAqB,CAAC,KAAqB,EAAE,UAA6C,EAAE;IAC1G,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IAC1C,IAAI,KAAK,KAAK,aAAa;QAAE,OAAO,iBAAiB,CAAC,IAAI,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;IACpF,IAAI,KAAK,KAAK,OAAO;QAAE,OAAO,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;IACzE,IAAI,KAAK,KAAK,UAAU;QAAE,OAAO,eAAe,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;IACtF,MAAM,IAAI,KAAK,CAAC,gCAAgC,KAAK,EAAE,CAAC,CAAC;AAC3D,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAY,EAAE,KAAc;IACrD,MAAM,OAAO,GAAG,IAAA,gBAAI,EAAC,IAAI,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;IAC/C,MAAM,QAAQ,GAAG,IAAA,gBAAI,EAAC,OAAO,EAAE,uBAAuB,CAAC,CAAC;IACxD,MAAM,YAAY,GAAG,IAAA,gBAAI,EAAC,IAAI,EAAE,SAAS,EAAE,qBAAqB,CAAC,CAAC;IAClE,IAAA,mBAAS,EAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACxC,cAAc,CAAC,QAAQ,EAAE,gBAAgB,EAAE,EAAE,KAAK,CAAC,CAAC;IACpD,cAAc,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,KAAK,CAAC,CAAC;IACtF,OAAO,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC,QAAQ,EAAE,YAAY,CAAC,EAAE,CAAC;AACnE,CAAC;AAED,SAAS,YAAY,CAAC,IAAY,EAAE,KAAc;IAChD,MAAM,QAAQ,GAAG,IAAA,gBAAI,EAAC,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC;IAC9D,MAAM,SAAS,GAAG,IAAA,gBAAI,EAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAC7C,MAAM,QAAQ,GAAG,IAAA,gBAAI,EAAC,IAAI,EAAE,QAAQ,EAAE,8BAA8B,CAAC,CAAC;IACtE,IAAA,mBAAS,EAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,cAAc,CAAC,SAAS,EAAE,kBAAkB,EAAE,EAAE,KAAK,CAAC,CAAC;IACvD,cAAc,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,iBAAiB,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,KAAK,CAAC,CAAC;IACrF,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,EAAE,CAAC;AAC1D,CAAC;AAED,SAAS,eAAe,CAAC,GAAuB,EAAE,KAAc;IAC9D,MAAM,YAAY,GAAG,GAAG;QACtB,CAAC,CAAC,IAAA,gBAAI,EAAC,GAAG,EAAE,WAAW,CAAC;QACxB,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,IAAA,gBAAI,EAAC,IAAA,iBAAO,GAAE,EAAE,WAAW,CAAC,CAAC;IACnE,MAAM,SAAS,GAAG,IAAA,gBAAI,EAAC,YAAY,EAAE,SAAS,EAAE,YAAY,CAAC,CAAC;IAC9D,MAAM,WAAW,GAAG,IAAA,gBAAI,EAAC,SAAS,EAAE,cAAc,CAAC,CAAC;IACpD,MAAM,UAAU,GAAG,IAAA,gBAAI,EAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IAC/C,MAAM,YAAY,GAAG,IAAA,gBAAI,EAAC,SAAS,EAAE,sBAAsB,CAAC,CAAC;IAC7D,MAAM,UAAU,GAAG,GAAG;QACpB,CAAC,CAAC,IAAA,gBAAI,EAAC,YAAY,EAAE,eAAe,CAAC;QACrC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,IAAA,gBAAI,EAAC,YAAY,EAAE,eAAe,CAAC,CAAC;IAE5E,cAAc,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,uBAAuB,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,KAAK,CAAC,CAAC;IAC9F,cAAc,CAAC,UAAU,EAAE,sBAAsB,EAAE,EAAE,KAAK,CAAC,CAAC;IAC5D,cAAc,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,sBAAsB,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,KAAK,CAAC,CAAC;IAC9F,oBAAoB,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;IAE5C,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,WAAW,EAAE,UAAU,EAAE,YAAY,EAAE,UAAU,CAAC,EAAE,CAAC;AAC3F,CAAC;AAED,SAAS,cAAc,CAAC,IAAY,EAAE,OAAe,EAAE,KAAc;IACnE,IAAI,IAAA,oBAAU,EAAC,IAAI,CAAC,IAAI,CAAC,KAAK;QAAE,OAAO;IACvC,IAAA,mBAAS,EAAC,IAAA,mBAAO,EAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9C,IAAA,uBAAa,EAAC,IAAI,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;AACnF,CAAC;AAED,SAAS,gBAAgB;IACvB,OAAO;;;CAGR,CAAC;AACF,CAAC;AAED,SAAS,cAAc;IACrB,OAAO;QACL,KAAK,EAAE;YACL,UAAU,EAAE;gBACV;oBACE,OAAO,EAAE,MAAM;oBACf,KAAK,EAAE;wBACL;4BACE,IAAI,EAAE,SAAS;4BACf,OAAO,EACL,gIAAgI;yBACnI;qBACF;iBACF;gBACD;oBACE,OAAO,EAAE,MAAM;oBACf,KAAK,EAAE;wBACL;4BACE,IAAI,EAAE,SAAS;4BACf,OAAO,EACL,oIAAoI;yBACvI;qBACF;iBACF;gBACD;oBACE,OAAO,EAAE,sBAAsB;oBAC/B,KAAK,EAAE;wBACL;4BACE,IAAI,EAAE,SAAS;4BACf,OAAO,EACL,sIAAsI;yBACzI;qBACF;iBACF;gBACD;oBACE,OAAO,EAAE,oBAAoB;oBAC7B,KAAK,EAAE;wBACL;4BACE,IAAI,EAAE,SAAS;4BACf,OAAO,EACL,sIAAsI;yBACzI;qBACF;iBACF;aACF;SACF;KACF,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB;IACzB,OAAO;;;;;;;;;;;;;;;CAeR,CAAC;AACF,CAAC;AAED,SAAS,iBAAiB;IACxB,OAAO;QACL,SAAS,EAAE,OAAO;QAClB,OAAO,EAAE,gDAAgD;QACzD,WAAW,EAAE;YACX,KAAK,EAAE,OAAO;YACd,QAAQ,EAAE,WAAW;YACrB,SAAS,EAAE,YAAY;YACvB,OAAO,EAAE,SAAS;YAClB,OAAO,EAAE,UAAU;SACpB;KACF,CAAC;AACJ,CAAC;AAED,SAAS,sBAAsB;IAC7B,OAAO;;;;;;;;;;;;;;;;;CAiBR,CAAC;AACF,CAAC;AAED,SAAS,uBAAuB;IAC9B,OAAO;QACL,IAAI,EAAE,2BAA2B;QACjC,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE;YACR,UAAU,EAAE,CAAC,YAAY,CAAC;YAC1B,iBAAiB,EAAE,CAAC,YAAY,CAAC;SAClC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,sBAAsB;IAC7B,OAAO;QACL,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,mBAAmB;QACzB,WAAW,EAAE,oGAAoG;QACjH,YAAY,EAAE;YACZ,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,KAAK,EAAE;oBACL,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,QAAQ,EAAE,UAAU,EAAE,YAAY,CAAC;oBAC1C,OAAO,EAAE,UAAU;oBACnB,WAAW,EAAE,yHAAyH;iBACvI;aACF;SACF;KACF,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAAC,UAAkB,EAAE,SAAiB;IACjE,IAAI,MAAM,GAA4B,EAAE,CAAC;IACzC,IAAI,IAAA,oBAAU,EAAC,UAAU,CAAC,EAAE,CAAC;QAC3B,MAAM,GAAG,GAAG,IAAA,sBAAY,EAAC,UAAU,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QACpD,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAA4B,CAAC,CAAC,CAAC,EAAE,CAAC;IACjE,CAAC;IAED,MAAM,OAAO,GAAG,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAChD,MAAM,IAAI,GAAG,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IACjD,MAAM,UAAU,GAAG,YAAY,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IACvD,UAAU,CAAC,OAAO,GAAG,IAAI,CAAC;IAE1B,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAC5G,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QAC/B,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACxB,CAAC;IACD,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IAEnB,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,EAAE,EAAgB,EAAE,CAAC,OAAO,EAAE,KAAK,QAAQ,CAAC,CAAC;QACjF,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;YAClC,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC3B,CAAC;QACD,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC;IACxB,CAAC;IAED,IAAA,mBAAS,EAAC,IAAA,mBAAO,EAAC,UAAU,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACpD,IAAA,uBAAa,EAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;AACpE,CAAC;AAED,SAAS,YAAY,CAAC,MAA+B,EAAE,GAAW;IAChE,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IAC7B,IAAI,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzE,OAAO,QAAmC,CAAC;IAC7C,CAAC;IACD,MAAM,IAAI,GAA4B,EAAE,CAAC;IACzC,MAAM,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;IACnB,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"openclaw.d.ts","sourceRoot":"","sources":["../src/openclaw.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,+BAA+B,CAAC;AACxD,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,sBAAsB,GACvB,MAAM,+BAA+B,CAAC"}
|
package/dist/openclaw.js
ADDED
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.registerOpenClawPlugin = exports.getPluginScanResult = exports.getPluginIdFromTool = exports.default = void 0;
|
|
7
|
+
var openclaw_plugin_js_1 = require("./adapters/openclaw-plugin.js");
|
|
8
|
+
Object.defineProperty(exports, "default", { enumerable: true, get: function () { return __importDefault(openclaw_plugin_js_1).default; } });
|
|
9
|
+
var openclaw_plugin_js_2 = require("./adapters/openclaw-plugin.js");
|
|
10
|
+
Object.defineProperty(exports, "getPluginIdFromTool", { enumerable: true, get: function () { return openclaw_plugin_js_2.getPluginIdFromTool; } });
|
|
11
|
+
Object.defineProperty(exports, "getPluginScanResult", { enumerable: true, get: function () { return openclaw_plugin_js_2.getPluginScanResult; } });
|
|
12
|
+
Object.defineProperty(exports, "registerOpenClawPlugin", { enumerable: true, get: function () { return openclaw_plugin_js_2.registerOpenClawPlugin; } });
|
|
13
|
+
//# sourceMappingURL=openclaw.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"openclaw.js","sourceRoot":"","sources":["../src/openclaw.ts"],"names":[],"mappings":";;;;;;AAAA,oEAAwD;AAA/C,8HAAA,OAAO,OAAA;AAChB,oEAIuC;AAHrC,yHAAA,mBAAmB,OAAA;AACnB,yHAAA,mBAAmB,OAAA;AACnB,4HAAA,sBAAsB,OAAA"}
|
|
@@ -13,10 +13,10 @@ export interface ProtectOptions {
|
|
|
13
13
|
export interface ProtectResult {
|
|
14
14
|
decision: RuntimeDecision;
|
|
15
15
|
event: RuntimeAuditEvent;
|
|
16
|
-
|
|
16
|
+
approvalChannel?: 'agent' | null;
|
|
17
17
|
policySource: 'cloud' | 'cache' | 'default' | 'cloud-decision';
|
|
18
18
|
}
|
|
19
19
|
export declare function protectAction(options: ProtectOptions): Promise<ProtectResult | null>;
|
|
20
20
|
export declare function formatProtectResult(result: ProtectResult, json?: boolean): string;
|
|
21
|
-
export declare function exitCodeForDecision(decision: RuntimeDecision): number;
|
|
21
|
+
export declare function exitCodeForDecision(decision: RuntimeDecision, result?: Pick<ProtectResult, 'approvalChannel'>): number;
|
|
22
22
|
//# sourceMappingURL=protect.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"protect.d.ts","sourceRoot":"","sources":["../../src/runtime/protect.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAIrD,OAAO,KAAK,EAAiB,gBAAgB,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAEzH,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,gBAAgB,CAAC;IACzB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,gBAAgB,CAAC;IAC7B,UAAU,CAAC,EAAE,iBAAiB,CAAC;IAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,aAAa,GAAG,OAAO,CAAC;CACxC;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,eAAe,CAAC;IAC1B,KAAK,EAAE,iBAAiB,CAAC;IACzB,
|
|
1
|
+
{"version":3,"file":"protect.d.ts","sourceRoot":"","sources":["../../src/runtime/protect.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAIrD,OAAO,KAAK,EAAiB,gBAAgB,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAEzH,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,gBAAgB,CAAC;IACzB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,gBAAgB,CAAC;IAC7B,UAAU,CAAC,EAAE,iBAAiB,CAAC;IAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,aAAa,GAAG,OAAO,CAAC;CACxC;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,eAAe,CAAC;IAC1B,KAAK,EAAE,iBAAiB,CAAC;IACzB,eAAe,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;IACjC,YAAY,EAAE,OAAO,GAAG,OAAO,GAAG,SAAS,GAAG,gBAAgB,CAAC;CAChE;AAED,wBAAsB,aAAa,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAqD1F;AAED,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,aAAa,EAAE,IAAI,UAAQ,GAAG,MAAM,CA8B/E;AAED,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,eAAe,EAAE,MAAM,CAAC,EAAE,IAAI,CAAC,aAAa,EAAE,iBAAiB,CAAC,GAAG,MAAM,CAGtH"}
|
package/dist/runtime/protect.js
CHANGED
|
@@ -50,16 +50,21 @@ async function protectAction(options) {
|
|
|
50
50
|
catch {
|
|
51
51
|
// Audit I/O must not mask the policy decision, especially for agent hooks.
|
|
52
52
|
}
|
|
53
|
-
let
|
|
53
|
+
let approvalChannel;
|
|
54
54
|
if (client.connected && policySource !== 'cloud-decision') {
|
|
55
55
|
await client.ingestEvents([event]).catch(() => (0, audit_js_1.spoolEvent)(options.config.eventSpoolPath, event));
|
|
56
56
|
}
|
|
57
|
-
if (
|
|
58
|
-
|
|
57
|
+
if (decision.decision === 'require_approval') {
|
|
58
|
+
approvalChannel = 'agent';
|
|
59
59
|
}
|
|
60
|
-
return { decision, event,
|
|
60
|
+
return { decision, event, approvalChannel, policySource };
|
|
61
61
|
}
|
|
62
62
|
function formatProtectResult(result, json = false) {
|
|
63
|
+
if (!json) {
|
|
64
|
+
const agentApproval = formatAgentApproval(result);
|
|
65
|
+
if (agentApproval)
|
|
66
|
+
return agentApproval;
|
|
67
|
+
}
|
|
63
68
|
if (json) {
|
|
64
69
|
return JSON.stringify({
|
|
65
70
|
decision: publicDecision(result.decision.decision),
|
|
@@ -68,7 +73,7 @@ function formatProtectResult(result, json = false) {
|
|
|
68
73
|
riskScore: result.decision.riskScore,
|
|
69
74
|
riskLevel: result.decision.riskLevel,
|
|
70
75
|
reasons: result.decision.reasons,
|
|
71
|
-
|
|
76
|
+
approvalChannel: result.approvalChannel,
|
|
72
77
|
policySource: result.policySource,
|
|
73
78
|
}, null, 2);
|
|
74
79
|
}
|
|
@@ -77,20 +82,57 @@ function formatProtectResult(result, json = false) {
|
|
|
77
82
|
return `BLOCKED by AgentGuard (action: ${result.decision.actionId}, risk: ${result.decision.riskScore}/100, level: ${result.decision.riskLevel}, reasons: ${reasonCount}).`;
|
|
78
83
|
}
|
|
79
84
|
if (result.decision.decision === 'require_approval') {
|
|
80
|
-
|
|
81
|
-
return `CONFIRM required by AgentGuard (${approval}action: ${result.decision.actionId}, risk: ${result.decision.riskScore}/100, level: ${result.decision.riskLevel}, reasons: ${reasonCount}).`;
|
|
85
|
+
return `CONFIRM required by AgentGuard (action: ${result.decision.actionId}, risk: ${result.decision.riskScore}/100, level: ${result.decision.riskLevel}, reasons: ${reasonCount}).`;
|
|
82
86
|
}
|
|
83
87
|
if (result.decision.decision === 'warn') {
|
|
84
88
|
return `WARN from AgentGuard (action: ${result.decision.actionId}, risk: ${result.decision.riskScore}/100, level: ${result.decision.riskLevel}, reasons: ${reasonCount}).`;
|
|
85
89
|
}
|
|
86
90
|
return 'ALLOW by AgentGuard.';
|
|
87
91
|
}
|
|
88
|
-
function exitCodeForDecision(decision) {
|
|
92
|
+
function exitCodeForDecision(decision, result) {
|
|
93
|
+
if (decision.decision === 'require_approval' && result?.approvalChannel === 'agent')
|
|
94
|
+
return 0;
|
|
89
95
|
return decision.decision === 'block' || decision.decision === 'require_approval' ? 2 : 0;
|
|
90
96
|
}
|
|
91
97
|
function publicDecision(decision) {
|
|
92
98
|
return decision === 'require_approval' ? 'confirm' : decision;
|
|
93
99
|
}
|
|
100
|
+
function formatAgentApproval(result) {
|
|
101
|
+
if (result.decision.decision !== 'require_approval' || result.approvalChannel !== 'agent')
|
|
102
|
+
return null;
|
|
103
|
+
const reason = formatApprovalReason(result);
|
|
104
|
+
if (result.event.agentHost === 'claude-code') {
|
|
105
|
+
return JSON.stringify({
|
|
106
|
+
hookSpecificOutput: {
|
|
107
|
+
hookEventName: 'PreToolUse',
|
|
108
|
+
permissionDecision: 'ask',
|
|
109
|
+
permissionDecisionReason: reason,
|
|
110
|
+
},
|
|
111
|
+
});
|
|
112
|
+
}
|
|
113
|
+
if (result.event.agentHost === 'codex') {
|
|
114
|
+
return JSON.stringify({
|
|
115
|
+
decision: 'confirm',
|
|
116
|
+
actionId: result.decision.actionId,
|
|
117
|
+
riskScore: result.decision.riskScore,
|
|
118
|
+
riskLevel: result.decision.riskLevel,
|
|
119
|
+
reasons: result.decision.reasons,
|
|
120
|
+
approvalChannel: 'agent',
|
|
121
|
+
message: reason,
|
|
122
|
+
}, null, 2);
|
|
123
|
+
}
|
|
124
|
+
return null;
|
|
125
|
+
}
|
|
126
|
+
function formatApprovalReason(result) {
|
|
127
|
+
const reasonSummary = result.decision.reasons
|
|
128
|
+
.map((reason) => reason.title)
|
|
129
|
+
.filter(Boolean)
|
|
130
|
+
.slice(0, 3)
|
|
131
|
+
.join(', ');
|
|
132
|
+
return (`GoPlus AgentGuard requires approval for this action` +
|
|
133
|
+
` (action: ${result.decision.actionId}, risk: ${result.decision.riskScore}/100, level: ${result.decision.riskLevel}).` +
|
|
134
|
+
(reasonSummary ? ` Reasons: ${reasonSummary}.` : ''));
|
|
135
|
+
}
|
|
94
136
|
function buildRuntimeAction(options) {
|
|
95
137
|
const raw = parseRawInput(options.rawInput, options.stdinText);
|
|
96
138
|
const envActionType = process.env.AGENTGUARD_ACTION_TYPE;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"protect.js","sourceRoot":"","sources":["../../src/runtime/protect.ts"],"names":[],"mappings":";;AA0BA,sCAqDC;AAED,
|
|
1
|
+
{"version":3,"file":"protect.js","sourceRoot":"","sources":["../../src/runtime/protect.ts"],"names":[],"mappings":";;AA0BA,sCAqDC;AAED,kDA8BC;AAED,kDAGC;AApHD,+CAAmC;AACnC,kDAA2D;AAE3D,yCAAwE;AACxE,iDAAqD;AACrD,2CAAmD;AAqB5C,KAAK,UAAU,aAAa,CAAC,OAAuB;IACzD,MAAM,MAAM,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;IAC3C,IAAI,CAAC,MAAM,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAE/B,MAAM,MAAM,GAAG,IAAI,iCAAqB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACzD,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,MAAM,IAAA,0BAAe,EAAC,OAAO,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;IACvH,CAAC;IAED,IAAI,QAAyB,CAAC;IAC9B,IAAI,YAA2C,CAAC;IAChD,IAAI,OAAO,CAAC,YAAY,KAAK,OAAO,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACzD,QAAQ,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QAC/C,YAAY,GAAG,gBAAgB,CAAC;IAClC,CAAC;SAAM,CAAC;QACN,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAA,gCAAoB,EAAC;YACpD,SAAS,EAAE,OAAO,CAAC,MAAM,CAAC,eAAe;YACzC,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,oBAAoB,EAAE,CAAC,CAAC,CAAC,SAAS;SAChF,CAAC,CAAC;QACH,QAAQ,GAAG,MAAM,IAAA,kCAAmB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACrD,YAAY,GAAG,MAAM,CAAC;IACxB,CAAC;IAED,MAAM,KAAK,GAAsB;QAC/B,GAAG,MAAM;QACT,QAAQ,EAAE,QAAQ,CAAC,QAAQ;QAC3B,QAAQ,EAAE,QAAQ,CAAC,QAAQ;QAC3B,SAAS,EAAE,QAAQ,CAAC,SAAS;QAC7B,SAAS,EAAE,QAAQ,CAAC,SAAS;QAC7B,OAAO,EAAE,QAAQ,CAAC,OAAO;QACzB,aAAa,EAAE,QAAQ,CAAC,aAAa;QACrC,QAAQ,EAAE;YACR,GAAG,CAAC,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC;YAC1B,UAAU,EAAE,YAAY,KAAK,gBAAgB,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW;YACrE,YAAY;SACb;KACF,CAAC;IAEF,IAAI,CAAC;QACH,IAAA,wBAAa,EAAC,OAAO,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,2EAA2E;IAC7E,CAAC;IAED,IAAI,eAAiD,CAAC;IACtD,IAAI,MAAM,CAAC,SAAS,IAAI,YAAY,KAAK,gBAAgB,EAAE,CAAC;QAC1D,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAA,qBAAU,EAAC,OAAO,CAAC,MAAM,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC,CAAC;IACnG,CAAC;IACD,IAAI,QAAQ,CAAC,QAAQ,KAAK,kBAAkB,EAAE,CAAC;QAC7C,eAAe,GAAG,OAAO,CAAC;IAC5B,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,eAAe,EAAE,YAAY,EAAE,CAAC;AAC5D,CAAC;AAED,SAAgB,mBAAmB,CAAC,MAAqB,EAAE,IAAI,GAAG,KAAK;IACrE,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,aAAa,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAClD,IAAI,aAAa;YAAE,OAAO,aAAa,CAAC;IAC1C,CAAC;IAED,IAAI,IAAI,EAAE,CAAC;QACT,OAAO,IAAI,CAAC,SAAS,CAAC;YACpB,QAAQ,EAAE,cAAc,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAClD,aAAa,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ;YACvC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ;YAClC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,SAAS;YACpC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,SAAS;YACpC,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,OAAO;YAChC,eAAe,EAAE,MAAM,CAAC,eAAe;YACvC,YAAY,EAAE,MAAM,CAAC,YAAY;SAClC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACd,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;IACnD,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACzC,OAAO,kCAAkC,MAAM,CAAC,QAAQ,CAAC,QAAQ,WAAW,MAAM,CAAC,QAAQ,CAAC,SAAS,gBAAgB,MAAM,CAAC,QAAQ,CAAC,SAAS,cAAc,WAAW,IAAI,CAAC;IAC9K,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,KAAK,kBAAkB,EAAE,CAAC;QACpD,OAAO,2CAA2C,MAAM,CAAC,QAAQ,CAAC,QAAQ,WAAW,MAAM,CAAC,QAAQ,CAAC,SAAS,gBAAgB,MAAM,CAAC,QAAQ,CAAC,SAAS,cAAc,WAAW,IAAI,CAAC;IACvL,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;QACxC,OAAO,iCAAiC,MAAM,CAAC,QAAQ,CAAC,QAAQ,WAAW,MAAM,CAAC,QAAQ,CAAC,SAAS,gBAAgB,MAAM,CAAC,QAAQ,CAAC,SAAS,cAAc,WAAW,IAAI,CAAC;IAC7K,CAAC;IACD,OAAO,sBAAsB,CAAC;AAChC,CAAC;AAED,SAAgB,mBAAmB,CAAC,QAAyB,EAAE,MAA+C;IAC5G,IAAI,QAAQ,CAAC,QAAQ,KAAK,kBAAkB,IAAI,MAAM,EAAE,eAAe,KAAK,OAAO;QAAE,OAAO,CAAC,CAAC;IAC9F,OAAO,QAAQ,CAAC,QAAQ,KAAK,OAAO,IAAI,QAAQ,CAAC,QAAQ,KAAK,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC3F,CAAC;AAED,SAAS,cAAc,CAAC,QAAqC;IAC3D,OAAO,QAAQ,KAAK,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC;AAChE,CAAC;AAED,SAAS,mBAAmB,CAAC,MAAqB;IAChD,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,KAAK,kBAAkB,IAAI,MAAM,CAAC,eAAe,KAAK,OAAO;QAAE,OAAO,IAAI,CAAC;IAEvG,MAAM,MAAM,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC;IAC5C,IAAI,MAAM,CAAC,KAAK,CAAC,SAAS,KAAK,aAAa,EAAE,CAAC;QAC7C,OAAO,IAAI,CAAC,SAAS,CAAC;YACpB,kBAAkB,EAAE;gBAClB,aAAa,EAAE,YAAY;gBAC3B,kBAAkB,EAAE,KAAK;gBACzB,wBAAwB,EAAE,MAAM;aACjC;SACF,CAAC,CAAC;IACL,CAAC;IAED,IAAI,MAAM,CAAC,KAAK,CAAC,SAAS,KAAK,OAAO,EAAE,CAAC;QACvC,OAAO,IAAI,CAAC,SAAS,CAAC;YACpB,QAAQ,EAAE,SAAS;YACnB,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ;YAClC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,SAAS;YACpC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,SAAS;YACpC,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,OAAO;YAChC,eAAe,EAAE,OAAO;YACxB,OAAO,EAAE,MAAM;SAChB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACd,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,oBAAoB,CAAC,MAAqB;IACjD,MAAM,aAAa,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO;SAC1C,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC;SAC7B,MAAM,CAAC,OAAO,CAAC;SACf,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;SACX,IAAI,CAAC,IAAI,CAAC,CAAC;IACd,OAAO,CACL,qDAAqD;QACrD,aAAa,MAAM,CAAC,QAAQ,CAAC,QAAQ,WAAW,MAAM,CAAC,QAAQ,CAAC,SAAS,gBAAgB,MAAM,CAAC,QAAQ,CAAC,SAAS,IAAI;QACtH,CAAC,aAAa,CAAC,CAAC,CAAC,aAAa,aAAa,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CACrD,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,OAAuB;IACjD,MAAM,GAAG,GAAG,aAAa,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IAC/D,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAuD,CAAC;IAC1F,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqD,CAAC;IACvF,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,YAAY,CAAC,GAAG,CAAC,CAAC;IAC3F,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,aAAa,IAAI,sBAAsB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IAEhG,OAAO;QACL,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,aAAa,CAAC,GAAG,CAAC;QACvF,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,YAAY,IAAI,aAAa;QAC7D,UAAU;QACV,QAAQ;QACR,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,SAAS,CAAC,GAAG,EAAE,UAAU,CAAC;QAC3D,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC;QACjB,WAAW,EAAE,eAAe,CAAC,GAAG,CAAC;QACjC,QAAQ,EAAE,EAAE,WAAW,EAAE,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,KAAK,EAAE;KACtD,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,QAAiB,EAAE,SAAkB;IAC1D,IAAI,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ;QAAE,OAAO,QAAmC,CAAC;IACzF,MAAM,IAAI,GAAG,SAAS,EAAE,IAAI,EAAE,CAAC;IAC/B,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IACvB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAY,CAAC;QAC3C,OAAO,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAiC,CAAC,CAAC,CAAC,IAAI,CAAC;IACzF,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CAAC,GAAmC;IACvD,IAAI,CAAC,GAAG;QAAE,OAAO,MAAM,CAAC;IACxB,OAAO,MAAM,CAAC,GAAG,CAAC,SAAS,IAAI,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,IAAI,IAAI,MAAM,CAAC,CAAC;AACrE,CAAC;AAED,SAAS,sBAAsB,CAAC,QAAgB,EAAE,GAAmC;IACnF,MAAM,KAAK,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IACrC,IAAI,QAAQ,KAAK,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,OAAO,CAAC;IAC7F,IAAI,QAAQ,KAAK,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,WAAW,CAAC;IACtE,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO,YAAY,CAAC;IACtG,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,OAAO,SAAS,CAAC;IACzE,IAAI,GAAG,EAAE,UAAU,IAAI,OAAO,GAAG,CAAC,UAAU,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC,UAA+B,CAAC;IACtG,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,SAAS,CAAC,GAAmC,EAAE,UAA6B;IACnF,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,CAAC;IACpB,IAAI,OAAO,GAAG,CAAC,KAAK,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC;IACpD,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC,OAAO,CAAC;IACxD,MAAM,SAAS,GAAG,CAAC,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,SAAS,IAAI,GAAG,CAAC,MAAM,CAAwC,CAAC;IACzG,IAAI,SAAS,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;QAC/C,IAAI,UAAU,KAAK,OAAO,IAAI,OAAO,SAAS,CAAC,OAAO,KAAK,QAAQ;YAAE,OAAO,SAAS,CAAC,OAAO,CAAC;QAC9F,MAAM,QAAQ,GAAG,SAAS,CAAC,SAAS,IAAI,SAAS,CAAC,IAAI,CAAC;QACvD,IAAI,CAAC,UAAU,KAAK,WAAW,IAAI,UAAU,KAAK,YAAY,CAAC,IAAI,OAAO,QAAQ,KAAK,QAAQ;YAAE,OAAO,QAAQ,CAAC;QACjH,MAAM,GAAG,GAAG,SAAS,CAAC,GAAG,IAAI,SAAS,CAAC,KAAK,CAAC;QAC7C,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,GAAG,CAAC;QACxC,OAAO,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IACnC,CAAC;IACD,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED,SAAS,aAAa,CAAC,GAAmC;IACxD,MAAM,SAAS,GAAG,GAAG,EAAE,UAAU,IAAI,GAAG,EAAE,SAAS,CAAC;IACpD,OAAO,OAAO,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,cAAc,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;AAChF,CAAC;AAED,SAAS,OAAO,CAAC,GAAmC;IAClD,MAAM,KAAK,GAAG,GAAG,EAAE,GAAG,CAAC;IACvB,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAA,kBAAG,GAAE,CAAC;AACnD,CAAC;AAED,SAAS,eAAe,CAAC,GAAmC;IAC1D,MAAM,KAAK,GAAG,GAAG,EAAE,WAAW,IAAI,GAAG,EAAE,gBAAgB,CAAC;IACxD,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AACvD,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cli-policy.test.d.ts","sourceRoot":"","sources":["../../src/tests/cli-policy.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
const node_test_1 = require("node:test");
|
|
7
|
+
const strict_1 = __importDefault(require("node:assert/strict"));
|
|
8
|
+
const node_child_process_1 = require("node:child_process");
|
|
9
|
+
const node_fs_1 = require("node:fs");
|
|
10
|
+
const node_http_1 = require("node:http");
|
|
11
|
+
const node_path_1 = require("node:path");
|
|
12
|
+
const node_os_1 = require("node:os");
|
|
13
|
+
const node_util_1 = require("node:util");
|
|
14
|
+
const policy_js_1 = require("../runtime/policy.js");
|
|
15
|
+
const execFileAsync = (0, node_util_1.promisify)(node_child_process_1.execFile);
|
|
16
|
+
(0, node_test_1.describe)('policy CLI', () => {
|
|
17
|
+
(0, node_test_1.it)('pulls the effective Cloud policy into the local cache', async () => {
|
|
18
|
+
const home = (0, node_fs_1.mkdtempSync)((0, node_path_1.join)((0, node_os_1.tmpdir)(), 'agentguard-policy-cli-'));
|
|
19
|
+
const policy = (0, policy_js_1.getDefaultEffectiveRuntimePolicy)();
|
|
20
|
+
policy.policyVersion = 'runtime-cli-test';
|
|
21
|
+
policy.blockedCommandPatterns = ['cli-policy-danger'];
|
|
22
|
+
policy.updatedAt = '2026-05-18T00:00:00.000Z';
|
|
23
|
+
const server = (0, node_http_1.createServer)((req, res) => {
|
|
24
|
+
if (req.url === '/api/v1/policies/effective' && req.headers['x-api-key'] === 'ag_live_test_key_123456') {
|
|
25
|
+
res.writeHead(200, { 'content-type': 'application/json' });
|
|
26
|
+
res.end(JSON.stringify({ success: true, data: policy }));
|
|
27
|
+
return;
|
|
28
|
+
}
|
|
29
|
+
res.writeHead(404, { 'content-type': 'application/json' });
|
|
30
|
+
res.end(JSON.stringify({ success: false, error: { message: 'not found' } }));
|
|
31
|
+
});
|
|
32
|
+
await new Promise((resolvePromise) => server.listen(0, '127.0.0.1', resolvePromise));
|
|
33
|
+
try {
|
|
34
|
+
const address = server.address();
|
|
35
|
+
strict_1.default.ok(address && typeof address === 'object');
|
|
36
|
+
const cloudUrl = `http://127.0.0.1:${address.port}`;
|
|
37
|
+
const cachePath = (0, node_path_1.join)(home, 'policy-cache.json');
|
|
38
|
+
(0, node_fs_1.writeFileSync)((0, node_path_1.join)(home, 'config.json'), JSON.stringify({
|
|
39
|
+
version: 1,
|
|
40
|
+
level: 'balanced',
|
|
41
|
+
cloudUrl,
|
|
42
|
+
apiKey: 'ag_live_test_key_123456',
|
|
43
|
+
policyCachePath: cachePath,
|
|
44
|
+
auditPath: (0, node_path_1.join)(home, 'audit.jsonl'),
|
|
45
|
+
eventSpoolPath: (0, node_path_1.join)(home, 'events-spool.jsonl'),
|
|
46
|
+
}));
|
|
47
|
+
const cliPath = (0, node_path_1.resolve)('dist/cli.js');
|
|
48
|
+
const { stdout } = await execFileAsync(process.execPath, [cliPath, 'policy', 'pull', '--json'], {
|
|
49
|
+
env: { ...process.env, AGENTGUARD_HOME: home },
|
|
50
|
+
});
|
|
51
|
+
const result = JSON.parse(stdout);
|
|
52
|
+
strict_1.default.equal(result.success, true);
|
|
53
|
+
strict_1.default.equal(result.policyVersion, 'runtime-cli-test');
|
|
54
|
+
strict_1.default.equal(result.cachePath, cachePath);
|
|
55
|
+
const cached = JSON.parse((0, node_fs_1.readFileSync)(cachePath, 'utf8'));
|
|
56
|
+
strict_1.default.equal(cached.policyVersion, 'runtime-cli-test');
|
|
57
|
+
strict_1.default.deepEqual(cached.blockedCommandPatterns, ['cli-policy-danger']);
|
|
58
|
+
}
|
|
59
|
+
finally {
|
|
60
|
+
await new Promise((resolvePromise, reject) => {
|
|
61
|
+
server.close((err) => err ? reject(err) : resolvePromise());
|
|
62
|
+
});
|
|
63
|
+
}
|
|
64
|
+
});
|
|
65
|
+
});
|
|
66
|
+
//# sourceMappingURL=cli-policy.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cli-policy.test.js","sourceRoot":"","sources":["../../src/tests/cli-policy.test.ts"],"names":[],"mappings":";;;;;AAAA,yCAAyC;AACzC,gEAAwC;AACxC,2DAA8C;AAC9C,qCAAmE;AACnE,yCAAyC;AACzC,yCAA0C;AAC1C,qCAAiC;AACjC,yCAAsC;AACtC,oDAAwE;AAExE,MAAM,aAAa,GAAG,IAAA,qBAAS,EAAC,6BAAQ,CAAC,CAAC;AAE1C,IAAA,oBAAQ,EAAC,YAAY,EAAE,GAAG,EAAE;IAC1B,IAAA,cAAE,EAAC,uDAAuD,EAAE,KAAK,IAAI,EAAE;QACrE,MAAM,IAAI,GAAG,IAAA,qBAAW,EAAC,IAAA,gBAAI,EAAC,IAAA,gBAAM,GAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACnE,MAAM,MAAM,GAAG,IAAA,4CAAgC,GAAE,CAAC;QAClD,MAAM,CAAC,aAAa,GAAG,kBAAkB,CAAC;QAC1C,MAAM,CAAC,sBAAsB,GAAG,CAAC,mBAAmB,CAAC,CAAC;QACtD,MAAM,CAAC,SAAS,GAAG,0BAA0B,CAAC;QAE9C,MAAM,MAAM,GAAG,IAAA,wBAAY,EAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;YACvC,IAAI,GAAG,CAAC,GAAG,KAAK,4BAA4B,IAAI,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,KAAK,yBAAyB,EAAE,CAAC;gBACvG,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;gBACzD,OAAO;YACT,CAAC;YACD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,WAAW,EAAE,EAAE,CAAC,CAAC,CAAC;QAC/E,CAAC,CAAC,CAAC;QAEH,MAAM,IAAI,OAAO,CAAO,CAAC,cAAc,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,WAAW,EAAE,cAAc,CAAC,CAAC,CAAC;QAC3F,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;YACjC,gBAAM,CAAC,EAAE,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC;YAClD,MAAM,QAAQ,GAAG,oBAAoB,OAAO,CAAC,IAAI,EAAE,CAAC;YACpD,MAAM,SAAS,GAAG,IAAA,gBAAI,EAAC,IAAI,EAAE,mBAAmB,CAAC,CAAC;YAClD,IAAA,uBAAa,EAAC,IAAA,gBAAI,EAAC,IAAI,EAAE,aAAa,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC;gBACtD,OAAO,EAAE,CAAC;gBACV,KAAK,EAAE,UAAU;gBACjB,QAAQ;gBACR,MAAM,EAAE,yBAAyB;gBACjC,eAAe,EAAE,SAAS;gBAC1B,SAAS,EAAE,IAAA,gBAAI,EAAC,IAAI,EAAE,aAAa,CAAC;gBACpC,cAAc,EAAE,IAAA,gBAAI,EAAC,IAAI,EAAE,oBAAoB,CAAC;aACjD,CAAC,CAAC,CAAC;YAEJ,MAAM,OAAO,GAAG,IAAA,mBAAO,EAAC,aAAa,CAAC,CAAC;YACvC,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE;gBAC9F,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,eAAe,EAAE,IAAI,EAAE;aAC/C,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAmE,CAAC;YACpG,gBAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;YACnC,gBAAM,CAAC,KAAK,CAAC,MAAM,CAAC,aAAa,EAAE,kBAAkB,CAAC,CAAC;YACvD,gBAAM,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;YAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,sBAAY,EAAC,SAAS,EAAE,MAAM,CAAC,CAAkB,CAAC;YAC5E,gBAAM,CAAC,KAAK,CAAC,MAAM,CAAC,aAAa,EAAE,kBAAkB,CAAC,CAAC;YACvD,gBAAM,CAAC,SAAS,CAAC,MAAM,CAAC,sBAAsB,EAAE,CAAC,mBAAmB,CAAC,CAAC,CAAC;QACzE,CAAC;gBAAS,CAAC;YACT,MAAM,IAAI,OAAO,CAAO,CAAC,cAAc,EAAE,MAAM,EAAE,EAAE;gBACjD,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,cAAc,EAAE,CAAC,CAAC;YAC9D,CAAC,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -30,23 +30,6 @@ const runLive = Boolean(apiKey);
|
|
|
30
30
|
event.input = 'echo safe --api_key=live-secret-that-must-be-redacted';
|
|
31
31
|
await client.ingestEvents([event]);
|
|
32
32
|
});
|
|
33
|
-
(0, node_test_1.it)('creates a Cloud approval request', async () => {
|
|
34
|
-
const event = sampleEvent('require_approval');
|
|
35
|
-
event.input = '/tmp/.env?token=live-secret-that-must-be-redacted';
|
|
36
|
-
event.riskScore = 55;
|
|
37
|
-
event.riskLevel = 'high';
|
|
38
|
-
event.reasons = [
|
|
39
|
-
{
|
|
40
|
-
code: 'SECRET_ACCESS',
|
|
41
|
-
severity: 'high',
|
|
42
|
-
title: 'Live test protected path access',
|
|
43
|
-
description: 'Live integration test verifies approval creation.',
|
|
44
|
-
evidence: '/tmp/.env?token=live-secret-that-must-be-redacted',
|
|
45
|
-
},
|
|
46
|
-
];
|
|
47
|
-
const approvalId = await client.createApproval(event);
|
|
48
|
-
strict_1.default.ok(approvalId);
|
|
49
|
-
});
|
|
50
33
|
});
|
|
51
34
|
function sampleEvent(decision) {
|
|
52
35
|
const suffix = `${Date.now()}_${Math.random().toString(36).slice(2)}`;
|